Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

Five Steps to Create a Crisis Management Plan

Noggin

Crisis Management Software

Published May 19, 2021

Crises are a fact of life, whether novel viruses, natural disasters, cyberattacks, or any other form of critical event. What then can agencies and organisations do to prepare?

High on the list of crisis preparatory activities is the crisis management plan – a catalogue of roles, responsibilities, and tasks personnel will perform before, during, and after a crisis.

Not all crisis planning is sufficient, though. Given its importance, it’s imperative to get crisis management planning right.

How to go about it? The following five steps to creating a crisis management plan should help.

Step 1. Conduct a vulnerability audit.

The first step is conducting the vulnerability audit. A multi-disciplinary risk assessment , the vulnerability audit helps organisations identify areas of weakness, i.e., threats arising from normal operations, external events, or just those most common to the industry.

Organisations use this risk assessment to develop a list of potential crises, which they then rank order in likelihood of occurring as well as associated costs of responding.

Step 2. Assemble your crisis management team.

Of course, crisis management planning and readiness efforts are only as good as the personnel tapped to execute them. That is the role of the crisis management team, a cohort of people centrally involved in the creation (then implementation) of the crisis management plan.

What are the relevant roles? It all starts with the Crisis Management Chair.

Amongst the duties ascribed to the Chair, who heads up all crisis operations, is planning for decision making in crisis, i.e., “the process that leads to the selection of a course of action for more than one alternative option.”

Why does crisis decision making matter? When a crisis strikes, it tends to move quickly. Which means quick decisions will be required, in a high-stakes environment (possibly the highest), where information is limited, stress is acute, and scrutiny is intense. Decisions are rarely made in those conditions; and so, they should be practiced ahead of time.

As for the remainder of the core team, best-practice crisis management standards, such as BS 11200, recommend senior managers from the company’s most important business units, such as Finance, HR, Operations, IT, Communications; specialist roles include Log Keeper, Support, etc. (See below).

Best-practice composition of your crisis management team

Best-practice composition of your crisismanagement team graph 2_purple

Step 3. Know when to initiate the plan.

The crisis management team helps to craft the plan, which should be reviewed and approved by the company Board as well as other senior management.

But that response plan is only as good as the activation guidelines it includes. To this end, the crisis management team needs to document all the criteria and indicators they will use to determine whether a crisis has occurred.

In addition to setting activation guidelines, crisis management teams should consider other relevant logistics, such as the chain of command structure for specific scenarios and where to set up your crisis command centre or off-site gathering points in the case of evacuations. In the case of the former, multiple locations might be necessary, including somewhere at headquarters and an off-site setting if headquarters are seriously compromised by the crisis.

Step 4. Include playbooks and scenarios.

Preparing for a crisis means playing the odds. Organisations shouldn’t plan for the worst-case scenario; they should plan for the likeliest events.

To do so, teams should develop individual playbooks (or action plans) for the specific crisis scenarios identified in the (earlier) risk assessment. Like the larger plan, these playbooks should be flexible, responsive modules.

To be actionable, though, these playbooks, as well as the master plan and other documents and policies, must be easy to deploy and refer to during a crisis. Mobile-friendly crisis management software will help.

Step 5. Developing a crisis management plan exercise and testing strategy.

In this risk environment, though, it’s not enough to have an actionable plan if you just set it and forget it. Instead, organisations must make use of the controlled, risk-managed environment of exercises and testing. This environment helps to build familiarity and comfort with the crisis management plan.

In addition to breeding confidence, what other roles do exercises and testing play? Exercises and testing also:

  • Help crisis leaders to identify problems with and solutions to latent issues with crisis management programs and practices
  • Reinforce the culture of crisis competency and the value of exercises and testing

How to go about it, though? Best-practice crisis management testing standards, such as ISO 22398, suggest conducting a needs and gap analysis.

To conduct this analysis, organisations start with a list of questions, which they pose to staff (usually business line heads). Common questions include:

  • Does the exercises and testing plan address requirements for exercises and testing?
  • Can this plan promote consensus with interested parties?
  • Does the plan offer an opportunity to reach and interact with its target group(s) and potentially address their interests?
  • Does this plan provide an opportunity to address multiple issues in depth?
  • Does this plan focus on key issues?
  • Does the plan provide information tailored to the target group(s)?
  • Is this plan practical and relatively easy to implement?
  • Does the plan provide for information transfer at relatively low cost?
  • Is this plan easy to update?
  • Is the effectiveness of this plan measurable?
  • Is this plan a good vehicle for education?
  • Is this plan creating a constructive and supportive atmosphere?
  • Is this plan an effective way to get publicity or increase public awareness?
  • Does the plan conform to the organisation's constraints?

The gap analysis not only helps make the case for a best practice testing program, but it also indicates what kind of exercise (out of the many available options) that that program should be deploying.

Exercises companies might undertake include:

Alert exercise

The purpose of an alert exercise is to test the organisation by alerting the involved participants and getting them to arrive at a designated place within a certain time. It can also be used to test an alert mechanism. This type of exercise is primarily applied to internal staff.

Start exercise

A start exercise usually builds upon the alert exercise, testing how fast the emergency management organisation can be activated and start carrying out their tasks. A start exercise is therefore a means to test and develop the ability to get started with crisis management processes.

Staff exercise

A staff exercise is designed to increase the ability to work with internal processes, staff, and information routines in order to create a common operational picture and suggest decisions.

Decision exercise

A decision exercise is primarily used to exercise decision making process within an organisation, e.g., the ability to take fast and clear decisions on actions and to initiate cooperation between those responsible and stakeholders, under time pressure.

Management exercise

This type of exercise is a combination of alert exercise, start exercise, staff exercise, decision exercise, and system exercise. The focus is often on the roles, organisation, SOPs, etc.

Cooperation exercise

A type of exercise where coordination and cooperation between management levels is exercised. A cooperation exercise can be carried out both, in large and small scales.

A cooperation exercise may consist of: “Vertical” coordination (between national, regional, and local levels); “Horizontal” coordination in a sector where public and private stakeholders participate.

Crisis management exercise

A crisis management exercise simulates crisis conditions and gives personnel the opportunity to practice and gain proficiency in their plan roles.

Strategic exercise

Strategic exercise refers to comprehensive exercise activities at strategic level (e.g., inter-ministerial crisis staff, political-administrative staff, cross-sector and cross-departmental management staff, crisis management organisation of corporate management).

Aims include improving the integrated crisis reaction ability in exceptional threat and danger situations (crisis situations) and developing a comprehensive coordination and decision culture.

Exercise campaign

An exercise campaign is a series of recurrent exercises with a common generic organisational structure.

Failing to plan is planning to fail. And when it comes to crisis, failing to plan is spectacularly costly.

Organisations don’t have to pay the outsized price. By creating, testing, and updating crisis management plans, businesses can ensure better response outcomes, lower legal exposure, higher productivity, and, of course, improved peace of mind.

 


Sources:

Jonathan Bernstein, Bernstein Crisis Management: The 10 Steps of Crisis Prevention. Available at https://www.bernsteincrisismanagement.com/10-steps-crisis-prevention/
Ibid.
Michelle G. Hough and John Spillan, Journal of Business & Economics Research: Crisis Planning: Increasing Effectiveness, Decreasing Discomfort. Available at https://www.researchgate.net/publication/242581268_Crisis_Planning_Increasing_Effectiveness_Decreasing_Discomfort

New call-to-action