A Crisis Management Plan (CMP) provides a structured framework to guide an organization through the stages of preparation, response, and recovery during a crisis. Below are three detailed samples tailored to different scenarios—general organizational crisis, cybersecurity breach, and natural disaster.
| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Crisis Manager | Oversees response, makes final decisions, ensures communication flow. | [Name] |
| Communication Lead | Handles internal and external communication. | [Name] |
| Operations Lead | Ensures continuity of essential business functions. | [Name] |
| HR Representative | Ensures employee safety and well-being. | [Name] |
| Legal Advisor | Manages compliance and legal concerns. | [Name] |
| Crisis Type | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Data breach | High | Financial, reputational damage | Critical |
| Product recall | Medium | Customer trust loss, legal issues | High |
| PR scandal | Low | Reputational damage | Medium |
| Stage | Actions | Responsible Role | Tools/Resources |
|--------------------|----------------------------------------------------------------------------------------------|----------------------------|----------------------------|
| Preparation | Conduct risk assessments, develop CMP, and train employees. | Crisis Manager | Training manuals, Notion |
| Response | 1. Activate CMT.
2. Identify and assess the situation.
3. Implement response plan. | Operations Lead | Zoom, Slack, Action Logs |
| Communication | Draft press releases, hold employee briefings, and monitor public sentiment. | Communication Lead | Hootsuite, Email Alerts |
| Recovery | Review and refine operations, communicate recovery steps to stakeholders. | Entire CMT | Post-crisis evaluation tools|
Use regular briefings for the Crisis Management Team.
External Communication:
Pre-approved Statement Template:
“We are aware of the situation and are actively addressing it. Our priority is the safety and well-being of our [employees/customers]. We are taking all necessary measures to resolve the issue and will provide updates as they become available.”
| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Incident Response Lead | Oversees cybersecurity response and containment. | [Name] |
| IT Manager | Investigates and mitigates the breach. | [Name] |
| Legal Advisor | Ensures regulatory compliance (e.g., GDPR, HIPAA). | [Name] |
| Communication Lead | Handles internal and external messaging. | [Name] |
| Threat | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Phishing attack | High | Compromised credentials | Critical |
| Ransomware attack | Medium | Data loss, operational shutdown | High |
| Insider threat | Low | Breach of sensitive data | Medium |
| Step | Action | Responsible Role |
|-------------------------|--------------------------------------------------------------------------------------|----------------------------|
| Detection | 1. Identify breach indicators (e.g., unusual logins, malware alerts). | IT Manager |
| Containment | 1. Disconnect affected systems from the network.
2. Activate the CMT. | Incident Response Lead |
| Investigation | 1. Analyze logs to determine the scope of the breach.
2. Identify affected data. | IT Manager, Legal Advisor |
| Notification | Notify affected stakeholders (e.g., customers, regulators). | Communication Lead |
| Recovery | Restore systems from backups and strengthen security protocols. | IT Manager |
"We have identified a cybersecurity incident affecting [specific details]. We are working closely with cybersecurity experts to resolve this issue and safeguard your data. Please contact [contact info] for further assistance."
| Role | Responsibilities | Assigned Personnel |
|----------------------------|--------------------------------------------------------|------------------------------|
| Crisis Manager | Coordinates disaster response and communication. | [Name] |
| Facilities Lead | Secures physical locations and equipment. | [Name] |
| HR Representative | Ensures employee safety and evacuation protocols. | [Name] |
| IT Manager | Protects data and IT systems. | [Name] |
| Disaster Type | Likelihood | Potential Impact | Risk Level |
|----------------------------|----------------------|-----------------------|----------------|
| Earthquake | Medium | Structural damage, injury | Critical |
| Hurricane | High | Flooding, power outages | High |
| Wildfire | Low | Asset loss, evacuation | Medium |
| Step | Action | Responsible Role |
|-------------------------|--------------------------------------------------------------------------------------|----------------------------|
| Preparation | 1. Develop evacuation routes and safety procedures.
2. Train employees on drills. | HR Representative |
| Activation | 1. Activate emergency response protocol.
2. Evacuate personnel if needed. | Crisis Manager |
| Communication | 1. Notify employees via SMS/emergency alert system.
2. Inform stakeholders of disruptions. | Communication Lead |
| Assessment | 1. Assess damages to facilities and systems.
2. Engage emergency services. | Facilities Lead |
| Recovery | Resume operations once safety is ensured. | Entire CMT |
"URGENT: Due to [disaster], all employees at [location] must evacuate immediately. Follow the designated evacuation plan and check in with your manager."