There are six steps for defining a crisis management plan that can be easily remembered using the word "CRISIS." Each letter of the word stands for a critical step that is necessary to be prepared to deal with a crisis. If you want to be fully prepared for an emergency, then go through each of these steps:
* Complete a threat analysis: Before you begin any planning or preparation, the smart thing to do is to do a threat analysis to consider likely crisis situations. This is usually done in a brain storming session by contemplating a list of likely disasters. These could include natural disasters like storms or earthquakes or it could include man-made disasters like terrorist bombs or war. Other crisis situations might result from loss of key data, computer systems, or cyber intrusion. Although crisis planning usually is focused on these extreme situations, it would also be possible to include possible threats from competitors, loss of key accounts, or unwanted publicity due to misconduct by key employees. During the threat analysis phase, it is usually best to consider the widest possible range of crisis situations for your organization, and decide later which are the ones that you want to plan for in the next step - scenario planning.
* Review possible contingencies - scenario planning: Now that you have listed the possible threats and crisis situations that your organization might face, it is appropriate to define which ones are the most likely and perhaps most threatening. Some situations might be obvious. For example, if your building is located near a major river that is known to flood the area periodically, then this is a scenario for which you will want to prepare. Other threats may not be as likely, but if they did occur, would be devastating. For example the treat of a cyber-terrorist attack targeted at your firm might seem remote; however, if it or a similar event occurred that caused the loss of all your important electronic files and computer systems it might be an unrecoverable event unless you had a plan. So, the key to this step is to select the most important contingencies and define the possible scenario in more detail. In other words, if this particular contingency occurred, what would the scenario look like? Defining what the situation would look like will help to define the recovery plans for that scenario.
* Identify critical preparations: After you have done some planning for the most likely or important scenarios, examine the critical preparations that must be put in place. These could be critical infrastructure like prepositions supplies, emergency kits, or back-up electrical generators. It could also be other "hot sites" for computers or data centers that would take over in the event of loss of your primary data centers. It might also include more mundane preparations like emergency calling trees, home addresses and cell phone numbers for critical personnel.
* Select and appoint a crisis management team: After you have planned for scenarios, and identified critical preparations, then you must select and appoint a crisis management team. If you have multiple scenarios, then you might have different people designated for the team depending upon the situation. Most importantly, designate a clear chain of command for the team to take charge during a crisis. They must not only have the responsibility, but also the authority to act and make decisions. If both the lines of responsibility and authority are not clear, then there will be confusion and arguments among the team when the crisis erupts which will cause them to loose focus and valuable time better spent in dealing with the actual crisis itself. If there are critical decision points where the team must get permission from the CEO or other key official, then they must understand their scope of authority to act and how to quickly reach the final authority during the crisis. Defining the key players and how decisions will get made is important to the success of the crisis management plan. Once the team is in place, they need to be trained and have an opportunity to work together as they review the plans.
* Inform & educate everyone: Once the plans and team is defined, then it is important to inform and educate everyone else. Explain important procedures like evacuation drills, emergency exits, and what is expected under the various likely scenarios. In large office complexes, you might designate assembly areas outside the building, and have people on every floor designated to do a final sweep to account for everyone during a building evacuation. Other scenarios might require educating receptionists to understand what to do if they get a bomb threat and what information to listen for when receiving the call. Thus, make sure that everyone in the organization at least understands the basics of what they might be expected to do when a crisis erupts.
* Support practice, debriefing and ongoing planning: Planning is never perfect, but it can be refined through practice. It takes a commitment by senior management to support practice drills and spend the time to review what happened during the practice sessions to refine the plan. One would hope that the plans would never need to be exercised in a real crisis; however, there is no substitute for a well rehearsed plan when a crisis occurs. Most crisis plans should be practiced at least once per year, and the plan should be updated. Key personnel will change, information and phone numbers will need to be confirmed, and key parts of the plan might need to be refreshed. It will be of little use to pull out an out-of-date plan during a crisis only to find out that the information is wrong or that the plan will not work because of changed circumstances.
The key to success in a crisis is having a realistic plan ready to execute. Good prior planning will identify not only the necessary steps, but also the required advance preparation of supplies, people, and training. Use the steps of "CRISIS" format and be ready to deal with the emergencies that your organization might face. You will be glad to have invested the time in advance of the situation.
Article Source: http://EzineArticles.com/?expert=Leonard_Kloeber
* Complete a threat analysis: Before you begin any planning or preparation, the smart thing to do is to do a threat analysis to consider likely crisis situations. This is usually done in a brain storming session by contemplating a list of likely disasters. These could include natural disasters like storms or earthquakes or it could include man-made disasters like terrorist bombs or war. Other crisis situations might result from loss of key data, computer systems, or cyber intrusion. Although crisis planning usually is focused on these extreme situations, it would also be possible to include possible threats from competitors, loss of key accounts, or unwanted publicity due to misconduct by key employees. During the threat analysis phase, it is usually best to consider the widest possible range of crisis situations for your organization, and decide later which are the ones that you want to plan for in the next step - scenario planning.
* Review possible contingencies - scenario planning: Now that you have listed the possible threats and crisis situations that your organization might face, it is appropriate to define which ones are the most likely and perhaps most threatening. Some situations might be obvious. For example, if your building is located near a major river that is known to flood the area periodically, then this is a scenario for which you will want to prepare. Other threats may not be as likely, but if they did occur, would be devastating. For example the treat of a cyber-terrorist attack targeted at your firm might seem remote; however, if it or a similar event occurred that caused the loss of all your important electronic files and computer systems it might be an unrecoverable event unless you had a plan. So, the key to this step is to select the most important contingencies and define the possible scenario in more detail. In other words, if this particular contingency occurred, what would the scenario look like? Defining what the situation would look like will help to define the recovery plans for that scenario.
* Identify critical preparations: After you have done some planning for the most likely or important scenarios, examine the critical preparations that must be put in place. These could be critical infrastructure like prepositions supplies, emergency kits, or back-up electrical generators. It could also be other "hot sites" for computers or data centers that would take over in the event of loss of your primary data centers. It might also include more mundane preparations like emergency calling trees, home addresses and cell phone numbers for critical personnel.
* Select and appoint a crisis management team: After you have planned for scenarios, and identified critical preparations, then you must select and appoint a crisis management team. If you have multiple scenarios, then you might have different people designated for the team depending upon the situation. Most importantly, designate a clear chain of command for the team to take charge during a crisis. They must not only have the responsibility, but also the authority to act and make decisions. If both the lines of responsibility and authority are not clear, then there will be confusion and arguments among the team when the crisis erupts which will cause them to loose focus and valuable time better spent in dealing with the actual crisis itself. If there are critical decision points where the team must get permission from the CEO or other key official, then they must understand their scope of authority to act and how to quickly reach the final authority during the crisis. Defining the key players and how decisions will get made is important to the success of the crisis management plan. Once the team is in place, they need to be trained and have an opportunity to work together as they review the plans.
* Inform & educate everyone: Once the plans and team is defined, then it is important to inform and educate everyone else. Explain important procedures like evacuation drills, emergency exits, and what is expected under the various likely scenarios. In large office complexes, you might designate assembly areas outside the building, and have people on every floor designated to do a final sweep to account for everyone during a building evacuation. Other scenarios might require educating receptionists to understand what to do if they get a bomb threat and what information to listen for when receiving the call. Thus, make sure that everyone in the organization at least understands the basics of what they might be expected to do when a crisis erupts.
* Support practice, debriefing and ongoing planning: Planning is never perfect, but it can be refined through practice. It takes a commitment by senior management to support practice drills and spend the time to review what happened during the practice sessions to refine the plan. One would hope that the plans would never need to be exercised in a real crisis; however, there is no substitute for a well rehearsed plan when a crisis occurs. Most crisis plans should be practiced at least once per year, and the plan should be updated. Key personnel will change, information and phone numbers will need to be confirmed, and key parts of the plan might need to be refreshed. It will be of little use to pull out an out-of-date plan during a crisis only to find out that the information is wrong or that the plan will not work because of changed circumstances.
The key to success in a crisis is having a realistic plan ready to execute. Good prior planning will identify not only the necessary steps, but also the required advance preparation of supplies, people, and training. Use the steps of "CRISIS" format and be ready to deal with the emergencies that your organization might face. You will be glad to have invested the time in advance of the situation.
Article Source: http://EzineArticles.com/?expert=Leonard_Kloeber
No comments:
Post a Comment