A corporate Crisis Management Plan is a strategic document to be used by the company’s most senior leadership. It provides detailed strategic response guidance for executives to use when managing a catastrophic incident. The plan establishes a structure and a process for integrating executive, managerial and operational resources. Finally, it provides a framework to facilitate efficient and timely collaboration between:
- Executive leaders.
- Staff department leaders and their teams.
- Business leaders and their organizations.
- Subject matter experts.
- Regional, subsidiary and facilities management and their teams.
The plan defines and integrates all company resources and supporting plans needed for effective crisis response, including:
- Emergency Response.
- People Support.
- Business Continuity.
- Crisis Communications.
- IT Disaster Recovery.
- Any other company-specific response plans.
The plan mandates a crisis management Crisis Management Process Guardian, who will oversee crisis management planning, verify the response processes defined in the plans, and audit the effectiveness of the entire response organization.
The plan is specifically intended to:
- Protect the company’s core assets: People, Property, Knowledge, Image and Market Share.
- Comply with applicable regulations and guidelines such as the Sarbanes-Oxley Act and the National Fire Protection Associations’ Standard 1600, and meet or exceed generally accepted standards for reasonable care and preparedness.
- Create an organization and supporting tools, equipment and process to effectively respond to any type of catastrophic incident, including:
- Facility disasters.
- Information technology failures.
- Product/service quality or performance failures.
- Attacks on reputation, brand or image.
- Alleged or real governance failures.
- Competitor’s actions.
- Violent acts.
- Public health disasters.
- Natural disasters.
The plan is divided into three parts.
- The first part is a response guide designed to:
- Provide detailed action lists customized for each executive to use during a crisis.
- Define command and control protocols to engage all required company employees in an organized response to the crisis.
- Define a process to prioritize response actions and create action plans for priority actions.
- The second part is the program description designed to:
- Provide defensible documentation of the program for external audiences, e.g., insurers, investors, regulators and juries.
- Gain agreement on how the company intends to prepare, monitor and respond to a catastrophic incident.
- Provide a benchmark to evaluate performance during an exercise or actual crisis.
- The third part contains a list of supporting plans, including plans for each department and the business unit leaders.
Finally, the plan includes policy, principles, goals, vision, scope, mission and definition statements to help align crisis response with company culture and provide guidance for principle-based decision making. It establishes authority levels, a posture for aggressive response, and defines roles and responsibilities for executives and their organizations. Operational guidance, facilities, equipment, training and maintenance requirement are described at a high level. A supporting organization is clearly defined, and command and control protocols are established so that the company’s leadership can quickly activate a reliable, trained and integrated response organization during the stressful and confusing events that accompany any catastrophic incident.