When compliance aims drive your crisis planning, they do so to your detriment. I know, sounds a little counter-intuitive, especially when regulators mandate that businesses prepare emergency plans for the workplace.
Here in the US, for instance, OSHA dictates that employers with more than ten workers have written emergency action plans – smaller employers are allowed to communicate their plans orally. Similarly, Australian federal and state regulators also stipulate that employers lay out specific instructions outlining what workers and others at the workplace should do in the event of an emergency. The same goes for WorkSafe New Zealand – not to mention countless other occupational health and safety regulators in advanced economies.
What I’m saying though is just because employers are mandated to have incident plans doesn’t mean that businesses have to approach crisis planning as a simple compliance exercise. But that’s usually how it goes. Too many companies take the box-ticking approach to crisis planning and suffer the unintended consequences. Here’s why taking that posture actually undermines your organization’s core preparedness mission:
For starters, crisis planning solely through the compliance prism gives organizations a pass to leapfrog over the risk assessment phase of crisis planning. Instead of identifying and analysing the most-likely hazards, planners just copy and paste popular crisis plan templates.

There’s nothing wrong with working off of a template. But the evidence shows that carefully customizing plans (even pre-fab templates) to your organization’s specific crisis risk factors is the better practice. Simply copying someone else’s plan might get the job done, but it’ll leave your team uninterested and uninvested in the resulting plan. When that happens, more often than not, plans get shelved, only to be resuscitated, untested, when crisis strikes.
That’s not the only potential pitfall of taking a box-ticking approach to crisis planning either. Sometimes, planners also create laboriously lengthy, overly-detailed plans that address every possible crisis contingency – even the most remote. Those plans certainly satisfy the statutes. But they don’t make for very effective, actionable documents. Verbose, overly prescriptive plans just frustrate the people tasked with executing them – and like pre-fab templates, they end up getting shelved pretty quickly.
What’s the answer? Well instead of developing plans simply to meet regulatory requirements, teams should strive to create flexible modules, playbooks that can dynamically adapt to fast-changing crisis situations. Those plans will be comprehensive in scope without being laborious.
Additionally, crisis plans need be treated as living documents, constantly revisited through routine training exercises. Routine training helps surface flawed assumptions, so you’re better prepared to deal with crisis when it strikes. Re-testing your plan also helps your business prepare for new crisis triggers, as company risk factors change.
So, sure, shifts in regulation might impact planning. But the real moral of the story is that crisis preparedness is a strategic business function and shouldn’t be subordinated to compliance aims. Quit the box ticking, and start conducting careful risk assessments to develop robust, dynamic plans that will actually meet your organization’s needs.
For more content on crisis planning and crisis management, follow @teamnoggin on Twitter