Leadership And Management Skills

Crisis Management Plan (CMP) Samples




A Crisis Management Plan (CMP) provides a structured framework to guide an organization through the stages of preparation, response, and recovery during a crisis. Below are three detailed samples tailored to different scenarios—general organizational crisis, cybersecurity breach, and natural disaster.


Sample 1: General Organizational Crisis Management Plan

[Company Name] Crisis Management Plan


1. Introduction

  • Purpose: To provide a comprehensive framework to manage potential crises, minimize impact, and restore operations.
  • Scope: Covers all departments, employees, stakeholders, and assets impacted by an internal or external crisis.

2. Crisis Management Team (CMT)

| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Crisis Manager | Oversees response, makes final decisions, ensures communication flow. | [Name] |
| Communication Lead | Handles internal and external communication. | [Name] |
| Operations Lead | Ensures continuity of essential business functions. | [Name] |
| HR Representative | Ensures employee safety and well-being. | [Name] |
| Legal Advisor | Manages compliance and legal concerns. | [Name] |


3. Risk Assessment

| Crisis Type | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Data breach | High | Financial, reputational damage | Critical |
| Product recall | Medium | Customer trust loss, legal issues | High |
| PR scandal | Low | Reputational damage | Medium |


4. Crisis Management Workflow

| Stage | Actions | Responsible Role | Tools/Resources |
|--------------------|----------------------------------------------------------------------------------------------|----------------------------|----------------------------|
| Preparation | Conduct risk assessments, develop CMP, and train employees. | Crisis Manager | Training manuals, Notion |
| Response | 1. Activate CMT.
2. Identify and assess the situation.
3. Implement response plan. | Operations Lead | Zoom, Slack, Action Logs |
| Communication | Draft press releases, hold employee briefings, and monitor public sentiment. | Communication Lead | Hootsuite, Email Alerts |
| Recovery | Review and refine operations, communicate recovery steps to stakeholders. | Entire CMT | Post-crisis evaluation tools|


5. Communication Plan

  • Internal Communication:
  • Inform employees of updates via Slack, email, or emergency SMS alerts.
  • Use regular briefings for the Crisis Management Team.

  • External Communication:

  • Release a public statement within 24 hours via email, social media, and press.
  • Designate a spokesperson for media inquiries.

Pre-approved Statement Template:

“We are aware of the situation and are actively addressing it. Our priority is the safety and well-being of our [employees/customers]. We are taking all necessary measures to resolve the issue and will provide updates as they become available.”


6. Recovery Plan

  • Evaluate financial, reputational, and operational damage.
  • Conduct a post-crisis review with the CMT to identify lessons learned.
  • Update the CMP and train employees on updated procedures.


Sample 2: Cybersecurity Breach Crisis Management Plan

[Company Name] Cybersecurity Crisis Management Plan


1. Introduction

  • Purpose: To protect sensitive data, minimize business disruption, and ensure compliance during a cybersecurity breach.
  • Scope: Covers all IT systems, data, and personnel across [Company Name].

2. Crisis Management Team (CMT)

| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Incident Response Lead | Oversees cybersecurity response and containment. | [Name] |
| IT Manager | Investigates and mitigates the breach. | [Name] |
| Legal Advisor | Ensures regulatory compliance (e.g., GDPR, HIPAA). | [Name] |
| Communication Lead | Handles internal and external messaging. | [Name] |


3. Risk Assessment

| Threat | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Phishing attack | High | Compromised credentials | Critical |
| Ransomware attack | Medium | Data loss, operational shutdown | High |
| Insider threat | Low | Breach of sensitive data | Medium |


4. Incident Response Plan

| Step | Action | Responsible Role |
|-------------------------|--------------------------------------------------------------------------------------|----------------------------|
| Detection | 1. Identify breach indicators (e.g., unusual logins, malware alerts). | IT Manager |
| Containment | 1. Disconnect affected systems from the network.
2. Activate the CMT. | Incident Response Lead |
| Investigation | 1. Analyze logs to determine the scope of the breach.
2. Identify affected data. | IT Manager, Legal Advisor |
| Notification | Notify affected stakeholders (e.g., customers, regulators). | Communication Lead |
| Recovery | Restore systems from backups and strengthen security protocols. | IT Manager |


5. Communication Plan

  • Notify affected customers within 72 hours, as per regulatory requirements (e.g., GDPR).
  • Use email, website updates, and press releases to inform stakeholders.
  • Pre-approved statement:

    "We have identified a cybersecurity incident affecting [specific details]. We are working closely with cybersecurity experts to resolve this issue and safeguard your data. Please contact [contact info] for further assistance."


6. Recovery Plan

  • Conduct a forensic audit to identify vulnerabilities.
  • Implement security upgrades (e.g., multi-factor authentication, updated firewalls).
  • Provide cybersecurity training for employees to prevent future incidents.


Sample 3: Natural Disaster Crisis Management Plan

[Company Name] Natural Disaster Crisis Management Plan


1. Introduction

  • Purpose: To protect employees, secure assets, and ensure business continuity during natural disasters.
  • Scope: Covers all physical locations and employees of [Company Name].

2. Crisis Management Team (CMT)

| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Crisis Manager | Coordinates disaster response and communication. | [Name] |
| Facilities Lead | Secures physical locations and equipment. | [Name] |
| HR Representative | Ensures employee safety and evacuation protocols. | [Name] |
| IT Manager | Protects data and IT systems. | [Name] |


3. Risk Assessment

| Disaster Type | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Earthquake | Medium | Structural damage, injury | Critical |
| Hurricane | High | Flooding, power outages | High |
| Wildfire | Low | Asset loss, evacuation | Medium |


4. Disaster Response Plan

| Step | Action | Responsible Role |
|-------------------------|--------------------------------------------------------------------------------------|----------------------------|
| Preparation | 1. Develop evacuation routes and safety procedures.
2. Train employees on drills. | HR Representative |
| Activation | 1. Activate emergency response protocol.
2. Evacuate personnel if needed. | Crisis Manager |
| Communication | 1. Notify employees via SMS/emergency alert system.
2. Inform stakeholders of disruptions. | Communication Lead |
| Assessment | 1. Assess damages to facilities and systems.
2. Engage emergency services. | Facilities Lead |
| Recovery | Resume operations once safety is ensured. | Entire CMT |


5. Communication Plan

  • Internal Alerts: Send SMS alerts and emails for evacuation updates.
  • External Updates: Post updates on social media and the company website about closures or delays.
  • Sample SMS Alert:

    "URGENT: Due to [disaster], all employees at [location] must evacuate immediately. Follow the designated evacuation plan and check in with your manager."


6. Recovery Plan

  • Partner with insurance and emergency services to assess damage.
  • Set up temporary workspaces or enable remote work for continuity.
  • Debrief employees and update disaster response protocols.

If you liked this, consider supporting us by checking out Tiny Skills - 250+ Top Work & Personal Skills Made Easy