The Incident Management Structure (IMS) is a framework for organizing and managing the response
to a disruptive incident. The IMS defines three levels of management activities: strategic, tactical,
and operational. The strategic level is responsible for setting the overall direction and objectives of
the response, as well as allocating resources and coordinating with external stakeholders. The
tactical level is responsible for implementing the strategic decisions and managing the operational
teams. The tactical level also monitors the situation and reports to the strategic level. The
operational level is responsible for executing the specific tasks and actions required to achieve the
objectives of the response. The operational level also provides feedback to the tactical level on the
progress and issues encountered. Reference:
ISO 22301 Auditing eBook, Chapter 4: Incident Response and Recovery, Section 4.2: Incident
Management Structure1
ISO 22320:2018(en), Security and resilience — Emergency management — Guidelines for incident
management2
