The best answer to crisis
Although it is impossible to predict every scenario that may lead to a crisis, some can be outlined in advance, in order to optimise response: natural calamities, terrorist attacks, epidemics, sabotage, war and other types of attacks – as well as damages or malfunctioning (at times intentional) that may pose a threat to the ICT system. Effective crisis management is structured across three axes: training, organisation and procedural planning.
Firstly a company must be able to foster a business culture that looks after its own resources, by sharing its best practices. This can be achieved by educating and training staff through awareness-raising classes and continuing professional education; above all by carrying out emergency drills to prepare everyone involved to be ready to face an emergency or a sudden crisis, maintaining a constant state of readiness.
To this purpose, it is pivotal to implement a system of governance that encompasses a Crisis Management Committee, able to outline a crisis management strategy, an Operational Crisis Team, taking care of the operational coordination of critical events across the territory, Business Representatives reporting back to institutional bodies both on a centralised and localised level and the provision of useful tools to cope with crisis.
The 4 stages of crisis management
This way, a business is able to count on an effective superstructure that can be provisionally superimposed on the ordinary structure, should extraordinary circumstances arise that require urgent and necessary action. Such a structure must be simple and flexible to cope with unpredictable and diverse events in a timely and effective manner, whatever the context. This is why any planning documents outlining the mode of intervention, must be drawn independently from the extent, entity and cause of prospective crisis phenomena, as such factors cannot be clearly predicted in advance. Furthermore, crisis management instructions must be written in a clear and simple language, to foster immediate communication and efficient collaboration, throughout all the stages of crisis management.
Such stages unfold from ‘regular working time’, in which planning, prevention, training, vulnerability analysis and emergency drills must be undertaken, to the pre-emergency stage, in which the company must identify the assets that need protecting and the necessary means and people it should alert to contrast the crisis, according to the type of emergency that has arisen. Subsequently, it is necessary to enact the best response/management strategy to deal with the emergency proper, coordinating the actions of all subjects involved in order to successfully reach the recovery stage. Once the crisis is over, the company enters the post-emergency stage, in which feedback, financial assessment and reports all count towards restoring the status quo preceding the critical event.
These four phases constitute a perfect circle, in which crisis management action is constantly being undertaken. After overcoming a crisis, a company must immediately start planning for the next one, making use of the new information for prevention, training and drill purposes, setting a virtuous cycle into motion that will enable it to deal with crisis scenarios in ever-effective new ways.