Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

10 Steps to an Effective Crisis Management Plan

Noggin

Crisis Management Software

Published May 19, 2021

Understanding the nature of crisis is crucial to developing an effective crisis management plan

In developing a crisis management plan, it helps to understand what crises are all about. Simply put, a crisis is an unanticipated event or issue that disrupts the day-to-day operations of your organisation. Depending on its nature and severity, that crisis has the potential to create significant financial, safety, security, and/or reputational harm.

By definition, crises are unpredictable. Companies sometimes get hung up on all of the possible bad things that can happen. When coming up with a crisis management plan, though, you simply can’t plan for every contingency. It’s not practical.

Instead, we counsel starting to crisis management plan for the likeliest crises to strike your company. How to get started? Here are the ten steps we recommend following to develop an effective crisis management plan.

Step 1: Classify crises in your crisis management plan

Cyber incidents have long topped the list of most common incidents. But the COVID-19 pandemic suggests those crises aren’t the only disruptions you have to worry about.

Other likely disruptions include environmental disasters, reputational threats, leadership or governance failures, liquidity or capital problems, etc. More generally, the most common crisis types include the following:

  • Economic
  • Informational
  • Physical (or operational and/or infrastructural)
  • Legal and human resources
  • Reputational
  • Psychopathic
  • Natural disasters

Irrespective of type, crises tend to unfurl in set stages: pre-crisis, crisis response, and post-crisis and recovery. The management of the crisis should also be ordered around those set phases: prevention and preparation for pre-crisis, crisis response, then the evaluation of what went wrong and looking for ways to better improve preparations for next time for post-crisis.

Step 2: Integrate the crisis management lifecycle into your crisis management plan

To be considered fully prepared, your crisis management plan should account for each stage. That entails taking intelligence gathering and constant monitoring as your default mode of crisis management, or approaching crisis management as a lifecycle. Here are the elements of the crisis management lifecycle:

  • The build-up stage, or Prodromal Crisis. Hints of a potential crisis begin appearing in media outlets. At this stage, you should be looking for the repetition of certain trigger themes, repeated messages describing symptoms or precursors to a crisis.
  • The impact stage, or Acute Crisis. One of the crisis triggers has developed into a full-bore crisis. Often the shortest stage in the crisis lifecycle, the impact stage tends to result in the most physical, fiscal, emotional, and reputational damage to a company. Companies can usually expect the most media scrutiny at this time.
  • Chronic Crisis. The company suffers through any lingering effects of acute crisis, e.g., physical restoration, legal action, or public activism. The media will be focusing on blame and responsibility.
  • The resolution stage. The crisis no longer impairs the organisation’s operations or directly impacts the public. The risk at this stage is that the crisis remains latent, with the potential to strike again to even more devastating effects. Teams will also seek to learn what went wrong, conducting after-action reviews and reports.

Step 3: Develop your crisis management plan objectives

Understanding the crisis management stages matters, because it’s during the pre-crisis stage that you’ll undertake the bulk of your crisis management planning. In other words, you’ll be putting in place the processes and procedures to deal with the effects of disruptive incidents. So, what should go into the resulting crisis management plan?

Well, the short answer is it depends. Specifically, your crisis management plan hinges on the answer to a couple of questions:

  • What are your goals?
  • What are your risk factors?

Moreover, before committing pen to paper on your crisis management plan, you need to have a firm grasp of performance objectives. What would constitute success? What are the KPIs you’ll be tracking?

Step 4: Perform a vulnerability audit before drafting the crisis management plan

If you can’t answer those questions immediately, that’s ok. Some of the responses will depend on the results of your vulnerability audit.

The vulnerability audit is a multi-disciplinary risk assessment you’ll undertake to determine areas of operational weakness and come up with solutions to the areas. The purpose of the audit is to uncover current and potential threats in a variety of forms:

  • Those arising from normal operations
  • Those most common in your industry
  • Unexpected external events

Another objective of the risk assessment is to develop a list of potential crises and to rank them in order of likelihood of occurring and associated costs of dealing with the impact. If you’re building a new (or re-evaluating an old) crisis management plan after the conclusion of a crisis, use the crisis post-mortem to inform your risk assessment.

After coming up with a list of objectives and likeliest crisis scenarios, you can proceed with drafting the crisis management plan proper. The plan itself will have to be flexible enough to adapt to multiple situations. In other words, think about creating modules, rather than adopting a one-size fits all approach.

Step 5: Determine the team responsible for drafting and executing the crisis management plan

If you already have a crisis management team, you’re a step ahead. Not completely out of the woods, though. That’s because everyone in the organisation needs to be involved in the crisis management effort, not just your experts.

Indeed, the effort benefits when the entire staff is onboard, whether detecting early warning signs or helping in the crisis response and recovery. As for the team driving the effort, you’ll certainly need C-suite representation, as well as senior managers from the company’s most important business units, including Finance, HR, Operations, IT, Risk, Communications, Legal, not to mention the dedicated Crisis Managers.

A final word: avoid bloating your core team. When crisis strikes, unnecessarily large teams often hinder efficient decision making.

Step 6: Set crisis management plan activation guidelines

An important, but oft-forgotten, step in crisis management planning is pre-defining what actually constitutes a crisis. In other words, how do you know when it’s time to call in the crisis management team?

Here things get murky, because crisis itself is murky. For instance, you won’t trigger your crisis management team to deal with slow-burn issues. But you should document all the criteria and indicators you will use to determine whether a crisis has actually occurred. The case of an active shooter or earthquake might be clear. But when would you bring in the team to handle a more ambiguous reputational crisis?

In addition to setting activation guidelines, consider other logistics, like defining the chain of command structure for specific scenarios and where to set up your crisis command centre or off-site gathering points in the case of an evacuation. In the case of the former, multiple locations might be necessary, especially in this era of social distancing: somewhere at headquarters, in the cloud, as well as an off-site location in the event that your headquarters is seriously compromised by the crisis.

Step 7: Compile contact lists in your crisis management plan

It’s usually the job of HR to compile and update the contact information for all of your employees. That information then gets stored in a people management system. Accessing those systems is difficult in the best of times, much less during an emergency.

And so, we recommend when planning for crises to ensure that your crisis management team has critical information (including emergency contacts,) not just for your employees but also for other relevant stakeholders. Procuring crisis management software that syncs with your existing people management system will make this task exponentially easier.

Along those lines, develop and communicate (ahead of time) the protective actions you’ll take to ensure the safety of your employees, such as evacuation, lockdown, etc.

Step 8: Create a crisis communication plan within the larger crisis management plan

When crisis response goes awry, flawed communication is often the culprit. During a crisis, bad communication can mean any of the following:

  • Withholding too much information from the public
  • Having important internal spokespeople not on message
  • Failing to correct the record
  • Giving too much information to the wrong publics
  • Etc.

Combatting those common crisis communication errors requires planning ahead of time, i.e., developing a crisis communication playbook within the larger crisis management plan. The playbook will include the following:

  • A set of pre-fab messages (including press releases) based on likely crisis scenarios.
  • Designated company spokesperson (usually the CEO) to serve as the face and voice of the crisis response.
  • Instructions for regular media trainings for that spokesperson.
  • A strategy for crisis response on your social channels – procuring a social media monitoring platform helps in this specific regard.

Many smaller organisations don’t have dedicated, in-house PR resources. For the purposes of crisis communication planning, those firms should consider investing in external PR resources. Make sure that once on board, those resources get to weigh in on your crisis communication plan and remain fully abreast of updates.

Step 9: Include other playbooks in your larger crisis management plan

Preparing for a crisis means playing the odds. You don’t plan for the worst-case scenario; you plan for the likely crisis. That’s why teams prioritise crisis communication: every crisis will have a communication component.

In the same vein, you should come up with individual playbooks (or action plans) for the specific crisis scenarios you outlined in your risk assessment. Like the larger crisis management plan, those playbooks should be flexible, responsive modules.

Ensure that these action plans, as well as the master plan and other documents and policies, are easy to deploy and refer to during a crisis. Preferably, they should be available in digital format in your crisis management software platform.

Step 10. Test your crisis management plan, update accordingly

Finally, developing a comprehensive (yet flexible) crisis management plan is only half the battle. You still need to train your team so that they’re comfortable performing the tasks assigned to them. It is through regular training exercises that you identify flaws in your crisis management planning and approach.

First of all, make sure your team feels empowered to tweak the plan as the situation warrants. This is in fact one of your central crisis training goals: appreciating when and how to go off script to get through an active crisis intact.

However, if your team does need to deviate from the plan during training, have them document what they’ve done, why they’ve done it, and the results of doing so. Those findings will be incorporated into the latest edition of the plan.

Additionally, in the case of emergency planning, try to coordinate training with the public safety agencies who’ll be called in in the event of a disaster. Those agencies will be an important part of controlling the emergency, so bring them into pre-crisis planning as soon as possible.

Finally, don’t neglect resource management. You won’t just be training personnel; you’ll also be regularly assessing the capabilities and availability of your (human and non-human) resources. To keep detailed track of all of your resources, consider procuring crisis and emergency management software with resource management capabilities.

To cap: as the saying goes, failing to plan is planning to fail. And in the case of a crisis, planning failures themselves can be spectacularly costly. Don’t pay the price. Follow our ten steps and start creating (or updating) your crisis management plan today.

And if you have a plan, don’t neglect crisis management software that will make that plan accessible to you in a digitised format, perfect for when crises strike anywhere. Not sure what capabilities you need? Download our buyer’s guide to crisis management software.

Download Purchasing Crisis Management Software Buyer's Guide

New call-to-action