The following resources give guidance on how to prepare appropriate crisis management plans, assemble a crisis team to implement those plans, and train employees on how to respond in a crisis. Most importantly, the authors and speakers offer ways to convince the C-Suite to buy into the need for an ongoing and well-funded crisis management program.
Each month we offer free resources on our security spotlight topics.
We also offer additional resources only to the ASIS International membership.
Not a member?
» View Past Security Spotlight Topics
In This Month's Spotlight
For Members Only
(access to these materials requires creation of a free ASIS web account)
Emergency Preparedness—The What, The How, and Why It Matters
Webinar recorded 12 October 2016
Speaker: Michael Payne, Senior Advisor, Organizational Resilience, iJet
Through a cascading crisis involving the collision of two ships and a subsequent fire and blizzard, the speaker underscores the shortfalls of emergency preparedness. He continues by defining factors that can help prepare for a crisis, beginning with defining a company’s risk profile and risk-based competencies. He advocates focusing on the following factors:
- Identify long-term vulnerabilities and response capabilities.
- Review and monitor risk profile changes, emergency procedures, training, and exercise results.
- Assess resource needs and their availability to protect life, property, and the environment.
Security Management Articles
“Culture in Crisis,” November 2016
Author: Amy Marino, Senior Program Office, Smithsonian
The article details the Smithsonian’s efforts to preserve a county’s cultural heritage when crisis strikes through natural disasters, war, or terrorist defamation. Through Smithsonian workshops, courses, and conferences, attendees have participated in emergency evacuation drills and in removing object to “safe zones.” Partnerships have lead to international efforts to share best practices and build resilience within the cultural heritage community.
“A Strategic Response,” August 2016
Author: Mark Tarallo, Senior Editor
This article reviews the U.S. government’s response to the complexity of emergency disaster response. Most notably, the goal of the primary federal disaster response law is to restore affected sites to pre-loss condition, which experts say is shortsighted. Suggested revisions include rethinking emergency funding, thoughtful preparation before events happen, and follow-through when exercises unearth “a snag.”
“Planning After Paris,” March 2016
Author: Holly Gilbert Stowell, Assistant Editor
The author reviews what companies in Paris did after the November 2015 attacks to resume business as usual based on the perspective of the chair of the ASIS European Advisory Council. Almost immediately, council members began conducting weekly conference calls to address the challenges and weigh alternative approaches. The article summarizes a number of lessons learned, which emphasize the need to plan for the entire lifecycle of a disruption.
“Five Incidents That Shaped Crisis Management,” June 2015
Author: Andrew Griffin, Partner, Global Crisis Management Consultancy, Regester Larkin
Through descriptions of the five incidents, which took place from 1988 to 2010, the author espouses significant take-aways, including “refusing to speak to the media is never an option,” “major incidents require a coordinated response,” and “companies cannot be victims.”
Video: “At a Moment’s Notice,” June 2015
Author: Holly Gilbert Stowell, Assistant Editor
The National Disaster Medical System, which deploys during events such as Hurricane Katrina and the Haiti earthquake, conducts hands-on training at the FEMA Center for Domestic Preparedness. This video is a behind-the-scenes look at the exercises.
“An Emotional Response Plan,” October 2014
Author: Lilly Chapa, Assistant Editor
Following the crash of a medical helicopter, paramedics administered aid to the survivors and then began conducting “emotional triage” with those involved. The conclusion? Failing to properly address the emotional responses of those involved in a crisis can have long-term effects on individuals, organizations, and the community. Ways to handle this important component of a disaster response are outlined.
ASIS Members-Only Access
(access to these materials requires
ASIS International membership)
Crisis, Issues and Reputation Management
Kogan Page 2014
Author: Andrew Griffin
An incident that is not your company’s fault can still put its reputation at acute risk. After citing notable examples, the author describes the following four types of externally driven incidents, each with its own specific challenges.
- An attack on the company or those in its care, including cyber attacks, piracy, hijackings, and product sabotage.
- An attack on a wider group that affects the company, including terrorist events.
- A political or social development endangering the company or those in its care, including political changes to the status quo, revolution, strikes, or an uprising.
- A natural event, including health scares and weather disasters.
Through a review of incidents in each category, the author outlines the rationale for various crises, relates how specific companies handled them, and shows how the crisis affected the company’s reputation and future.
SPECIAL OFFER! The publisher of Crisis, Issues and Reputation Management, Kogan Page, is offering ASIS International members 20% off several risk management books with the discount code
Organizational Resilience: Security Preparedness, and Continuity Management Systems—Requirements with Guidance for Use
Approved in 2009 by the American National Standards Institute, Inc.
This ASIS Standard provides generic auditable criteria to establish, check, maintain, and improve a management system to enhance prevention, preparedness (readiness), mitigation, response, continuity, and recovery from disruption events. Of special interest is Section 4.4.7, which details seven actions organizations should consider when managing the full range of an disruption incident, the first of which is to “preserve life safety.” It also provides guidance on how an organization can develop appropriate procedures to address its needs. Among the 20 factors are procedures for the following:
- A pre-defined chain of command, emergency operations center, and alternative worksites.
- Internal and external communications, including notification of appropriate authorities and stakeholders.
- Post-event evaluation to establish and implement corrective and preventive actions.
Relying on an Integrated Crisis Response in an Emergency
Seminar Session 2206, September 2015
- Jean-Francois Savard, CPP, Agriculture and Agrifood Canada
- Dennis Quiles, CPP, McDonald’s Corporation, Restaurant Solutions Group
- Michael Saad, CPP, Huffmaster Crisis Response, LLC
This session is separate into three parts, each lead by a different speaker: defining who’s in charge of an integrated crisis response; moving an integrated emergency response plan from theory to practice, and the features of an integrated crisis response using a McDonald’s case study.
The first speaker cautions against the dangers of a “stove-piped crisis response team,” where each member has his or her own priorities. He compares the ideal crisis response, which includes a coherent response and a clear chain on command, with the common reality, which is characterized by decisions made on the fly and a lack of timely information. He summarized the factors in a harmonious and efficient crisis response and the role of the CSO in emergencies.
The second speaker focuses on stakeholders and responders, emphasizing the importance of a business impact analysis to determine stakeholder priorities, authorize resources, and devise a response. An integrated response, he contends, will be internally shaped, externally supported, incident driven, and goal guided.
The concluding speaker discusses the components of an integrated crisis response at McDonald’s. Components of the program include a business continuity vision, an emergency communications flow and mass notification process, and an electronic toolkit for disseminating the plan. After a review of the program’s accomplishments, the session concluded with a Q&A.
For More Information
ASIS Resource Guide
The O. P. Norton Information Resources Center at ASIS International also provides A Guide to Resources on Disaster Management, Emergency Preparedness, and Business Resumption/Continuity. This 17-page resource guide contains links and resources on crisis management.
ASIS Members have the benefit of access to Resource Guides on several topics of interest to security.
ASIS Information Resources Center (IRC) Security Databases & Library Catalog
The Security Database & Library Catalog of the IRC has thousands of items on the subjects of
business continuity, and other aspects of
avoiding a crisis. Print items are available for use onsite in the O.P. Norton Information Resources Center (IRC) by ASIS International members. Some items have links to electronic versions accessible via the Internet.
Sign-in to the ASIS website, then go to the library webpages to navigate to the Security Database & Library Catalog. Search on the term “crisis” or search on one of these phrases in the subject field of the catalog (using the Advanced Search feature):
Business Resumption Planning
Disaster Recovery (Computers)
Disaster Management/Emergency Planning
For more help and search suggestions, see
Search Tips on our website, or
email us with questions.