Académique Documents
Professionnel Documents
Culture Documents
Planning
Program Suite
Execution
An organization’s crisis planning has a high probability to contain and control the impacts of disruption
and return the organization to a state of normalcy when it:
• monitors its risk profile;
• establishes its risk appetite statement;
• commits to the pursuit, development, and application of risk management competencies; and
• trains, tests, exercises, and audits the capabilities and effectiveness of risk reduction efforts.
Widespread instability and growing threats to vital organizational interests are indelible on the canvas of
the foreseeable future. As no two events are identical, no plan can anticipate or address every possible
circumstance. In response, many organizations staff a crisis management team and assign roles and
responsibilities. However, implementing this effort alone is inadequate to address the dynamic nature of
a crisis. It also creates assumptions, with the potential for significant undesirable conditions with
possibly irreversible results. To obtain an appropriate level of organizational resiliency, a successful crisis
management team must plan, train, and monitor its risk profile to ensure an effective crisis response. In
building a successful crisis management team, one of the best methods is a programs approach which
uses the following key tenets to avoid common pitfalls.
Communications
Communications are critical to the organization's credibility, reputation, and ability to resume normal
operations. The need for information is a vacuum for all concerned. Given global hyper-connectivity, the
real-time cycle of social media, and the general population's position that everything is public
information, it is imperative social media is monitored and event information is continuously updated to
ensure communications are accurate, timely, and relevant to intended audiences. During a crisis,
accuracy and speed in communications are paramount, with the CMT ensuring:
• The right information is provided to the right stakeholders at the right time (which reduces stress to
those affected).
• The corporate commitment to resolving the crisis and controlling the flow of information (which
prevents rumors and misinformation) is firmly demonstrated. In the 21st century, it is vital to realize
the story is likely to be ahead of the CMTs response.
With all of this in mind, when planning, conducting, and controlling crisis communications, ensure the
organization has addressed communications with employees, families, suppliers, the media, and have
developed processes for situations involving high levels of fear or unknown risk. The need for these
efforts to be effective cannot be overstated, as the media will undertake an unrelenting effort to draw
more and more information, regardless of the source or its accuracy where CMTs are found lacking. To
address this, the CMT should create a media relations element with the spokespersons tasked to develop
relationships with local media (e.g., invitations to meetings, open houses, and luncheons) to aid their
understanding of the organization's culture, operations, and contributions to the community. This
provides an opportunity to learn about their needs, as they will become stakeholders during a crisis.
One method to aid the CMT, and counter crisis hearsay, is to develop a holding statement. The holding
statement is designed to provide a detailed yet concise picture of the situation. By preparing an initial
holding statement and updating it as the response to the crisis evolves; the CMT will have an accurate
picture of the assets impacted, efforts to mitigate risk, and a plan to share information with relevant
stakeholders. It may also be helpful for the organization's spokesperson to develop and provide a media
kit with general information about the organization at the onset of the crisis. Providing the media with a
controlled area with power, connectivity, and comfort items can also aid relations.
Risk Profile
Effective response and recovery planning requires the increased monitoring of the organization's risk
profile to maintain the requisite balance between preemptive, proactive, and reactive efforts. One of the
best ways to prevent a crisis from occurring is to develop a risk profile specific to organizational assets,
anticipate the types of events that may occur, and either plan to prevent or respond to them. The degree
of response is determined by the manner in which the event is classified.
Event Escalation Flow Chart
Continuous Improvement
Once a crisis is under control, it's tempting to move on after the organization has returned to normalcy. A
successful CMT will ensure they immediately reflect on how the crisis was managed, perform a formal
after action review, develop corrective actions, and implement change management while reinforcing the
training that provided the desired results.
After building a successful CMT, the challenge becomes how to refine and maintain their performance.
The program should be reviewed on a scheduled basis. Especially after any changes in team personnel,
major revisions to plans, new executive leadership, after testing the CMT, or following an incident that
required CMT activation. Periodic consideration should be given to the use of external evaluators to
ensure further the CMTs continued success.
Crisis Capabilities
A Crisis is a cascading series of events for which there is no preplanned
mitigation. An organization can best prepare for a crisis by developing An organization can
and refining its processes used to communicate and implement ad hoc
mitigation strategies. There are two components to crisis management: best prepare for a
organizational and operational. Organizationally, resources and support crisis by developing
from executive leadership are required to develop the policies, plans, and
procedures needed to establish a crisis management capability. and refining its
Operationally, these capabilities need ongoing training, exercises, after- processes used to
action reviews, and improvement plans to achieve and maintain response
effectiveness. These skills are refined by focusing on a feedback loop to communicate and
identify best practices, overcome lessons learned and reinforce the trust implement ad hoc
and confidence of stakeholders.
mitigation strategies.
The manner and means in which the feedback loop is applied
(throughout the planning, implementation, and post-plan continuum)
demand timely and precise adjustments. These adjustments require
relative risk be assessed and monitored for changes in the risk profile, which aids crisis avoidance.
However, some choose to limit their actions by mitigating obvious risk, accepting best practices from
other organizations, and assuming since no incidents have occurred, relative risk is adequately mitigated.
This methodology creates the dangerous illusion that risk has been addressed while unknowingly creating
an opportunity for significant peril.
Monitoring Change
Historically, shifts in an organizations risk profile are attributed to changes in a potential disruptors
presence or intensity. While there may be an effective plan to address these changes, monitoring is a
critical component. Without this capability, changes in the risk profile could unknowingly surge beyond
the capabilities of proactive mitigation strategies. This can lead to cascading effects that impact life
safety, organizational assets, and degrade the performance of essential functions. Effective monitoring
provides the awareness needed to proactively address deviations in stressor characteristics at the lowest
possible level of intensity. This provides time to mitigate residual vulnerabilities that were accepted, and
thus preclude the opportunity for a crisis. In conditions where the stressor presents with a sudden onset,
Effective Response
An effective response limits the impact imposed by Continuous Response Assessment
the initial disruptor. The primary objective is to
separate the impacted asset or operation from
the stressor. Effective communications are What assets are
essential. Initial communications advise how currently under an
the asset or operation is being affected by the unacceptable level
disruptor, who is impacted, and to what or risk?
extent. Accurate follow-up communications
are key to avoid the unnecessary expenditure
of resources, control the flow of information,
and reduce fears and tension by answering
unknowns in a timely manner. Continuously
assess the situation to prioritize resources and Was the mitigation
effective in What actions and
sequence the response. resources are
lowering the risk to
When assets or operations are impacted to a an acceptable required to
level? mitigate that risk?
degree that exceeds existing protective
measures, crisis response must analyze the
risk profile, develop a plan to separate the
asset or operation from the stressor, and
allocate the requisite resources to ensure
successful mitigation. Response must
periodically review the progress of mitigation
efforts, determine the level of effectiveness, and then reassess any assets whose risk profile remains at
an unacceptable level. Once all assets have been separated from the stressor, the response is concluded.
About WorldAware
WorldAware, Inc. provides intelligence-driven, integrated risk management solutions that enable
multinational organizations to operate globally with confidence. WorldAware’s end-to-end, tailored
solutions integrate world-class threat intelligence, innovative technology, and response services to help
organizations avoid threats, mitigate risk and protect their people, assets, and reputation. Founded in
1999, WorldAware is a privately held company headquartered in Annapolis, US with offices in London,
Cape Town, and Singapore.
Disclaimer
The information contained in this document provides only a general overview of subjects covered; it is not intended to be taken as
advice regarding any individual situation and should not be relied upon as such. This document may include information from third-
party sources including government and industry organizations. This third-party information is subject to change at any time.
WorldAware accepts no liability whatsoever for any loss or damage arising from the content or use of this document.