Incident Management Plan: Management of a non-routine incident, de-escalation and closure
The FSA operates the same incident response structure, applying the procedures coherently, across England, Wales and Northern Ireland.
Command and Control set up for non-routine incident
3.1 CONOPs and ISO Standards: 22361:2022 Security and Resilience are the legal and doctrinal framework that Central Government operate from for emergency response arrangements and are the default starting position for emergencies irrespective of cause. These set out guidelines that help plan, establish, maintain, review, and continually improve a strategic crisis management capability. All departments across HMG have a responsibility to plan, train and exercise for handling incidents and emergencies, maintaining a state of readiness and building resilience.
3.2 In the FSA, once an Incident has been declared as non-routine the basic principles apply in setting up the command and control structure. These arrangements can be scaled up to manage large incidents as well as those incidents that fall outside our remit but may require both a tactical and strategic response from the FSA in their approach.
3.3 The FSA operates the same incident response structure, applying the procedures coherently, across England, Wales, and Northern Ireland. The FSA incident response teams located in each FSA’s office lead the response to serious incidents within their area depending on the geographical area affected. FSS, following their own procedures, lead on incidents within their country and work closely with the FSA. In line with the FSA/FSS MOU, there may be occasions where FSS lead a UK wide incident. In such circumstances, the FSS Incident Management Plan will be followed, unless it is mutually agreed that it is more appropriate for FSA to lead.
The Daily Rhythm
3.4 The daily rhythm is the routine of events (briefings, teleconferences, meetings etc.) at set times that are designed to flow from one to another, providing a sense of continuity and familiarity to the handling of an incident. It does not need to be taken literally, in that meetings must occur daily but sets out the sequence of events preceding meetings and the processes that follow meetings at the tactical and strategic levels. Although the daily rhythm is usually set early in an incident, it can change as the incident develops and should consider meetings held by FSS as part of the control and command structure.
3.5 It should be noted that when COBR or its equivalents in Wales and Northern Ireland are convened, the daily rhythm should take account of the requirement to submit information for the Common Recognised Information Picture (CRIP), two hours before COBR or its equivalent meet. The procedures to be followed when COBR or its equivalents are invoked are contained in the CONOPs.
3.6 The Agency has internal SOPs that set out the roles and responsibilities that may be required during a non-routine incident and the purpose of each of those roles.
3.7 The following sections provides an overview of some of the key roles within the response to a non-routine incident.
Incident Manager
3.8 Depending on the nature or scope of an incident, one of the following may be appointed as the Incident Manager: the Head of Incidents, from the Incidents and Resilience Unit (IRU), the Head of Incident Management in Wales, the Head of Consumer Protection in Northern Ireland; the head of a division for the relevant operational area or the head of a policy team with responsibility for the issue.
3.9 The Incident Manager takes responsibility for the ICA and the risk management of the incident, making sure the FSA is effective in taking corrective action. The Incident Manager will need to be able to understand the technical issues and the nature of the risk management strategies needed and co-ordinate situational awareness to inform the IMCG.
Incident Management and Co-ordination Group (IMCG)
3.10 The objective of IMCG is to manage, co-ordinate and deliver a proportionate response at a tactical level for non-routine incidents classified as serious. IMCG will co-ordinate and manage the incident at the tactical level and commission the risk assessment. For incidents classified as severe and major, IMCG will in addition support and deliver the strategic direction, leadership and decision making provided by the Strategic Incident Oversight Group (SIOG).
3.11 Membership of the IMCG will be decided on the classification level and location of the incident. Other government departments may have input into the incident if there are cross cutting issues and may be invited to be members of IMCG. The higher the level of classification, the greater the expectation for more senior staff or OGD representation to attend.
3.12 For serious incidents and above, the IMCG will consider the meeting frequency or “Daily rhythm,” be responsible for producing a Situational Awareness Report (SitRep), make decisions on the implementation of the Emergency Call Handling Centre (also known as the incidents hotline) if required, and the set-up of any stakeholder liaison meetings. In addition, it will also consider creating operational leads, staff resourcing, financing; and establishing taskforces to manage work streams.
3.13 Decisions and issues that require strategic input and direction will be escalated by the IMCG Chair to SIOG.
3.14 The IMCG will be maintained for the duration of non-routine incidents and de-escalate as quickly as possible once the incident response has met the criteria requirements for routine handling.
3.15 The purpose, membership and example agenda for the IMCG are set out in the internal IMCG SOP.
Incident Management Co-ordination Group (IMCG) Chair
3.16 Depending on the nature of the incident or emergency response IMCG should be chaired by a senior individual responsible for the subject matter concerned. Where an individual cannot be immediately identified one of the following will act as the default chair - the Head of Incidents and Resilience Unit, the Head of Incident Management in Wales, or Head of Consumer Protection in Northern Ireland.
3.17 The IMCG chair is appointed by and accountable to the Strategic Incident Director (SID). If there is no SID in place the IMCG Chair is appointed by the Director of Operations. The IMCG Chair responsibilities include managing the tactical response, updating the SID, owning the SitRep and attending and updating SIOG when set up. If there is no SIOG set-up, the IMCG Chair will provide updates at an agreed frequency to the SID, CEO and FSA Board.
3.18 The IMCG chair must make sure that plans for communications with external stakeholders, for example, OGDs, LAs, Primary Authorities (PAs), and where appropriate, industry and consumer groups, are in place to ensure engagement, where suitable. For more information on FSA Communications and Engagement see Section 5.
Strategic Incident Oversight Group (SIOG)
3.19 The overarching objective of SIOG is to provide strategic leadership and decision-making. This includes, setting the strategic direction for IMCG to enable a proportionate response to an incident classified as severe or major to be delivered. Once the strategy is set, SIOG will direct, support, and provide oversight for the implementation of operational delivery by the IMCG.
3.20 SIOG are responsible for making strategic decisions based on the risk management advice to enable IMCG to deliver the response. If the actions, as a result of the incident response, would exceed the Board’s agreed risk appetite the CEO or SID will consult the FSA Chair as soon as possible.
3.21 The purpose, membership, example agenda and template meeting note for the group are set out in the SIOG SOP. Senior members of FSS will be invited to attend.
Strategic Incident Director (SID)
3.22 The SID is responsible for the strategic oversight of the incident. The SID is appointed by the CEO and will usually be the director most relevant to the incident. Depending on the nature of the incident, the CEO may decide to assume the role of SID themselves. The SID is responsible for activating the strategic management structure, including convening the SIOG that they will then usually chair. They will also be responsible for providing updates to the CEO (if the CEO is not attending SIOG), FSA Chair and Board.
3.23 The SID is also responsible for convening any briefing or stock-take meetings with their counterparts in OGDs, co-ordinating these with the incident Daily rhythm as required and establishing strategic level cross-government lines of communication. The SID will also lead on the liaison with the COBR Unit or its devolved equivalent.
3.24 The FSA’s internal roles and responsibilities SOP sets out the role and responsibilities of the SID and SIOG Chair during a non-routine incident.
FSA Chief Executive Officer (CEO)
3.25 The CEO has overall responsibility for decision making and resolution of incidents.
3.26 In a major incident or emergency the CEO will chair the SIOG assuming the role of the Strategic Incident Director (SID). In less complex incidents or when the situation has stabilised, the CEO can decide to delegate this role including the ‘power of decision’ to the director most relevant to the incident who then becomes the SID.
3.27 The CEO and SIOG Chair (if the CEO is not the SIOG Chair) are responsible for keeping the FSA Chair informed of non-routine incident developments; the frequency will be determined by the incident daily rhythm. These discussions are also opportunities for consulting the Chair ahead of possible major decisions, recognising that the formal decision-maker is the CEO.
3.28 When the FSA are the LGD it is normally expected that the most relevant party, or party requested by the COBR Unit, with expertise on the situation would attend. In the event of a COBR (O) or COBR (M), the most relevant party with expertise of the situation would attend. The CEO and/or SID (if role has been delegated) will be responsible for providing any briefing or preparation for the attending Minister. Briefing or verbal preparation for the attending party would be prepared by IMCG.
3.29 The FSA’s internal roles and responsibilities SOP sets out the role and responsibilities of the CEO during a non-routine incident.
FSA Chief Scientific Advisor
3.30 The Chief Scientific Advisor (CSA) as being closest to the scientific evidence surrounding the incident, is responsible for the rigour and reliability of the risk assessment produced by the FSA and is responsible for providing challenge and comment, as necessary. The CSA is responsible for assuring that any published version of the risk assessment is understandable by a lay audience. The FSA’s internal roles and responsibilities SOP sets out the role and responsibilities of the CSA during a non-routine incident.
FSA Chair and FSA Board
3.31 The FSA Chair and Board will be kept updated at an agreed frequency on non-routine incidents by the CEO (or SIOG Chair) through existing channels. The CEO (or SIOG Chair) will update the FSA Chair, in advance, wherever possible on issues that carry significant risk.
3.32 As is normal between meetings of the Board, the FSA Chair has the delegated authority to act on behalf of the Board in order to deal with the business of the FSA. The FSA Chair will update the Board at the earliest opportunity, as part of responding to any incident. Where, in the opinion of the Chair, significant operational matters go beyond the Board’s risk appetite, the Chair shall report to the Board at the earliest opportunity on any action that he/she may take. The Board may decide to hold an extraordinary meeting to assess risk if it is intended to go beyond the Board’s risk appetite. The CEO or SID, informed by the SIOG, will consider the possible impacts of such a decision and, where possible consult the Chair for their view on potential consequences.
3.33 The FSA’s internal SOPs provides further information on the role of the FSA Chair and Board during a non-routine incident.
Incident Response Meeting Secretariat
3.34 For non-routine incidents, the Incident Response Meeting Secretariat will issue a calling notice for the IMCG meeting or a SIOG meeting and set the daily rhythm, in collaboration with the IMCG Chair. Representation from the FSA offices in Wales, Northern Ireland and FSS will be included.
3.35 Meetings are virtual by default and the standard calling notice includes details of MS Teams call dial in procedures or MS Team meeting arrangements. The incident response meeting secretariat instructions contains more information on the Incident Secretariat.
FSA Emergency Response Support Team (FERST)
3.36 The FERST provides a surge resource of volunteers who can provide additional support to IMCG and SIOG in responding to a non-routine incident and/or emergency.
Operational cascade briefings
3.37 Any operational leads will be confirmed by the IMCG. They are responsible for specific areas of the FSA’s emergency response and will be expected to attend IMCG meetings and other related meetings. Operational leads are responsible for briefing their team members on the outcomes of these meetings.
3.38 It is important for operational leads to hold cascade briefings on a regular basis with their team members (this may be on a daily or more frequent basis). The briefings will cover relevant outputs from the IMCG, SIOG or bird table meetings. Tasks for the team will be assigned, timescales agreed, quality standards set and clearance routes for work sign off will be established.
3.39 Further information on Cascade Briefings is contained in the Operational cascade briefing standard operating procedure.
Resilience during protracted incidents
3.40 During an incident with a prolonged response phase, it is the responsibility of the IMCG, the Incident Manager, and when necessary, the SID to establish robust resourcing arrangements to ensure that staff involved in the response can be rotated and rest periods taken. Rotation of staff should be co-ordinated, with handover procedures put in place.
3.41 A flexible approach is employed between FSA Incidents Teams in the three countries (and in liaison with the FSS) to address resource shortfalls and ensure the well-being of staff. Further to this, the FSA will muster suitable resource from across its structure to support and undertake specific roles and functions as the response dictates. Where necessary decisions may be taken to secure additional external resource from outside the FSA.
De-escalation and closure
3.42 As the incident draws towards resolution, it is appropriate to de-escalate to a lower level, to handle the response as routine business or close the incident. De-escalation will be based upon agreed criteria set out by SIOG and/or IMCG and the agreed criteria being met to inform the decision to de-escalate. The decision will be taken by SIOG and IMCG collectively. The incident de-escalation process from non-routine to routine or closure includes considering whether the incident has met the agreed criteria for de-escalation from non-routine in consultation with the relevant subject matter expert (SME). Where:
- the de-escalation criteria have been assessed, but have not been met the incident will continue as non-routine and follows the usual process.
- the de-escalation criteria are met and SIOG (if stood up) or SID agree with IMCG recommendation to de-escalate, the incident will then return to routine or if appropriate closed.
3.43 All response level changes will be communicated formally to those involved in the response, internally and externally. Options to be considered during incident closure should include handing over to FSA teams that can carry out surveillance or monitor corrective measures.
3.44 Any decision to de-escalate or close an incident may need to consider any specific requirements for recovery. The IMCG should consider the necessary strategy, resources, and authority for successful recovery. The examples of incidents, where recovery is a consideration, are radiological incidents and/or other environmental contamination affecting food. Recovery for major incidents should follow the procedures set out in the CONOPs using command and control arrangements in place for a major incident.
3.45 Once closed, all non-routine incidents are subject to incident review – see Section 6 incident review and planning.
Information management
3.46 All information relating to an incident is accurately documented and captured on the FSA records management system to ensure that decisions can be justified, and activities can be evidenced.
3.47 All key business information/official record sets are information assets and must be listed on the information asset register.