The main purpose of this document is to establish and document a coordinated plan designed for the Company to respond to crises and to limit intensity, manage and control negative results of a crisis on Company’s employees, products, services, financial condition and reputation.
The main objectives in the management of a crisis are:
a. Public responsibility –to prevent customers from suffering damage and to comply with all laws and regulations;
b. Responsibility to shareholders –to protect the assets and earnings of the company; to manage risk; to ensure business continuation and recovery; and
c. The marketing imperative –to protect the brand, to retain and recover market share and to protect/recover corporate reputation.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. CRISIS MANAGEMENT TEAM
3.1 CRISIS MANAGEMENT TEAM
3.2 CRISIS MANAGER
3.3 CRISIS MANAGEMENT TEAM RESPONSIBILITIES
4. ACTIVATION OF THE CRISIS MANAGEMENT PLAN
4.1 SITUATIONS TO ACTIVATE THE CRISIS MANAGEMENT PLAN
4.2 ASSIGNING A CRISIS MANAGER. MOBILIZATION OF CRISIS MANAGEMENT TEAM
4.3 PRELIMINARY DAMAGE ASSESSMENT OF THE CRISIS
5. MANAGING THE CRISIS
5.1 PRIMARY CRISIS NOTIFICATION
5.2 SECONDARY CRISIS NOTIFICATION
5.3 IDENTIFY CRISIS CAUSE AND ISOLATE THE CRISIS
5.4 LIKELY CRISIS SCENARIOS
5.5 PREPARING CRISIS RESPONSE AND RECOVERY PLAN
5.6 HANDLING MEDIA COMMUNICATIONS DURING THE CRISIS
5.7 MAINTAINING EVENT LOG DURING CRISIS SITUATION
5.8 MONITORING PROGRESS
5.9 KEEPING INVOLVED ENTITIES INFORMED
5.10 HANDING BUSINESS OPERATIONS BACK TO REGULAR MANAGEMENT
5.11 PREPARING CRISIS EVENT REPORT
6. POST- CRISIS ANALYSIS
6.1 ASSESSMENT OF DAMAGE
6.2 UPDATING AND MAINTAINING THE CRISIS MANAGEMENT PLAN
7. KEY PERFORMANCE INDICATORS
8. EXCEPTIONS
9. FINAL CONSIDERATIONS
9.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
9.2 DOCUMENT REVISION
The objective of the Business Continuity Management Policy is to establish the framework for the proper business continuity management of the Company.
The objective of the Cryptography Policy and controls is to address confidential data that is at rest (including portable devices and removable media), in motion (transmission security), and encryption key standards and management.
The Information Classification Procedure describes the actions necessary to comply with the Company’s Information Security Policy and Information Classification Policy. Security classifications are used to indicate the need and priorities for security protection. Information has varying degrees of sensitivity and criticality. Some items may require an additional level of security protection or special handling. A […]
Review Crisis Management Plan.
You must be logged in to post a review.