Crisis Management Playbook

CRISIS MANAGEMENT PHILOSOPHY

Understanding Crisis Management for CEOs

Every company will face a crisis. The question is not if, but when. The CEOs who navigate crises successfully are those who prepared before the crisis hit. Your first crisis is not the time to learn crisis management—that moment requires execution, not learning.

THE CRISIS MANAGEMENT REALITY
═══════════════════════════════════════

WHAT MAKES A CRISIS:

A crisis is any event that:
☐ Threatens business continuity
☐ Damages reputation significantly
☐ Triggers regulatory/legal exposure
☐ Affects stakeholder safety/trust
☐ Overwhelms normal operations
☐ Requires executive decision-making

CRISIS TYPES CEOs FACE:

OPERATIONAL CRISES:
☐ Product/service outage
☐ Security breach/data incident
☐ Quality failure
☐ Supply chain disruption
☐ Physical disaster

FINANCIAL CRISES:
☐ Cash/liquidity crisis
☐ Fraud or misstatement
☐ Major customer loss
☐ Funding failure
☐ Market collapse

PEOPLE CRISES:
☐ Executive misconduct
☐ Key person departure
☐ Workplace incident
☐ HR/discrimination claim
☐ Employee safety issue

REPUTATION CRISES:
☐ Viral negative story
☐ Customer backlash
☐ Social media crisis
☐ Public scandal
☐ Media investigation

EXTERNAL CRISES:
☐ Regulatory action
☐ Legal action/lawsuit
☐ Competitive attack
☐ Market disruption
☐ Geopolitical events

THE CEO'S CRISIS ROLE:

Before Crisis:
☐ Build crisis-ready culture
☐ Ensure plans exist
☐ Run simulations
☐ Establish relationships

During Crisis:
☐ Lead the response
☐ Make key decisions
☐ Own external communication
☐ Maintain team morale
☐ Protect the business

After Crisis:
☐ Lead recovery
☐ Extract lessons
☐ Strengthen for next time

---

COMPREHENSIVE CRISIS PLAYBOOK

Crisis Classification System

═══════════════════════════════════════
SECTION 1: CRISIS CLASSIFICATION
═══════════════════════════════════════

CRISIS ASSESSMENT FORM:

INCIDENT IDENTIFICATION:
Incident: _______________
Date/time discovered: _______________
Reported by: _______________
Initial reporter contact: _______________
Source of information: ☐ Internal ☐ External ☐ Media ☐ Customer ☐ Other

CRISIS TYPE (Select all that apply):
☐ Operational (outage, breach, failure)
☐ Financial (cash, fraud, misstatement)
☐ Reputation (PR, social media, scandal)
☐ People/Leadership (departure, misconduct)
☐ Legal/Regulatory (lawsuit, investigation)
☐ External/Market (competitive, economic)
☐ Physical/Safety (facility, injury)

SEVERITY DIMENSIONS:

Business Impact:
☐ Catastrophic - Threatens survival
☐ Severe - Major revenue/operation impact
☐ Significant - Material but manageable
☐ Moderate - Noticeable but limited
☐ Minor - Routine issue

Stakeholder Impact:
☐ All stakeholders affected
☐ Customers significantly affected
☐ Employees significantly affected
☐ Investors/board affected
☐ Partners affected
☐ Limited stakeholder impact

Reputation Impact:
☐ National/international media likely
☐ Industry media/social media viral
☐ Customer-facing reputation damage
☐ Internal reputation only
☐ Minimal reputation impact

Time Sensitivity:
☐ Immediate - Hours matter
☐ Urgent - Days matter
☐ Important - Weeks matter
☐ Standard - Normal timeline

Legal/Regulatory Exposure:
☐ Criminal liability possible
☐ Regulatory action likely
☐ Material civil exposure
☐ Limited legal exposure
☐ No legal exposure

CRISIS LEVEL DETERMINATION:

☐ LEVEL 3 - CRITICAL (Full activation)
   Any catastrophic/severe dimension OR
   Multiple significant dimensions
   CEO leads response
   Board notified
   External advisors engaged

☐ LEVEL 2 - ELEVATED (Enhanced response)
   Significant impact in one or more dimensions
   Executive sponsor leads
   CEO briefed regularly
   Specialized teams activated

☐ LEVEL 1 - MONITORED (Heightened awareness)
   Moderate/minor impact
   Normal management with extra attention
   Escalation criteria defined
   Regular status updates

ASSIGNED LEVEL: ___

Crisis Team Structure

═══════════════════════════════════════
SECTION 2: CRISIS TEAM
═══════════════════════════════════════

CRISIS TEAM ROSTER:

CORE CRISIS TEAM (Always activated L2+):
| Role | Primary | Backup | Mobile |
|------|---------|--------|--------|
| Crisis Lead (CEO for L3) | | | |
| Executive Sponsor | | | |
| Communications Lead | | | |
| Legal Lead | | | |
| Operations Lead | | | |
| HR Lead | | | |

EXTENDED TEAM (Activated as needed):
| Role | Name | Mobile | When Activated |
|------|------|--------|----------------|
| CTO/Engineering | | | Technical crises |
| CFO/Finance | | | Financial crises |
| Sales Lead | | | Customer impact |
| Customer Success | | | Customer notification |
| Security | | | Security incidents |
| External PR | | | Media involvement |
| External Legal | | | Legal exposure |
| External Forensics | | | Security/fraud |

CRISIS TEAM GROUND RULES:

Meeting Cadence (L3):
☐ Initial briefing: Immediate
☐ Ongoing: Every 2-4 hours
☐ As situation stabilizes: 2x daily
☐ Recovery: Daily

Meeting Structure:
☐ 5 min: Status update
☐ 10 min: New information
☐ 10 min: Decisions needed
☐ 5 min: Action items

Decision Authority:
| Decision Type | Authority |
|---------------|-----------|
| Crisis level declaration | CEO |
| External communication | CEO + Legal + Comms |
| Customer notification | CEO + Sales + CS |
| Resource allocation | Executive Sponsor |
| Technical decisions | Functional Lead |
| Legal decisions | Legal Lead + CEO |

CONTACT TREE:

Level 3 Notification:
CEO notifies → Board Chair
CEO activates → Core Team
Comms Lead → External PR
Legal Lead → External Legal

Level 2 Notification:
Executive Sponsor → CEO
Executive Sponsor → Core Team (selective)
Relevant leads → Their teams

Crisis Response Protocol

═══════════════════════════════════════
SECTION 3: RESPONSE PROTOCOL
═══════════════════════════════════════

FIRST 15 MINUTES (Discovery Phase):

☐ Verify the incident is real
☐ Gather initial facts (who, what, when, where)
☐ Do NOT speculate on cause or blame
☐ Identify who else knows
☐ Determine if situation is ongoing or contained
☐ Make initial severity assessment
☐ Notify appropriate leader

FIRST 60 MINUTES (Assessment Phase):

SITUATION ASSESSMENT:
☐ What exactly happened?
☐ When did it start?
☐ Is it ongoing or contained?
☐ What systems/areas are affected?
☐ How many stakeholders affected?
☐ What evidence exists?

IMMEDIATE ACTIONS:
☐ Contain the situation (stop bleeding)
☐ Preserve evidence
☐ Secure affected systems/areas
☐ Isolate if needed
☐ Document everything

TEAM ACTIVATION:
☐ Determine crisis level
☐ Activate appropriate team members
☐ Schedule first team meeting
☐ Establish communication channel
☐ Hold external communications

FIRST 4 HOURS (Mobilization Phase):

FULL ASSESSMENT:
☐ Complete situation analysis
☐ Root cause hypothesis (not conclusion)
☐ Full stakeholder impact analysis
☐ Legal/regulatory assessment
☐ Financial impact estimate
☐ Timeline reconstruction

STRATEGY DEVELOPMENT:
☐ Resolution approach defined
☐ Communication strategy drafted
☐ Resource requirements identified
☐ External support engaged (if needed)
☐ Timeline estimated

STAKEHOLDER PREPARATION:
☐ Customer notification plan
☐ Employee communication plan
☐ Board/investor communication plan
☐ Regulatory notification (if required)
☐ Media response prepared

LEADERSHIP ALIGNMENT:
☐ Executive briefing complete
☐ Board notification (L3)
☐ Decision authority confirmed
☐ External advisor alignment

FIRST 24 HOURS (Execution Phase):

RESOLUTION:
☐ Fix or containment in progress
☐ Root cause investigation ongoing
☐ Temporary workarounds if needed
☐ Progress tracked and communicated

COMMUNICATION:
☐ Internal communication issued
☐ Customer notification (if needed)
☐ Regulatory notification (if required)
☐ Media response ready
☐ Social media monitoring active

DOCUMENTATION:
☐ Timeline documented
☐ Decisions recorded
☐ Actions logged
☐ Evidence preserved

ONGOING (Days 2-7):

☐ Regular status updates (2x daily minimum)
☐ Resolution progress tracking
☐ Stakeholder communication ongoing
☐ Root cause determination
☐ Recovery planning initiated
☐ Post-incident review scheduled

Crisis Communication Framework

═══════════════════════════════════════
SECTION 4: COMMUNICATION FRAMEWORK
═══════════════════════════════════════

COMMUNICATION PRINCIPLES:

THE GOLDEN RULES:
1. Communicate early (silence is not strategy)
2. Communicate honestly (never lie)
3. Communicate consistently (one voice)
4. Communicate with empathy (stakeholder focus)
5. Communicate action (what you're doing)

COMMUNICATION SEQUENCE:
1. Internal first (employees)
2. Board/investors (if significant)
3. Directly affected (customers)
4. Regulatory (if required)
5. External/public (if needed)

STAKEHOLDER COMMUNICATION PLAN:

EMPLOYEES:
Timing: Before external
Channel: All-hands, Slack, Email
Spokesperson: CEO
Content: Facts, action, what to say if asked
Updates: Every major development

BOARD:
Timing: L3 immediately, L2 same day
Channel: Call, then email
Spokesperson: CEO
Content: Full situation, response, outlook
Updates: Daily minimum for L3

CUSTOMERS (Directly Affected):
Timing: As soon as impact confirmed
Channel: Direct email, then in-app
Spokesperson: CEO or Customer Success
Content: Impact, apology if warranted, action
Updates: Until resolved

CUSTOMERS (Broadly):
Timing: If likely to hear anyway
Channel: Email, status page, blog
Spokesperson: Company (CEO signature)
Content: Acknowledgment, action, commitment
Updates: Key milestones

REGULATORS:
Timing: Per legal requirements
Channel: Formal notification
Spokesperson: Legal
Content: Required elements only
Updates: As required

MEDIA:
Timing: Only if asked or preemptive
Channel: Press release, statement
Spokesperson: CEO or designated
Content: Prepared statement, talking points
Updates: Only if story continues

COMMUNICATION TEMPLATES:

INTERNAL ANNOUNCEMENT:

Team,

I want to let you know about [situation]. Here's what happened and what we're doing about it.

What happened: [Brief, factual summary]

What we're doing: [Immediate actions]

What this means for you: [Impact on employees]

If you're asked about this externally: [Guidance]

I'll provide updates as we learn more. If you have questions, [contact information].

[CEO]

CUSTOMER NOTIFICATION:

Dear [Customer],

We're writing to inform you about [situation] that may affect your use of [product/service].

What happened: [Clear, honest explanation]

How this affects you: [Specific impact]

What we're doing: [Actions taken and timeline]

What you can do: [Any customer actions needed]

We sincerely apologize for [impact]. We're committed to [resolution/prevention].

Questions? Contact us at [support].

[Signature]

MEDIA HOLDING STATEMENT:

[Company] is aware of [situation]. We are actively investigating and working to resolve this matter.

[Optional: We are taking this seriously and our priority is [relevant stakeholders].]

We will provide additional information as it becomes available.

Media inquiries: [contact]

Crisis Type Playbooks

═══════════════════════════════════════
SECTION 5: CRISIS TYPE PLAYBOOKS
═══════════════════════════════════════

SECURITY BREACH/DATA INCIDENT:

Immediate (0-4 hours):
☐ Contain the breach (isolate systems)
☐ Preserve evidence (forensics)
☐ Assess scope (what data, how many)
☐ Engage external security firm
☐ Engage breach counsel
☐ Notify CEO and crisis team

Assessment (4-24 hours):
☐ Determine data types exposed
☐ Identify affected individuals
☐ Assess regulatory notification requirements
☐ Assess contractual notification requirements
☐ Prepare notification timeline

Response (24-72 hours):
☐ Customer notification (per legal)
☐ Regulatory notification (GDPR: 72 hrs)
☐ Credit monitoring (if applicable)
☐ Public statement (if needed)
☐ Root cause identification
☐ Remediation implementation

PRODUCT/SERVICE OUTAGE:

Immediate:
☐ Assess scope and impact
☐ Activate incident response
☐ Update status page
☐ Internal communication
☐ Customer communication (if extended)

Resolution:
☐ Focus on restoration
☐ Regular status updates
☐ Customer communication
☐ SLA credit calculation
☐ Post-mortem scheduled

EXECUTIVE MISCONDUCT:

Immediate:
☐ Secure evidence
☐ Engage employment counsel
☐ Assess legal exposure
☐ Board notification
☐ Media response preparation

Response:
☐ Investigation initiated
☐ Interim arrangements
☐ Employee communication
☐ Customer/partner assurance
☐ Public statement (if public)

FINANCIAL CRISIS:

Immediate:
☐ Cash position assessment
☐ Runway calculation
☐ Board notification
☐ Existing investor notification
☐ Option development

Response:
☐ Cost reduction plan
☐ Bridge financing exploration
☐ Strategic alternative assessment
☐ Employee communication (as needed)
☐ Customer assurance (as needed)

REGULATORY/LEGAL ACTION:

Immediate:
☐ Engage outside counsel
☐ Preserve documents
☐ Assess media exposure
☐ Board notification
☐ Insurance notification

Response:
☐ Response strategy development
☐ Statement preparation
☐ Internal communication
☐ Ongoing legal management

Crisis Recovery Framework

═══════════════════════════════════════
SECTION 6: RECOVERY FRAMEWORK
═══════════════════════════════════════

POST-CRISIS RECOVERY:

STABILIZATION (Days 1-7):
☐ Confirm crisis is fully contained
☐ Resume normal operations
☐ Continue stakeholder updates
☐ Begin root cause analysis
☐ Document lessons learned

ASSESSMENT (Week 2-4):
☐ Complete root cause analysis
☐ Assess total impact
☐ Evaluate response effectiveness
☐ Identify improvement opportunities
☐ Draft post-incident report

REMEDIATION (Month 1-3):
☐ Implement prevention measures
☐ Update policies and procedures
☐ Conduct training as needed
☐ Test improvements
☐ Close open items

POST-INCIDENT REVIEW:

REVIEW MEETING AGENDA:
1. Timeline review (what happened when)
2. Response assessment (what worked, what didn't)
3. Communication review (stakeholder feedback)
4. Root cause analysis (5 whys)
5. Improvement identification
6. Action item assignment

POST-INCIDENT REPORT:

POST-INCIDENT REPORT

INCIDENT: _______________ DATE: _______________ LEVEL: _______________

EXECUTIVE SUMMARY: [Brief description and outcome]

TIMELINE: [Detailed timeline of events]

IMPACT: • Business: _______________ • Customer: _______________ • Financial: _______________ • Reputation: _______________

ROOT CAUSE: [Analysis and findings]

RESPONSE ASSESSMENT: What worked well: _______________ What needs improvement: _______________

RECOMMENDATIONS:

#	Recommendation	Owner	Priority	Deadline
1			H/M/L
2			H/M/L
3			H/M/L

REPUTATION RECOVERY:
| Activity | Owner | Timeline |
|----------|-------|----------|
| Stakeholder relationship repair | | |
| Positive story development | | |
| Trust rebuilding actions | | |
| Third-party validation | | |

Crisis Preparedness

═══════════════════════════════════════
SECTION 7: PREPAREDNESS
═══════════════════════════════════════

CRISIS READINESS CHECKLIST:

DOCUMENTATION:
☐ Crisis playbook documented and accessible
☐ Contact lists current (updated quarterly)
☐ Communication templates prepared
☐ Vendor/partner contacts current
☐ Insurance information accessible
☐ Legal counsel relationships established

TEAM READINESS:
☐ Crisis team identified and trained
☐ Roles and responsibilities clear
☐ Decision authority defined
☐ Backup personnel identified
☐ 24/7 contact information current

INFRASTRUCTURE:
☐ Communication channels tested
☐ War room capability (virtual/physical)
☐ Status page operational
☐ Mass notification system ready
☐ Backup systems verified

SIMULATION EXERCISES:

Annual Crisis Simulation:
☐ Tabletop exercise conducted
☐ Realistic scenario tested
☐ All key personnel participated
☐ Lessons documented
☐ Improvements implemented

Scenario Types to Test:
☐ Security breach
☐ Major outage
☐ Executive departure
☐ PR crisis
☐ Financial challenge

EXTERNAL RELATIONSHIPS:

Establish Before Crisis:
☐ External PR firm
☐ Crisis communications specialist
☐ Breach counsel
☐ Forensics firm
☐ Key media contacts
☐ Regulatory contacts (where appropriate)

CEO Crisis Dashboard

═══════════════════════════════════════
CEO CRISIS GOVERNANCE
═══════════════════════════════════════

CRISIS STATUS DASHBOARD:

Current Status: ☐ No active crisis ☐ L1 ☐ L2 ☐ L3

ACTIVE CRISIS (if applicable):
Incident: _______________
Level: _______________
Lead: _______________
Current phase: ☐ Assessment ☐ Response ☐ Recovery
Last update: _______________
Next update: _______________

KEY DECISIONS PENDING:
| Decision | Options | Deadline |
|----------|---------|----------|
| | | |

STAKEHOLDER STATUS:
| Stakeholder | Notified | Sentiment | Next Touch |
|-------------|----------|-----------|------------|
| Board | ☐ Y ☐ N | | |
| Employees | ☐ Y ☐ N | | |
| Customers | ☐ Y ☐ N | | |
| Regulators | ☐ Y ☐ N | | |
| Media | ☐ Y ☐ N | | |

PREPAREDNESS STATUS:

Quarterly Preparedness Review:
☐ Crisis team roster current
☐ Contact information verified
☐ Playbook reviewed
☐ Simulation completed (annual)
☐ Vendor relationships active
☐ Insurance coverage adequate

CEO CRISIS QUESTIONS:

1. What are our most likely crisis scenarios?
2. Are we prepared to respond in the first hour?
3. Who would we call first for each crisis type?
4. When did we last practice our response?
5. What would our stakeholders say about how we'd handle a crisis?

---