As an organization, you may have identified risks, severity of those risks, and efforts to mitigate those risks through the combination of a formal Business Impact Analysis, Business Continuity Plan and Disaster Recovery Plan. These efforts are intended to help organizations prepare and continue to operate, in the event that a disruption impacts normal business operations. But has your organization considered or developed a well-defined Crisis Management Plan?
According to the Institute for Crisis Management, only about half of organizations worldwide have a Crisis Management Plan in place. As no industry is immune to a crisis, an inefficient reaction to a crisis can lead to a greater financial impact to the organization.
Therefore, let’s dive into the essential elements of a Crisis Management Plan.
A representative set of planning scenarios
Devise a list of potential emergency situations your organization could face, which may include, but not be limited to: shooter on site, epidemic, bomb threat, major fire, major external terrorist attack, major economic dislocation, infrastructure failure (power grid, Internet, telephone lines, water supply)
A flexible set of response modules
Modularizing elements of a crisis response plan provides flexibility to deal with unexpected or combinations of scenarios, as real crises rarely correlate to planned scenarios. Examples may include, but not be limited to: facility lockdown, police or fire response, evacuation, isolation, medical containment, grief management, as well as external communication.
A plan that matches response modules to scenarios
This is the core plan that links to the response modules for immediate activation. For example, a “shooter on site” crisis should trigger an immediate facility lockdown, a police response, and communication protocols to alert the crisis response team and internal staff.
A designated chain of command
As crises require immediate response, a clear chain of command must be established and well understood through a designated crisis response team with alternate personnel assigned as backups.
Preset activation protocols
Clear triggers must be defined to activate specific response modules. Alternatively, triggers need established as to when the organization can shift back to normal operations.
A command post and backup
A location must be allocated to quickly accommodate various forms of communication (Internet, phone, media) for the crisis response team to react. An additional off-site location should be defined in the event an evacuation is necessary.
Clear communication channels
A means to effectively communicate to personnel inside and outside of the crisis scenario. Examples include, but are not limited to: phones, speakers, megaphone, Internet.
Agreements with external agencies should be considered to provide required resources in the time of crisis. Examples include, but are not limited to: backup power, food, water, medical supplies.
Regular simulation exercises
Regular, at least annual, simulation exercises should be conducted by the crisis response team to test the plan’s effectiveness.
After each test or significant crisis, lessons learned should be incorporated into the plan to make it more effective for future use.
In summary, the impact to your organization can be decreased by having an up-to-date and actionable Crisis Management Plan, as well as an awareness throughout each layer of your business.