Michael Meyer, CRO and CSO, MRS BPO, LLC

Management is often considered the most important kind of public relations, because in a moment an organization or brand that took years, decades or even a century to build can be lost or strengthened. The difference between death or survival are the
decisions that management makes. The best decisions are made by organizations that are ready for a crisis by expecting them to occur and planning for them. These organizations prepare for the crisis decision making process with two kinds of crisis planning. Risk  management and Crisis management. Risk management and Crisis management are related, but completely different. Risk management is the proactive identification and theoretical probability of a natural or man-made disruptive event - along with a strategy to prevent or minimize the event’s impact. Crisis management begins when the organization works to quickly manage and mitigate a major event that has occurred. Crisis management planning deals with providing the best possible internal and external response to a crisis given the amount of decision time available.

A crisis that requires management action could fall into one of these categories: Natural disasters, Terrorism, Work place violence, Technical outages, Cyber Data Theft, Ransomware, Lengthy Political Unrest, Pandemics, Government actions, Large scale product malfunctions or recalls, Financial market disruptions, Loss or kidnap of executives. Some notable recent global corporate crises are: Samsung Galaxy Note 7 recall, Volkswagen emission scandal, Panama Papers hacking, Toshiba accounting scandal,  Leoni AG email scam.

"Today’s instantaneous social media and mobile video technology have changed the speed at which organizations need to respond to crisis management"

Normally an organization creates across functional team in advance to prepare for a crisis. The team consists of senior management and stakeholders from every business unit, trusted external advisors and consultants. This team is activated when two things happen at the same time - a sudden unexpected major threat occurs and fast decisions need to be made. Not all crises are public facing and not all types of crises can be planned for. The types of crises that are outside the realm of expected possibility are called Black Swan events.

Before a crisis strikes your organization, you need to prepare a plan usually with the help of an outside consultant. This plan includes major components such as team members, meeting location, incident responses and communications which includes methods and media coverage. The most important part of the plan is communications both internal and external. The communications area is broken into how the communication occurs and working with the media.

An example of communications in the plan; internal communications updates might be given by the COO via an all-hands conference call each month, whereas the external communications would be from the CEO and via a newly established website link or WhatsApp messaging. The reason that the speaker(s)needs to be identified in advance, is that critical decision time is saved and this person(s) can be prepared in advance with media tips and proper etiquette. Choosing the wrong or an nprepared public speaker will only add to the negativity surrounding the event and possibly increase the damage to the  brand and organization. In addition, the plan will lay out what employees can and can’t say on social media about the event and who they ld refer all inquiries to if a reporter corners them.

Today’s instantaneous social media and mobile video technology have changed the speed at which organizations need to respond to crisis management. Not only has the speed changed, but so has the transparency level of the communications. This means that you always need to be able to communicate effectively and accurately with stakeholders and the public. So, prior to a crisis occurring, alternative routes of communication need to be mapped out and tested. These tests could take place in the usual conduct of business, because systems may be down occasionally for technical reasons. As an example, you may considersetting up a Twitter, Facebook or WhatsApp account with your company name, that  can be used if all company email
servers are down or destroyed. These accounts need to be approved in advance by legal and compliance teams along with who is controlling them.

To get started with the planning, there are several global standards that provide a good framework. There is ISO standard 22320:2011 which covers Societal security, emergency management and provides requirements for incident response and the newer British Standard (BS) 11200:2014 that covers Crisis Management – Guidance and Good Practice. The British standard is a major update from the previous PAS 200:2011 (Publicly Available Specification) framework and is more applicable to organizations of all sizes than the ISO standard.

Since each organization may have different and specific threats facing it, most organizations hire consultants to help craft a robust and unique crisis plan to respond to these threats. The consultants provide unbiased insights and can view negative impacts like a customer does, which employees many not recognize.

Once the crisis plan is created, it becomes a living insurance policy that pays dividends by ensuring brand and profit protection in the face of today’s critical and over sensationalized news headlines. Some organizations are one headline away from failing - with a plan you won’t be one of them.