The Noggin Blog

The Limits of Compliance-Driven Crisis Management Planning: And how to take a dynamic approach to crisis management planning

Posted by The Brain on Nov 7, 2019 3:19:12 AM


Ensuring compliance with regulatory requirements is critical to your business. But crisis and business continuity planning – often mandated by law – shouldn’t be a box-ticking exercise. Unfortunately, too many firms fall into the trap. What risks do those companies face treating crisis preparedness as a compliance-first practice?

First things first: regulatory mandates are ubiquitous. In the U.S., for instance, employers with more than ten workers must have written emergency action plans that specify what workers and others at the workplace should do in the event of an emergency.

Business executives at a meeting discussing a work

That particular requirement, an extension of the broader duty-of-care obligation, is common around the advanced world. And compliance-minded firms know better than to ignore it.

But while those firms must acknowledge their compliance through the development of crisis management plans, the plans themselves shouldn’t be undertaken through a compliance prism. Why? A compliance-first posture only gives organizations license to leapfrog over the vital risk assessment phase of crisis planning – i.e. identifying and analysing the most-likely hazards to occur at the workplace in question – and proceed right to copying and pasting popular crisis plan templates.  

Of course, there’s nothing wrong with working off of a pre-set template. After all, many of those templates take from industry best practices. However, the evidence shows that carefully customizing your crisis plans (even your prefab templates) to your organization’s specific crisis risk factors better prepares you for crisis – so too does integrated crisis management software. On the other hand, simply copying a plan might get the job done in the short term, but at a cost. The price being it leaves teams uninterested and uninvested in the resulting plan. More often than not, that plan ends up getting shelved, only to be recovered, untested, when crisis strikes.

And that’s not the only pitfall of taking a compliance-first approach to crisis planning; there’s also the diametrically opposed approach to the copy-and-paste model. What’s that: creating lengthy, overly-detailed plans that address every possible crisis contingency – no matter how unlikely.

Sure, those plans satisfy the statutes – and then some. However, we here from practitioners that those overly prescriptive plans are simply not actionable. In fact, they often frustrate the people tasked with executing them. Like prefab templates, they end up getting shelved.

So, what’s the answer? Well, instead of developing plans simply to meet regulatory requirements, teams should strive to create flexible modules, playbooks that can dynamically adapt to fast-changing crisis situations. Those plans will be comprehensive in scope without being laborious.

What’s more, crisis plans, even comprehensive, best-practice plans, can’t be treated as static documents. They have to be living documents, constantly revisited through routine training exercises. Those exercises help surface flawed assumptions in the plans before it’s too late. And re-testing the plan also helps the business prepare for new crisis triggers, as company risk factors change.

The moral of the story. Regulation always impacts planning – how could it not? But crisis preparedness is a strategic business function and shouldn’t be a mere matter of compliance. To better prepare your company for every stage of the crisis management lifecycle, start by conducting a careful risk assessment. And for more tips on how to avoid planning pitfalls and develop robust, dynamic plans, download our crisis planning guide.


Download Now


Topics: Crisis Management, Crisis Planning, Crisis Newsletter

Meet Noggin: all-hazards enterprise resilience software.

Thanks for stopping by!

The Noggin software suite provides flexible information management solutions capable of managing all hazards across a wide range of industries, from the smallest complaint to a multi-national emergency. We help organizations handle all hazards, all media, all devices, all processes - in one suite of software products. Organizations across the world rely on Noggin to help them manage disruptive events more effectively and protect the bottom line for their communities and businesses.

Want to learn more? Get in touch:


Subscribe to Email Updates

Recent Posts