In response to a question about what he feared most, Harold Macmillan is said to have responded “Events, dear boy, events.” The phrase has now passed into common usage but in the context of crisis management, it is a basic acknowledgement of the inevitability of unpredictable events.
The British Standards Institute is due to publish new guidance in June this year – BS 11200 Guidance on Crisis Management – providing detailed information to businesses on how to prepare for ‘abnormal and unstable’ situations that threaten their ‘strategic objectives, reputation or viability’. This will be a key milestone in the development and application of crisis management and is something that businesses should pay attention to.
The guidance will provide businesses with an opportunity to formalise their approach to corporate crisis management, but will also become a yardstick against which to measure the efficacy of a response. Where it becomes apparent that a company has not appropriately prepared for, or reacted to, a corporate crisis, the blame game starts, and reputations are easily lost. Adhering to the guidance can be one way to demonstrate that adequate steps were taken to prepare for negative events.
What exactly businesses should do with this guidance, depends on the size and profile of the company. For larger, publicly listed companies, we recommend reviewing existing approaches to crisis management against the new guidance. This could be an ideal opportunity for a review of crisis management plans and to move an important item back onto the corporate agenda.
For smaller businesses, the proliferation of standards and guidance is really quite confusing. Crisis management, business continuity, incident management, IT security, disaster recovery and IT service continuity are all subject to various third party standards. That is why it’s important for smaller sized businesses to focus on the risks that could have the most significant impact to their company’s reputation and to prepare for these.
One area of developing interest and concern to companies of all sizes is how to prepare for data breaches. Crisis planning is a key element here, and so alongside communications, it is also important to build technical and legal elements into your breach response planning.
Those organisations that fail to use the new BS 11200 Guidance on Crisis Management as an opportunity to review their crisis arrangements, risk mimicking another famous politician, who once said: “There cannot be a crisis today; my schedule is already full” (Henry Kissinger).