Skip to content

Processes and Tools

Establish an ICS4ICS program and enable your team to perform during an incident with proven procedures.


Teams and Processes that Support ICS4ICS

ICS4ICS processes must be integrated with other related teams and their processes such as:

Crisis Management Team (CMT)

The Crisis Management Team (CMT) manages crisis events that threaten the operations, reputation, and any major impacts to the company. The CMT empowers the ICS4ICS Incident Commander and provides direction as needed. The Crisis Management Team consists of senior executives like the Chief Executive Officer (CEO), Chief Operations Officer (COO), Chief Financial Officer (CFO), Chief Information Officer (CIO), Health-Environment-Safety representative, and Chief Legal Counsel. There may be CMT(s) for major company divisions, particularly in other countries or geographies.

Industrial Control System/Operational Technology

The Industrial Control System/Operational Technology (ICS/OT) Team often manages many aspects of the ICS/OT Systems including system configuration and maintenance, cybersecurity settings, system recovery (DR), business recovery (BCP), and many other aspects of these systems.

Computer Incident Response Team

The Computer Incident Response Team monitors systems and data from other sources like helpdesks. This group will identify events that need to be escalated to an authorized Incident Commander who determines if an incident will be declared. This team is typically part of the IT organization.

IT Team

The IT Team supports the Computer Incident Response Team (CIRT) which is typically part of their organization. They may also support the Industrial Control System/Operations Technology team with enterprise IT processes, like backup/recovery, network support, and servers/desktop build.

Disaster Recovery Planning (DRP) Team

The Disaster Recovery Planning (DRP) Team develops IT backup/recovery strategies based on the BCP requirements. The DR Team is often part of the IT Team.

Business Continuity Planning (BCP) Team

The Business Continuity Planning (BCP) Team works with business teams to identify the critical business functions, Recovery Time Objectives to restore those business functions, and Recovery Point Objectives that determine how much data loss is acceptable.

Program Processes and Prerequisites

These processes are critical when deploying an ICS4ICS program to ensure base capabilities are available to support the program:
  • ICS4ICS Program Deployment Guide

    Provides information to help deploy the ICS4ICS program at your company or organization.

    • (Coming soon)
  • Delegation of Authority

    Must be established to ensure a select group of people are designated as Incident Commanders and have the authority to declare an incident and have financial authority to make expenditure that may be required to resolve the incident.

  • Mutual Aid

    Must be established to fill critical positions in the ICS4ICS organization when a company doesn’t have staff who can fill those positions. An assessment must be completed of company staff to identify positions that may need to be staffed externally. Then an agreement must be create with an external party to staff those positions.


ICS4ICS developed several tools to help industry to deploy an ICS4ICS program by ensuring key prerequisites are completed prior to a cyber incident. There are also procedures that can be defined prior to a cyber incident to ensure the organization is prepared to make decisions and act quickly


ICS4ICS created templates to help companies and organizations develop procedures that should be developed as part of deploying an ICS4ICS program. These procedures will enable companies and organizations to make various decisions and act during an incident:
  • Ransomware Procedure

    Can be used to define company policies and legal requirements when considering paying ransomware. The procedure establishes a team authorized to make ransomware decisions.


  • Government Reporting Procedure

    Can be used to define company policies and legal requirements to guide government reporting decisions related to cyber incidents. The procedure establishes a team authorized to make government reporting decisions.


  • Escalation-Notification-Declaration Procedures

    Can be used to define company escalation procedures with criteria for when an Incident Commander should be informed of a major event. The document includes sample criteria for declaring an Incident and information about notification alternatives.


  • IT and OT Procedures

    Help to prepare staff to make and execute IT and OT decisions during a cyber incident. For example, IT or OT procedures may be needed to isolate or shutdown ICS/OT systems that have been infected with malware. A procedure may be needed to help onsite IT and OT staff to assess problems before calling support staff.


ICS4ICS Exercise Team

The ICS4ICS exercise team creates most of the ICS4ICS exercise materials and many of the ICS4ICS resources. The team meets monthly.

Monthly Newsletter

Want to be added to the ICS4ICS monthly newsletter or join some of the eICS4ICS teams?