Crisis Management is an organization’s process- and strategy-based approach for identifying and responding to a threat, an unanticipated event, or any negative disruption with the potential to harm people, property, or business processes. Being prepared for any event to become a crisis requires a crisis management plan.
Crises can occur at any moment with or without warning, and can take many forms: natural disasters, active shooter scenarios, terrorist events, mass violence occurrences, and even global pandemics. Beyond any immediate threat to people, property, and processes, crises and critical emergency events often yield unpredictable and cascading effects on employee morale, brand reputation, customer satisfaction, and even the supply chain.
Proper planning for critical events includes establishing a crisis management team and developing a crisis management (CM) plan to keep people from harm, maintain business continuity, enable recovery from disaster, and protect assets before, during, and after a critical event occurs. Further, it is imperative that every organization validates and tests its CM plan and deploys the right emergency communications technology to support crisis response across the organization.
How to Assemble a Crisis Management Team
It’s critical for all CM stakeholders to have a holistic, common operating picture and reliable emergency communications to ensure the crisis response plan is executed as designed. CM teams often comprise operations, finance, and human resources personnel, as well as legal representatives. A crisis manager is a pivotal member of the crisis team. The crisis manager directs the organization’s execution of the CM plan and the organization’s public response to the event.
Organizations should recruit CM team members who specialize in a component of the CM plan. An IT team member is well suited to manage any technology components, and a human resources representative is appropriate for handling any employee support following the event. A legal representative and senior leadership member can advise on big-picture perspectives to ensure decisions are not jeopardizing the organization.
How to Build, Evaluate and Test a Crisis Management Plan
A crisis management plan prepares an organization for the unpredictable, defines roles and responses, and minimizes the damage to the organization, its employees, and its customers.
Distributed enterprises and teams can complicate how a crisis team builds, evaluates, and tests a CM plan. The dispersed nature sets up challenges and introduces many distractions to a team responding to an incident or business disruption.
Building a Crisis Management Plan
A timely and precise response to each critical event is essential to minimize the impact of the crisis. A CM plan must prevent delays, missed tasks and assignments, or laggy crisis response times. Even if crises aren’t all digital, “digital-first” is the best way to approach developing a crisis management plan. For example, if the organization has only one physical campus, an on-premises solution could prove a pitfall if the operations center were to become inaccessible.
When building a CM plan, an organization must facilitate communications and coordination that are clear and quick, relying on CM technology that ensures the safety of people, the protection of assets, and the effective recovery of business as usual.
Successful CM plans address five essential topics: people, facilities/critical infrastructure, technology, business, and brand reputation.
People: People are every organization’s most important asset, and enterprises have a duty of care to their employees. Ensure that in every critical event, the crisis team can answer whether lives are in danger, if there is a physical safety issue, and whether there will be an impact on employees, customers, visitors, and vendors. How will they be notified with emergency notifications?
Facilities/Critical Infrastructure: Facilities and critical infrastructure must be checked to ascertain whether they have been impacted by the event or are at risk of harm in the event of a crisis that plays out over time.
Technology: A crisis management plan must cover technology as well. Ask yourself: is there a service disruption, an information security issue, or risk of either? Who is on point for addressing potential or actual failures in technical infrastructure during a critical event?
Business: In a crisis, business processes and activities need to be included in the CM plan. Can the organization still perform mission-critical business processes? Is this crisis affecting customers or having a significant financial impact on the company?
Brand Reputation: In a crisis, brand reputation may seem less of a priority, but that’s why it must be included in the plan. In a crisis, brand reputation is always at stake. How will team members collaborate to respond quickly to prevent any extreme brand-reputation fallout?
Evaluating a Crisis Management Plan
Evaluating a CM plan requires determining whether the components of the plan are necessary and adequate to protect, manage and recover from a critical event, and to assess the feasibility of planned actions.
For example, higher education institutions orchestrating a return to in-person classes amid a global pandemic have entirely new sets of requirements and potential scenarios. The following questions require evaluation to determine whether there are more resources needed and to identify how the intended results will be attained:
- What happens when one person gets sick? What happens when a cluster of people gets sick?
- How do we maintain compliance with regulations requiring timely notifications of illness on campus?
- How are we tracking this reporting and communications data?
- How are we coordinating these communications between Health Services/HR/the student and faculty body?
- How do we monitor the overall operations on campus at all times?
Answering the set of questions above (and so many more criteria) is a necessary step in the creation and evaluation of a crisis management and response plan.
Testing a Crisis Management Plan
Testing a CM plan is a non-negotiable step in validating the plan’s ongoing efficacy. It ensures the CM plan can be executed as designed and reveals any gaps in the intended flow of operations or personnel assigned to the task force. Periodic testing also affirms that no aspects of the plan become obsolete.
A CM plan should be tested against specific scenarios. Simulations of hurricanes, earthquakes, flash floods, utility failures, active shooters, or bomb threats are examples of scenarios to test against. Scenario-based testing will allow the CM team to ensure accurate contact information and scenario-specific messaging is loaded into the CM communications solution and the execution of emergency notifications goes as intended.
Testing a CM plan can identify gaps and enable the organization to account for conditions such as:
- Human error: Crises are high-stress situations. “Shaky finger syndrome” is inevitable in such moments, so it’s critical to ensure the CM team isn’t experiencing the CM plan actions for the first time in a crisis.
- Email fatigue: When employees get so many emails per day that they tune out crisis notification emails, how do you cut through the noise in an emergency event? Try phone notifications.
- The time-consuming nature of emails and phone trees: In a crisis, where every second counts, the answer is to digitize the crisis response actions using defined policies and a tool offering automated, one-click alerts.
- Dispersed workforce: Does your CM plan use a centralized solution that enables communication with all stakeholders through one integrated platform?
When seconds make the difference, any number of minutes spent to regroup, repeat, update, or coordinate is too many. To implement complete crisis management, an automated, end-to-end solution like Everbridge Critical Event Management platform (CEM) covers all the bases: emergency notification, critical communication, risk/situation comprehension, crisis management, reporting, and analysis. The CEM platform automates manual processes, increasing speed and decisiveness, and improving the accuracy of a leaders’ risk assessment and response. It also uses ad hoc data feeds to provide richer intelligence and correlate threats with locations of assets and people, and enabling more rapid and comprehensive incident assessment and remediation.