Incident Commander
Incident Commander (IC)
The Incident Commander (IC) is the person responsible for coordinating incident response, making decisions, and ensuring effective communication during an active incident.
Role of the Incident Commander
The IC is NOT necessarily the most technical person. Their job is coordination, not debugging.
Primary responsibilities: - Coordinate the response effort - Make decisions when consensus isn't possible - Manage communication (internal and external) - Delegate tasks to responders - Track timeline and status - Decide when to escalate or stand down
Why Incident Commanders Matter
Without clear leadership, incidents devolve into chaos: - Multiple people working on the same thing - Nobody working on critical tasks - Stakeholders demanding updates from responders - No clear timeline or status
The IC creates order from chaos.
IC Best Practices
1. Don't debug - The IC coordinates, others fix 2. Communicate proactively - Regular updates to stakeholders 3. Document decisions - Maintain incident timeline 4. Delegate clearly - Assign owners to specific tasks 5. Time-box activities - "If this doesn't work in 10 minutes, we try plan B" 6. Know when to escalate - Get more help when needed
Who Should Be IC?
Rotate the role! Benefits: - Distributes the burden - Builds response skills across team - Prevents single points of failure - Provides different perspectives