Has Your Organization Considered a Crisis Management Plan?

As an organization, you may have identified risks, severity of those risks, and efforts to mitigate those risks through the combination of a formal Business Impact Analysis, Business Continuity Plan and Disaster Recovery Plan. These efforts are intended to help organizations prepare and continue to operate, in the event that a disruption impacts normal business operations. But has your organization considered or developed a well-defined Crisis Management Plan?

According to the Institute for Crisis Management, only about half of organizations worldwide have a Crisis Management Plan in place. As no industry is immune to a crisis, an inefficient reaction to a crisis can lead to a greater financial impact to the organization.

Therefore, let’s dive into the essential elements of a Crisis Management Plan.

  1. A representative set of planning scenarios
    1. Devise a list of potential emergency situations your organization could face, which may include, but not be limited to: shooter on site, epidemic, bomb threat, major fire, major external terrorist attack, major economic dislocation, infrastructure failure (power grid, Internet, telephone lines, water supply)
  2. A flexible set of response modules
    1. Modularizing elements of a crisis response plan provides flexibility to deal with unexpected or combinations of scenarios, as real crises rarely correlate to planned scenarios. Examples may include, but not be limited to: facility lockdown, police or fire response, evacuation, isolation, medical containment, grief management, as well as external communication.
  3. A plan that matches response modules to scenarios
    1. This is the core plan that links to the response modules for immediate activation. For example, a “shooter on site” crisis should trigger an immediate facility lockdown, a police response, and communication protocols to alert the crisis response team and internal staff.
  4. A designated chain of command
    1. As crises require immediate response, a clear chain of command must be established and well understood through a designated crisis response team with alternate personnel assigned as backups.
  5. Preset activation protocols 
    1. Clear triggers must be defined to activate specific response modules. Alternatively, triggers need established as to when the organization can shift back to normal operations.
  6. A command post and backup 
    1. A location must be allocated to quickly accommodate various forms of communication (Internet, phone, media) for the crisis response team to react. An additional off-site location should be defined in the event an evacuation is necessary.
  7.  Clear communication channels 
    1. A means to effectively communicate to personnel inside and outside of the crisis scenario. Examples include, but are not limited to:  phones, speakers, megaphone, Internet.
  8. Backup resources 
    1. Agreements with external agencies should be considered to provide required resources in the time of crisis. Examples include, but are not limited to:  backup power, food, water, medical supplies.
  9. Regular simulation exercises 
    1. Regular, at least annual, simulation exercises should be conducted by the crisis response team to test the plan’s effectiveness.
  10. Post-crisis review
    1. After each test or significant crisis, lessons learned should be incorporated into the plan to make it more effective for future use.

In summary, the impact to your organization can be decreased by having an up-to-date and actionable Crisis Management Plan, as well as an awareness throughout each layer of your business.

http://www.securitymagazine.com/articles/87191-the-high-cost-of-not-having-an-actionable-crisis-management-plan

http://hbswk.hbs.edu/item/your-crisis-response-plan-the-ten-effective-elements

Please contact us with questions related to developing a Crisis Management Plan and visit the Our Thoughts On blog for more articles.

our thoughts on

array(1) { [0]=> string(2) "11" }
Artificial Intelligence in Higher Education
Why Higher Education Institutions Must Comply with GDPR
Minimizing Higher Ed Risks - Utilizing Internal Audit and Data Analytics
Enterprise Risk Management in Higher Education, and How Internal Audit Can Help
Financial Institutions - Regs on Regs on Regs
RPAs Have a Role in SOX Cost Reduction and Efficiency

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062