In this week’s bulletin, Charlie discusses the use of a traffic light system to show the status of an incident and looks at the positives of implementing this system.
For the last two weeks, I have been working in Aruba on a project with a power and water client. Since we have been collaborating with them for several years, we are now looking beyond the basics and refining their incident response approach. One enhancement I’ve wanted to develop—not just for this client but for all clients—is a traffic light system to quickly assess the impact of an incident. This system would indicate which departments are providing full service, which are offering partial service, and which are unable to operate.
In 2020, after the Scottish Environmental Protection Agency experienced a cyber attack, I suggested they use a traffic light system on their website to show which services were fully operational, which were partially functional, and which were not available. I also thought this approach could have helped Comhairle nan Eilean Siar (Western Isles Council) after their cyber attack, enabling them to communicate the status of their services to the public.
For my current client, I first considered this system’s potential after a hypothetical hurricane or extreme weather event. While Aruba has not faced a severe hurricane in living memory, such a system could still be valuable after an event causing widespread damage. It would allow the crisis management team to see which departments are operational, which are struggling, and which are offline. In large-scale incidents, it’s often challenging for the crisis team to maintain situational awareness and to understand the extent of damage and disruption across the organisation. A traffic light system could provide an overall picture of company status: a majority in red would signal a severe impact, amber could equate to operating at the level of your initial RTO, while mostly green would indicate a manageable situation.
The system could be used internally to inform the crisis team of department statuses and externally to show customers what services are operating. If customers see that a service they rely on is marked in red, they’ll know it’s currently unavailable, reducing unnecessary inquiries and helping them understand the situation. However, it’s essential to update the traffic lights regularly—ideally at a set time each day. As services recover, the lights turning green can provide a visible indicator of progress and show transparency without requiring extensive status explanations.
For consistency, each department or service should have a clear definition of what constitutes red, amber, and green. These should be aligned across the organisation, ensuring that one department’s ‘amber’ does not correspond to another’s ‘green’. This system would also assist in less obvious impacts, such as a computer outage affecting specific applications. By using traffic lights, the organisation can show its status at a glance, revealing dependencies and impacts that senior managers might not be aware of.
Below is an example, illustrating how the system might work in practice.
This system could be integrated with other situation reports and maintained on a digital dashboard or a situation whiteboard. Although traffic lights are a blunt instrument, with ‘amber’ potentially indicating anywhere from 30% to 60% operational capacity, they provide an easily understandable status. While not a new idea, I believe this simple tool can greatly enhance situational awareness and support effective response in times of crisis.
