Incident Management as a Requirement of ISO 18788

What is ISO 18788?

ISO 18788 specifies the requirements and provides guidance for organizations that conduct or contract security operations.
Moreover, it provides a framework for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a Security Operations Management System. It enables the constant development of security services while ensuring customer safety and respect for human rights.

This standard demonstrates compliance with laws and regulations, respect for human rights, and the establishment of professional security operations to better meet the customer’s and stakeholder’s needs.

According to Clause 8.8.1 of ISO 18788:

“The organization shall establish, implement and maintain procedures to identify undesirable and disruptive events that can impact the organization, its activities, services, stakeholders, human rights and the environment. The procedures shall document how the organization will proactively prevent, mitigate and respond to events.”


According to Clause 8.8.2 of ISO 18788:

“The organization shall establish, implement and maintain procedures for incident monitoring, reporting, investigations, disciplinary arrangements and remediation. Incidents involving the use of force or weapons, any casualties, physical injuries, allegations of abuse, loss of sensitive information or equipment, substance abuse, or non-conformance with the principles of the Montreux Document and the ICoC, as well as applicable laws and regulations, shall be reported and investigated with the following steps taken, including:

a) documentation of the incident
b) notification of appropriate authorities
c) steps taken to investigate the incident
d) identification of the root causes
e) corrective and preventive actions are taken
f) any compensation and redress given to the affected parties.” 

Introducing ISOLTX

ISOLTX is a system that was developed by CAA in partnership with one of the leading Universities in South Africa to enable organisations with the implementation of Management System or a combination of Management Systems.

ISOLTX measures the health and maturity of the Management System(s), drive performance and certainty and provides combined assurance to Top Management regarding their Return on Investment (ROI)

This is the first and only system globally that:

  • Provides combined assurance,
  • Serves as a repository for evidence
  • Measures the Level of Risk (LoR)
  • Measures the Level of Assurance (LoA)
  • Ensures continual improvement
  • Provides Maturity modelling
  • Creates real-time Gap Analysis
  • Continuous measurement of risk on various levels
  • Enables auditing
  • Is built-in line with the International Project Management Standard as per ISO 21500
  • Provides Dynamic Visual representation per requirement
  • Automatically plot risks on the risk matrix
  • Is fully customizable according to the client’s requirements

Because Incident Management, whether it is security incidents, OHS incidents, compliance incidents, non-conformances, risk identified etc., is a requirement in any ISO, CAA has built an Incident / Investigations Management Analysis System (I2MAS) as a module within ISOLTX.

I2MAS – Incident/Investigations Management Analysis System

I2MAS enables organizations to capture, classify, manage, analyse, report and prevent incidents/events/risks etc. In doing this your organisation better manages risks and provides assurance to top management as well as clients.

With I2MAS CAA provides a Centralised and Coordinated Reporting Structure, specifically designed for your organisation to ensure the reporting and analysis of incidents and investigations.

The I2MAS ensures pro-active and actionable Business Intelligence which is based on the best available information regarding Trend Analysis, Hotspots Analysis, Linking Analysis, Product Analysis, Training, Vendors, Tools and Technology within the industry, as well as identification of Employee Insider Threats (Ethics and Behaviour: King IV).

I2MAS will govern the management and reporting on incident, risks and investigations within your organisation. Further benefits of having pro-active and actionable Business Intelligence is that it ensures that your employees are informed with regards to risks and how to avoid risks. It also assists in driving and embarking on preventative actions/operations.

I2MAS is divided into four (4) sections:

  • Identification
    Here data regarding where and when the incident occurred is captured. The location is then automatically plotted on a map, providing Longitudes and Latitudes.
  • Description
    In the Description section, the incident is categorized in 3 levels and a short description of the incident is captured. Further to this, the capturer will need to describe what immediate corrections have been implemented to start the mitigation process
  • Impact
    Here the value of the loss related to the incident is captured. The controls that are in place are listed and the Internal Control Effectiveness (ICE) for each control is determined. The cost of the controls is also documented to ensure that the organisation are not overcapitalizing. The system then automatically calculates the Level of Assurance (LoA), Level of Risk (LoR), Residual Risk Rating (RRR) as well as the Cost of the Controls vs Value of the Risk (incident)
  • Conclusion
    In the conclusion, the Root Cause Analysis (RCA) needs to be done and an Action Plan needs to be drafted. The incident status can be updated until the Action Plan is implemented, monitored and measured for effectiveness. The person who will be responsible to sign the incident off needs to be identified as well as the email address of the person that needs to monitor the implementation of the action plan.

Any type of evidence eg. Photos, documents, statements, videos, footage etc. can be attached to the incident.

Duty of Care

The principle of duty of care is that the employer has an obligation to avoid acts or omissions, which could be reasonably foreseen to injure of harm other people. This means that you as the employer must anticipate risks for your employees and clients and take care to prevent them from coming to harm.

One way of complying to these requirements and ensure “Duty of Care” is by implementing an Incident Management system. This can be costly and work-intensive.

Crest Advisory Africa has a solution for your organisation.

I2MAS as a Service

If your organisation does not have an Incident / Investigations Management Analysis Crest Advisory Africa will configure and host the I2MAS according to your organisation’s unique requirements. Analysts will load incidents, events, information etc. reported by your organisation, on the system.

The data will be analysed to provide your organisation with pro-active and actionable Business Intelligence.

Monthly/weekly and/or ad hoc Strategic, Informative and Predictive Reports will be created and provided dependent on your organisation’s requirements.

In utilizing the I2MAS offering you will be able to show a definite cost saving in not having to procure an Incident Management System. Your organisation will not incur any configuration cost (CAPEX) and no additional staff needs to be employed to capture, analyse and report on incidents or investigations.

Because Crest Advisory Africa is an independent third party, data will be validated objectively and will not be at risk of manipulation, thus ensuring data integrity.

I2MAS will assist to turn your business around and to increase your Return on Investment (ROI)

Call to Action

By aligning your organisation with Crest Advisory Africa you are aligning your organisation with a global leader in the provision of structures, strategies and collective business intelligence, driving your business to limit losses suffered and becoming a leader in the industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents

About the Author

Helene Blom
Heléne served in the South African Police Service (SAPS) for over 14 years, holding the rank of Captain when she resigned in 2008. Heléne was one of two Security Manager within the Gautrain (Bombela Civil Joint Venture) environment responsible for Risk identification and mitigation during the project, between 2008 to 2010. October 2010 Heléne was appointed as Management Information Systems (MIS) and Investigations Manager for Nedbank. In 2011 she is appointed as the National Security Manager for Standard Bank. She resigned from Standard Bank in 2017 and started as Senior Risk Analyst Manager at RAM Hand-to-Hand Couriers. Heléne has excellent risk, project management, corporate governance, strategy design, business continuity knowledge and experience, allowing her to implement required solutions through workshops, strategy sessions and plan development. Heléne has worked across all levels within organisations (public and private), with reporting responsibilities to the Board, demonstrating her technical and business acumen and well-rounded people skills.