What policy failures/gaps may have led to the incident?
- What can be done to prevent a recurrence? (note: is it preventable?)
- What is the impact, short and long term to :
- Customers
- Employees
- The public
- Stockholders/Stakeholders?
- Is this impact financial, reputational/trust, inconvenience?
- What is the likely cost in $?
- What (if anything) went wrong during the initial response to the incident?
- Are there any deep organizational problems that led to the incident occurring?
- Were there organizational maturity issues that contributed to the likelihood of, or affected the effectiveness of the response to the incident?
- What mitigation strategies can help?