Establishing the Crisis Management Context
Introduction
The development of an effective Crisis Management Plan begins long before the organisation writes procedures, appoints a Crisis Management Team or prepares communication templates.
It begins with a clear understanding of the organisation, the nature of crisis management and the purpose of the plan being developed.
Many Crisis Management Plans are created too quickly. Organisations may begin by listing emergency contacts, defining crisis team members or documenting response steps without first agreeing on what constitutes a crisis, what the plan is intended to achieve and which parts of the organisation it should cover.
The resulting document may appear complete but may not provide effective guidance when senior leaders are faced with uncertainty, time pressure and incomplete information.
Establishing the Crisis Management context provides the foundation for all subsequent planning activities.
It ensures that the plan reflects the organisation’s operating environment, strategic priorities, stakeholder expectations, decision-making structure and exposure to potential crises.
This chapter explains how an organisation should establish that foundation.
It introduces the nature of crisis management, distinguishes a crisis from an operational incident, explains the purpose and limitations of a Crisis Management Plan, and provides a structured approach for defining the organisation’s planning context, scope and objectives.
Understanding Crisis Management
Crisis management is the coordinated capability of an organisation to prepare for, recognise, respond to and recover from situations that may threaten its people, operations, reputation, obligations or long-term interests.
A crisis is rarely managed by one department acting alone. It may require coordinated involvement from senior management, operations, human resources, technology, legal, compliance, communications, finance, security and other specialist functions.
External parties such as regulators, government agencies, emergency services, suppliers, professional advisers and the media may also become involved.
The central purpose of crisis management is to enable the organisation to maintain strategic control during a difficult and uncertain situation.
This requires the organisation to:
- Recognise when an event is escalating beyond normal operational management
- Establish clear leadership
- Assess the potential organisational consequences
- Confirm strategic priorities
- Make timely and defensible decisions
- Coordinate activities across multiple functions
- Communicate with affected stakeholders
- Stabilise the situation
- Support recovery and the return to normal operations
Crisis management is therefore more than emergency response. Emergency and incident teams may manage the immediate operational problem, while the Crisis Management Team addresses the wider strategic consequences for the organisation.
For example, an information technology team may respond to a cyberattack by isolating affected systems, investigating malicious activity and restoring data.
However, senior management may still need to determine whether customer services should be suspended, whether regulators should be informed, what should be communicated publicly, how affected customers should be supported, and which services should be restored first.
The technical incident and the organisational crisis are related, but they are not the same.
What Makes a Situation a Crisis?
Not every incident becomes a crisis.
Organisations experience operational problems every day. Equipment fails, employees make errors, suppliers miss deadlines, systems become unavailable and customer complaints arise. Most of these situations can be managed through established procedures and normal lines of authority.
A situation may become a crisis when its actual or potential consequences exceed the capability, authority or coordination arrangements of routine management.
A crisis often includes several of the following characteristics:
High Uncertainty
Information may be incomplete, inaccurate or contradictory. The organisation may not fully understand what has happened, who is affected or how the situation may develop.
Time Pressure
Senior leaders may be required to make important decisions before all relevant facts are available. Delaying a decision may create additional harm.
Significant Consequences
The situation may affect people, critical services, customers, financial performance, legal obligations, regulatory compliance or organisational reputation.
Multiple Stakeholders
Employees, customers, regulators, suppliers, government agencies, shareholders, the media and the public may require information or action.
Rapid Escalation
A localised incident may quickly spread across business functions, locations, technologies or stakeholder groups.
Intense Scrutiny
The organisation’s decisions and conduct may be closely examined by regulators, the media, employees, customers or the public.
Exceptional Decisions
Senior management may need to approve actions that fall outside normal operating procedures, such as closing a facility, suspending a service, issuing a public statement, committing emergency expenditure or accepting significant operational trade-offs.
Cross-Functional Coordination
The situation may require multiple departments to act together under a common set of priorities.
The event itself does not always determine whether a crisis exists. The organisational consequences and the management challenge are equally important.
The same event may be handled as an operational incident by one organisation but may become a crisis for another. This difference may be influenced by the organisation’s size, industry, stakeholder expectations, regulatory obligations, level of preparedness and available response capability.
Incident, Emergency, Disruption and Crisis
Clear terminology helps an organisation determine which management structure and plan should be activated.
Incident
An incident is an event that affects normal operations but can generally be managed through established procedures and existing authority.
Examples include:
- A temporary system outage
- A minor workplace accident
- A local equipment failure
- A limited customer-service disruption
Emergency
An emergency is a situation requiring immediate action to protect life, safety, property or the environment.
Examples include:
- A fire
- A medical emergency
- A hazardous-material release
- A security threat
Emergency response is often led by trained operational teams and public emergency services.
Disruption
A disruption affects the organisation’s ability to deliver products, services or normal operations.
Examples include:
- Loss of a critical facility
- Technology downtime
- Workforce unavailability
- Supply-chain interruption
Business continuity arrangements may be activated to maintain or restore priority activities.
Crisis
A crisis is a difficult situation that creates significant strategic consequences and requires senior management direction, cross-functional coordination and stakeholder management.
Examples include:
- A cyberattack affecting critical services and sensitive information
- A major product-safety issue
- A prolonged loss of essential operations
- A senior management misconduct allegation
- A serious workplace fatality
- A public-health event affecting employees and service delivery
- A major third-party failure affecting customers and regulators
These categories may overlap. An emergency may create a disruption. A disruption may escalate into a crisis. A crisis may include several incidents occurring simultaneously.
The Crisis Management Plan should therefore define how the organisation identifies escalation and when responsibility moves from routine operational management to strategic crisis management.
Strategic Versus Operational Response
One of the most important distinctions in crisis planning is the difference between operational response and strategic Crisis Management.
Operational Response
Operational teams focus on controlling the immediate event.
Their responsibilities may include:
- Protecting life and safety
- Containing damage
- Restoring equipment or technology
- Managing the affected site
- Investigating the cause
- Implementing technical or operational workarounds
- Reporting status information to senior management
Examples of operational teams include:
- Emergency response teams
- Incident management teams
- Cyber incident response teams
- Technology recovery teams
- Business continuity teams
- Security teams
- Facilities management teams
Strategic Crisis Management
The Crisis Management Team focuses on the wider organisational consequences.
Its responsibilities may include:
- Confirming crisis priorities
- Providing strategic direction
- Allocating organisational resources
- Assessing legal and regulatory exposure
- Managing affected stakeholders
- Approving crisis communication
- Protecting organisational credibility
- Coordinating recovery priorities
- Making exceptional decisions
- Providing oversight of the total organisational response
The Crisis Management Team should not take over every operational activity. It should provide direction and ensure that operational teams are working towards common organisational objectives.
When this distinction is unclear, two problems frequently arise.
First, senior leaders may become drawn into technical discussions and lose focus on strategic decisions.
Second, operational teams may make decisions with wider legal, regulatory, or reputational consequences without appropriate executive oversight.
An effective Crisis Management Plan should establish a clear command relationship between strategic and operational response teams.
The Crisis Management Planning Methodology
Crisis Management planning should follow a structured and progressive methodology.
A practical sequence is:
Understand → Identify → Assess → Strategise → Plan → Exercise → Improve
Understand
The organisation establishes its operating context, stakeholder expectations, structure, objectives and planning scope.
Identify
Potential threats and crisis scenarios are identified.
Assess
The organisation evaluates the potential consequences, likelihood, existing controls and planning priorities.
Strategise
Appropriate crisis management approaches are selected for priority scenarios.
Plan
The organisation documents governance, activation, communication, response, recovery and supporting procedures.
Exercise
The Crisis Management Plan is validated through walkthroughs, tabletop exercises, simulations and other testing activities.
Improve
Lessons from exercises, actual incidents, audits and organisational changes are used to update the plan and strengthen capability.
This methodology prevents the organisation from developing procedures without first understanding the crisis risks and strategic objectives those procedures must address.
The sequence also reinforces an important principle:
The plan is an output of the planning process. It is not the entire Crisis Management capability.
A capable organisation requires trained leaders, clear authority, tested communication arrangements, reliable supporting plans, current information and a culture that supports timely escalation.
Understanding the Organisation
Before developing the Crisis Management Plan, the planning team should establish a clear understanding of the organisation.
This understanding should include:
- The organisation’s purpose
- Primary products and services
- Critical operations
- Geographic locations
- Organisational structure
- Regulatory obligations
- Key technologies
- Major suppliers and third parties
- Customer groups
- Important stakeholder relationships
- Strategic priorities
- Existing emergency, incident, continuity and recovery arrangements
The Crisis Management Plan should reflect how the organisation actually operates. A generic plan copied from another organisation may omit important decision structures, stakeholder obligations or operational dependencies.
For example, a financial institution may place significant emphasis on regulatory notification, transaction continuity, customer data protection and market confidence.
A hospital may place greater emphasis on patient safety, clinical operations, public health coordination, and the availability of medical supplies.
A university may focus on student safety, campus operations, academic continuity and communication with families.
The organisation’s operating environment determines what may escalate into a crisis and how the Crisis Management Team should respond.
Identifying Key Stakeholders
A crisis creates expectations that must be actively managed.
Stakeholders may require information, decisions, reassurance, support or regulatory action. The organisation should therefore identify its key stakeholders before a crisis occurs.
Typical stakeholders include:
- Employees
- Customers
- Regulators
- Government agencies
- Emergency services
- Board members
- Shareholders
- Suppliers
- Business partners
- Contractors
- Insurers
- Professional advisers
- Community groups
- Media organisations
- Members of the public
Stakeholders do not all require the same information.
Employees may need instructions about safety, work arrangements and communication channels. Customers may require information about service availability and protective action. Regulators may require verified facts, impact assessments, notification of control failures and regular progress updates. The media may require timely statements to prevent speculation and misinformation.
The planning team should consider:
- What is each stakeholder likely to be concerned about?
- What information will they require?
- When must they be informed?
- Who is responsible for the communication?
- What approval is required?
- Which communication channels are available?
- What happens if the organisation cannot provide complete information?
Stakeholder considerations should influence the organisation’s crisis objectives, team composition and communication procedures.
Defining the Crisis Management Scope
The scope defines the boundaries of the Crisis Management Plan.
A clearly defined scope helps prevent confusion about which parts of the organisation, locations, services and situations are covered.
The scope may include:
- The entire organisation
- Selected legal entities
- Particular countries or regions
- Specific business units
- Major operating facilities
- Critical products and services
- Strategic-level crisis response
- Coordination with operational response plans
- Internal and external communication
- Recovery oversight
- Third-party incidents affecting the organisation
The plan should also clarify what it does not replace.
A Crisis Management Plan does not normally replace:
- Emergency Response Plans
- Cyber Incident Response Plans
- Business Continuity Plans
- Technology Disaster Recovery Plans
- Security Plans
- Crisis Communication Plans
- Evacuation Procedures
- Medical Emergency Procedures
- Product Recall Procedures
These plans may continue to operate under the strategic oversight of the Crisis Management Team.
A suitable scope statement may read:
This Crisis Management Plan applies to significant events that may threaten the organisation’s people, critical services, legal or regulatory obligations, reputation or long-term interests and which require coordinated strategic direction by senior management.
The plan supports but does not replace operational emergency, incident response, business continuity, and technology recovery procedures.
The scope should be approved by senior management because it determines when the plan may be activated and who is expected to participate.
Defining Crisis Management Objectives
Crisis Management objectives provide the basis for decision-making.
During a severe crisis, the organisation may be unable to protect every interest equally. Leaders may need to balance safety, service delivery, compliance, financial exposure, stakeholder expectations and recovery priorities.
Pre-agreed objectives help the Crisis Management Team establish priorities.
Typical objectives include:
- Protect life, safety and wellbeing.
- Stabilise the crisis and prevent further harm.
- Protect customers, employees and affected stakeholders.
- Maintain or restore critical products and services.
- Meet legal, regulatory and contractual obligations.
- Protect sensitive information and organisational assets.
- Provide timely and accurate communication.
- Preserve organisational credibility and stakeholder confidence.
- Support investigation and evidence preservation.
- Coordinate recovery and the return to normal operations.
- Capture lessons and improve organisational capability.
The objectives should be relevant to the organisation and written in a way that supports practical decisions.
For example, if customer protection is an agreed objective, the CMT may prioritise customer notification, fraud prevention and restoration of account access.
If regulatory compliance is an objective, the CMT should ensure that notification responsibilities, reporting deadlines, and approval authority are clear.
The objectives should not be treated as promotional statements. They should guide actual choices during a crisis.
What Is a Crisis Management Plan?
A Crisis Management Plan is a controlled document that provides the governance, authority, structure, procedures and supporting tools required to manage a crisis.
It should enable the Crisis Management Team to answer the following questions:
- What has happened?
- What may happen next?
- What does the situation mean for the organisation?
- Should the Crisis Management Team be activated?
- Who is authorised to lead?
- What are the immediate priorities?
- What decisions are required?
- Who should perform each action?
- Who must be informed?
- How will the response be coordinated?
- How will recovery be managed?
- When can the organisation stand down?
The plan should provide sufficient structure to support disciplined action without becoming overly prescriptive.
Crises develop in unpredictable ways. The plan cannot provide a detailed answer for every possible situation. It should instead provide a consistent management framework that leaders can apply to different scenarios.
What a Crisis Management Plan Is Not
An effective Crisis Management Plan should not be misunderstood as any of the following.
It Is Not a Prediction of Every Crisis
The organisation cannot anticipate every event or consequence. The plan should therefore support adaptable decision-making.
It Is Not a Technical Response Plan
Technical and operational teams require their own procedures. The Crisis Management Plan focuses on strategic leadership and organisational coordination.
It Is Not a Business Continuity Plan
A Business Continuity Plan focuses on maintaining or recovering priority activities. The Crisis Management Plan coordinates the wider strategic response.
It Is Not Merely a Contact List
Contact information is necessary, but it does not provide governance, priorities, decision authority or response procedures.
It Is Not a Policy Document
A policy establishes organisational intent and principles. The Crisis Management Plan provides the operational structure for managing a crisis.
It Is Not a Substitute for Leadership
A plan cannot make decisions. It supports leaders in making informed and timely decisions.
It Is Not a Script
A crisis rarely follows a fixed sequence. The plan should guide judgement rather than restrict it.
When organisations misunderstand the plan's purpose, they often create detailed but difficult-to-use documents.
A plan should be concise enough to navigate under pressure and detailed enough to support action.
Recommended Structure of the Crisis Management Plan
Although the structure may vary by organisation, a practical Crisis Management Plan should normally include the following sections.
Purpose, Scope and Objectives
Explains why the plan exists, what it covers and what the organisation seeks to achieve.
Crisis Definition and Classification
Defines incident levels and the conditions under which a situation becomes a crisis.
Activation and Escalation
Sets out activation criteria, authority and escalation procedures.
Crisis Management Team
Defines the team structure, membership and alternates.
Roles and Responsibilities
Clarifies leadership, coordination, communication and specialist responsibilities.
Decision Authority
Identifies who can approve exceptional actions.
Notification and Mobilisation
Explains how CMT members are contacted and assembled.
Crisis Command and Control
Provides the meeting structure, reporting arrangements and decision process.
Situational Awareness
Provides methods for recording facts, assumptions, unknowns, impacts and forecasts.
Crisis Response Procedures
Guides the CMT through activation, assessment, stabilisation, decision-making, communication and monitoring.
Crisis Communication
Defines stakeholder, media, employee and regulatory communication arrangements.
Recovery and Stand-Down
Explains how the organisation transitions from crisis response to recovery and normal management.
Scenario-Specific Playbooks
Provides additional guidance for selected priority crisis scenarios.
Forms and Supporting Tools
May include action logs, decision logs, situation reports, meeting agendas and communication records.
Testing, Review and Maintenance
Defines how the plan is exercised, updated and controlled.
The structure should be adapted to the organisation’s complexity and needs.
Establishing Plan Ownership and Governance
The Crisis Management Plan should have a clearly identified owner.
The plan owner is normally responsible for:
- Coordinating development
- Consulting relevant departments
- Maintaining document control
- Updating roles and contact information
- Coordinating training
- Organising exercises
- Tracking improvement actions
- Presenting updates for approval
Ownership may sit with:
- Enterprise Resilience
- Risk Management
- Business Continuity
- Corporate Security
- Crisis Management
- The Chief Operating Officer’s office
- Another designated governance function
Senior management should approve the plan.
Approval demonstrates that:
- The structure is recognised
- Decision authority is accepted
- CMT roles are formally assigned
- Departments are expected to support activation
- The organisation has accepted the stated objectives and scope
The plan should also have a defined review cycle. It should be reviewed following:
- Organisational restructuring
- Changes in senior leadership
- Major technology changes
- Changes in regulations
- Significant supplier changes
- New operating locations
- Exercises
- Actual incidents or crises
- Identification of major planning gaps
Common Weaknesses When Establishing the Context
Several weaknesses frequently reduce the effectiveness of Crisis Management planning.
Unclear Definition of a Crisis
Without a clear definition, operational teams may delay escalation or activate the CMT unnecessarily.
Overly Broad Scope
A plan that attempts to cover every operational detail may become too large and difficult to use.
Unclear Relationship with Other Plans
Different teams may assume another group is responsible, leading to gaps or duplication.
Generic Objectives
Objectives that are too broad may not help the CMT prioritise decisions.
Incomplete Stakeholder Analysis
Important communication or regulatory requirements may be missed.
Lack of Senior Management Involvement
A plan developed without executive participation may contain unrealistic assumptions about authority or decision-making.
Excessive Focus on Documentation
The organisation may produce a plan without establishing the supporting capability, training and exercises.
Failure to Consider Plan Accessibility
The plan may be stored only on systems that become unavailable during a crisis.
These weaknesses should be addressed before the organisation proceeds to detailed scenario planning and procedure development.
Practical Workshop: Establishing the Planning Context
The planning team should complete a structured Crisis Management Planning Context exercise.
Organisation Profile
Document:
- Organisation name
- Industry or sector
- Primary products and services
- Geographic operations
- Key locations
- Regulatory environment
- Important technologies
- Major suppliers and dependencies
Stakeholder Profile
For each stakeholder, record:
- Interest or expectation
- Potential crisis concern
- Communication requirement
- Responsible organisational function
Crisis Management Scope
Confirm:
- Organisational entities covered
- Locations covered
- Types of situations covered
- Strategic level of response
- Relationship with operational plans
- Exclusions
Crisis Management Objectives
Develop a set of clear objectives to guide priorities and decisions.
Plan Governance
Confirm:
- Plan owner
- Approval authority
- Review frequency
- CMT sponsor
- Responsible departments
- Exercise expectations
The output of this exercise should be reviewed with senior management before detailed planning continues.
Questions for Management Review
Senior management should be able to answer the following questions:
- What types of situations would require the Crisis Management Team?
- What distinguishes a crisis from a major operational incident?
- Which organisational interests must be protected?
- Which stakeholders are likely to require immediate attention?
- What parts of the organisation are covered by the plan?
- Who owns and approves the plan?
- Who has the authority to activate the Crisis Management Team?
- How does the plan relate to emergency, continuity and technical response plans?
- What decisions may require exceptional authority?
- Can the plan be accessed if normal systems are unavailable?
- Are CMT members trained?
- Has the plan been exercised?
If these questions cannot be answered clearly, the planning context requires further development.
Establishing the Crisis Management context is the first and most important stage in developing a practical Crisis Management Plan.
The organisation must understand its operating environment, stakeholders, critical interests and governance structure before it can design effective crisis procedures. It must also distinguish strategic Crisis Management from routine incident response, define what constitutes a crisis and establish clear objectives for the organisational response.
A Crisis Management Plan should provide structure without restricting judgement. It should define authority without drawing senior leaders into operational detail. It should support communication, coordination and decision-making while remaining flexible enough to address different crisis scenarios.
Once the context, scope and objectives have been agreed, the organisation can proceed to the next stage: identifying relevant threats and developing realistic crisis scenarios for assessment and planning.
The strength of the final Crisis Management Plan will depend heavily on the quality of this foundation.
More Information About Crisis Management Blended/ Hybrid Learning Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].


![[CM] [Full Banner] Crisis-Ready by Design A Practical Guide to Crisis Management Planning and Implementation](https://no-cache.hubspot.com/cta/default/3893111/7cdfb801-3f64-4ba0-af16-225a93f20d89.png)
![x [CM] [3/4 Banner] A Practical Guide to Crisis Management Planning and Implementation](https://no-cache.hubspot.com/cta/default/3893111/9ec680f8-6fe9-4b18-bb7b-13e4c8911787.png)





![[BL-CM] [5] Register](https://no-cache.hubspot.com/cta/default/3893111/82024308-16f4-4491-98be-818a882c6286.png)

![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)









