fbpx

Business Continuity and Crisis Management Consultants

You are here: Home / Expertise / The Ultimate Guide to Crisis Management

Last Updated:  January 23rd, 2023

This article explains everything you need to know about Crisis Management.

You’ll learn what it is, why it’s essential for your organization, how to prepare for a crisis, how to respond when a crisis happens, and how to recover and learn from a crisis after it is over. We’ll also provide some perspective on where to learn more about crisis management.

What is Crisis Management?

A basic definition of crisis management is that it defines the way an organization handles negative events that potentially disrupt or harm the organization.  A crisis could impact the organization itself, its employees, the stakeholders of the company, or the public itself.

Threats to an organization can come from all angles.  It could involve a product recall, a natural disaster, a threat of terrorism, a data breach, or a ransomware attack. The crisis could be due to a technology outage or data breach, corporate misconduct, violence in the workplace, corporate misconduct, or even a reputation management campaign.

Crises almost invariably create damage to a company; it is the extent of the damage that matters. Having a solid crisis management program, including a crisis management framework and plan, can help your company respond quickly, ensure the safety of your team, mitigate damage, and get your operations back up and running quickly.

Crisis Management is the process of ensuring that your organization is prepared for potential disruptions, has a process in place to collaborate and communicate during a critical moment, and has a defined process to manage short and long-term recovery efforts.  Finally, a defined process to capture lessons learned from the crisis and use those lessons to improve your preparedness for the next disruption.

At the end of the day, the goal of crisis management is to have a system in place that effectively addresses the coordinated response, resources, and internal/external communication requirements before, during, and after the critical moment.  How you accomplish these tasks will impact your organization’s reputation and recovery.

Successful crisis management begins with identifying possible negative events and creating a plan for response, resources, and communication. The goal is to be effective in managing all aspects of the crisis to assure the long-term success of your business.

Crisis Management is an important component of an overall Resilience strategy

Crisis Management is important to an organization, but in our minds, it’s just one component in an overall resilience strategy for an organization. We believe there are fundamental components that every business should have in place if they want to make good on their overall resiliency imperatives.

According to the International Standards Organization (ISO), organizational resilience is:

“The ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper.”

But like a lot of standards-based definitions, this leaves a lot to read between the lines.

At Bryghtpath, we think of resilience as a group of capabilities that supports an organization’s ability to solve big problems, continue operations, protect its assets, and most importantly, protect its people.

On a practical level, this is achieved with basic blocking & tackling—implementing certain key components in a logical way to prevent, plan for, respond to, and recover from disruption.

These core components consist of:

Implementing a full-blown resilience strategy from scratch is a tall challenge. We’ve written extensively about thinking through a resilience strategy for your organization, how to prioritize efforts, and working around roadblocks that may get put into your path in our article What is Resilience?

The Value of a Business Continuity & Crisis Management Program

We always advise crisis management professionals to have a well-rehearsed elevator pitch for explaining the value of their program to the broader organization; you should be willing and prepared to take advantage of every opportunity to explain and advocate for your program.

Here are some of the ways that we explain the value of a business continuity & crisis management program to help our clients win over their internal stakeholders:

  • Investing in crisis management demonstrates that you value your people: Not only will you better protect human life and safety; you’ll also position your team to respond more quickly to recover, protect, and recover your organizational assets during and after a crisis. Your employees are your most important crisis management tool and investing in their well-being and safety will undoubtedly pay dividends during your next crisis.
  • Crisis Management protects your organization’s most important assets: When done right, your business continuity & crisis management program should provide a structured process for identifying your organization’s most important assets and implementing a plan to hedge against the potential loss of or damage to those assets.
  • Investing in crisis management protects your reputation and elevates you over the competition: It can take decades to build a reputation but only minutes to destroy it. When the next heatwave shuts down the power grid, you don’t want to be the hospital that’s forever remembered for its patients dying from heatstroke.
  • Your business continuity & crisis management program helps your organization meet its compliance obligations: Business continuity & crisis management best practices often reflect the demands of regulatory and compliance obligations. As a result, investing in your program is also an indirect investment in helping to meet your compliance obligations. In addition, in many instances, ensuring operational continuity is an explicit regulatory imperative. PCI for payment processors and HITRUST, EHNAC, and DirectTrust for patient health information are just a few examples.
  • An effective business continuity & crisis management program helps you identify and mitigate risk: A strong business continuity and crisis management program is rooted in identifying and preparing for specific risks, which inevitably helps your enterprise risk management team and other risk-focused teams on their mission of anticipating and avoiding those same risks. These teams also share many of the same stakeholders. So it’s no surprise that companies whose risk management and business continuity teams work together closely in a bone-building synergy create enormous value for their organization.

We’ve written extensively on the value of business continuity & crisis management programs.  Some of our best articles on the topic include What’s the Value of Business Continuity:  Beyond ROI, How to talk with your CEO about Business Continuity, Making the Case for your Business Continuity Program, and 10 Tips for framing your case for Business Continuity to Executives.  Don’t let the references here to Business Continuity scare you away – in these articles we’re talking holistically about crisis management & business continuity as two parts of an overall resilience strategy.

What does effective crisis management look like?

During our time working in crisis management over the past three decades, we’ve seen all sorts of Crisis Management frameworks & crisis management plans.  One of the things we’ve learned is that there is a vast gulf between effective and ineffective plans. We’ve seen a number of crisis management plans that stretch into the 200-300 page range – almost without fail, these plans are ineffective.

Leaders need to recognize the difference between what looks good on paper and how crisis management planning fits into the big picture of their organization’s resilience.

Well planned and facilitated exercises and the after-action process from both exercises and actual crisis activations will often help leaders understand how effective their crisis management process will be in the future.

Here are a few indicators and measurements to look for to gauge the effectiveness of a crisis management process:

  • A fast-moving, rapid-response-oriented process: Fast response is a process involving both damage control and mitigation. That response cannot occur without a plan in place as well as qualified and dedicated people to carry out the plan.
  • Clearly defined roles and responsibilities: The organization must have subject matter and technical experts whose authority matches their responsibilities in reacting to crises.
  • A knowledgeable, effective, and well-organized crisis management team ready to convene, react, and resolve the crisis quickly. The team must be led by a trained incident leader and assisted by a professional crisis management staff or consultant.
  • single source of internal and authentic information that is published with regular updates: Public information policies and information release authority need to be spelled out and within the responsibility of a qualified individual.

These are just a few indicators and measurements that a leader could review to help understand the effectiveness of their crisis management program, framework, and plans.  We’ve written a longer article on this topic that you may find helpful:  What does effective crisis management look like?

Crafting a Crisis Management Framework & Plan

Your crisis management framework lays out your underlying philosophy, a framework that will make the various parts of your crisis management program work together. A consistent framework across your organization describes how you will make, communicate, and execute decisions. Think about your governing approach now–a crisis is no time for confusion or making things up on the spot. Crisis management aims to plan for an effective coordinated response, with the resources available, and internal and external communication requirements during and after the crisis.

Some basic considerations for laying out your Crisis Management Framework include:

  • When is it a crisis?  A primary consideration is what constitutes a crisis and who declares it. Crises often start as minor problems in a functional area. Often functional groups can contain and solve issues before they expand. If not, a crisis team may step in, and they may solve the problem.
  • Levels of Response.  Not every incident requires the same level of response. Your escalation protocol will determine the triggers for activating different responses and what those responses include. For example, when human safety is imperiled, you need an immediate response team to address physical injuries or fatalities.
  • Determining a Battle Rhythm.  A battle rhythm is a schedule that frames response activities, such as internal and external reports, status meetings, and even meeting length. It supports the crisis team in issuing regular updates, even in rapidly-changing situations
  • Defining the Crisis Team.  Before anything else, you need to create a crisis management team with clearly defined roles and responsibilities and escalation pathways to senior executives. Gather the team and assign roles before you start discussing crisis management measures. Make the team cross-functional so you have expertise from all your critical functional areas. We’ll talk more about the Crisis Management Team later in this guide.
  • The Role of the Crisis Team Leader.  The crisis team leader’s sole responsibility is managing a crisis response process and making decisions on the spot. Also called the Incident Leader or Crisis Leader, the crisis team leader should not be an executive. The executive is busy making strategic decisions for the business and communicating with the company and as needed.

Think of the Crisis Framework as the foundational element of your program. For further insights, our article How to Craft your Crisis Management Framework and Managing Uncertainty Episode #59 – All Roads lead to one – Crisis Management Frameworks may be helpful to you.

You can also check out the Bryghtpath Crisis Management Framework, which is the starting point for many of our Crisis Management engagements. A free 4-page PDF can be downloaded that contains a good starting point for a crisis framework. The download includes a crisis management program “placemat”, an organizational view of a crisis management framework, crisis severity levels, and more.

Once that is in place, we layer on the Crisis Management Plan – which brings in the level of detail that you need in order to bring your Crisis Management Framework to life.

When you start creating your plan, the first thing to remember is that you aren’t breaking new ground. Resources exist to help you. Business continuity standards already outline what to consider in your business continuity or crisis management plan. The basics of a plan boil down to this: you can go a long way to ensuring a fast, successful response by recognizing the essential role of crisis communications and by crafting a detailed plan that states who does what and in what order.

As you develop your plan, here are some key points to keep in mind:

  • Focus your Plan.  No one is going to sift through a 200-page binder in a disaster. Be detailed, but also be precise and concise with your instructions. You can’t cover every possibility. Therefore, cover the most likely crises.
  • Assess Critical Functions and Risks. You’ll know your organization’s top threats through risk and the business impact analysis (BIA). But before your team starts those reviews, they should read the organization’s vision and mission statements. Why is everybody there? What are the real purpose and aims of the organization? Understanding overarching goals will help define both the aims of crisis management and the approach.
  • Define the Plan Scope. Start your document by defining the plan’s scope, so everyone is clear about what assets the plan covers. Include assumptions about support for crisis mitigation activities to reduce surprises around missing equipment, contractors, or other resources.
  • Describe how to Activate the Plan. Note how to activate the plan and assemble the team or teams. If you establish an alternate command center, detail its location and capabilities. Activation and relocation criteria depend on your crisis severity levels.
  • Specify your Severity Levels & the Crisis Life Cycle. If you have not already determined this in your policy, decide on crisis severity levels. A warehouse fire that traps three employees is not the same as a water pipe that leaks into your reception area. Therefore, document who can escalate your response and the criteria for escalation. Include a diagram of your crisis escalation path. A diagram helps employees determine at-a-glance who they must contact and consult.
  • Define Roles & the Chain of Command. At a minimum, you must document what roles assume crisis management duties. You should establish clear roles and responsibilities in your crisis management plans. Consider naming responsible individuals and providing their contact information. One business continuity standard, the ASIS International Business Continuity Guide, goes so far as to say that “Personnel used for crisis management should be assigned to perform these roles as part of their normal duties and not be expected to perform them on a voluntary basis.” Delegating responsibilities saves time in a crisis.

Solid internal and external communications are critical to surviving a crisis. A dedicated crisis communications plan outlines priorities and messages before problems strike. You implement your communications plan when the situation starts, but you’ll develop additional messaging for the specific crisis.

During an event, you’ll want to communicate with customers, employees, stakeholders, third parties, and others. Define who these are in your communications plan. You’ll also want to monitor media coverage to ensure they deliver the correct message to the public. Planning ahead gets your team thinking about media outlets and personalities involved.

Diagrams, charts, and other clear visuals help people understand information quickly. People like checklists and work instructions with brief, clear steps. Checklists can also provide an audit trail to prove that employees followed procedures.

In addition, whether you create a Word document, a PDF, a Google Doc, or use another word-processing or publishing platform, consider making the items in your table of contents active, in other words, hyperlinking your table of contents listings to the corresponding topics, checklists, and appendixes. These links will save people from having to scroll through a document while they’re rushed and stressed.

Our detailed article How to Craft a Focus Crisis Management Plan may also be helpful to you as you devise your organization’s Crisis Management Plan.

You can also get the exact Crisis Management Plan Templates & other resources that we use here at Bryghtpath here on our website.

The Crisis Leader

A key part of your Crisis Management Team is the Crisis Leader, or sometimes called the “Incident Leader” or “Incident Commander”.  This is the individual that coordinates your organization’s response to a major disruption.  It’s their role to lead your Crisis Management Team and guide your crisis management team to a consensus where possible on major decisions.

The Crisis Leader is a critical role and one that requires a very strong set of leadership skills. Here are a few of the ones that we think are the most important:

Cross-functional Leadership: During an incident, the team leader must be able to lead and communicate the appropriate messages amongst all channels—up to senior leadership, down through various silos, and horizontally to coordinate the activities of various company components.  The Harvard NPLI program refers to this as “leading across“.

Perspective: A good crisis leader must have the ability to think strategically and tactically at the same time. They can see the big picture and account for external influences on the situation, while also working on highly practical and simple solutions where needed.

Extraordinary Situational Awareness: The crisis leader must possess keen situational awareness and have the ability to pivot quickly in response to changing circumstances and needs.

Extraordinary Self-awareness:  Your response as the crisis management team leader sets the tone for how your team and others respond throughout the crisis duration. As a grounding force for your crisis management team, and the entire organization, you must remain calm and unflustered in the face of a highly charged situation.

If you don’t have a dedicated team or roles for crisis management, strong business leaders with the skills defined above often make excellent crisis leaders in any size of organization.

There are a number of options for additional training that can help provide additional education and experience for newer crisis leaders as well.  Some options include:

  1. Training and exercises are invaluable to both you and your team in building the muscle memory needed to respond effectively to an incident. In particular, debriefing past incident responses (whether your own or others) can help you learn from the mistakes of others to identify strengths, weaknesses, and best practices.
  2. Formal leadership training programs are another option. Many provide good training at a highly practical level but often fall short when it comes to addressing leadership training. The Harvard National Preparedness Leadership Initiative (NPLI) program is one with which we have personal experience and know to specifically approach crisis management training from a leadership training perspective.
  3. Good old-fashioned book learning is another way to augment your learning if time and resources are more limited. Although there are many books to choose from, we’ve found Emotional Intelligence 2.0 by Travis Bradberry & Jean Greaves and You’re It: Crisis, Change, and How to Lead When it Matters Most by Leonard J. Marcus et. al to be particularly excellent.

We’ve written a detailed article on the role of the Crisis Leader that provides additional context and insights that you may find valuable:  Suiting up for a Crisis, Part I:  The Crisis Leader.

The Crisis Management Team

The Crisis Management Team, or “CMT”, is the cross-functional team within your organization that activates in a crisis and manages the day-to-day, hour by hour, response activities during a crisis that impacts your organization.

In a way, they’re the team that runs into the metaphorical burning building and helps put out the fire.

Prior to a crisis impacting the organization, the CMT participates in discussions and activities calculated at improving your organization’s overall preparedness. These might include:

  • Participating in developing plans for potential disruptions
  • Integrating incident management processes that exist today in their area(s) of day-to-day responsibility into the crisis management process
  • Regularly participating in exercises, such as tabletops, simulations, and other scenario-based training to build muscle memory for future crisis situations, and
  • Leading efforts within their specific day-to-day jobs to better prepare your organization for disruption.

During a crisis, the Crisis Management Team activates and provides both their subject matter expertise from their day-to-day roles and their view as a leader in the organization throughout the crisis management process.

This often looks like:

  • Representing their organization within CMT meetings and calls
  • Providing updates regarding conditions, progress, challenges, and requests from their respective area, as well as providing key information to inform the executive briefings
  • Providing candid feedback and advice and pushing the team towards decisive decision making during the overall crisis response
  • Fulfilling any role requested by the Crisis Leader, including wearing multiple hats during an activation to ensure an effective response

Like the role of the Crisis Leader, a member of the Crisis Management Team should possess skills and capabilities from a leadership perspective that aren’t necessarily easily taught but are essential to success on the team.  These include:

  • Subject matter expertise in your specific area of operations
  • Perspective to think strategically and tactically at the same time
  • Extraordinary situational awareness and the ability to pivot quickly as needs change
  • Performing well under pressure
  • Being a team player and demonstrating a willingness to actively participate in all aspects of the crisis management program, including preparing, practicing, responding, recovering, and learning
  • The ability to work collaboratively to represent your function within the crisis management team and then represent your function on the CMT back into your organization.  Collaborative decision making and leadership is the lifeblood of the CMT.
  • Cross-functional leadershipor the ability to lead both vertically and horizontally across your organization

We’ve written an in-depth article on the role of the Crisis Management Team that provides additional insights:  Suiting up for a Crisis, Part II:  The Crisis Management Team.

Key roles on a Crisis Management Team

Typical functions and organizational elements of the Crisis Management Team are:

  • Crisis Leader
  • Administrative Support or Scribe
  • Human Resources
  • Legal
  • Risk/Compliance
  • Facilities
  • Finance and Administration
  • Information Technology
  • Project Management
  • Corporate Communications and Marketing
  • Operations / Lines of Business

Our in-depth article How to set up a crisis management team goes into more detail on the typical roles within a Crisis Management Team and how to go about establishing the team.

Two Critical Parts of your CMT: Human Resources & Communications

There are two areas in every organization that are often not well integrated into the Crisis Management Program, yet in our opinion are two of the most important parts of your team.

That’s Human Resources & Communications.

Human Resources

Human Resources exists to support your employees – and, in a crisis, they’re even more important to ensure that your team is being taken care of.  Employees need to be assured of their basic safety and security before they can commit bandwidth to your organization’s crisis response.  That means that they may need guidance and support in navigating benefits, scheduling adjustments, accessing state and federal aid, and getting help for immediate and long-term physical and mental needs.

When we’re working on developing a crisis management framework & plan for a client, here are some roles for Human Resources that we often establish in our work:

Before the Crisis:

  • Prepares a plan to communicate with employees and retrieve important employee records when normal channels of communication may be interrupted
  • Arranges contingency plans for payroll, benefits, and claims processing
  • Helps the crisis management team understand how legal, compliance, and bargaining obligations impact the crisis planning process
  • Develops plans to secure human capital and intellectual property in the face of an adverse event that could drive employees to competitors

During the Crisis:

  • Ensures employee wellbeing issues are being addressed by providing quick access to employee data, such as next of kin, and employee assistance through various programs
  • Supports employee relations and issue escalation
  • In charge of crafting and distribution of emergency employee notifications
  • Works with appropriate teams to coordinate a roll call to determine the whereabouts and status of employees, contractors, other workers, and visitors, and brief the crisis management team on status
  • Proactively intervenes to assist with employee morale
  • Together with line managers, monitors morale and advise the crisis management team on employee matters of concern
  • Provides regular briefings to the family of a victim(s) on the progress of the incident and arranges the timing and content of such briefings

After the Crisis:

  • Arranges the provision of appropriate assistance and welfare for impacted staff and families
  • Ensures that crisis counseling and mental health service are accessible to employees

We’ve written an extensive article about the Role of Human Resources in Crisis Management that provides additional insights, lessons learned, and context that may help you ensure your HR team is fully integrated into your crisis management program.

Communications

Every crisis, big or small, has a communications element.  You may need to communicate to employees and to your broader leadership team, but often you’ll find yourself communicating to many different distinct audiences across multiple platforms – including social media. Each of those communications needs to be tailored specifically to the needs of the audience for which it is intended and pushed out through the appropriate vehicle.

That’s where your communications team comes in. Managing your organizations reputation – or even your brand – is what they’re here to do.

And sometimes, the crisis itself is a result of a reputation management challenge.

We believe that every organization needs to have a strong crisis communications strategy in place that is practiced as a part of your exercise strategy for Crisis Management.

What does that mean?  Here are a few elements that we look for:

  • Activation and Escalation thresholds: Know when to declare something a crisis and activate your first line of response. Determine what constitutes a low, medium, and high impact crisis, what triggers each level, and how your response (and leadership involvement) evolves.
  • Policies: Make sure policies are current, easy to understand, and consistent. Issues can arise when employees follow outdated or miscommunicated policies. In particular, help employees understand your news media, social media, and other policies that involve supporting their rights while clarifying company expectations.
  • Processes: Create clear and specific processes for how crises will be handled. Good processes aren’t limiting; rather, they free up people’s time and energy to focus on recovering from the crisis. Make sure processes include expedited approvals, ways to keep your executive committee and board informed, and how crisis team members will communicate and collaborate.
  • People and Teams: Like processes, clear roles and responsibilities are critical so people can work as effectively as possible. This includes everyone from your CEO, to designated approvers and working groups, to who keeps the meeting minutes and communication log. Outside of formal roles, leverage the diverse perspectives of employees and internal resource groups. Many companies reduced their workforce in 2020, so regularly look at key contact lists and make sure they are up to date and reassign roles as needed.
  • Communications: You can develop an extensive internal and external communications framework in advance to expedite crisis response. Key messages, templates, creative, contact lists, spokespeople, and preferred channels can be built (and approved) ahead of time. This will shorten development time when you’re in the crises and increase the speed and clarity of your response. Also, take this time to audit your internal and external communication channels for inconsistent or outdated information.
  • Technology and Vendors: Know which services you may need to activate and have those relationships in place. This could include additional support or (literal) bandwidth for your web sites, contact centers, media monitoring, customer research, legal team, and more.
  • Practice: Schedule an exercise to find gaps and redundancies in your plan and start building crisis response skills with your team. Consider having an experienced crisis consultant lead or evaluate the drill to gain an objective perspective.

A strong Crisis Communications Strategy has been reviewed with your Board of Directors at a committee or full-board meeting – solidifying a critically important relationship that can be leveraged in a reputational crisis.

Our article on the Importance of Having a Crisis Communications Strategy may provide additional insights that you may find helpful.

Scenario Specific Planning

Now that you’ve developed your Crisis Management Framework and Crisis Management Plan, you’ve put into place a consistent, sustainable process by which your organization can manage any type of disruption or crisis that you are faced with as a company.  It doesn’t matter how the crisis develops, what parts of your organization are impacted, or what the specific scenario is facing your company – you have a consistent way to escalate the situation, activate your Crisis Management Team, collaborate together as a CMT to make decisions and communicate what is happening to your internal and external stakeholders, and capture lessons learned from the crisis.

Now you’re ready to start thinking about building specific plans to address scenarios that you think might impact your organization. These plans are annexes – they’re not a new way of handling a situation – instead they are plans that augment your Crisis Management Framework and Plan by giving you specific steps or resources to utilize when a specific scenario impacts your organization.

You might, for example, develop a Crisis Management Plan Annex for a cybersecurity incident, or an active assailant situation.  You’d still use your regular crisis management process, but now you have specific checklists, actions, or resources you might put into place in this situation.

We don’t encourage organizations to build dozens and dozens of plan annexes – but instead to focus on the top scenarios that may come to reality – and ensure that solid plan annexes are developed to address those scenarios.  The processes that you’ve put into place in your Crisis Management Framework & Plan will let you work through any other challenge you’re faced with as an organization.

Episode #38 of our Managing Uncertainty Podcast goes further into this idea – How do you make a plan for that which you have not foreseen?

You can also get our scenario-specific crisis management plan annex template as a part of our Crisis Management Plan Template package.

Key Risk Scenarios to consider for Plan Annexes

As you begin to think about key risk scenarios that impact your business – here’s a list of the key risk scenarios we often see developed for businesses:

  • Fire
  • Natural Disasters, including flooding, tornadoes, earthquakes, hurricanes, and similar events
  • Active Shooter/Active Assailant attacks
  • Civil Unrest
  • Protests/Reputational Challenges
  • Loss of Critical Vendors
  • Loss of Critical Technologies
  • Power Failures

We’ve written a detailed article exploring these risk scenarios that also covers how to determine the ones that you’re most likely to face that should assist you as you think about which plan annexes make sense for your organization. Episode #63 of our Managing Uncertainty Podcast may also give you some additional insights as you think through this specific challenge.

Top Business Disruptions to Plan for in 2022

Each new year brings new threats as the challenges facing businesses continue to change and evolve. These should always be considered for the need to develop specific plans and preparedness actions around.

Some of the challenges that we see facing businesses in 2022 include:

  • Unrelenting COVID-19 threat
  • Supply Chain Disruptions
  • Increased Cyber Threats, including Ransomware
  • Labor Shortages & demand for Higher Wages

We dove into these areas to consider for crisis & continuity planning for 2022 in our recent article 4 Top Business Disruptions to Plan for in 2022 which may provide you with additional context and insights.

Conference & Public Event Planning

Conferences and other public events are part of the fabric of running a successful business in most parts of the world. Some conferences are meant for the public to showcase the latest products and services offered by a company, while others are meant to help connect with other companies in the same industry to share ideas and collaborate.

Whatever the distinct purpose of the conference or public event may be, the most important thing is that organizers be prepared for any type of crisis that could emerge at the event. We want to run through some of the top strategies for how to make this a reality.

  • Gather Information & Adapt Quickly
    • Monitor every update in the ongoing situation
    • Gather together a team of pre-selected decision-makers.  This could be your Crisis Management Team or a subset of the team focused on this specific event.
    • Meet and communicate with all relevant stakeholders in the event to keep them informed
  • Understand the risk of cancellation
  • Don’t forget about the virtual option

We’ve written a detailed article on Conference and Public Event Crisis Management Plans that you may find helpful as you consider planning for these situations.

There are a handful of events of such size and scope that detailed planning really becomes necessary. We’ve covered a few of these extensively in our Managing Uncertainty Podcast – you may find these episodes valuable when thinking about planning for these major events:

Crisis Management Exercises

It’s important to exercise your crisis management plan.  A crisis plan that hasn’t been exercised isn’t much good to anyone. Because when an incident occurs, it is unlikely anyone will use it. And that is the whole purpose of having a plan – to have a guide of what to do (and what not to do) when something goes wrong. If a plan isn’t exercised, there isn’t any way to know if it will actually work.

Why should you exercise your crisis management plan?

Well, having a your plan just sit on a shelf is only going to get you so far.  Crisis Management Teams needs to work through their process and checklists to understand how an emergency will play out – and make the plan part of their individual & team muscle memory.

Exercise Strategy

Building an effective Crisis Management & Business Continuity Exercise Strategy requires more than just holding a single exercise and calling it a day – at the same time, there’s no need for your exercise strategy to be a complicated and difficult to understand mess.

Exercises can run the gamut from multi-day full simulations involving your crisis or business continuity team, other employees, and outside stakeholders, to micro-simulations and drills calculated at helping individuals hone a very discrete part of your plan in a limited window of time.

We use a combination of full simulations, lightweight simulations, facilitated tabletops (where your team talks through rather than acts out a response), and drills in designing a custom exercise strategy for each of our clients.

If your business continuity and crisis management program is relatively new or your team hasn’t had a plan before, we recommend starting with a facilitated tabletop exercise. Tabletops are very linear and straightforward and are a great place to start if you need to still get your team comfortable with the process.

You should aim to do a tabletop at least twice each year for your crisis team, ideally in the Spring and Fall. In addition, you should make sure that every business unit does a tabletop of their respective plan at least annually, ideally right after updating those plans.

Once your team has developed a baseline comfort level with your plans, you can layer in more robust simulations and exercises and do them more frequently. This might include half-day lightweight simulations that provide the experience of two or three hours of a realistic crisis or business continuity response. We like to do these quarterly, rotating through the most common scenarios on a regular schedule.

Full simulations, like a multi-day data breach exercise, are more involved and time-consuming. They can involve the likes of coordinating leadership handoffs, communicating with your reputation management and communications teams, responding to mock subpoenas, and even a simulated FBI raid. For this reason, we recommend doing full simulations annually or every other year.

Our article How to Build a Crisis & Business Continuity Exercise Strategy provides additional context and details to consider when building out your exercise strategy.

Effective Exercises

Here are some tips to make your exercises engaging and educational:

  • Align exercises to company goals: Think about your company mission and your mission-critical processes. Build exercises that practice how to bolster essential functions and outputs. A scenario about key card locks not unlocking is not interesting.Playing a survival scenario that involves a Cylon invasion is far-fetched.
  • Set well-considered goals: Choose 2 to 4 goals for each exercise. Get executive stakeholder or governance team buy-in for your aims.
  • Set a lifecycle of exercises: To effectively incorporate all roles and scenarios, consider a lifecycle or series of exercises that play out over a year.
  • Plan for scheduled and unscheduled drills: Incorporate exercises that people prepare for. But also plan for unscheduled exercises. Send an alert during off-hours so people understand the stress of switching their focus to problem-solving.
  • Make exercises cross-functional: Of course, the crisis management team and executive leadership representative must attend. But, also be sure to include their alternates. And remember, the whole company needs preparation. Ensure local and departmental crisis teams and functional experts participate. For example, if your company produces dog and cat food, and you’re playing a contamination storyline, include your nutritionist and quality assurance (QA) experts.
  • Write real scenarios: If your storylines and scenarios are not realistic, they won’t engage users. They will give up and lose interest in participating in exercises. If you’re crafting an exercise that is dependent on a realistic technical scenario, for example, you should include technical leaders from Information Technology as a part of your exercise planning process.
  • Jump in the hotwash: Conduct a debrief directly after your exercise. At the end of a two-hour exercise, take a 10-minute break, and then jump into 30-minutes of discussing what went well and what didn’t go well. Then, capture this in a report you can build on success and improve weaknesses in subsequent exercises.

Crisis Microsimulations

Within this range of exercise building blocks we describe above, we like to think of microsimulations as a snack-sized version of a facilitated tabletop. In a microsimulation, you and your team talk through, then debrief and hotwash a distinct set of exercise “moves” in response to a specific scenario, such as an active shooter, building collapse, natural disaster, or cybersecurity breach. But while other types of exercises can take anywhere from several hours to multiple days to conduct, a microsimulation is specifically designed to be completed easily in less than an hour.

Microsimulations have some key advantages:

  • Bite-sized  lessons to help you ditch the overwhelm
  • Easy to schedule when time resources are limited
  • Budget-friendly

Microsimulations are a great way to continue to build awareness of your program and to practice and reinforce resilience practices without a huge investment.

Learn more about Crisis Microsimulations in our article Using Crisis Microsimulations to counter Crisis Fatigue and Boost Resilience.  You can also get started right away with crisis microsimulations through our Exercise in a Box product.

Overall, exercises and simulations are a great way to test plans, get teams thinking more in-depth about the processes in place, and bring alignment to core crisis responders internally. Regular (monthly or quarterly at least) exercises are the best way to keep everyone comfortable in their roles and to keep plans up to date.

Don’t forget to test yourself – don’t play the facilitator every time – you need practice just like your team!

We’ve written an in-depth article on How to Create & Conduct a Rewarding Crisis Management Exercise that you may also find valuable for additional context and insights. We also have a webinar you can watch on YouTube:  Leading Exercises that Don’t Suck along with an episode of our Managing Uncertainty Podcast: Exercises are Boring.

Capturing Lessons Learned from a Crisis

When a crisis ends and we begin to shift towards short and long-term recovery efforts, it’s time to take stock of how your organization performed in the crisis. We want to dig deep, high, and low for all of the successes and challenges that your organization has been through in the crisis situation or crisis exercise.

We know that whatever their shape or characterization – mistakes, when properly harnessed in an effective after-action process, are the backbone of being better prepared for the next critical moment that your organization faces.

The after-action process, or “lessons learned” process is a structured way to:

  1. Evaluate your organization’s performance during an actual crisis or crisis management exercise,
  2. Capture lessons learned, and
  3. Take action to update plans, processes, and protocols to improve your next crisis response.

We like to keep things simple in the after-action process by answering three straightforward questions:

  • What went well during this process?
  • What didn’t?
  • What should we do differently next time?

This feedback should be captured in an open, collaborative manner through a series of after-action meetings.  In each meeting, lessons learned are captured and documented along with action items for improvement.  This information should then be consolidated into an easy-to-read summary report that can be disseminated throughout the organization.

Organizations sometimes are hesitant to share the after-action reports to broad internal audiences, including executives.  We believe strongly that not sharing such reports is a missed opportunity to demonstrate the maturity of your crisis management process and obtain support & resources for continued growth and capabilities. It’s a great reason to get in front of your executives and senior leadership and talk about what has gone well and gain their buy-in for future program maturity.

You can purchase the exact after-action process & documents that we follow here at Bryghtpath here on our website.

Crisis Situations are Challenging - Don't Forget the Human Element

Crisis situations are incredibly challenging – not just for organizations, but also for the Crisis Management Team and the Crisis Leader as individuals. They will test your personal resilience as strongly as they will test your organization’s overall resilience to disruption. They can come with long hours, difficult decisions, and many days on end before they are resolved.

Some crisis situations involve the loss of life or serious injuries that may impact the survivors and the families of those impacted for years to come.

In Episode #5 of our Managing Uncertainty Podcast, we talked about one of those situations. Three crisis leaders that were intimately involved in an active shooter incident in 2012 shared their experiences as the crisis unfolded over four hours.

Working together as a Crisis Management Team and looking after one another will be important aspects of your crisis management plan – but also as human beings.  Caring for one another and helping each other stay “out of the basement” will be important throughout the crisis.

As a Crisis Management Leader, it will be important to keep your mind and wits about you as the incident unfolds. We went into this in some depth in a discussion on our Managing Uncertainty Podcast in Episode #20.

We’ve written a bit about the Crisis Manager’s “Survival Guide” and about the challenges of mental health in our profession sometimes. Don’t be afraid to utilize your employer’s Employee Assistance Program (EAP) for assistance following a major crisis situation or to seek professional counseling, or even just the safe ear of a colleague or friend to talk through your experiences.

If nothing else, in the critical moment, make sure that your program, leaders, and plan put the safety and interests of your people first.  Be sure to not forget that the crisis doesn’t truly end when the response phase is over – the aftermath and impacts can be felt for a lifetime. Your EAP program or more specialized crisis counseling services are always available to conduct debriefings and assist your employees, your crisis management team, and even yourself as the Crisis Leader when necessary.

This is a critical part of Crisis Management where your Human Resources team should play an important part as a part of your Crisis Management Team and helping to ensure that your employees are taken care of throughout the response and recovery from the crisis.

Other Roles and Responsibilities within Crisis Management

Beyond the Crisis Leader and the Crisis Management Team (CMT), there are other roles within Crisis Management that you should consider.

Business Continuity and Crisis Management are often paired together in the same organization or as parts of a broader program, which might be called Business ContinuityBusiness Continuity & Crisis Management, or just Resilience or something similar.  However, you choose to think of them, in almost every case they are part of the same broader program – and that program must have a governance structure with clear roles and responsibilities to be successful.

Here’s a breakdown of the most common roles that should be established within a Business Continuity & Crisis Management Program:

  • Board of Directors:  Every board member has a fiduciary duty to exercise strategic level visibility and oversight over business continuity and crisis management. Importantly the board sets the foundation for success by promoting a company culture that recognizes the value of well-managing risk.
  • Audit or Risk Committee:  Specific board oversight and strategic level visibility is typically delegated to the board’s risk or audit committee, as outlined in the committee charter. Sometimes another committee has this responsibility such as an operations or governance committee.
  • Executive Management: Each member of the executive team retains ultimate oversight and responsibility for crisis management & business continuity planning in their specific area of operations.
  • Executive Sponsor: One or two persons at the executive level (typically the general counsel, COO, CIO, CTO, or a C-Suite appointee) act as executive sponsors. They have direct oversight of the crisis management & business continuity program and usually chair the steering committee.
  • Steering Committee Members: The business continuity & crisis management steering committee—usually an interdisciplinary team of six to eight people—meets quarterly or annually to ensure the  program is aligned to corporate strategy and objectives and is maturing and making forward progress towards annual goals.
  • Business Continuity & Crisis Management Program Manager: The program manager has direct oversight and responsibility for business continuity & crisis management program operations, reporting, and day-to-day activities. They manage and set the programmatic expectations that guide the execution of the program throughout the year.

Well-defined and understood roles and responsibilities are critical to the success of your organization.

We’ve written a more detailed article on Business Continuity Program Roles & Responsibilities which provides much more context and insights that you may find valuable as you explore additional roles & responsibilities within your program.

Crisis Management Case Studies

Case Studies provide a way to learn from previous crisis situations and from the efforts of other organizations to implement Crisis Management Frameworks and Crisis Management Plans. We’ve included case studies from articles on our website along with some of the relevant work that we’ve done with clients below that you may find valuable.

  • Hurricane Sandy:  At the time it made landfall in 2012, Hurricane Sandy was the second-largest Atlantic Hurricane on record, following only Hurricane Katrina in 2005. There were a number of lessons learned from Hurricane Sandy that make it an excellent case study for crisis management, as we documented in an article on our website.
  • COVID-19:  How did 3 major companies manage the COVID-19 pandemic?  Our article from early in the pandemic, in June 2020, documents efforts by Panasonic, Kroger, and Jack in the Box to lead their organizations through uncharted territory.
  • Deepwater Horizon: The  Deepwater Horizon spill was among the worst environmental disasters in history. Eleven platform workers lost their lives when the rig exploded on April 20, 2010. Over 4.9 million barrels of crude oil were released into the Gulf of Mexico, and many experts say that irreversible damage may have been done to the local environment. In addition to these very tangible losses, however, BP’s poor communication in the wake of the disaster compounded their mistakes in myriad ways. It resulted in such damage to their brand that BP-branded gas stations throughout the country changed their name to avoid association. We also have a more specific Crisis Communications case study on this as well.
  • Super Bowl 52:  Super Bowl 52 was held in Minneapolis, Minnesota at US Bank Stadium.  Bryghtpath documented the process of planning for the event and a recap after the Super Bowl ended across two episodes of our Managing Uncertainty Podcast.
  • Active Shooter Planning & Exercises:  Active Shooter/Assailant planning and exercises are a top concern for many organizations. A Fortune 100 corporation, concerned about recent active shooter incidents, turned to Bryghtpath to develop and exercise an active shooter plan at their global headquarters in order to better protect their employees and visitors as documented in this case study.
  • C-Suite Crisis Exercises:  A major U.S. electric, natural gas, and nuclear energy company, seeking to elevate executive leadership’s crisis response capabilities and engagement, turned to Bryghtpath to exercise both their crisis management framework and build enterprise familiarity with the complexities of an active shooter situation as documented in this case study.
  • Designing Crisis Management Frameworks & Plans A global Quick Service Restaurant (QSR) chain, challenged by an increasing number of disruptions and crises, retained Bryghtpath to develop an enterprise Crisis Management Framework and Plan as captured in this case study.
  • Ransomware Exercises:  A major U.S. healthcare organization, seeking to practice their recently updated cybersecurity incident response plan, turned to Bryghtpath to conduct a multi-day complex ransomware exercise as captured in this case study.

Crisis Management Industry Standards

Grounding your program in an industry-standards driven approach can help you build the right program for your organization’s unique culture, strategic objectives, and situation while ensuring that you’re adhering to best practices developed over decades by the world’s leading organizations.

There is not an established single standard for Crisis Management in the industry, however, there are several widely accepted industry standards for Business Continuity & Crisis Management that can help provide you with a foundational approach to your organization’s crisis management strategy. Using one of these standards will save you from reinventing the wheel by describing the key program elements that you should consider as a part of your Crisis Management program in your organization.

NFPA 1600 Standard on Continuity, Emergency, and Crisis Management

National Fire Protection Agency (NFPA) 1600 is a U.S. emergency planning specification that has also become globally accepted. NFPA was the first of the business continuity standards to appear after 9/11. The United States Department of Homeland Security adopted the standard that the NFPA site calls “as a voluntary consensus standard for emergency preparedness.” Likewise, the 9/11 Commission report recognized NFPA 1600 as the national preparedness standard.

Despite such endorsements, NFPA 1600 is still a guideline, not a requirement. It includes nine chapters on business continuity program management, planning, implementation, training, exercises and tests, and program improvement. Annex B provides checklists for ongoing self-evaluation.

Our article An overview of the NFPA 1600 Standard goes into greater detail on this important industry standard.

ISO 22301 Security and resilience — Business continuity management systems — Requirements

The International Standards Organization or ISO is a global institution that researches and creates industry and other standards. All its specifications are voluntary. ISO can’t enforce these or any other standards. ISO simply provides guidelines for what you should do.

The ISO 22301 Standard interoperates with all of the other ISO Standards, which are often used for Enterprise Risk Management, Information Security, and Disaster Recovery.

At Bryghtpath, we typically utilize ISO 22301 as the basis for our Resiliency Diagnosis process, also known as Business Continuity Program Evaluations.

ASIS Business Continuity Guideline – A Practical Approach for Emergency Preparedness, Crisis Management, and Disaster Recovery

Published by ASIS International, an association of security practitioners, the ASIS Business Continuity Guideline is, as it says, a step-by-step, detailed outline for approaching business continuity. Although perhaps less well-known and therefore less commonly adapted, the plain language makes it an accessible reference.

Incident Command System (ICS) & the National  Incident Management System (NIMS)

The Incident Command System, or ICS, is used by public agencies to manage emergencies. You’ll see this used by police, fire, emergency management, public health, and related government agencies. Some businesses use ICS or an ICS-aligned approach to work together with public agencies during emergencies. This is a commonly used approach by energy utilities and hospitals/healthcare organizations (through the Hospital Incident Command System or HICS, documented below). You can learn more about ICS at FEMA’s Emergency Management Institute ICS Resource Center page.

The National Incident Management System (NIMS) was established by FEMA and includes the Incident Command System (ICS). NIMS is used as the standard for emergency management by all public agencies in the United States for both planned and emergency events. You can learn more about NIMS at FEMA’s National Incident Management System resource page.

By themselves, NIMS and ICS do not define how to best organize the Crisis Management Framework & Plan for an organization, but they do provide a number of principles that can be applied to private sector crisis management programs.

Hospital Incident Command System (HICS)

The hospital incident command system (HICS) is an emergency response and preparedness system for hospitals. It enhances a hospital’s emergency capabilities both as an individual facility and as part of a broader response community. HICS also provides guidance for performing daily operations, pre-planned event and non-emergencies.

The Hospital Incident Command System began to be implemented during the late 1980s in the United States, and similar systems have also been implemented in other countries. The California Emergency Medical Services Authority (EMSA) publishes the HICS Guidebook for the United States.

Our article, An Overview of the Hospital Incident Command System (HICS), provides much greater detail and context about this widely accepted standard for healthcare organizations.

Additional Resources on Industry Standards

Crisis Management Awareness & Culture

In most organizations, the only times a business leader and their team learn about business continuity & crisis management is when the time comes to update their business impact analysis and associated plans – or when an incident or crisis occurs. It’s not a great way to drive business continuity awareness.

This is a huge missed opportunity for most organizations and programs.

Instead, business continuity & crisis management leaders should be meeting and communicating regularly across the business to explain the program, highlight the program and organizational wins, and constantly explain how the program helps support the organization’s strategic business objectives.

When I first was asked over fifteen years ago to take over my then-employer’s business continuity program, which included Crisis Management, I patiently explained to my would-be boss at the time that I knew very little about business continuity and crisis management. I would be a bad fit for the role.

He laughed, looked at me, and said, “I don’t need a subject matter expert Bryan. What I need is someone who understands how to communicate and can market & promote the program across the company.”

He was right.

This is an even more important topic at the time of this writing, in mid-2022, when there’s never been a time where business continuity & crisis management have been more important to an organization – and there’s never been a more important time to make yourself important as a business continuity leader.

How can you set about doing so within your organization?  Let’s dive in.

Telling your program’s story

Every great narrative starts with a bit of an origin story. Where did the program come from?  Why does it exist?  What is its mission?

In any story I set out to tell about business continuity & crisis management, I start with the whys.  Why do we do this?  Why does the program exist?  How does it support the organization’s strategic initiatives?

This information is then consolidated into a document I call the “walkaround deck”.  In my previous roles, I literally printed out a copy and carried it around in my planner so that I could tell the story at any time I needed to with any willing audience that would listen.  It was a constant feature at morning “coffee meetings” where I would meet with yet another peer from across the organization to share our program’s story and initiatives and learn how they might intersect with my colleague’s area of responsibility.

Once this presentation is put together, make plans to always keep it current, and then set about to speak at as many forums, team meetings, huddles, all-staff gatherings, or any other meeting you can wrangle an invitation to.  It should be the background for every meeting you have with officers and senior leaders in the organization – enabling you to share your program story, the results you have achieved, and how you are supporting the organization.

Working with Communications for Business Continuity Awareness

Your organization undoubtedly has some sort of communications function that supports internal communications.  They will need to be your new best friend.

Every company has channels for internal communications – an intranet, posters, digital signs, a newsletter, bulletin boards, internal social media, and more.  Meet with your communications team and learn how to submit content for these different channels.  Devise a simple communications strategy that supports monthly and/or quarterly communications as a starting point.  Aim to create a piece of quality content that helps reinforce your story, as we’ve outlined above, for each month or quarter on your communications strategy.

Don’t pass up any opportunity to tell your program’s story

A lot of business continuity & crisis management professionals are content to stay behind the scenes rather than being out front telling the story of their program.

Truly successful programs require leadership that is constantly working to tell the program’s story, gain new allies, and convert others to the cause of preparedness, business continuity, & crisis management.

Never be afraid to make yourself important.

We’ve written a two detailed articles on this topic that you may find helpful:  Effective Business Continuity Awareness Campaigns and Building a Resilience Culture in your Organization.

Common Challenges with Crisis Management

When implementing or maturing your crisis management program, it’s not unusual to run into several challenges ranging from lack of executive support or engagement to inheriting an unusable plan.

Here are some of the most common challenges that we experience:

  • The plan is unusable and filled with an endless series of checklists:  This is usually due to an unfocused approach.  While we want the response to a crisis to be as structured as possible, there is no need for 40-50 page long checklists.  This creates an overly structured approach that results in a lack of flexibility when confronted with a novel crisis situation.  Use the 80/20 rule and focus on what is truly important.  Stay focused on the consequences of a disruption rather than the cause (i.e. loss of a facility rather than the fact it was lost in a fire or flood).
  • The plan is unusable and filled with nothing but high-level checklists that don’t mean anything:  This is also due to an unfocused approach. In this case, the plan hasn’t been developed or worked through at the right operational level – resulting in checklists that are so high-level they won’t lead to any sort of an effective response.  Focus again using the 80/20 rule and the consequences of a disruption.
  • The plan requires updating too often: The core elements of a crisis management plan are usually timeless and do not require updating, however many elements that make a plan effective must be updated regularly like contact information, support resources, key vendor information, and business continuity plan summaries. Plans must be updated following the lessons learned process from a crisis or exercise as well to ensure that the organization is better prepared for the next crisis.
  • The plan will never be used during an incident or crisis:  This is usually feedback we hear when a plan doesn’t address the true needs of the organization, isn’t aligned with the organization’s strategic objectives, or the plan is simply too detailed.  Again, apply the 80/20 rule and focus on the consequences of the disruption, the communication and information needs of the organization’s internal and external stakeholders, and what the crisis management team needs to be documented to effectively respond to the crisis at hand.
  • No one wants to be involved in the crisis management process. We can’t get the “right people” to the table:  This can be a common challenge – getting the right folks to the table that have right experience, backgrounds, and roles within the organization to be involved in the crisis management.  This also happens commonly when a crisis management & business continuity program is not well aligned with the organization’s strategic objectives and organizational culture. Working to consistently engage with the organization’s senior management, increasing program awareness the company, and ensuring alignment to the organization’s strategic objectives are all areas that can help improve engagement across the program.

For additional assistance, our article What the CEO needs to understand about planning for a Crisis provides a deeper dive into this topic.

Getting help with your Crisis Management Program

Designing, implementing, and supporting a Crisis Management program is a tall order. Often the best approach is to seek professional help from an industry leader that can help you build and maintain the program that is best for your organization’s challenges.

Here are some ways to get help with your Crisis Management program.

Trusted Advisors

Every company will deal with business disruptions and crisis situations. Sometimes having a trusted advisor on retainer can help you be better prepared, coach you through immediate actions to take to keep your team safe, and keep your business running despite the impacts from the critical moments.

Some of the reasons to use a trusted advisor are:

  • The value of an outside perspective. It’s not easy to know how your business continuity program compares to leading programs in other companies. That’s why an outside perspective can be invaluable.
  • Guaranteed availability during a disruption or crisis event. When a disruption happens, it will help tremendously if you have an established relationship with a business continuity and crisis management expert. For example, at some point in March of 2020, your company had a senior leadership meeting to discuss the rapidly evolving COVID-19 pandemic. Maybe you were in the room for that meeting. Maybe you were part of really difficult decisions — everything from the health of your employees to laying people off to cut costs. If so, what was it like? Did you have a plan in place? Or were you forced to improvise?
  • Guidance for media inquiries.  Your phone rings. It’s a reporter from your local newspaper or TV station. “We have a report that your CEO was arrested last night for driving while intoxicated. Do you want to comment?” Would you know what to say?
  • Proactive messaging for known risks. Some businesses know in advance that a specific type of disruption is likely. For example, a business that operates cloud-based software will have downtime. It’s just a matter of when. We call these “known risks.” For our clients with these known risks, we help them get ahead of these issues by working proactively before a disruption happens.
  • Assistance for your executives & board of directors. Having an existing relationship with a business continuity and crisis management expert can be a major benefit when dealing with senior executives and boards of directors.
  • Access to a network of information. If a major natural disaster happens in your location, where will you go for up-to-date information? If a major political demonstration happens in your town — and it threatens to get out of control — how will you stay up to date with what’s happening? When you work with a business continuity and crisis management expert like Bryghtpath, you gain access to a wide network of information that simply may not be available through local news sources.

How to Choose a Crisis Management Consultant

Whether before, during, or after the crisis, an effective and experienced crisis management consultant provides the support, leadership, and expertise you need to confidently navigate the inevitable crises that face your business.

But what does a good crisis management consultant look like? And how do you know which one is the right fit for your organization?

Here are some things you should look for in a Crisis Management Consultant:

  • Experience:  You’ll lean heavily on your crisis management consultant during times of crisis, so they should have plenty of time in the trenches responding to adverse events. But good crisis management isn’t just about getting through the next crisis. It’s informed by a lifecycle approach that strives for continuous program improvement.
  • Leadership, Communication, & Emotional Intelligence:  When a crisis hits, you need your consultant to be calm, confident, and self-assured.  They should demonstrate decisive and thoughtful leadership and display a level-headed approach in a response situation.
  • Availability:  When your crisis response team leader picks up the red phone, it goes without saying that your crisis management consultant should be ready and waiting on the other end of that line.

You’ll want to make sure that they’re a solid fit for your organization.  Here are some other factors to consider for organizational alignment:

  • Demonstration of Authority & Expertise:   Is there evidence of their expertise through articlespublicationswhite papersvideos & seminars, or external references?
  • Organizational Alignment:  Do they have a clearly defined methodology for working with businesses similar to yours?  Do they have any suggestions for how to approach your specific project or program?
  • Price & Deliverables:  What’s their typical timeline for taking over a crisis management program or delivering the desired services? How do they measure their work? How will you know that things are getting done according to the timeline?

We’ve written pretty extensively around choosing a crisis management consultant and specifically about choosing a business continuity consultant.  You may find these articles helpful if you’re looking for assistance with your program.

Coaching

Sometimes you have a lot of the program in place, but you’re working harder than ever and just not making a lot of forward progress on your crisis management and/or business continuity objectives.  Books and podcasts and other training just isn’t getting it done for you.

We’ve often found in these circumstances that working with a coach for a one-on-one coaching session can help you get unstuck, gain clarity, and take their next best step.

Here are some benefits from Crisis Management & Business Continuity Coaching that we’ve seen in our experience:

  • An outsider’s perspective. Sometimes, you’re too close to the problem to see it accurately. An outsider’s perspective can be the simple insight you need to find the solutions that are probably already in front of you.
  • Encouragement and support. Discussing your business challenges with a trusted expert can help you uncover new solutions to your business continuity & crisis management problems or validate the ones that you already have in mind.
  • Validation for your ideas. If you’re struggling to get buy-in within your organization, the gravitas of an outside coach or consultant may be just what you need to get your leaders on board.
  • An insider’s network. Having a pre-established relationship with a business continuity and crisis management expert can ensure that you are able to quickly find the information and the help that you need when you need it most.

Could coaching be the right solution for you?  Here are some factors to consider:

  • You need help with a problem.  An effective coach can help you see your problem more clearly and create an actionable plan to move forward.
  • You’re new to the job or in need of specific capabilities. Regular coaching with a business continuity and crisis management expert can help you confidently address emergent challenges and build your professional playbook until you’re ready to stand on your own.
  • You’re ready to level up. Individual or group coaching, or some combination of both, can be invaluable in helping you reach the next level in your business continuity program or career.

If you’re ready for actionable insights and a no-BS game plan to take charge of your professional and programmatic success, coaching might just be your next best step.

For additional coaching insights, read our full article 5 Ways Coaching can help your Business Continuity and Crisis Management Program.

Outsourcing your Crisis Management Program

Another option is to completely outsource your Crisis Management Program to a third-party. This is often done as a part of outsourcing your overall Business Continuity & Crisis Management Program.  It’s often referred to as Business Continuity Managed Services or Business Continuity as a Service.

There are several reasons why you might choose this as an option:

  • Hiring an in-house team can be difficult
  • In-House teams have high fixed costs
  • It’s more difficult to scale an in-house team quickly when a disruption happens

There are several ways to structure using a third-party to manage your Crisis Management Program, three of the most common approaches are:

  • Development of your crisis management program
  • Facilitation of crisis management exercises
  • Help when you experience a crisis

We’ve written a more in-depth article about Business Continuity as a Service – How to Outsource your Continuity Program that covers approaches to doing so – and how to incorporate Crisis Management managed services as well.

Ready-Made & Custom Crisis Plans

If you’re just looking for a crisis management plan for a specific situation, we offer ready-made, battle-tested crisis management & communication plans at Crisis Playbook.

Crisis plans from Crisis Playbook come with support from experienced crisis and communications experts, for any critical moment, such as a natural disaster, violent attack, or a reputational campaign.

Learn more at Crisis Playbook >>

Crisis Microsimulations: Exercise in a Box

In our experience, business teams that practice crisis, disruption, and business continuity scenarios respond faster and recover more quickly than teams that do not.

Managing crisis & continuity exercises for hundreds of business units worldwide is a tall order. That’s why we’ve developed a set of crisis & continuity exercises that can be executed by a business leader in an hour or less – and don’t require expert facilitation from a crisis management or business continuity team.

Our Exercise in a Box scenarios and materials were written by the battle-tested experts in crisis management, business continuity, and crisis communications at Bryghtpath.

Learn more about Exercise in a Box >>

Put your Awareness Program on Autopilot

Many business continuity, crisis management, and security leaders yearn for stronger awareness within their organizations around their programs and basic steps that teams and employees can take to build a more resilient organization.  We view awareness as a critical component of building an effective resilience culture in your organization.  Whether it’s due to competing priorities, other program focuses, or just not having enough time – we’ve seen that many leaders struggle to get an awareness program off the ground.

Our team of battle-tested experts at Bryghtpath has put together packages of awareness articles and graphics that you can use for your program with minimal work on your end.  All you need to do is “fill in the blanks” and ensure the terminology and links align with your organization’s needs, and you’re good to go!

Get started today with a package of awareness articles & graphics – or pick a custom package, and our team of writers will work with you to whip things into shape over the coming week for your new awareness campaign!

Learn more about our Awareness Collateral >>

Crisis Management Plan Templates

Our experts have spent decades perfecting their craft in business continuity, crisis management, and crisis communications.

Now you can get the exact battle-tested templates that we use for our work with clients as we build out their custom crisis management plans.

Learn more about our Crisis Management Templates >>

Where to Learn More about Crisis Management

There are a number of great options available for learning more about Crisis Management – and many of them are completely free.

Here are some of our favorites.

Free Training

There are a number of free training resources available online that might provide you with answers to some of your questions about Crisis Management and provide greater detail into the areas we’ve outlined in this article.

Here are some available free options:

Business Continuity, Crisis Management, & Resiliency Facebook Group

Connect with hundreds of other Business Continuity, Crisis Management, & Resiliency Professionals in our free Facebook Group.

Our free Facebook Group is a forum for discussion around organizational resilience, business continuity, continuity of operations, emergency management, and crisis management.  The intent of the group is to serve as an active exchange of information, questions, and news related to our profession.

You’ll find daily articles, regular discussion topics, and a safe and welcoming environment for your questions related to your career and moving your program forward.

We hope to see you there!

Join the Free Facebook Group  >>

Books

Books aren’t the best answer for everyone for learning about crisis management, but they are relatively inexpensive and provide a lot of deep insight into a specific topic.

We’ve published our Professional Reading List, which contains our best recommendations for personal study and contemplation that will assist you as you continue to grow in our profession.

Podcasts

There are a number of great (and FREE!) Crisis Management Podcasts.  These podcasts can help you continue to grow your knowledge and skills in these important areas as you seek to mature your organization’s program.

Here are a few of our favorites:

  • Managing Uncertainty Our own weekly podcast covering business continuity, crisis management, and crisis communications.  Learn more at our Managing Uncertainty Podcast archive.
  • Harvard NPLI Leader ReadyCast:  Featuring real-world lessons, best practices, and action-oriented insights for the “You’re It” moments when you are called to lead. Each episode features insights from frontline leaders and the faculty of the Harvard National Preparedness Leadership Institute (NPLI) program.
  • Resilient:  Resilient is a podcast series from Deloitte that features authentic, engaging, and thought-provoking conversations with CEOs, senior executives, government officials, board members, and people outside the business world. Hear their personal stories about how they led through a crisis, navigated through disruption, and managed through significant risk events. Discover what they learned about embracing risk, improving performance, and leading confidently in a volatile world.

We’ve outlined a longer list of our favorite business continuity & crisis management podcasts in our article Top Business Continuity & Crisis Management Podcasts.

Executive Education Programs

The challenges involved in business continuity and crisis management are complex and ever-changing, making ongoing education a crucial part of any executive’s long-term strategies. Understanding the various points of vulnerability for your business, gaining best practices in business continuity management, defining risks and prepping emergency management procedures aren’t skills that are often taught in traditional universities but must often be learned on the job or as part of your networking with peers. Business Continuity & Crisis Management Executive Programs can assist with this opportunity.

Finding a business continuity executive education opportunity not only provides you with an opportunity for learning more about the topic but is a valuable networking opportunity as you learn with other professionals who are looking for the most proactive ways to prepare their business for the future.

Some of the top Executive Education Programs include:

We’ve recapped these programs along with several other options in our article Top Business Continuity & Crisis Management Executive Programs.

About the Author

Our Ultimate Guide to Crisis Management was authored by Bryghtpath Principal & CEO Bryan Strawser.

Learn more about Bryan and his background in crisis & emergency management in his biography.

We can help.

Let the experts at Bryghtpath put their decades of Crisis Management experience to work for your organization

We have the experience, tools, and partnerships to help your organization successfully manage the rough waters ahead – and ensure your organization is prepared. Learn more about our Crisis Management capabilities, read about the results we’ve generated for our clients, or book a meeting today.

I’D LIKE TO TALK TO BRYGHTPATH