Developing Post-Crisis Procedures
Purpose of Post-Crisis Procedures
Post-crisis procedures guide the transition from active crisis response to recovery and normal management.
They should address:
- Stand-down
- Transfer of responsibility
- Restoration
- Stakeholder follow-up
- Investigation
- Lessons learnt
- Improvement
The immediate event may end before all consequences are resolved.
Determining When the Crisis Ends
The CMT should consider:
- Is the immediate threat controlled?
- Is the situation stable?
- Are critical services operating?
- Are strategic decisions still required?
- Can normal management structures resume?
- Are regulatory obligations under control?
- Are stakeholder concerns being managed?
- Are outstanding actions assigned?
- Is continued CMT oversight necessary?
System restoration or facility reopening alone does not necessarily mean the crisis has ended.
Crisis Stand-Down
The stand-down procedure should define:
- Who recommends a stand-down
- Who approves the stand-down
- Criteria to be met
- Stakeholders to be notified
- Actions to be transferred
- Records to be preserved
- Recovery governance
- Communication requirements
The decision should be recorded in the Decision Log.
Transition to Recovery Governance
After stand-down, outstanding work may continue under:
- Recovery Steering Committee
- Executive Management Team
- Programme Management Office
- Business Unit Management
- Technology Recovery Team
- Regulatory Response Team
- Customer Remediation Team
The transition should clearly identify:
- New owner
- Reporting schedule
- Outstanding risks
- Open actions
- Budget
- Stakeholder obligations
- Completion criteria
Return-to-Normal Procedures
Return-to-normal activities may include:
- Restoring services
- Clearing transaction backlogs
- Reopening facilities
- Reintegrating staff
- Ending workarounds
- Completing regulatory reports
- Supporting affected customers
- Addressing complaints
- Reviewing supplier performance
- Resolving financial consequences
The organisation should avoid returning too quickly to pre-crisis processes if those processes contributed to the event.
Stakeholder Follow-Up
Stakeholder responsibilities may continue after stand-down.
Follow-up may include:
- Customer notification
- Compensation
- Employee welfare support
- Board reporting
- Regulatory closure
- Supplier remediation
- Public updates
- Community engagement
- Legal response
Each requirement should have an owner and a target date.
Investigation and Evidence
The organisation may need to support:
- Internal investigation
- Forensic investigation
- Regulatory review
- Legal proceedings
- Insurance claims
- Root-cause analysis
The procedures should ensure that:
- Records are preserved
- Evidence is protected
- Privilege is considered
- Decision and action logs are retained
- Access is controlled
- Investigation ownership is clear
Lessons Learnt Review
The organisation should conduct a structured post-crisis review.
The review should ask:
- What happened?
- What worked well?
- What did not work?
- Which decisions were difficult?
- What information was missing?
- Were roles clear?
- Was the authority sufficient?
- Was communication effective?
- Were resources available?
- Was the CM Plan usable?
- What should change?
The review should focus on improvement rather than blame.
Improvement Action Plan
Improvement actions should include:
- Finding
- Corrective action
- Priority
- Owner
- Target date
- Verification method
- Status
A practical improvement register may include:
|
Finding
|
Improvement Action
|
Owner
|
Target Date
|
Status
|
|
|
|
|
|
|
The organisation should track actions until completion.
Scenario-Specific Crisis Procedures
The core Crisis Management Plan should provide a consistent response framework.
Scenario-specific playbooks may provide additional guidance for priority threats.
A playbook may include:
- Scenario description
- Activation indicators
- Strategic priorities
- Pre-crisis actions
- Immediate actions
- Key decisions
- Stakeholders
- Communication requirements
- Recovery considerations
- Subject Matter Experts
- Scenario-specific checklists
Playbooks should support the core plan rather than duplicate it.
Example: Cyber Crisis Procedure
Before the Crisis
- Maintain security monitoring.
- Test offline backups.
- Maintain forensic and legal retainers.
- Prepare customer and regulator templates.
- Validate emergency communication channels.
During the Crisis
- Isolate affected systems.
- Protect backup environments.
- Activate CMT if critical services or data are affected.
- Preserve evidence.
- Notify regulators.
- Prioritise critical service recovery.
- Communicate with customers.
- Assess ransom-related decisions.
After the Crisis
- Restore services from trusted environments.
- Complete forensic investigation.
- Notify affected individuals.
- Clear transaction backlogs.
- Review controls.
- Conduct lessons learnt.
Example: Severe Weather Crisis Procedure
Before the Crisis
- Monitor forecasts.
- Define air-quality or weather thresholds.
- Prepare remote-working arrangements.
- Validate critical suppliers.
- Prepare employee messages.
During the Crisis
- Assess safety and access.
- Activate alternate working arrangements.
- Prioritise essential services.
- Communicate with employees and customers.
- Monitor workforce availability.
- Coordinate with government agencies.
After the Crisis
- Resume facilities safely.
- Address delayed services.
- Review staff welfare.
- Assess supplier impacts.
- Update severe-weather procedures.
Common Weaknesses in Crisis Procedures
Procedures Are Too Generic
They do not explain who acts or what output is required.
Procedures Are Too Detailed
Users cannot quickly locate critical actions.
Actions Lack Owners
Responsibility is unclear.
Decision Authority Is Missing
Participants know what should be done but not who can approve it.
Communication Is Added Too Late
Stakeholder needs are not considered during early response.
Recovery Is Delayed
Recovery planning begins only after the crisis is stabilised.
Actions Are Not Recorded
The organisation loses control of commitments and deadlines.
Workarounds Are Not Risk-Assessed
Temporary measures create new errors or harm.
Prolonged Response Is Ignored
Fatigue and handover weaknesses develop.
Procedures Are Not Tested
Practical gaps remain hidden.
Practical Workshop: Developing Crisis Procedures
The planning team should complete the following process for each selected crisis scenario.
Step 1: Review the Strategy
Confirm:
- Strategic priorities
- Stakeholder concerns
- Risk-treatment requirements
- Recovery objectives
Step 2: Develop Pre-Crisis Procedures
Document:
- Monitoring
- Early warning
- Preparedness
- Resource readiness
- Stakeholder readiness
- Communication preparation
Step 3: Develop During-Crisis Procedures
Use the sequence:
Activate → Assess → Stabilise → Decide → Communicate → Monitor → Recover
Step 4: Develop Post-Crisis Procedures
Document:
- Stand-down
- Transition
- Restoration
- Stakeholder follow-up
- Investigation
- Lessons learnt
- Improvement
Step 5: Assign Roles
For each action, confirm:
- Owner
- Support roles
- Authority
- Deadline
- Required output
Step 6: Identify Supporting Tools
Confirm the need for:
- Situation Report
- Action Log
- Decision Log
- Communication Log
- Stand-Down Checklist
- Improvement Register
Step 7: Validate the Procedures
Test whether:
- Actions are clear
- Roles are understood
- Authority is sufficient
- Procedures align with other plans
- Recovery is included
- Tools are practical
Workshop Outputs
The workshop should produce:
- Pre-Crisis Procedure
- During-Crisis Procedure
- Post-Crisis Procedure
- Crisis Action Log
- Crisis Decision Log
- Situation Report
- Stand-Down Checklist
- Improvement Action Plan
Questions for Management Review
Senior management should be able to answer:
- What actions should occur before the crisis?
- How are threats monitored?
- What indicators trigger escalation?
- What is the first action after CMT activation?
- How is situational awareness established?
- How are priorities confirmed?
- How are strategic decisions made and recorded?
- How are actions assigned and monitored?
- How is communication integrated?
- When does recovery begin?
- How are workarounds risk-assessed?
- How are prolonged operations managed?
- Who recommends and approves stand-down?
- How are outstanding actions transferred?
- How are lessons learnt tracked?
- Have the procedures been exercised?
If these questions cannot be answered clearly, the crisis procedures require further development.
Goh, M. H. (2016). A Manager’s Guide to Implementing Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
More Information About Crisis Management Blended/ Hybrid Learning Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
|
|
|
|
|
|
|
|
|
|
Please feel free to send us a note if you have any questions.
|
|
|
|
|
|