Some major corporations have formal crisis management teams with very experienced employees that have been exposed to various corporate crises throughout their careers. However, a significant number of organizations don’t have any crisis management capability at all. Or, if they have a capability in place, they have a less-than-effective program because of poor planning, ineffective processes or just the lack of knowledge and resources.
In this post, I highlight six steps that will help you and your organization start to develop an effective crisis management program, or update and improve your existing one.
Step 1 – Understand Crises
The very first step in creating an organization that is ready to respond to any emergency is to understand crises and how they may impact your organization. It is important to note that it is not just the role of the leaders to understand what a crisis is, it also very important that everyone, including critical vendors and partners, understands what crises are and how they may impact the organization, its clients, other stakeholders and operations.
Step 2 – Create the Framework and Setting Policy Direction
Before an organization can start to evaluate risk and develop plans, it must first create a crisis management framework (see image below) and set the policy direction which should come from top management.
PAS 200:2011 – A Framework for Crisis Management
Step 3 – Create the Plan
Identify Roles and Responsibilities
Assessing which roles need to be part of the crisis management team and what the responsibilities need to be is a vital step in the overall development of the crisis management capability. Roles and responsibilities should be documented, and team members must have the skills, experience and competence to carry out those roles and responsibilities.
Other key areas within the plan include:
- Horizon scanning process (how do you assess and mitigate risks before they appear?)
- Empower leaders to make decisions (policy from top management stating this is important)
- How and who sets up the command center during a crisis? (also see Step 4)
- Implement an information management process (how will you manage information and create situational awareness during the incident?)
- Integrate crisis management activities with other critical plans such as Business Continuity, Disaster Recovery and Incident or Emergency Response Plans.
- Ensure leaders conduct regular briefings, document the events from the very first moment and ensure everyone understands the common goal that the leader is trying to accomplish.
Step 4 – Develop an Incident Command System
This step is closely linked to Step 3. Some organizations use the Incident Command System (ICS) which is very effective for any size of incident or for preparing a team for any emergency. There are several different systems that all have similar strictures. Having an incident command system increases an organization’s chance of surviving a significant event and can limit the amount of reputation and brand damage. A system like ICS ensures you’re organized before the incident even starts, which saves you time, especially during the early stages of the incident. ICS is a system that scales with the event and can remain in place for long periods depending on the scenario. It can be used for sudden emergencies (fire, explosion, hostile intruder) and it can be used for shouldering issues that can become crises (cyber-attack, insider trading, and ethics violations).
Step 5 – Validate the Plan and Team
The crisis preparedness cycle never ends. It’s on ongoing improvement process that should include the validation of the crisis plan and the team that will manage the crisis. Starting with a tabletop exercise and then increasing the stress testing to functional and eventually full-scale exercises will uncover any gaps, and it will also allow team members to rehearse their crisis management roles.
Step 6 – Implement Changes and Re-evaluate
Like all other business processes, if there are gaps, you will need to make changes and then validate those changes. Annual exercises will help you assess issues and gaps that could arise during real emergencies or during your exercises. Only by evaluating your changes will you truly understand if they will actually work.
Rob is a Principal at PreparedEx where he manages a team of crisis preparedness professionals and has over 20 years of experience preparing for and responding to crises. Part of his leadership role includes assisting PreparedEx clients in designing, implementing and evaluating crisis, emergency, security and business continuity management programs. During his career Rob has worked for the US State Department’s Anti-Terrorism Assistance Program, as a crisis management consultant in Pakistan and Afghanistan where he negotiated with the UN and Pashtun tribal warlords and he served with the United Kingdom Special Forces where he operated internationally under hazardous covert and confidential conditions. Rob was also part of a disciplined and prestigious unit The Grenadier Guards where he served Her Majesty Queen Elizabeth II at the Royal Palaces in London. Rob was a highly trained and experienced infantryman serving in Desert Storm and commanded covert operational teams and was a sniper. Rob has keynoted disaster recovery conferences and participated in live debates on FOX News regarding complex security requirements and terrorism. Rob has a Queen’s Commendation for Bravery.