Death Star close mesh sphere AdobeStock_83781931.jpeg

Crisis Communications Plan Draft for a Client

@Copyright 2019-2020 Jim Caruso F.B.O. M1PR, Inc. All Rights Reserved.


Crisis Communications Response Plan

This plan provides a quick view of how to respond to a crisis.

The plan requires CLIENT to determine who is responsible for information collection, empowered to make decisions, and authorized to speak for the company based upon the type of incident.

This is your plan for your staff and company. It must be tailored to fit your needs.


"Never guess what happened in a PR Crisis"

"Crisis training requires spokespersons to be certain of the facts before commenting on what happened. This does not mean that the spokesperson cannot be sympathetic to any anguish or suffering, but until the facts are clear about responsibility, it is critical to state that the organization seeks the facts."

- Quote as seen in Forbes Magazine from Jim Caruso, CEO of M1PR, Inc.



To: Communications Team Management

Crisis Communications + Incident Response Plan

This plan template offers ways to better prepare staff to respond. It also can be customized to the requirements of CLIENT. Better responses require a coordinated response by responsible management along with appropriate public statements prepared by a communications team, often led by public relations or marketing, approved by executive management, and delivered by an authorized spokesperson.

The short playbook:

1.) During an emergency call 911 first

2.) Activate this plan, as follows

3) Notify affected department management, such as physical security, IT/ information security, CFO / risk management, and Marketing.

4.) Respond internally, such as a lockdown of facilities, canceling incoming shifts, or shutting down any potentially compromised IT system.

5.) Assume you do not know all the facts, go collect information on the incident without endangering staff, do not comment publicly, and forward everything we know (any data) to the Incident & Communications Response Team.

6.) If the facts are uncertain, do not comment publicly. It is appropriate for the authorized spokesperson to acknowledge an incident (or accusation) without further comment while stating an intent to understand the situation in full before any public comment.

Attached is a more comprehensive treatment of the issues, responsible parties, and potential response process for incidents.

Good Luck,

Jim Caruso

CEO, MediaFirst PR - Atlanta


Incident Response Team & Incident Communications Response

This document is intended for use by a company's crisis team, management, and staff as a basis for responding to a crisis or incident that might negatively portray the company or its staff, products, services, customers, or customer's personnel. 

This document is a communications response plan, which should evolve with best practices and technology to better respond to a crisis incident. Add and customize practical checklists.

Examples of a Crisis or Incident

These examples represent the many types of incidents and affected departments.

  • Cybersecurity incidents, such as cyberattack, hacking, data breach, or ransomware
  • Terrorism or active shooter
  • Misquote or error in press reporting
  • An accusation of sexual harassment
  • Lost work-time accidents
  • Death

INCIDENT & CRISIS RESPONSE TEAM

  • Determine internal roles and responsibilities. Make sure there is a clear path in the escalation process within the company. Confirm that the right teams talk in the event of a cyber incident. Designate an individual to be responsible for ensuring that you establish a process and that it is enforced and updated.
  • Plan your response to a crisis with a communications plan, including a decision-making protocol and communications materials.
  • Ensure that incident response is part of the operational continuity plan. Make sure there is a communications plan and process in place.
  • Conduct a crisis simulation and trial exercise. Prepare for various potential issues. Coordinate the activities with legal, technical, and outside advisors. Include senior leaders across the company.
  • Conduct a stakeholder mapping exercise and a reputation risk analysis. These help you understand your cyber risks, priority stakeholders, and how to reach them to address critical concerns.
  • Be transparent but careful. Open communication builds trust. However, during a crisis, few facts are available, especially immediately after the crisis. Your public comments should demonstrate that the corporation takes the issue seriously. However, avoid providing any speculation. Your understanding of the incident may change as the investigation progresses. If you do not speculate, you will not be forced to correct yourself down the line. Avoid any speculation on the incident or persons involved.
  • Focus on the specific actions you take to address the issue. To demonstrate that you are taking the issue seriously, you should talk about the steps you take to protect your staff, customers, and the public and address any broader risks.

Develop a Response Process

The following steps will guide you as you start up an Incident Communications Response Team. The team will create the process for drafting, approving, and sending out messages. The message might be sent to the authorized spokesperson or directly to the public in a statement, press release, or social media post.

  • Step 1: Decide on the team. Select the individuals who will fill roles. Outline their tasks and identify the decisions around messaging and communication that they can make in real-time.
  • Step 2: Security alignment: With executive management, operational management, IT, information security, security, or public relations team, take inventory of your potential risks (like a compromised data set), and conduct an impact assessment. You should understand the incidents (like cyberattacks) to which you might be vulnerable. Responsible team members need to know how security tactics are tied to risk mitigation. For example, the IT team's monitoring and detection functions should align with the company's most critical assets. Establish who will be the liaison from an affected department to the Incident Response Team and Communications Team.
  • Step 3: Disclosure alignment: Determine and document what information you are obligated to disclose, what regulations require this disclosure, and what entity wants it. Develop a decision-making process to assess the public posture—proactive or reactive—you will take in a given situation. Take into account both legal implications and public opinion.
  • Step 4: Stakeholder analysis: Assess and prioritize your key stakeholders, based on their influence, because public opinion can turn very quickly during a crisis. Establish ongoing relationships with these stakeholders BEFORE an emergency.
Your stakeholders may include:
  • The public
  • Federal, state, and local regulators
  • Law enforcement
  • State and federal lawmakers
  • Media (such as a local cybersecurity beat reporter)
  • Third-Party advocacy groups
  • Vendors
  • Customers
  • Step 5: Select an authorized corporate incident spokesperson or spokespeople based upon the issue. Establish who speaks for the company and make sure that they have media training or experience. Some incidents may place your spokesperson under tremendous emotional strain and public pressure. You may choose different spokespeople for different audiences. Consider who is best to respond. For example, your IT department head might be best for a response about a data loss. The CFO or head of risk management might be best for losses about assets, finances, or security if security reports to them via risk management. Consider factors such as who has the best communication skills, prior experience with the media, authority to speak, and relationships with key stakeholders.
  • Step 6: Establish a drafting and approval process for key messages and include diagrams of this process in your communications plan. This process will be specific to the company’s Incident Response & Communications Response teams and team structure but may look like this:
  • Step 7: Decide what information you have and can confirm. Is it possible to make a statement in the short term given this baseline information? In advance of any incident, establish an understanding among key stakeholders of the company’s work to implement safety, security, or information security best practices. In the event of a crisis, this effort will position the spokesperson to make the case that the company has been implementing best practices. However, unfortunately, an accident or incident still sometimes occurs.
  • Step 8: Establish a feedback loop. Establish a means—both during and after an incident—to incorporate feedback. You may wish to consider immediate feedback or queries from stakeholders into the public response. During an incident, work might include media and social media monitoring as well as polling. After an incident, conduct an after-action report and ensure that lessons learned are incorporated into this Incident Communications Plan Template
Your after-action report should include:
  • A summary of the incident (keep in your mind that it could be subject to public disclosure);
  • an overview of the operational response;
  • the communications objectives;
  • and by phase, with specificity:
  • concern
  • outcome
  • recommendations

Incident Background & Verification

There are elements of a crisis incident that may require additional attention and preparation. A crisis can be different from other situations in key ways:

  • High Degree of Uncertainty: You will know very few facts when you first have to communicate about an incident, and you will need to demonstrate you are confidently and competently managing the incident with relatively little information.
  • Well-Sourced Journalism: The journalists covering beats, such as cyber-security, know technical and policy issues and are well-sourced, so they may learn about details before you do.
  • Cross-Functional Impact: Incidents may require coordination across a range of internal company departments that often may not work together.
  • Cross-Boundary Implications: Incidents can have effects that cascade across national or other jurisdictional boundaries. These might require management in another country to be the response team’s local eyes and ears.
  • Potential to Undermine Trust: An incident has the potential to undermine customer, media, government, or public trust in the company, so communicating in a way that avoids creating undue alarm is critical.

Coordinate Communications

Set guidelines for communicating with outside parties in an incident

  • Management needs a communications plan that provides escalation thresholds for reporting an incident internally and publicly. The guidelines should address who is responsible for communicating with external stakeholders, such as the media and law enforcement. The plan might recommend the timeframe for these communications and key individuals involved in communications response from the incident response team, such as public relations, legal, or company management. 

Maintain connections between the incident response team, the communications team, and possible spokespersons

  • Every situation will require collaboration and cooperation of multiple team members and groups. The relationships between, and credibility of, each player is vital to a successful post-incident recovery.

Establish Procedures for Countering Misinformation

  • Establish the facts and double-check them. You need to ensure you are operating from a factual position before countering misinformation, so check and double-check the facts. Go to multiple sources for confirmation before citing facts publicly. Ask all appropriate questions and put in the work before you speak to ensure that you do not accidentally provide misleading information.
  • Develop a simple, accurate, short counter-message. Your clear statement should contain only the facts. Avoid complexity in your message. You can elaborate or provide nuance later.
  • Respond quickly. Misinformation can spread rapidly through social media and broadcast commentary. Your counter-message should be ready to disseminate as soon as possible.
  • Be transparent. Hedged, incomplete, or “no comment” responses can fuel conspiracy theories by making it appear your organization has something to hide. Demonstrating transparency can help counter false claims.
  • Engage across platforms. Misinformation can spread across multiple platforms, including social media and traditional media. To counter misinformation, deliver a clear, factual message on all available platforms.
  • Avoid repeating misinformation. Focus on providing accurate facts and do not repeat the false messages. For example, if rumors circulate, avoid repeating that rumor. Instead, your message should be a clear statement of what you know to be true.

NOTE: Do you see a way to make this crisis communications process better? Are there new technologies that might help? Are there other risks or vulnerabilities we should address? Please provide your feedback by emailing Jim Caruso, jim@mediafirst.net, to help improve this resource.


@Copyright 2019-2020 Jim Caruso F.B.O. M1PR, Inc. All Rights Reserved.