No one can predict when a crisis will hit, but it’s security’s job to be ready whenever it does. The key is a good plan. A good crisis management plan includes developing and staffing well-organized teams, establishing response protocols and report templates, designing recordkeeping policies, staging postincident reviews, and maintaining monitoring programs.
The crisis management team should consist of three layers of management: a corporate crisis response team, a country crisis response team, and a program crisis response team.
Corporate team. The corporate team will have overall crisis resource mobilization and coordination decision-making authority and will be responsible for strategic planning considerations and liaising with senior-level government officials.
During the incident, the corporate team will liaise with any vendors to ensure that all appropriate measures are being taken in terms of operational support and business continuity.
The security vendor’s corporate team should also ensure that close support is offered at corporate levels throughout the crisis event, providing all of the information and documentation requirements.
In addition, the corporate team will ensure that the human resources, media, and legal groups of every party involved, including vendors, coordinate the release of information. Most important, the corporate team will ensure that information is shared with employee families and that anyone involved in the incident gets the appropriate care and support.
The corporate team will typically mobilize all HR, media, government, and legal specialists to offer support, guidance, and management of personnel.
Following an incident, the corporate team will be responsible for capturing all information, not only for use during the incident but also for use in conducting an audit of the incident. That will ensure that lessons learned can be analyzed for any policy or procedural changes.
Country team. The country team consists of the most senior managers responsible for a geographic region, typically led by the country manager or general manager. Companies with operations in only one country can eliminate this team. In these cases, the country team’s responsibilities will often be performed by program teams.
The country team coordinates all national-level activities and serves as the focal point of the company’s crisis management efforts on the ground in that locale. The country team has the local expertise and relationships to mobilize resources and support in that country to deal practically with an incident on behalf of and under direction of the corporate team.
The country team provides expert advice and recommendations to both corporate and program teams and also coordinates all support in the area from both internal and external resources, including military, diplomatic, and other supporting organizations.
This team also focuses on information flow from the program team to the in-country security vendors and teammates.
Program team. The program team is led by the most senior corporate security executive or outside consultant within each country for a particular business activity or unit. The program team manager ensures that all security staff and supporting military, medical, and other external service support are directed to assist the local incident response team commander to effectively extract personnel and assets from the risk area.
This team ensures that any medical support is readied to receive casualties. In addition, the program team often integrates any vendor staff, such as security guards, into the existing program team to ensure that they complement each other’s efforts and avoid duplication.
The program team’s secondary function is to notify all company management chains of the incident to initiate country and corporate crisis management structures. At appropriate junctures, the program team manager will provide detailed updates as well as formal incident reports. The program team typically reports directly to the country team, which in turn reports to the corporate team.
Each of these teams should have a range of personnel with the skills required to analyze and deal with these events, from the management or command elements to specialist advisors. Hierarchy and politics should not be an aspect of management selection. Responsibilities should be assigned based on competence and experience.
The role of the crisis management team is to be in a position to respond effectively to postulated threats or actual events in a timely manner. Management commitment is critical for the success of the program.
The crisis management teams should flow information and recommendations up to the corporate management or executive board while having decision-making autonomy within certain parameters.
The level of decision making, responsibility, and authority will vary depending on the corporate structure. Generally, however, managers should consider staffing each team with the following members: team commander, administration manager, intelligence or information officer, physical security manager, technical security manager, liaison officer, crisis communications manager, public relations officer, legal counsel, stress trauma advisor, reception team manager, and finance officer.
Team members must be trained along with all company employees to ensure that all participants understand their roles during a crisis. For example, because the finance officer is involved with the money side of the equation, he or she must be trained in what sorts of funds are available during a disaster and who should be authorized to draw on those funds. Also, all employees should have contact sheets with the names and phone numbers of important people, such as bomb technicians, hospital contacts, and government officials.