Even before the outbreak of the coronavirus, Forrester findings had shown that a full 100 percent of surveyed companies had experienced at least one critical event in the last two years – many firms faced multiple. The impacts of those critical events might now pale in comparison to the ongoing effects of the COVID-19 crisis. Still, the fact remains, organisations must be ready.
Your clients might be more receptive to that message than ever. The question then is: how can you help them build an end-to-end crisis competency in this moment? We have some ideas. So, do some of our partners.
Traditionally, international standards have been the source of best-practice findings for client advisors. And the International Organisation for Standardisation (ISO) has indeed put out multiple, useful, management system standards in the all-hazards space, including ISO 22320 for emergency management, ISO 22301 for business continuity, ISO 27001 for physical security. However, the body’s ISO 22398 societal security standard is limited in scope to crisis exercises and testing, only one aspect of the fuller incident and crisis management lifecycle.
Instead, British Standard, BS 11200:2014, provides in-depth, best-practice guidance for crisis management. What does BS 11200 do, exactly? The standard “sets out the principles and good practice for the provision of a crisis management response… [with the intention] to aid the design and/or ongoing development of an organisation’s crisis management capability.”
Further, the standard summarises the core areas of crisis management, setting up themes and key areas that organisations should consider when building or enhancing their crisis management capability. Specifically, it covers core concepts and principles, crisis leadership and decision making, crisis communications, and training, exercise, and learning.
Importantly, the standard isn’t prescriptive in the way that other standards and specifications can be. Written for business owners and managers, it details what capabilities your clients need in order to consider themselves crisis-ready; your clients might have those capabilities already or need to build them out further.
Intended for senior executives and crisis leadership at your client’s organisations, the British standard helps firms recognise the risks, so as to develop contextually-relevant crisis management programs and a core crisis management competence – defined as the developed capability of an organisation to prepare for, anticipate, respond to, and recover from crises.
The core crisis management capability (envisioned by the standard) entails “a forward-looking, systematic approach that creates a structure and processes, trains people to work within them, and is evaluated and developed in a continuous, purposeful, and rigorous way.” To that end, the standard provides guidance for the following:
- Understanding the context and challenges of crisis management
- Developing the organisation’s crisis management capability through planning and training
- Recognising the complexities facing a crisis team in action
- Communicating successfully during a crisis
Plans, in particular, are at the top of your client’s minds in this crisis moment. So, what’s the standard’s read on crisis-preparedness via best-practice planning? For one, the standard argues that crisis management plans (CMPs) should be as concise as possible. The standard also counsel that the document itself should lay out the following:
- Who has authority and responsibility for key decisions and actions in a crisis
- Key contact details: how staff are to be contacted in the event of a crisis
- Crisis communications (internal and external)
- The activation mechanism for a crisis and how it works in practice
- Details of levels of response across the organisation (i.e. who is to be contacted for what level of a problem) and flow chart showing the sequence of actions
- The structure and role of the CMT and what is expected of it
- Where the CMT is to meet (with alternative locations) and what equipment and support are required
- Key templates (such as CMT meeting agenda and logbook)
- Log-keeping guidance
- A situation report template which is to be used across the organisation
How, then, do you take these best-practice learnings into your COVID-19 client engagements? Some of our own Noggin partners have been on the frontlines. So, let’s hear what they’ve done:
Matthew Harper of Resilient Results supports Community Services #1, a key provider of community services to the elderly and young in Canberra’s South by enhancing their business continuity plan by written COVID action plans for managing their services.
Ben Scheltus of Continuity Matters helps clients address the business continuity challenges by recommending they focus on staff welfare and prioritise the organisations’ most important activities wisely.
Chris Liddell of GoSourcing offers an accelerated 5-day COVID-19 business and technology transformation framework to help companies adapt and survive the immediate crisis and evolve to succeed in the post crisis environment.
Nicholas Owens of Sefiani Communications Group observes organisations grappling with communication challenges through the COVID-19 crisis. To help, they have put together a list of easy-to-use solutions including remote-based media interview skills and message delivery training with an updated media policy as well as managing COVID-19 crisis response using Noggin Epidemic Response Module.
Campbell McKenzie of Auckland-based Incident Response Solutions is assisting its clients by providing crisis expertise and resources, focussing on technology and cyber risks. Resources include critical cyber security information, templates and incident response tools. With incidences of COVID-19 related cyber scams already well established, he is also assisting clients respond to attacks where a loss has occurred, in a forensic manner that will withstand any future legal proceedings.
Gavriel Schneider of Risk 2 Solution Group sees the real value in helping their customers prevent, plan and prepare, respond and recover from unexpected crises & events and minimize business disruption through effective business continuity planning. For him it is especially relevant and important in unexpected events like the COVID-19 pandemic. His Evaluation and Business Continuity Services – in the packages Compliance, Resilience and “Presilience” – includes a range of remote-delivery options that should effectively manage the complexities future proof organisations in the event of a pandemic or related crisis.
Steven Dujin of Cyber Risk Assurance takes a deeper step into organisations in his statement: “It is incumbent on directors, Boards, business owners, responsible office holders and senior executives to understand the short- and long-term impacts of crises and especially the COVID-19 pandemic on their business, their clients, their stakeholders, their shareholders and their supply chains. A heightened level of risk awareness, insight, foresight and mitigation is required to both survive the current economic downturn and to prepare for the ‘new realty’ when conditions improve.” Cyber Risk Assurance’s holistic business approach to identifying, addressing and mitigating against critical risks can help organisations achieve a higher level of risk resilience. Combined with Noggin’s solutions Steven provides critical help to organisations to enhance their crisis risk management capabilities to take proactive action to protect their businesses and provide effective crisis risk mitigation frameworks now and in the future.
Lloyd Bromfield of Citadel International goes into a similar direction with his analysis and ideas how he can accompany his clients moving forward: “We’re advocating the establishment of a ‘COVID-19 Taskforce’ within each organisation, provided with sufficient resources to operate effectively. We recommend creating work streams that consider customer and stakeholder engagement, workforce protection and support, supply chain stabilisation, quality of service delivery, and financial impacts. It is vital that a sustainable tempo is set and maintained as endurance will be a key factor to survival. For immediate application but also looking towards the future, we recommend staff of all levels seek to identify and assess points of failure – people, processes, technology – that have put the company at risk. Staff should be encouraged to think innovatively and flexibly to overcome identified issues, if not immediately, then when things eventually get back to normal. It is vital to manage fatigue, and cross-train at least two people for each strategic response role.”
Finally, technology can also be a complement to your COVID-19 advisory work. And that’s where we can be of help. Our partners can request free access for their clients for up to 50 users for as long the pandemic lasts. Please ensure to add the partner company name in the field “Promo Code” when registering on www.noggin.io/epidemic-response-module.
To learn more about adding risk advisory around the Noggin 2.0 Integrated Safety and Security platform, please reach out to the partnership team on firstname.lastname@example.org.