Crisis Management and Communications

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Crisis Management and Communications Policy

Updated: 6 May 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization.

  • I will report security concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline; if they are unavailable and I feel unsafe, I will call law enforcement.
  • I will manage or support the definition and criteria development for what constitutes a “crisis.”
  • I will follow law enforcement/first responder direction during any event.
  • I will manage or support all after-action evaluations and improvements.
  • I will not engage in a role in the crisis unless I am trained and qualified for that role.
  • I will manage and support the redirection and reprioritization of anyone under my management to support the crisis response.
  • If I am a person (non-victim) involved in the crisis (e.g., discovery, onsite, responder, etc.):
    • I will focus on personnel-impacting issues first.
    • I will not talk to the press or anyone asking for comment.
    • I will remind organization personnel to prioritize personnel-impacting issues and not talk to the press or anyone asking for comment.
    • I will notify the Crisis Management Team (CMT) and my management as soon as it is safe to do so.
    • I will prioritize 911 needs over CMT/Management notification requirements.
    • I will redirect all status and comment requests to the CMT.
    • I will serve as Incident Commander (NIMS ICS Model) until a higher authority is available.
  • If I am the highest-ranking executive initially involved in a crisis:
    • I will assume the role of Incident Commander (NIMS ICS Model) until a higher authority is available.
  • If I have an ongoing role in crisis management:
    • I will attend all approved training (e.g., response, PIO, tabletops, etc.) related to crisis management.
  • If I am in a management role in the crisis management function:
    • I will manage or support the training (response, PIO, tabletops, etc.) of myself and all personnel under my management related to crisis management.
    • I will only talk to the press or other media after confirming with leadership about the agreed-upon messaging.
    • I will try to delay communications until the Public Information Officer (PIO) or equivalent is present and onboard.
    • I will manage and support PIO access to all authority and resources required to perform their role.
    • I will manage or support a State of Security Report and Presentation, under Executive Session, at least yearly, that covers incidents, vulnerabilities, improvements, and metrics across all domains of Security, including crisis management and communications.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.