Browse Definitions :
Definition

crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event.

A crisis can occur as a result of an unpredictable event or an unforeseeable consequence of some event that had been considered as a potential risk. In either case, crises almost invariably require that decisions be made quickly to limit damage to the organization.

The nature of the potential damage varies based on the nature of the crisis. In most cases though, a crisis can affect health or safety, the organization's finances, the organization's reputation, or some combination of these. A devastating fire could be a crisis that puts the organization's finances in jeopardy. However, if the fire occurs during business hours, then the fire might also jeopardize health and safety since employees may find themselves in harm's way.

Crisis management goals

Crisis management seeks to minimize the damage a crisis causes. However, this does not mean crisis management is the same thing as crisis response. Instead, crisis management is a comprehensive process that is put into practice before a crisis even happens. Crisis management practices are engaged before, during and after a crisis.

Recovery crisis management vs. risk management

Before a crisis begins, pre-crisis planning aims to identify risks and then find ways to mitigate or lessen those risks. It is important to note, however, that crisis management and risk management are two different things. Risk management means looking for ways to minimize risks. Crisis management involves figuring out the best way to respond when an incident does occur. As such, risk management is an important part of crisis management, but crisis management covers incident response, whereas risk management usually does not.

Stages of a crisis

Warning and risk assessment. As important as it may be to identify risks and plan for ways to minimize those risks and their effects, it is equally important to establish monitoring systems that can provide early warning signals of any foreseeable crisis. These early warning systems can take a variety of forms and differ widely based on the identified risks.

Some early warning systems might be mechanical or electronic. For instance, thermography is sometimes used to detect a build-up of heat before a fire starts. Other early warning systems may consist of financial metrics. For example, an organization might be able to anticipate a substantial drop in revenue by monitoring its customers' stock prices.

Key steps at each stage of a crisis

The key to effective pre-crisis planning is to involve as many stakeholders as possible. That way, all areas of the organization are represented in the risk identification and risk planning process. Corporate crisis response teams often include representatives from the organization's legal, human resources (HR), finance and operations staff. It is also customary to identify someone to act as a crisis manager.

Crisis response and management. When a crisis occurs, the crisis manager is responsible for directing the organization's response in accordance to its established crisis management plan. The crisis manager is usually also the person who is tasked with communicating to the public.

If a crisis affects public health or safety, then the crisis manager should make a public statement as quickly as possible. In a public crisis, the media will inevitably seek out employees for comment. It is important for the organization's employees to know ahead of time who is and is not authorized to speak to the media. Employees who are allowed to speak to the media must do so in a manner consistent with what the crisis manager is saying.

Post-crisis and resolution. After a crisis subsides and business begins to return to normal, the crisis manager should continue to meet with members of the crisis management team, especially those from the legal and finance departments, to evaluate the progression of the recovery efforts. At the same time, the crisis manager will need to provide the latest information to key stakeholders to keep them aware of the current situation.

Following a crisis, it is also important for the crisis management team to revisit the organization's crisis management plan with the goal of evaluating how well the plan worked and what aspects of the plan need to be revised based on what was learned during the crisis.

Best practices for managing a crisis

The field of crisis management is generally considered to have originated with Johnson & Johnson's handling of a situation in 1982, when cyanide-laced Tylenol killed seven people in the Chicago area. The company immediately recalled all Tylenol capsules in the country and offered free products in tamper-proof packaging. As a result of the company's swift and effective response, the effect to shareholders was minimized and the brand recovered and flourished.

Today, virtually all major corporations, nonprofit agencies and public sector organizations use crisis management. Developing, practicing and updating a crisis management plan is a critical piece of ensuring a business can respond to unforeseen disasters. The nature of the crisis management activities can vary however, based on the organization type. For instance, a manufacturing company will likely need a crisis management plan for responding to a large-scale industrial accident, such as an explosion or chemical spill, whereas an insurance company would be far less likely to face such risks.

Of course, it doesn't take something as dramatic as an industrial accident to require the activation of a crisis management plan. Any event that has the potential to damage the organization's finances or reputation, may be cause for putting the crisis management plan into action.

This was last updated in April 2020

Continue Reading About crisis management

SearchCompliance
  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • risk avoidance

    Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.

SearchSecurity
  • script kiddie

    Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of ...

  • cipher

    In cryptography, a cipher is an algorithm for encrypting and decrypting data.

  • What is risk analysis?

    Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • gigabyte (GB)

    A gigabyte (GB) -- pronounced with two hard Gs -- is a unit of data storage capacity that is roughly equivalent to 1 billion ...

  • MRAM (magnetoresistive random access memory)

    MRAM (magnetoresistive random access memory) is a method of storing data bits using magnetic states instead of the electrical ...

  • storage volume

    A storage volume is an identifiable unit of data storage. It can be a removable hard disk, but it does not have to be a unit that...

Close