A few months ago, we prepared the following article for the Canadian Chamber of Commerce. We continue to receive requests for crisis management how-to information. As such, we have re-posted this article.

My career in security and public safety has spanned over 35 years.  I am proud to have served in federal law enforcement, the military as well as leading security operations in private sector banking and luxury hospitality. I am always amazed at the strong correlation between high functioning organisations and the health of their crisis management programs.

Over the last 12 months, security professionals in both the private and public sectors have been consumed by the far-reaching impacts of the Covid-19 pandemic. Plainly put, it has dominated and impacted nearly every facet of our personal and professional lives.

If there is a silver lining to this pandemic which we are all navigating, it is that it has forced organisations of all shapes and sizes to leverage their existing crisis management plans or to develop new plans if none existed. I speak almost daily with security professionals and there is a common theme which consistently comes up: companies that possess a strong crisis management plan are thriving in their given industries as compared to their peers and competitors. With that in mind, I wanted to take this opportunity to identify the key attributes that the most successful crisis management programs share. The best crisis management programs are simple, reliable and repeatableLet us dig deeper together on these basic descriptors:


Managing a crisis engenders its own unique complexities.  Therefore, keeping your crisis management plan simple has obvious advantages. Many organisations are often easily bogged down with overly complex monolithic plans that attempt to address every conceivable crisis type. Here are a few of tips to ensure simplicity:

  1. Keep your crisis management plan concise and agnostic of specific crisis types. Detailed checklists and plans for specific crises are better suited to “play books” e.g., a ransomware playbook. The crisis management plan should have the following components:
    • Clear statement of priorities
      • People
      • Assets
      • Reputation
    • Declaration of the aim of your crisis management program that is endorsed by senior leadership.
    • Initial actions
    • List of crisis management team members
    • Assignment of crisis management roles
    • First crisis management meeting template
    • Ongoing meeting template

*N.B. – this should be no more than 8-10 pages for a large multi-national.

  1. Develop a short and structured meeting template for your initial and on-going crisis management meetings. This template should have the following elements:
    • Situational Awareness – what do we know?
    • Statement of priorities
    • Action/task listing – who will do what and when?
    • Outstanding issues
    • Communications plan summary
      • Internal
      • External
    • Next meeting time and location
  2. Develop a simple rating system for describing a crisis. There are a few models out there but if you have none, the following could be a starting point:
    • Yellow – a crisis that takes organisation out of their normal operational state but no likelihood of causing significant long-term impact.
    • Amber – a more substantial crisis that will have short to medium terms impacts on the organisation.  Financial loss and potential reputational damage yet recoverable.
    • Red – a significant crisis that if not managed properly could cause irreparable damage financially and/or reputationally.


Organisations can have the best crisis management plan in the world yet if it is out of date or not available during a crisis, it can be rendered useless.

  1. Ensure a copy of the plan and supporting meeting scripts are up to date. Any plan should be clearly dated and versioned on the cover page. The reader should know within seconds how current the plan is. The task of keeping the plan current should be assigned to a senior business head within the organisation. This role should be part of this individual/team’s performance management to drive accountability.
  1. Ensure a copy of the plan and supporting meeting scripts are always available to anyone in the organisation who may support crisis management. Some typical options include:
    • Corporate IT infrastructure can host copies of the latest plan.
    • Copy is kept on corporate laptop or mobile device.
    • Copy is kept on an external cloud solution.
    • Copy is available via a dedicated crisis management software solution.
    • Hard copies are kept at corporate office, ideally in or near the location where the crisis management team will meet (war room).
    • Hard copies are kept at an offsite location – these can be kept is a locked box. Where would you take your staff if you had to evacuate your corporate location? This is an ideal location to store a locked copy of your plan.
  1. Ensure there are alternate persons for each key role on your crisis management team. We do not get to pick when a crisis strikes and Murphy’s Law dictates some of your key personnel will be unavailable when you need them.
  1. When possible, try to support your crisis management process with technology. This can be as simple as detailed notes in a Word document or an Excel spreadsheet tracking tasks. This can extend as far as leveraging an enterprise level crisis management software service. 


Crisis management is a skill that requires practice like anything else we wish to master.  Here are some best practices to raise your personal and your team’s crisis management effectiveness:

  1. Some of the best lessons come from actual crises you have experienced. As soon as practical, after the crisis ends a review process or hot wash should take place. It is a re-creation of a timeline of events noting observations or what worked well and what could be improved. Key to success is to focus on ensuring all lessons learned are implemented.
  1. Plan for at least one tabletop style exercise per year with your entire crisis management team. Scenarios should be reasonable and aligned with the risks to your industry.
  1. Practise often! During weekly meetings, take a deliberate 10 minutes to discuss a crisis that was observed on the news or heard of in your industry. Inspire frank discussions about how your team would approach the crisis if it landed on your doorstep. As your team improves, seize the opportunity to swap persons in roles to further enhance depth of response or “bench strength”.
  1. You may wish to consider seeking professional assistance to support your crisis management program before a crisis evolves.  There is a myriad of specialists to support communications, planning and training.

These concepts are far from an exhaustive list of how to establish a resilient crisis management program. With that said, these strategies reside with some of the best crisis management programs that support major organisations. The obvious main purpose of a crisis management program is to guide an organisation through the destabilisation caused by the crisis. If executed correctly, business disruption should be minimal while allowing the company to return to its core activities. Organisations can also reap other dividends from a high-performance crisis management plan such as reducing the impact on share value, higher team cohesiveness and increased public perception.

The team here at RCAS and I hope you find this article useful towards developing or augmenting your crisis management program. We would be pleased to attend your next crisis management planning activity where we can answer additional questions and provide support to your organisation.

Take care and be safe!

Need Advice?