A company in an crisis. How to be ready for the worst?

Print | Download as PDF

„I have never been in an accident of any sort worth speaking about. I never saw a wreck and have never been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort” - said Edward Smith, the Captain of Titanic, just before leaving the port... Yet it seems that a crisis may strike anyone, at any moment. That is why a company that wants to run its operations without major disruptions needs to be prepared for everything.

On September 28, 2017, disruptions in customer service for passengers paralysed operations on many airports around the world. According to the media, the problem affected over 100 airports.  The culprit was the application responsible not just for passenger service bust also for online reservations. Available sources inform that the disruptions may have lasted from a dozen or so minutes to even several hours. Four hours after the crisis the spokesperson of the software provider announced that the problem had been dealt with.

Always at the ready

A situation which may lead to disruption of business operations may be caused by many different factors hence it is a good practice to implement the business continuity management system. The process consists of several stages.  They allow the company board to define which business operations must be protected at all cost and covered by the system, and which can be consciously suspended.

Going through individual stages of the project allows the company to make an inventory of resources necessary to run critical processes and analyse the risk of their unavailability. The analysis allows the organization to work out actions which can limit the threat (minimize the probability and/or the results of the incident) and to think over its reactions to a crisis.

The end product of the project should primarily be the execution of the recommended preventive actions or approval of the risk by the board, as well as the application of emergency procedures and setting up crisis teams.

An essential element of the business continuity management system is also standard procedures agreed with individual critical suppliers who, just like in the case of September airport problems, can disrupt or even stop company operations. Contingency plans required from suppliers, which often constitute a minimum requirement, are often insufficient to answer the question if the supplier understands a crisis in the same way and what maximum breaks of operations are acceptable for him.

Another aspect is verification of the implemented recommendations aimed at minimising the risk. The implemented technical safety measures must be tested. If the company decides to use a backup data centre together with the rules of data replication, it should regularly test the effectiveness of switching to this solution. This is the only way to know if the specific preventive measure is able to reduce the risk.

The next equally important element of the business continuity system is developing a crisis communication manual which will cover communication and escalation procedures in the organization as well as communication templates developed for all stakeholders.  

Trained, aware staff

Experts underline that the abovementioned actions are not enough to effectively manage a crisis. Procedures implemented without the knowledge, experience and, above all, without engagement of staff will not ensure efficient reaction in an emergency. That is why it is essential to train staff accordingly. Thanks to appropriate training courses, company employees will be able to learn the rules of conduct during an incident and they will also take part in simulations of various crisis scenarios. Such exercises should involve all members of the crisis team structure and their substitutes.

Yet another issue is having a crisis manual containing a description of technical and organizational safety measures, which will allow for adding the elements switching to backup solutions to the tests. It will also help to verify if crisis teams are aware how they should react to, e.g. information publicised by the media.

Business continuity tests can be connected with evacuation drills which will increase the reality of the situation. It must be remembered that a well-exercised crisis scenario and thoroughly trained procedures, combined with an aware team, will make the company more effective and faster at dealing with a difficult situation. It will also help to achieve adequate flow of information between the company and stakeholders.

Communication during a crisis

It's not a secret that one of the methods of dealing with a crisis is good communication. Board members and a specially appointed communication team should write down rules of communication during a critical situation. This practice is commonplace in corporation and large companies. Defining rules of crisis communication will make staff react more effectively if a crisis occurs. It is a good idea to nominate a person responsible for crisis communication. An employee who communicates such activities during an incident (e.g. a spokesperson, manager, etc.) may prevent a situation when the media receive conflicting information concerning the situation in the company. Such a person will also supervise internal communication during the whole incident and afterwards. This helps to prevent communication chaos which could only fuel the crisis.

It is clear that good preparation is the key to success i.e. developing business continuity plans, crisis communication manual and training employees in case of emergency.   It is also worth conducting regular tests and simulations of critical situations which take into account various possible scenarios. Only then can we be sure that our organization will more effectively deal with a crisis and our image will not suffer as a result. 

Were the airports afflicted by the IT crisis of September 28, 2017, which interrupted passenger services, ready for such a possibility?   They must have had perfectly designed business continuity management plans because they dealt with the situation really quickly and their operations were not disrupted, except for slight delays.

 

27.10.2017
Monika Appolt - Bubacz

Monika Appolt - Bubacz

Risk & Insurance Manager

Monika Appolt-Bubacz is responsible for Enterprise Risk Management, information security, SHE and insurance programme management at the Group level. She has 15 years of experience in risk management processes, insurance and claims adjustments.

Download
RABENITY

Learn about our services

Zbigniew Kepiński
Anthony Ranson
Nikolett Szuha
Maja Kierzek-Piotrowska
Péter Erdei
Antoni Zbytniewski
Marek Pluciak
Aleksander Kroll
Łukasz Michałowski
Věnceslav Dobrynský
Adam Karolewski
Daniel Rösch
Aleksandra Kocemba
Edyta Staszczyk
Łukasz Dubina
Anna Szymanowicz
Paweł Rymarowicz
Rafał Kukotko
Katarzyna Jaeger
Marek Zychla
Grażyna Łukasik
Marcin Turski
Monika Appolt - Bubacz
Bartłomiej Łapiński
Sławomir Rajch
Paweł Trębicki
Other articles
2015
2016
2017
2018