Incident management is the follow-up process after an unsafe event at work

Incident management is a broad term used by several practices with varying connotations. In EHS, most departments follow a similar process after an unsafe event occurs onsite. For a successful risk remediation, there are typically six stages of incident management– are you following them all?

Incident management provides insight into the cause of an issue, and helps avoid it recurring (we all know how much such events can cost a company). It is defined by independent analyst firm Verdantix as:

“Activities undertaken by workers, managers and executives in EHS and other functions to track, report, investigate and analyze incidents which negatively impact or could have negatively impacted workers, business operations, and physical assets.”

Standardizing your incident management process undoubtedly improves the comparability of data and boosts efficiency. However, 60% of companies don’t utilize commercial software for the practice, leading to poor visibility and lost opportunities to enhance safety.

A template of incident management stages

Leading organizations typically deploy an Incident Management Software (IMS) system to manage the process with automation, standardization and transparency. However, whether you’re using IMS or not, the incident management process will have several stages. Not all incidents require the same due diligence, so we recommend the following stages as a general template:

  1. Notification
  2. Action
  3. Initial Review
  4. Investigation
  5. Analysis
  6. Final Review


The Notification stage is when preliminary information about an incident is submitted to management. This is usually done by a worker on the shop-floor, where most workplace incidents take place. The Notification should include:

  • Location and sublocation
  • Equipment involved
  • Date and time
  • Incident type and subtype
  • Expected severity
  • Title
  • Who the incident involved
  • Brief explanation of what happened
  • Details of any immediate actions that were taken
  • Attached images

If you have an IMS, Notification will be an electronic form for workers to fill in. Once submitted, notifications are distributed to the appropriate Reviewers based on details such as location, type and severity.

Initial Review

The appropriate Reviewer(s) should look through the Notification that was submitted. A Reviewer is educated in company policy and local health and safety legislation, and will confirm the:

  • actual severity,
  • subtype,
  • whether it’s OSHA/equivalent recordable,
  • immediate actions that were taken.

They will then determine if an investigation is needed. Typically, an investigation is only required in medium to high severity incidents. (If an investigation is not required, the process should skip the next step.)

When the Notification is reviewed in an IMS, the form will move through to Investigation and distribute further notifications to the appropriate investigators.


Investigation is usually the most time-consuming step of incident management, sometimes rivaled by Analysis. It mainly involves qualitative data, which takes time to collect.

After the lead investigator organizes an investigation team, this stage then involves:

  • gathering information on the applicable policies and training,
  • determining a sequence of events,
  • documenting the personnel who were involved,
  • obtaining witness statements,
  • and collating further supporting evidence.

The thoroughness, accuracy and timeliness of an incident investigation is hugely benefitted by an IMS. An investigation brings together a large volume of information, including personal and sensitive data, that should be carefully documented. For example, you must ensure stringent security is in place to protect witness statements and health records, a regulatory requirement recently in the limelight due to the European Union’s GDPR.

The next step is Analysis, to consolidate the qualitative data into a reportable, quantitative format.


Incident analysis, commonly known as Root Cause Analysis (RCA), is key to finding out what corrective actions to take. There are many scientific methods to carrying out an RCA, such as Bowtie Analysis or Fault Tree Analysis, but the main aim is to answer:

  • What happened?
  • How did it happen?
  • Why did it happen?
  • What needs to be corrected?

Ultimately, your analysis will unearth a collection of failures leading to the event, such as immediate causes, preconditions, and latent failures.

To remedy these failures and avoid recurrence, you should set out a plan of corrective and preventive actions (CAPAs).


CAPAs are important for almost every incident, especially following an investigation. However, discovering causation factors is only useful if you act upon them. Actions may be set at any stage of Incident Management, but the most valuable arise following Analysis.

Every action should be timebound and trackable. As well as a title and description, items should include a:

  • Priority
  • Owner
  • Category
  • Due date
  • Status (may be automated)

Customarily, Actions addressing immediate causes are carried out onsite, whereas those for latent failures are handled by management and take longer to complete. All updates and evidence must be tracked in a central, visible location to keep the incident management team on the same page.

Best practice is to put in place automated reminders and Key Performance Indicators (KPIs) for CAPAs. Automated notifications remind action owners when their CAPA is approaching its due date, and if it becomes overdue, an escalation workflow kicks in to notify the chain of command. Pro-Sapien clients make use of Red-Amber-Green status indicators for trackers like Overdue Actions, which are displayed on their Action Manager software dashboard to help managers stay on top of the follow up process.

Final Review

The Final Review controls whether an incident report can be closed. Reviewers must look at every stage of the process and approve that it is complete or request further action.

Only those with the appropriate clearance can approve or reject the process, and all comments from every approval or rejection should be recorded. A best practice is to make comments mandatory when submitting an approval/rejection to reduce lack of attention.

An incident report is closed once it is approved, but this is not the end of the Incident Management process.

Incident Management evaluation with analytics

You’ve worked hard to complete the six stages of Incident Management, so don’t let it go to waste. It’s important to regularly look at the EHS performance of the business to manage risk and to understand the difference your CAPAs have made – and if any more are required. You can do this efficiently with business intelligence dashboards and reports, a common feature of most EHS management software platforms.

Indicators can be either lagging or leading in nature. Useful trackers - some mandated by local legislation - that can be analyzed over time for a performance indication include:

  • Lost Time Injury Frequency Rate (LTIFR)
  • Total Recordable Incident Rate (TRIR)
  • Average response time
  • Medical Treatment Cases (MTC)
  • Contractor incident reports

For optimal metrics, we recommend ensuring dashboards are configured to your unique requirements.

Incident Management is a large part of the EHS operation, and although it is traditionally lagging in nature, the CAPAs produced by a productive process are essential in preventative risk management.

Want to increase work productivity?

Find out how EHS software is designed to help with our 10 Part Guide for EHS Practitioners.

Read guide »