Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

10 Steps to an Effective Crisis Management Plan


Crisis Management Software

Published May 19, 2021

Understanding the nature of crisis is crucial to developing an effective crisis management plan

In developing a crisis management plan, it helps to understand what crises are all about. Simply put, a crisis is an unanticipated event or issue that disrupts the day-to-day operations of your organisation. Depending on its nature and severity, that crisis has the potential to create significant financial, safety, security, and/or reputational harm.

By definition, crises are unpredictable. Companies sometimes get hung up on all of the possible bad things that can happen. When coming up with a crisis management plan, though, you simply can’t plan for every contingency. It’s not practical.

Instead, we counsel starting to crisis management plan for the likeliest crises to strike your company. How to get started? Here are the ten steps we recommend following to develop an effective crisis prevention and management plan.

Step 1: Classify crises in your crisis management plan

Cyber incidents have long topped the list of most common incidents. But the COVID-19 pandemic suggests those crises aren’t the only disruptions you have to worry about.

Other likely disruptions include environmental disasters, reputational threats, leadership or governance failures, liquidity or capital problems, etc. More generally, the most common crisis types include the following:

  • Economic
  • Informational
  • Physical (or operational and/or infrastructural)
  • Legal and human resources
  • Reputational
  • Psychopathic
  • Natural disasters

Irrespective of type, crises tend to unfurl in set stages: pre-crisis, crisis response, and post-crisis and recovery. The management of the crisis should also be ordered around those set phases: prevention and preparation for pre-crisis, crisis response, then the evaluation of what went wrong and looking for ways to better improve preparations for next time for post-crisis.

Step 2: Integrate the crisis management lifecycle into your crisis management plan

To be considered fully prepared, your crisis management plan should account for each stage. That entails taking intelligence gathering and constant monitoring as your default mode of crisis management, or approaching crisis management as a lifecycle. Here are the elements of the crisis management lifecycle:

  • The build-up stage, or Prodromal Crisis. Hints of a potential crisis begin appearing in media outlets. At this stage, you should be looking for the repetition of certain trigger themes, repeated messages describing symptoms or precursors to a crisis.
  • The impact stage, or Acute Crisis. One of the crisis triggers has developed into a full-bore crisis. Often the shortest stage in the crisis lifecycle, the impact stage tends to result in the most physical, fiscal, emotional, and reputational damage to a company. Companies can usually expect the most media scrutiny at this time.
  • Chronic Crisis. The company suffers through any lingering effects of acute crisis, e.g., physical restoration, legal action, or public activism. The media will be focusing on blame and responsibility.
  • The resolution stage. The crisis no longer impairs the organisation’s operations or directly impacts the public. The risk at this stage is that the crisis remains latent, with the potential to strike again to even more devastating effects. Teams will also seek to learn what went wrong, conducting after-action reviews and reports.

Step 3: Develop your crisis management plan objectives

Understanding the crisis management stages matters, because it’s during the pre-crisis stage that you’ll undertake the bulk of your crisis management planning. In other words, you’ll be putting in place the processes and procedures to deal with the effects of disruptive incidents. So, what should go into the resulting crisis management plan?

Well, the short answer is it depends. Specifically, your crisis management plan hinges on the answer to a couple of questions:

  • What are your goals?
  • What are your risk factors?

Moreover, before committing pen to paper on your crisis management plan, you need to have a firm grasp of performance objectives. What would constitute success? What are the KPIs you’ll be tracking?

Step 4: Perform a vulnerability audit before drafting the crisis management plan

If you can’t answer those questions immediately, that’s ok. Some of the responses will depend on the results of your vulnerability audit.

The vulnerability audit is a multi-disciplinary risk assessment you’ll undertake to determine areas of operational weakness and come up with solutions to the areas. The purpose of the audit is to uncover current and potential threats in a variety of forms:

  • Those arising from normal operations
  • Those most common in your industry
  • Unexpected external events

Another objective of the risk assessment is to develop a list of potential crises and to rank them in order of likelihood of occurring and associated costs of dealing with the impact. If you’re building a new (or re-evaluating an old) crisis management plan after the conclusion of a crisis, use the crisis post-mortem to inform your risk assessment.

After coming up with a list of objectives and likeliest crisis scenarios, you can proceed with drafting the crisis management plan proper. The plan itself will have to be flexible enough to adapt to multiple situations. In other words, think about creating modules, rather than adopting a one-size fits all approach.

Step 5: Determine the team responsible for drafting and executing the crisis management plan

If you already have a crisis management team, you’re a step ahead. Not completely out of the woods, though. That’s because everyone in the organisation needs to be involved in the crisis management effort, not just your experts.

Indeed, the effort benefits when the entire staff is onboard, whether detecting early warning signs or helping in the crisis response and recovery. As for the team driving the effort, you’ll certainly need C-suite representation, as well as senior managers from the company’s most important business units, including Finance, HR, Operations, IT, Risk, Communications, Legal, not to mention the dedicated Crisis Managers.

A final word: avoid bloating your core team. When crisis strikes, unnecessarily large teams often hinder efficient decision making.

Step 6: Set crisis management plan activation guidelines

An important, but oft-forgotten, step in crisis management planning is pre-defining what actually constitutes a crisis. In other words, how do you know when it’s time to call in the crisis management team?

Here things get murky, because crisis itself is murky. For instance, you won’t trigger your crisis management team to deal with slow-burn issues. But you should document all the criteria and indicators you will use to determine whether a crisis has actually occurred. The case of an active shooter or earthquake might be clear. But when would you bring in the team to handle a more ambiguous reputational crisis?

In addition to setting activation guidelines, consider other logistics, like defining the chain of command structure for specific scenarios and where to set up your crisis command centre or off-site gathering points in the case of an evacuation. In the case of the former, multiple locations might be necessary, especially in this era of social distancing: somewhere at headquarters, in the cloud, as well as an off-site location in the event that your headquarters is seriously compromised by the crisis.

Step 7: Compile contact lists in your crisis management plan

It’s usually the job of HR to compile and update the contact information for all of your employees. That information then gets stored in a people management system. Accessing those systems is difficult in the best of times, much less during an emergency.

And so, we recommend when planning for crises to ensure that your crisis management team has critical information (including emergency contacts,) not just for your employees but also for other relevant stakeholders. Procuring crisis management software that syncs with your existing people management system will make this task exponentially easier.

Along those lines, develop and communicate (ahead of time) the protective actions you’ll take to ensure the safety of your employees, such as evacuation, lockdown, etc.

Step 8: Create a crisis communication plan within the larger crisis management plan

When crisis response goes awry, flawed communication is often the culprit. During a crisis, bad communication can mean any of the following:

  • Withholding too much information from the public
  • Having important internal spokespeople not on message
  • Failing to correct the record
  • Giving too much information to the wrong publics
  • Etc.

Combatting those common crisis communication errors requires planning ahead of time, i.e., developing a crisis communication playbook within the larger crisis management plan. The playbook will include the following:

  • A set of pre-fab messages (including press releases) based on likely crisis scenarios.
  • Designated company spokesperson (usually the CEO) to serve as the face and voice of the crisis response.
  • Instructions for regular media trainings for that spokesperson.
  • A strategy for crisis response on your social channels – procuring a social media monitoring platform helps in this specific regard.

Many smaller organisations don’t have dedicated, in-house PR resources. For the purposes of crisis communication planning, those firms should consider investing in external PR resources. Make sure that once on board, those resources get to weigh in on your crisis communication plan and remain fully abreast of updates.

Step 9: Include other playbooks in your larger crisis management plan

Preparing for a crisis means playing the odds. You don’t plan for the worst-case scenario; you plan for the likely crisis. That’s why teams prioritise crisis communication: every crisis will have a communication component.

In the same vein, you should come up with individual playbooks (or action plans) for the specific crisis scenarios you outlined in your risk assessment. Like the larger crisis management plan, those playbooks should be flexible, responsive modules.

Ensure that these action plans, as well as the master plan and other documents and policies, are easy to deploy and refer to during a crisis. Preferably, they should be available in digital format in your crisis management software platform.

Step 10. Test your crisis management plan, update accordingly

Finally, developing a comprehensive (yet flexible) crisis management plan is only half the battle. You still need to train your team so that they’re comfortable performing the tasks assigned to them. It is through regular training exercises that you identify flaws in your crisis management planning and approach.

First of all, make sure your team feels empowered to tweak the plan as the situation warrants. This is in fact one of your central crisis training goals: appreciating when and how to go off script to get through an active crisis intact.

However, if your team does need to deviate from the plan during training, have them document what they’ve done, why they’ve done it, and the results of doing so. Those findings will be incorporated into the latest edition of the plan.

Additionally, in the case of emergency planning, try to coordinate training with the public safety agencies who’ll be called in in the event of a disaster. Those agencies will be an important part of controlling the emergency, so bring them into pre-crisis planning as soon as possible.

Finally, don’t neglect resource management. You won’t just be training personnel; you’ll also be regularly assessing the capabilities and availability of your (human and non-human) resources. To keep detailed track of all of your resources, consider procuring crisis and emergency management software with resource management capabilities.

To cap: as the saying goes, failing to plan is planning to fail. And in the case of a crisis, planning failures themselves can be spectacularly costly. Don’t pay the price. Follow our ten steps and start creating (or updating) your crisis management plan today.

And if you have a plan, don’t neglect crisis management software that will make that plan accessible to you in a digitised format, perfect for when crises strike anywhere. Not sure what capabilities you need? Download our buyer’s guide to crisis management software.

Download Purchasing Crisis Management Software Buyer's Guide

New call-to-action