It’s a harsh and inevitable reality: A crisis lurks just around the corner for all organizations.
A well-tested, up-to-date crisis plan is therefore indispensable for ensuring business continuity and brand protection when reality strikes. But some plans are more effective than others, and the more effective ones include these five essential elements:
1. A crisis checklist on page one: “What to do if there’s a crisis.”
Many organizations have elaborate plans that are useless in an actual crisis because users may be impaired in their ability to digest a complex, meandering document. Do they really need to read “A Message From the CEO” while a gunman is loose on the factory floor, of if a fire has knocked out production? Many crises can be traumatizing, impairing a person’s ability to navigate a complex document. The solution is a checklist on page 1 aimed at a designated crisis team coordinator. The checklist enumerates the steps for the team coordinator and the designated backup to immediately take to get the crisis team notified and assembled so the response team is quickly positioned for more deliberative decisions.
2. Constantly update contact information.
Far too often, crisis plans are left moldering on an organization’s shelf with no one having been assigned the task of guaranteeing up-to-date contact information. Nothing could be more frustrating – and potentially damaging to the organization – than not being able to quickly contact and assemble crisis team members and their designated backups while they’re traveling, on vacation, etc. But you’ll also need to have up-to-date contact information for individuals at government agencies, various consultants, key regulators, important reporters, contractors, and so on. Yes, this point is obvious, but it’s too often, and inexplicably, violated.
3. Empower employees.
Employees are the eyes and ears of an organization. They must be formally made aware of their role in identifying and preventing potential or actual crises and knowing what to do if one occurs. In the midst of a crisis they will also provide an invaluable monitoring system for tracking the progress of the organization’s crisis response through the feedback they might hear from customers, suppliers and community members who might be affected by the crisis. Each organization will have its own unique circumstances that will dictate how much of a crisis role to assign to its employees, but employees must somehow be made part of the plan.
4. Categorize the severity of the crisis.
The crisis plan should delineate some basis for the crisis team to gauge the severity of the crisis so the organization’s response is proportionate. You neither want to over-respond to a less severe crisis and bring unnecessary attention to the matter, and likewise, you don’t want to under-respond, which could worsen the crisis. (See my previous blog: A crisis Limps into the ER: First, Do No Harm for more details on how to gauge a crisis’ severity.)
5. Regularly test the plan and the performance of the crisis team.
An untested crisis plan and response team is a major liability, a liability that’s completely avoidable. Regular tests of the plan through simulated crisis exercises are essential for strengthening both the plan and the response team’s skills.
I am especially pleased to see 3. Empower the employees. I have been screaming about this for the last 20
years, and most often get a blind eye in return. The employees are in all of the organization’s physical areas and know how all of the organization’s procedures work. And they also know the weaknesses of all of these. Leave the computer room door open on third shift while you go to the bathroom? Empower employees to identify the organization’s weak points and report them to information security or physical security or whatever you identify as the reporting point. I have been preaching this philosophy for more than 20 years, but no one seems interested. Ask the people who interact with security devices to tell you how they routinely defeat them! And on and on and on! This is our business too.