Chapter 1
What Is a Crisis Management Policy?
Introduction
Every organisation faces the possibility of a crisis. Whether triggered by a cyberattack, operational disruption, product failure, workplace incident, regulatory investigation, natural disaster, public health emergency, or reputational issue, crises can threaten an organisation’s people, operations, finances, reputation, and long-term viability.
While many organisations invest significant effort in developing crisis management plans, procedures, and response teams, these elements are most effective when guided by a clear and well-defined Crisis Management (CM) Policy.
A crisis management policy establishes the organisation’s commitment to managing crises effectively and provides the strategic direction for all crisis management activities.
A Crisis Management Policy serves as the foundation of the crisis management programme. It communicates leadership expectations, defines governance and accountability, establishes the scope of crisis management activities, and ensures that crisis preparedness, response, and recovery efforts are aligned with organisational objectives.
Definition of a Crisis Management Policy
A Crisis Management Policy is a formally approved statement issued by senior management that defines the organisation’s commitment, objectives, principles, and governance arrangements for managing crises.
The policy provides a high-level framework that guides the development, implementation, maintenance, and continual improvement of the organisation’s crisis management programme.
Unlike a crisis management plan, which details the operational actions to be taken during a crisis, the policy defines the strategic intent and management direction behind those actions.
In simple terms:
The Crisis Management Policy answers the question:
"Why does the organisation have a crisis management programme, and how will it be governed?"
Whereas:
The Crisis Management Plan answers the question:
"What actions will be taken when a crisis occurs?"
Purpose of a Crisis Management Policy
The primary purpose of a Crisis Management Policy is to provide organisational direction and establish management commitment toward effective crisis preparedness and response.
The policy aims to:
- Demonstrate executive leadership commitment.
- Establish crisis management objectives.
- Define governance and accountability.
- Provide a framework for crisis management planning.
- Support organisational resilience.
- Protect stakeholders during disruptive events.
- Facilitate coordinated crisis response activities.
- Promote continual improvement of crisis management capabilities.
Without a policy, crisis management efforts often become fragmented, inconsistent, and dependent upon individual decision-makers rather than an established organisational framework.
Why a Crisis Management Policy Is Important
Provides Executive Commitment
A crisis management programme requires resources, funding, personnel, training, and management attention.
The policy demonstrates that senior leadership recognises the importance of crisis preparedness and supports the development and maintenance of crisis management capabilities.
When a crisis occurs, executive endorsement enables rapid decision-making and organisational alignment.
Establishes Governance
Effective crisis management requires clear authority and accountability.
The policy identifies:
- Executive sponsors
- Crisis Management Team (CMT)
- Departmental responsibilities
- Escalation authority
- Decision-making hierarchy
This governance framework ensures that crisis management activities are coordinated across the organisation.
Aligns Crisis Management with Organisational Objectives
Crisis management should support the organisation’s strategic goals, mission, and stakeholder expectations.
The policy ensures that crisis response activities focus on protecting:
- Human life and safety
- Organisational reputation
- Critical operations
- Financial stability
- Regulatory obligations
- Customer confidence
Supports Regulatory and Industry Requirements
Many industries require organisations to demonstrate crisis preparedness and resilience.
Examples include:
- Financial services
- Healthcare
- Aviation
- Telecommunications
- Energy
- Government agencies
A documented policy provides evidence that the organisation has established a formal crisis management framework.
Promotes Organisational Resilience
A crisis management policy directly contributes to organisational resilience by ensuring crisis preparedness is integrated into the organisation’s culture, governance, and decision-making processes.
The policy encourages proactive planning rather than reactive crisis response.
Key Components of a Crisis Management Policy
Although policy structures vary among organisations, most effective Crisis Management Policies contain the following components.
Policy Statement
The policy statement expresses management's commitment to crisis management.
Example:
"The organisation is committed to protecting its people, operations, reputation, assets, and stakeholders through the establishment and maintenance of an effective crisis management programme."
Purpose
The purpose section explains why the policy exists.
Example:
"This policy establishes the framework for managing crises that may significantly impact the organisation's strategic objectives, operations, stakeholders, or reputation."
Scope
The scope identifies who and what is covered by the policy.
This may include:
- All business units
- Subsidiaries
- Regional offices
- Employees
- Contractors
- Third-party service providers
The scope may also specify the types of crises covered.
Objectives
The policy should define measurable objectives such as:
- Protect life and safety.
- Minimise operational disruption.
- Maintain stakeholder confidence.
- Ensure effective decision-making.
- Preserve organisational reputation.
- Support recovery and return to normal operations.
Crisis Management Principles
Many organisations define guiding principles to support decision-making during crises.
Examples include:
- Safety first.
- Timely decision-making.
- Accurate information sharing.
- Transparency and accountability.
- Regulatory compliance.
- Stakeholder-focused communications.
- Continuous learning and improvement.
These principles help leaders make consistent decisions during uncertain situations.
Governance Structure
The governance section identifies key roles and responsibilities.
This may include:
| Role | Responsibility |
|---|---|
| Board of Directors | Oversight and governance |
| Executive Management | Strategic direction and approval |
| Crisis Management Team | Crisis response leadership |
| Crisis Manager | Coordination of crisis activities |
| Business Units | Implementation of response actions |
| Communications Team | Internal and external communications |
Crisis Management Framework
The policy may describe the organisation's crisis management lifecycle.
A typical framework includes:
- Prevention
- Preparedness
- Response
- Recovery
- Learning and Improvement
This ensures crisis management is treated as an ongoing management process rather than a one-time project.
Training and Exercising Requirements
The policy should require regular capability development activities.
Examples include:
- Crisis management training
- Leadership workshops
- Tabletop exercises
- Simulation exercises
- Crisis communication drills
These activities help ensure readiness when a real crisis occurs.
Review and Continual Improvement
The policy should require periodic reviews.
Typical triggers include:
- Annual reviews
- Major organisational changes
- Significant incidents
- Lessons learned from exercises
- Regulatory updates
Continual improvement helps maintain relevance and effectiveness.
Relationship Between Policy, Framework, Plan, and Procedures
Many organisations confuse these documents.
The relationship can be illustrated as follows:
| Document | Purpose |
|---|---|
| Crisis Management Policy | Defines management commitment and direction |
| Crisis Management Framework | Describes governance and programme structure |
| Crisis Management Plan | Defines how crises are managed |
| Crisis Response Procedures | Provides detailed response actions |
| Exercise Programme | Validates capability and readiness |
The policy sits at the highest level and drives all supporting crisis management documentation.
Characteristics of an Effective Crisis Management Policy
An effective policy should be:
Clear
Easy for employees and stakeholders to understand.
Concise
Focused on strategic direction rather than operational detail.
Approved
Formally endorsed by senior management.
Communicated
Accessible to all relevant stakeholders.
Aligned
Consistent with organisational objectives and resilience strategies.
Measurable
Supported by objectives and performance indicators.
Reviewed
Updated regularly to remain relevant.
Common Mistakes Organisations Make
Many organisations develop crisis management policies that fail to achieve their intended purpose.
Common mistakes include:
- Treating the policy as a compliance document only.
- Including excessive operational detail.
- Failing to assign accountability.
- Not obtaining executive approval.
- Not communicating the policy to employees.
- Not reviewing the policy regularly.
- Developing the policy independently of business continuity and operational resilience initiatives.
These weaknesses can lead to confusion and ineffective crisis response during actual events.
Integrating the Crisis Management Policy with Organisational Resilience
Modern organisations increasingly integrate crisis management into broader resilience programmes.
The Crisis Management Policy should align with:
- Business Continuity Management (BCM)
- Operational Resilience
- Enterprise Risk Management (ERM)
- Incident Management
- Emergency Management
- Cybersecurity Programmes
- Corporate Governance Frameworks
This integration creates a coordinated approach to managing disruptions across the organisation.
Conclusion
A Crisis Management Policy is the cornerstone of an effective crisis management programme.
It establishes leadership commitment, defines governance arrangements, clarifies objectives, and provides the strategic direction needed to prepare for, respond to, and recover from crises.
While crisis management plans and procedures describe what must be done during a crisis, the policy explains why crisis management matters and how it will be governed.
Organisations that establish a clear, well-communicated, and regularly reviewed Crisis Management Policy are better positioned to make timely decisions, protect stakeholders, preserve reputation, and enhance organisational resilience when faced with uncertainty and disruption.
Ultimately, a Crisis Management Policy transforms crisis management from a reactive activity into a structured organisational capability that supports long-term resilience and sustainable success.
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
Find out more about Blended Learning CM-300 [CM-3] & CM-5000 [CM-5]
To learn more about the course and schedule, click the buttons below for the CM-3 Blended Learning or CM-300 Crisis Management Implementer course and the CM-5 Blended Learning or CM-5000 Crisis Management Expert Implementer course.
![[BL-CM] [5] Register](https://no-cache.hubspot.com/cta/default/3893111/82024308-16f4-4491-98be-818a882c6286.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
