The objective of a basic incident management is to prepare you in case of an unscheduled interruption. Knowing who does what and when, and who warns whom by what means and when, helps you to gain precious time in case of an unscheduled interruption.
To achieve this, you should have a comprehensive and up-to-date list of internal (staff) and external contacts that can be involved in case of a major incident. These lists should be distributed throughout the organization. The contact lists should be clear and their details (telephone, e-mail, messaging, etc.) must be up-to-date.
To have a basic incident management it is important to keep track of all cyber security incidents in the past. This allows you to better determine the risks of a cyber security incident and adjust policies if needed. The logbook of all previous incidents should at least contain all ICT events that had or could had an impact on the ICT services.
In case of an unscheduled interruption you should have an incident response procedures in place, which can help you to determine who needs to do what. The best way is to differentiate the procedure by type and severity of the incident