Every organisation faces the possibility of a crisis. Whether triggered by a cyberattack, operational disruption, product failure, workplace incident, regulatory investigation, natural disaster, public health emergency, or reputational issue, crises can threaten an organisation’s people, operations, finances, reputation, and long-term viability.
While many organisations invest significant effort in developing crisis management plans, procedures, and response teams, these elements are most effective when guided by a clear and well-defined Crisis Management (CM) Policy.
A crisis management policy establishes the organisation’s commitment to managing crises effectively and provides the strategic direction for all crisis management activities.
A Crisis Management Policy serves as the foundation of the crisis management programme. It communicates leadership expectations, defines governance and accountability, establishes the scope of crisis management activities, and ensures that crisis preparedness, response, and recovery efforts are aligned with organisational objectives.
A Crisis Management Policy is a formally approved statement issued by senior management that defines the organisation’s commitment, objectives, principles, and governance arrangements for managing crises.
The policy provides a high-level framework that guides the development, implementation, maintenance, and continual improvement of the organisation’s crisis management programme.
Unlike a crisis management plan, which details the operational actions to be taken during a crisis, the policy defines the strategic intent and management direction behind those actions.
In simple terms:
The Crisis Management Policy answers the question:
The Crisis Management Plan answers the question:
The primary purpose of a Crisis Management Policy is to provide organisational direction and establish management commitment toward effective crisis preparedness and response.
Without a policy, crisis management efforts often become fragmented, inconsistent, and dependent upon individual decision-makers rather than an established organisational framework.
A crisis management programme requires resources, funding, personnel, training, and management attention.
The policy demonstrates that senior leadership recognises the importance of crisis preparedness and supports the development and maintenance of crisis management capabilities.
When a crisis occurs, executive endorsement enables rapid decision-making and organisational alignment.
Effective crisis management requires clear authority and accountability.
The policy identifies:
This governance framework ensures that crisis management activities are coordinated across the organisation.
Crisis management should support the organisation’s strategic goals, mission, and stakeholder expectations.
The policy ensures that crisis response activities focus on protecting:
Many industries require organisations to demonstrate crisis preparedness and resilience.
Examples include:
A documented policy provides evidence that the organisation has established a formal crisis management framework.
A crisis management policy directly contributes to organisational resilience by ensuring crisis preparedness is integrated into the organisation’s culture, governance, and decision-making processes.
The policy encourages proactive planning rather than reactive crisis response.
Although policy structures vary among organisations, most effective Crisis Management Policies contain the following components.
Example:
"The organisation is committed to protecting its people, operations, reputation, assets, and stakeholders through the establishment and maintenance of an effective crisis management programme."
The purpose section explains why the policy exists.
Example:
"This policy establishes the framework for managing crises that may significantly impact the organisation's strategic objectives, operations, stakeholders, or reputation."
The scope identifies who and what is covered by the policy.
This may include:
The scope may also specify the types of crises covered.
The policy should define measurable objectives such as:
Many organisations define guiding principles to support decision-making during crises.
Examples include:
These principles help leaders make consistent decisions during uncertain situations.
The governance section identifies key roles and responsibilities.
This may include:
| Role | Responsibility |
|---|---|
| Board of Directors | Oversight and governance |
| Executive Management | Strategic direction and approval |
| Crisis Management Team | Crisis response leadership |
| Crisis Manager | Coordination of crisis activities |
| Business Units | Implementation of response actions |
| Communications Team | Internal and external communications |
The policy may describe the organisation's crisis management lifecycle.
A typical framework includes:
This ensures crisis management is treated as an ongoing management process rather than a one-time project.
The policy should require regular capability development activities.
Examples include:
These activities help ensure readiness when a real crisis occurs.
The policy should require periodic reviews.
Typical triggers include:
Continual improvement helps maintain relevance and effectiveness.
Many organisations confuse these documents.
The relationship can be illustrated as follows:
| Document | Purpose |
|---|---|
| Crisis Management Policy | Defines management commitment and direction |
| Crisis Management Framework | Describes governance and programme structure |
| Crisis Management Plan | Defines how crises are managed |
| Crisis Response Procedures | Provides detailed response actions |
| Exercise Programme | Validates capability and readiness |
The policy sits at the highest level and drives all supporting crisis management documentation.
An effective policy should be:
Easy for employees and stakeholders to understand.
Focused on strategic direction rather than operational detail.
Formally endorsed by senior management.
Accessible to all relevant stakeholders.
Consistent with organisational objectives and resilience strategies.
Supported by objectives and performance indicators.
Updated regularly to remain relevant.
Many organisations develop crisis management policies that fail to achieve their intended purpose.
Common mistakes include:
These weaknesses can lead to confusion and ineffective crisis response during actual events.
Modern organisations increasingly integrate crisis management into broader resilience programmes.
The Crisis Management Policy should align with:
This integration creates a coordinated approach to managing disruptions across the organisation.
A Crisis Management Policy is the cornerstone of an effective crisis management programme.
It establishes leadership commitment, defines governance arrangements, clarifies objectives, and provides the strategic direction needed to prepare for, respond to, and recover from crises.
While crisis management plans and procedures describe what must be done during a crisis, the policy explains why crisis management matters and how it will be governed.
Organisations that establish a clear, well-communicated, and regularly reviewed Crisis Management Policy are better positioned to make timely decisions, protect stakeholders, preserve reputation, and enhance organisational resilience when faced with uncertainty and disruption.
Ultimately, a Crisis Management Policy transforms crisis management from a reactive activity into a structured organisational capability that supports long-term resilience and sustainable success.
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
To learn more about the course and schedule, click the buttons below for the CM-3 Blended Learning or CM-300 Crisis Management Implementer course and the CM-5 Blended Learning or CM-5000 Crisis Management Expert Implementer course.
| Please feel free to send us a note if you have any of these questions to |