If it is your responsibility to control, facilitate or join a team of Crisis Management professionals, you are likely to hit some sizable hurdles should this team not have a strong foundation already in place. When dealing with a large organization with employees from all backgrounds, you will quickly understand, that few people will be as committed to crisis management as you are. Therefore, getting a strong foundation built in the early stages is key.

PreparedEx has spent many years combining experience and knowledge on how each individual Crisis Management Team can build and maintain strong commitment and culture through the whole organization.

If there is one lesson we’ve seen repeatedly, it’s that quick wins will not effectively keep your organization prepared for an event. Even before your Crisis Management Plan is created, build a foundation that stands the test of time.

This first step is a must before your Crisis Management Plan is even designed

Get buy-in from the board and leadership team.

On your journey to building a culture around what you want to achieve, you need buy-in from the board and leadership team. You are adding more time and effort on your objectives if these people are not convinced of what you want to achieve.

Start this process early. It needs to be front of mind when developing processes and plans. Building strong relationships that are built on a foundation of trust, credibility and commitment will help you have a stronger foothold when approaching the board and leadership team.

There may be several reasons that your organization is compelled to develop a crisis management plan and team; critical stakeholder requirement, risk management mitigation, compliance through regulation, previous business interruptions, the list goes on. Regardless of the reason, to make it successful you will need that buy in, and the foundation of that is Policy and Programme management. It’s all very well your Leadership Team saying, “yes we are behind this, yes its important”, but getting them to sign off on the Policy is key. Actions speak louder than words.

Create a policy that works for your Crisis Management goals


The Business Continuity policy is the key document that sets out the scope and governance of the Crisis Management Programme me and reflects the reasons why it is being implemented. It provides the context in which the required capabilities will be implemented and identifies the principles to which an organization aspires and against which its performance can be audited.

The policy will include:

  • The organization’s definition of crisis management;
  • A definition of the scope of the Crisis Management Programme me;
  • Roles and responsibilities;
  • An operational framework for the management of the organization’s Crisis Management Programme me;
  • A set of principles, guidelines, and minimum standards; and
  • Clearly defined budget, audit, and governance responsibilities.


The policy should not be created in isolation and consideration should be taken with regards to 3rd party involvement or other internal response plans.

To avoid duplication of policies it is recommended that the policy will link across tactical, operational and strategy response. There may also be a requirement to link to an external agency from possibly civil defence or emergency services if your organization is actively involved in providing support to these external agencies.

A personal approach to your Crisis Management foundation is essential


Selling what your output will be, what you want to achieve and how you’re going to do it from the top is important, but getting that same buy-in from other key personnel is essential. Having these colleagues aware and interested in what you’re looking to roll out will be something you need to consider while building that foundation.

The small touches can make all the difference.

Although tedious is some cases, it is extremely effective to achieve interest and feedback from the whole organization to help you promote open culture around your communication and programme. A positive task may involve spending fifteen to thirty-minutes with each department manager to discuss your thoughts and plans – let them physically see the direction you’re going.

This will come across as a very personal and positive approach that allows time for questions and ensuring that this person has left satisfied of your next steps and your credibility within this task.

It also means that you can double check on their targets and ensure their objectives are added into your programme.

If you can avoid large group meetings, these department leaders will feel a better connection to what you need to achieve.

Getting employees to read your plan before bed each night is somewhat a dream for us CM professionals. However, they may appreciate and be more compelled to read it if they’re convinced it can help their department.

Rolling out a new programme unexpected and via a one-off, lengthy email is one of the worst moves to building your foundation. If you’ve spent time discussing your programme with all management, there will be little push-back and plenty of interest in the next steps.

Consider a few things before arranging that crucial meeting:

  • What are their own objectives and targets? (How can your plans support them?)
  • What is their schedule looking like over the next two quarters? (Plan time ahead)
  • Are there any individuals already showing an interest in crisis management? (Could you get them to support your project early on?)

Managers and staff are already overwhelmed with Work Health & Safety, Risk Management, IT disaster recovery, the list goes on. It’s crucial to understand how you are going to sell Crisis Management to managers and staff when they are already too busy.

Unfortunately, Crisis Management can work its way to the bottom of the in tray because it’s just too hard for those that don’t live and breathe it like you do. We see plans and implementations fail because they were just too detailed, the secret is to keep it simple.

Getting your executive team to sign off early, demonstrates that this is coming from the top down to the rest of the organization.

Research is key.

Your commitment to remaining prepared and resilient to an event is no doubt second to none, but your goals will vary from organization, department, management, and location.

If you’ve had experience in certain areas before, it’s time to adjust them now. The same goes with how you communicate the plans with the wider employee base. Just as technology constantly changes, so do people. Implementing new plans and having them adopted comes down to how you can adapt them to the organizations wider goals and how you’re going to communicate this to them. Avoid words that imply “this is going to happen regardless”. Instead, focus on receiving feedback, input, and advice (even if you already know the answer).

In some large organizations with a few thousand employees, it may be almost impossible to get time with the C-Suite stakeholders. So, understanding how they work and what they are looking for early on, will support your own preparation when pitching to them. A good starting point are conferences like the International Crisis Management Conference (ICMC)

An opportunity to be a part of a conference of this nature, directly towards your own field is going to provide you with an opportunity to increase your crisis management knowledge, skills and processes through an open and level playing field. Exactly what you should be doing with your colleagues.

Be committed to researching the culture, needs and expectations of separate demographics within your organization and work to cover off their individual goals through your plan.

Vendors should be part of your crisis management thought process


Events can occur far into the future. These events may also not be direct results of business actions, they may be critical vendor issues.

Recently, it came out in World Media that the Australian Defence Force was hacked via a third party critical vendor. The vendors in question were “three tiers below” the Defence Force themselves. Few checks were made on the security of this vendor which resulted in the hack being possible.

For you, it’s worth researching where the critical vendors sit within the operation of the business and what would happen if anything were to change from their end. A Business Impact Analysis (BIA) is an essential process that will facilitate the identification of critical vendors and a way for you to consider what would happen if they either suddenly went away, or failed to match your recovery expectations.

It’s likely your organization already has a BIA, therefore, study it and look at ways to implement it into your programme. Assuming this process was already thought out and awareness has already been built is a poor assumption, you can almost guarantee they have no idea.

Very few organizations take time to contact their supply chain, vendors and contractors to get them involved in the design process. Doing this not only looks extremely positive to your major stakeholders, it also helps you build a fully functioning programme. The relationships you’ll gather here will help on wider organizational planning.

In Summary


Many businesses in the United States have some form of crisis management procedure, unfortunately many of them don’t come with culture and an embodiment of commitment by the stakeholders.

80% of business leaders predict their company will experience a crisis within the next year according to Burson-Marsteller’s communications study. Yet, only 54% of those had some form of crisis programme in place.

In this study, only 28% of staff within the organization knew where the plan was kept. A shocking 7% said they’d actually touched it since the training, yet again reinforcing the need for continuous training.

We’ve seen more major events take place in the last decade that have changed businesses for the worse. Your colleagues need to be convinced of the importance of crisis management early on if, for example, you are looking towards table top exercises in the future or perhaps implanting new technological  features.

You can contact PreparedEx at any time to discuss whether your journey to building a strong foundation is on track. We have professional consultants and trainers prepared to help you get it right.




Rob Burton

Rob Burton

Rob is a Principal at PreparedEx where he manages a team of crisis preparedness professionals and has over 20 years of experience preparing for and responding to crises. Part of his leadership role includes assisting PreparedEx clients in designing, implementing and evaluating crisis, emergency, security and business continuity management programs. During his career Rob has worked for the US State Department’s Anti-Terrorism Assistance Program, as a crisis management consultant in Pakistan and Afghanistan where he negotiated with the UN and Pashtun tribal warlords and he served with the United Kingdom Special Forces where he operated internationally under hazardous covert and confidential conditions. Rob was also part of a disciplined and prestigious unit The Grenadier Guards where he served Her Majesty Queen Elizabeth II at the Royal Palaces in London. Rob was a highly trained and experienced infantryman serving in Desert Storm and commanded covert operational teams and was a sniper. Rob has keynoted disaster recovery conferences and participated in live debates on FOX News regarding complex security requirements and terrorism. Rob has a Queen’s Commendation for Bravery.