Building a successful crisis management plan in five steps

No. 1: Know Your Assets

An organisation’s assets can be both tangible and intangible. Tangible assets include facilities, inventory, vehicles, equipment and IT/OT systems. Intangible assets include people, information, brand and reputation and more. 

Organisations need to start by identifying their important assets, and where they are located. 

Identifying the full scale of assets is complex, but essential. If a business wants to effectively safeguard itself against high-impact events, it must first understand where its assets are located globally. Then, it must determine how critical the assets are to business operations and the key stakeholders responsible for protecting or recovering those assets during a crisis. 

Once this information is collected, it must be constantly updated to ensure that: 

1) any organisational changes are reflected
2) information is synchronised and unified in a central hub, not siloed in different departments or stored in disparate systems.

This allows corporate security teams and crisis managers to have a shared view of operations — a key pillar for any CMP. 

No. 2: Identify and Monitor Risks

The next step is to identify common risks to your industry, organisation, location and products, as well as the probability of them happening.  

During this risk assessment, ask yourself the following questions: 

• What are the potential threats to my organisation? 
• How vulnerable are we to these threats? 
• What are the potential impacts of the crisis? 
• What technology or tools do we have (or need to obtain) to proactively detect and monitor potential crises? 

When aiming to answer the last question in the list above, be sure to consider real-time alerting solutions such as Dataminr Pulse. Access to the real-time information it provides is critical and offers a clear and early line of sight into potential crises over seconds, minutes and hours. Real-time alerts enhance the effectiveness of your organisation’s crisis management plan by:

• Delivering the earliest indications of high-impact events and emerging threats, often within seconds or minutes of an occurrence 
• Enabling security teams to maximise the time needed to assess risks and accelerate responses to mitigate any potential impact

No. 3: Notify, Communicate and Collaborate 

When a crisis arises, it’s important that your organisation can quickly communicate with key stakeholders — both external and internal. CMPs should establish lines of authority and accountability, as well as the means to disseminate information.   

In high-stress moments, those responsible for managing a crisis need to focus on eliminating silos and fostering coordination across teams. This means information sharing, scheduling meetings, and assigning and prioritising tasks should be done on a centralised platform to avoid duplicating efforts.  

Regardless of the communication channels and collaboration software your organisation uses, business and security leaders need accessible and automated solutions that centralise and streamline critical information flows, collaboration and response protocols. 

No. 4: Develop Crisis Response Plans 

Every incident is different in scale and impact. However, with predefined workflows for various scenarios, your organisation can confidently carry out an informed and timely response to any crisis.  

When there’s not an active risk, security teams can prepare for the unexpected by analysing past crises and building or modifying their response  playbooks. These playbooks should have clear, specific actionable steps that users need to take if an event occurs.  

Having these procedures in place allows security and crisis management teams to take the guesswork out of decision making rather than reinventing the wheel during a critical, time-sensitive situation. 

It’s imperative that these response playbooks are centralised and readily accessible for key stakeholders in times of emergency, so they can quickly move from risk detection to mitigation.

No. 5: Audit and Learn 

Post-incident evaluations are instrumental to increasing an organisation’s resilience to crises. After each risk event, no matter the scale, type or frequency, your organisation should study the successes and opportunities for improvement. This can only be achieved if there is clear and detailed documentation of decisions around the management of an event.  

In summary, the current risk landscape is undoubtedly difficult for all organisations to navigate. In order to be more prepared for the next potential crisis, it’s in every business’ best interest to assess their CMP closely and consider implementing these five steps where appropriate. Regardless of location, size and type, all organisations should look to deploy the right technology and tools — those that will enable them to maintain business continuity and protect employee safety.