The Gold-Silver-Bronze Command Structure

GOLD-SILVER-BRONZE

The Gold-Silver-Bronze or ‘GSB’ command structure was rooted in and developed heavily by the UK emergency services. It was designed to establish a clear hierarchical framework and operational clarity for the command of major incidents or disasters. It is now used by organisations around the world to deal with incidents. It is a highly effective structure and helps the teams maintain focus during an incident, cyber or not.

What are the Gold-Silver-Bronze Teams?

Gold (strategic):

The Gold Team are your strategic team. They hold responsibility for the handling of the incident and will set the overall strategy for dealing with it. This will include any tactical do’s and don’ts that need to be followed. The Gold Team should not be drawn into making tactical decisions. Their focus stays at a strategic level however they will be responsible for reviewing and ensuring that the tactics being utilised are appropriate and sufficient to meet the strategic goals that they have set.

The Gold Team is usually formed of a group of senior managers or C-Suite.

Some of their responsibilities will include:

  • Assuming overall command and control of the incident
  • Set, review and communicate their strategy
  • Handling the media strategy
  • Report to shareholders if appropriate
  • Appoint someone to act as Chair for the Silver Team
  • Consider the community and wider impact of the incident
  • Define what resources or specialist skills are needed
  • Consider the legal issues
  • Approve the Silver Teams’ tactical plans before they are carried out
  • Lead the de-brief and lessons learned post incident 

GOLD-SILVER-BRONZE

Silver (tactical):

The Silver Team produce and execute the tactical plan for meeting the strategy set by the Gold Team. They will take on the tactical command and control of the incident. The Silver Team is usually comprised of managers from different departments (differing depending on the nature and impact of the incident) who will provide leadership for the Bronze Teams and coordinate support for their effort.

Some of their responsibilities will include:

  • Appointing a Chair for the Bronze Team
  • Set, review and communicate the tactical plan both up and down the command chain
  • Provide updates to the Gold Team
  • Instigate the relevant incident management procedures

When carrying out their responsibilities it is useful for your Silver Team to bear the following questions in mind as they progress through the incident:

  • What are the objectives we are trying to meet?
  • Who should be meeting these objectives (which department)? Do they have the resources to be able to do so?
  • When do we need to meet these objectives?
  • What is the rationale behind the Gold Team’s strategy? Are we meeting that?
  • How are we going to complete the tasks and what barriers do we need to take into consideration?

Bronze (operational):

The Bronze Team will make all the operational decisions necessary to meet the Silver Team’s tactical plan. The Bronze Team is usually comprised of staff who would carry out the recovery operations for that type of incident. Some of the responsibilities of the Bronze Team are:

  • Take operational control of the incident and inform the Silver Team you have declared an incident
  • Have a clear understanding of both the Gold Team’s strategy and the Silver Team’s tactical plan
  • Conduct initial and then on-going risk assessments during the incident
  • Update the Silver Team
  • Keep staff updated and briefed on the incident

Bronze Teams will usually be activated and deployed first. If there is an escalation of the crisis or incident or if the Bronze Team feel the situational awareness requirements have increased then the Silver Team can be activated and finally, if necessary, the Gold Team. In very extreme incidents you can activate all 3 teams simultaneously.

Plans

In your plans you should detail ways things can be escalated up the Gold-Silver-Bronze command structure. If you are thinking about putting a Gold-Silver-Bronze structure in place in your organisation it is essential that you thoroughly introduce the new structure to those concerned and then run an exercise that allows you to test the activation of each team and the communication up and down the chain. This is especially important for the Gold Team as they will now be focused solely on the strategic management of the incident and will no longer be involved in the tactical decisions.

Many organisations that have implemented the Gold-Silver-Bronze structure have found that it allows for far better and clearer decision making and a much faster response.

Get in touch if you have any questions or would like to discuss running an exercise for your organisation.

 

Related Posts

Why Run a Cyber Exercise?

Why Run a Cyber Exercise?

Your company could have the most detailed response plans in the world but if they have not been tested they may well be useless when they are most needed. A cyber security incident is not a good time for seeing if your plans actually work.

Maersk Incident Response

Maersk Incident Response

Fire drills are commonplace. We test the alarms, the evacuation procedures and the fire marshals get to practice their roles. In a cyber attack there can be just as much chaos as with a fire, perhaps even more so. This is why incident response is such an important...