eBook CM

[CM] [P6C] Developing Post-Crisis Procedures

Written by Moh Heng Goh | Jul 16, 2026 7:43:25 AM

Developing Post-Crisis Procedures

 

Purpose of Post-Crisis Procedures

Post-crisis procedures guide the transition from active crisis response to recovery and normal management.

They should address:

  • Stand-down
  • Transfer of responsibility
  • Restoration
  • Stakeholder follow-up
  • Investigation
  • Lessons learnt
  • Improvement

The immediate event may end before all consequences are resolved.

 

Determining When the Crisis Ends

The CMT should consider:

  • Is the immediate threat controlled?
  • Is the situation stable?
  • Are critical services operating?
  • Are strategic decisions still required?
  • Can normal management structures resume?
  • Are regulatory obligations under control?
  • Are stakeholder concerns being managed?
  • Are outstanding actions assigned?
  • Is continued CMT oversight necessary?

System restoration or facility reopening alone does not necessarily mean the crisis has ended.

 

Crisis Stand-Down

The stand-down procedure should define:

  • Who recommends a stand-down
  • Who approves the stand-down
  • Criteria to be met
  • Stakeholders to be notified
  • Actions to be transferred
  • Records to be preserved
  • Recovery governance
  • Communication requirements

The decision should be recorded in the Decision Log.

 

Transition to Recovery Governance

After stand-down, outstanding work may continue under:

  • Recovery Steering Committee
  • Executive Management Team
  • Programme Management Office
  • Business Unit Management
  • Technology Recovery Team
  • Regulatory Response Team
  • Customer Remediation Team

The transition should clearly identify:

  • New owner
  • Reporting schedule
  • Outstanding risks
  • Open actions
  • Budget
  • Stakeholder obligations
  • Completion criteria

 

Return-to-Normal Procedures

Return-to-normal activities may include:

  • Restoring services
  • Clearing transaction backlogs
  • Reopening facilities
  • Reintegrating staff
  • Ending workarounds
  • Completing regulatory reports
  • Supporting affected customers
  • Addressing complaints
  • Reviewing supplier performance
  • Resolving financial consequences

The organisation should avoid returning too quickly to pre-crisis processes if those processes contributed to the event.

 

Stakeholder Follow-Up

Stakeholder responsibilities may continue after stand-down.

Follow-up may include:

  • Customer notification
  • Compensation
  • Employee welfare support
  • Board reporting
  • Regulatory closure
  • Supplier remediation
  • Public updates
  • Community engagement
  • Legal response

Each requirement should have an owner and a target date.

 

Investigation and Evidence

The organisation may need to support:

  • Internal investigation
  • Forensic investigation
  • Regulatory review
  • Legal proceedings
  • Insurance claims
  • Root-cause analysis

The procedures should ensure that:

  • Records are preserved
  • Evidence is protected
  • Privilege is considered
  • Decision and action logs are retained
  • Access is controlled
  • Investigation ownership is clear

 

Lessons Learnt Review

The organisation should conduct a structured post-crisis review.

The review should ask:

  • What happened?
  • What worked well?
  • What did not work?
  • Which decisions were difficult?
  • What information was missing?
  • Were roles clear?
  • Was the authority sufficient?
  • Was communication effective?
  • Were resources available?
  • Was the CM Plan usable?
  • What should change?

The review should focus on improvement rather than blame.

 

Improvement Action Plan

Improvement actions should include:

  • Finding
  • Corrective action
  • Priority
  • Owner
  • Target date
  • Verification method
  • Status

A practical improvement register may include:

 

Finding

Improvement Action

Owner

Target Date

Status

 

 

 

 

 

The organisation should track actions until completion.

 

Scenario-Specific Crisis Procedures

The core Crisis Management Plan should provide a consistent response framework.

Scenario-specific playbooks may provide additional guidance for priority threats.

A playbook may include:

  • Scenario description
  • Activation indicators
  • Strategic priorities
  • Pre-crisis actions
  • Immediate actions
  • Key decisions
  • Stakeholders
  • Communication requirements
  • Recovery considerations
  • Subject Matter Experts
  • Scenario-specific checklists

Playbooks should support the core plan rather than duplicate it.

 

Example: Cyber Crisis Procedure

Before the Crisis
  • Maintain security monitoring.
  • Test offline backups.
  • Maintain forensic and legal retainers.
  • Prepare customer and regulator templates.
  • Validate emergency communication channels.
During the Crisis
  • Isolate affected systems.
  • Protect backup environments.
  • Activate CMT if critical services or data are affected.
  • Preserve evidence.
  • Notify regulators.
  • Prioritise critical service recovery.
  • Communicate with customers.
  • Assess ransom-related decisions.
After the Crisis
  • Restore services from trusted environments.
  • Complete forensic investigation.
  • Notify affected individuals.
  • Clear transaction backlogs.
  • Review controls.
  • Conduct lessons learnt.

 

Example: Severe Weather Crisis Procedure

Before the Crisis
  • Monitor forecasts.
  • Define air-quality or weather thresholds.
  • Prepare remote-working arrangements.
  • Validate critical suppliers.
  • Prepare employee messages.
During the Crisis
  • Assess safety and access.
  • Activate alternate working arrangements.
  • Prioritise essential services.
  • Communicate with employees and customers.
  • Monitor workforce availability.
  • Coordinate with government agencies.
After the Crisis
  • Resume facilities safely.
  • Address delayed services.
  • Review staff welfare.
  • Assess supplier impacts.
  • Update severe-weather procedures.

 

Common Weaknesses in Crisis Procedures

Procedures Are Too Generic

They do not explain who acts or what output is required.

Procedures Are Too Detailed

Users cannot quickly locate critical actions.

Actions Lack Owners

Responsibility is unclear.

Decision Authority Is Missing

Participants know what should be done but not who can approve it.

Communication Is Added Too Late

Stakeholder needs are not considered during early response.

Recovery Is Delayed

Recovery planning begins only after the crisis is stabilised.

Actions Are Not Recorded

The organisation loses control of commitments and deadlines.

Workarounds Are Not Risk-Assessed

Temporary measures create new errors or harm.

Prolonged Response Is Ignored

Fatigue and handover weaknesses develop.

Procedures Are Not Tested

Practical gaps remain hidden.

 

Practical Workshop: Developing Crisis Procedures

The planning team should complete the following process for each selected crisis scenario.

Step 1: Review the Strategy

Confirm:

  • Strategic priorities
  • Stakeholder concerns
  • Risk-treatment requirements
  • Recovery objectives
Step 2: Develop Pre-Crisis Procedures

Document:

  • Monitoring
  • Early warning
  • Preparedness
  • Resource readiness
  • Stakeholder readiness
  • Communication preparation
Step 3: Develop During-Crisis Procedures

Use the sequence:

Activate → Assess → Stabilise → Decide → Communicate → Monitor → Recover

 
Step 4: Develop Post-Crisis Procedures

Document:

  • Stand-down
  • Transition
  • Restoration
  • Stakeholder follow-up
  • Investigation
  • Lessons learnt
  • Improvement
Step 5: Assign Roles

For each action, confirm:

  • Owner
  • Support roles
  • Authority
  • Deadline
  • Required output
Step 6: Identify Supporting Tools

Confirm the need for:

  • Situation Report
  • Action Log
  • Decision Log
  • Communication Log
  • Stand-Down Checklist
  • Improvement Register
Step 7: Validate the Procedures

Test whether:

  • Actions are clear
  • Roles are understood
  • Authority is sufficient
  • Procedures align with other plans
  • Recovery is included
  • Tools are practical

Workshop Outputs

The workshop should produce:

  • Pre-Crisis Procedure
  • During-Crisis Procedure
  • Post-Crisis Procedure
  • Crisis Action Log
  • Crisis Decision Log
  • Situation Report
  • Stand-Down Checklist
  • Improvement Action Plan

 

Questions for Management Review

Senior management should be able to answer:

  1. What actions should occur before the crisis?
  2. How are threats monitored?
  3. What indicators trigger escalation?
  4. What is the first action after CMT activation?
  5. How is situational awareness established?
  6. How are priorities confirmed?
  7. How are strategic decisions made and recorded?
  8. How are actions assigned and monitored?
  9. How is communication integrated?
  10. When does recovery begin?
  11. How are workarounds risk-assessed?
  12. How are prolonged operations managed?
  13. Who recommends and approves stand-down?
  14. How are outstanding actions transferred?
  15. How are lessons learnt tracked?
  16. Have the procedures been exercised?

If these questions cannot be answered clearly, the crisis procedures require further development.

 

 

 

 

Goh, M. H. (2016). A Manager’s Guide to Implementing Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.

 

 

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

Please feel free to send us a note if you have any questions.