Skip to content
News update

Key elements of an effective crisis management plan

When creating a business continuity (BC) or disaster recovery (DR) plan, ’begin with the end in mind’

A BC/ DR plan’s primary goal is to help prepare an organisation to respond and fully recover from any disaster as quickly as possible. But many organisations get to the end of this process without a fully functional, integrated, and easy-to-use crisis management plan. Some still have office closets full of black binders with titles like “2018 Incident Management Plan.” Those dusty binders didn’t help anybody when the pandemic hit organisations in 2020.

SAI360 has created a checklist of elements that comprise an effective crisis management plan with the goal of helping organisations avoid recovery delays and potential financial or operational disasters.

Having an effective crisis management plan, with each action mapped out prior to an incident, is essential. Planning with cool heads before a crisis will always pay off in the heat of incident management. Without it, your emergency response might lead to catastrophic consequences for your employees, your business, your brand and your customers.

Does your crisis management plan:


Detail every action and decision that needs to occur in each phase of an incident, from the time an incident occurs, to the re-direction of personnel to alternate facilities, business recovery and IT recovery to the return to ‘new’ normal business operations?

2 Have action plans that are role or team-based, so each user knows what they are supposed to do and in what sequence?
3 Contain calling/ texting trees and vendor contact lists as well as methods for keeping these lists up to date over time?
4 Contain detailed documentation such as operating procedures, policies, evacuation and security procedures, damage assessment forms, etc?

During an incident, does your crisis management system:

5 Remain easily accessible with the necessary information to begin recovery efforts, even with idled Critical Support Components?
6 Automatically document all tasks and decisions during an incident as they happen, with as little effort as possible?

  • Provide real-time tracking of an incident by allowing response/ recovery teams to input whether each of their assigned tasks has been completed.
  • Have an incident log with timestamps for each activity and associated user who performs the activity.
  • Allow additional tasks and decisions to be manually entered into the incident log.
7 Allow for indicating server availability and critical linked technology components? Many business functions and processes depend on one or more inter-related servers. During an incident, updating a server’s status to ’degraded performance’ or ’down’ can pinpoint critical systems that have been impacted by the incident and help direct recovery efforts.
8 Allow IT and facilities managers to update the status of any non-operational Critical Support Components such as damaged buildings, equipment, applications, personnel, and vendors or third parties, which will then automatically determine the idled critical business functions in the business departments?
9 Make it easy to access the correct IT Disaster Recovery Plans based on which infrastructure components have been idled or destroyed.

After an incident, does your crisis management plan:

10 Provide all the information needed to perform the post-event evaluation and lessons learned to enhance performance for future improvements and to provide evidence for compliance audits.
11 Remain complete, up-to-date, and flexible enough to be used to testing and exercising the plan.

Going through this checklist is a good place to start putting your new BC/ DR plan together. Businesses that have already moved their BC/ DR plans online need to have the people and processes in place to regularly stress test and update their systems and data.

Further information:

Learn about SAI360’s solutions for disaster recovery and business continuity management.

For more information check out SAI360’s on demand webinar: From Planning to Resilience, the Role of Tech to Advance Your BCM Program.

About SAI360

SAI360 is a leading provider of Risk, Learning, EHS, and Sustainability software. Our cloud-first SAI360 platform contains flexible, scalable, and configurable modules for a better vantage point on risk management. Our unified approach to risk management is what sets us apart, helping organisations across the globe manage risk, create trust, and achieve business resilience for over 25 years.

SAI360 is headquartered in Chicago, U.S., and operates across Europe, the Middle East, Africa, the Americas, Asia, and the Pacific. Discover more at or follow us on LinkedIn.

To see our platform in action, request a demo.

Is your board prioritising cybersecurity? Seven questions to ask

Next article