Can you test your Crisis Management Team?

There seems to be an unwritten rule in the business continuity world that you can test plans and processes, but you shouldn’t refer to ‘testing’ people. You can rehearse them, give them an opportunity to practice, but you can’t test them. Maybe it’s to protect the feelings or reputations of senior people. Perhaps it’s politically incorrect to refer to testing of people in a business environment.

pressure_gauge_800_clr_3910.png

But dealing with a crisis is challenging for an organisation and for those selected to be in the crisis teams. It might be one of the most dangerous times in an organisation’s history. It’s a test alright  - and it’s one the crisis management team must pass.

So how hard should you practice for this test? In the military there’s the expression ‘train hard, fight easy’, suggesting that the added effort and commitment ensures you are better prepared for the real thing. And professional athletes train at a higher level of intensity than they expect in the big game - England rugby player Mike Brown recently revealed that he lost 3kg in one training session as part of the preparations for this year’s World Cup tournament. Of course the military and sports people have almost unlimited time to train and rehearse. No business can spare that amount of commitment. So how much training is the ‘right amount’ for a crisis management team?

Well, an annual crisis exercise is probably a good start. Additional skills-based training can add hugely to capability, as can the practicing of processes around the crisis management infrastructure. But how hard or realistic should the exercise be? A real cyber attack or data loss incident can consume huge amounts of time and effort and produce incredible stress as the organisation is thrust into the limelight, reputation at stake. Can this be replicated in an exercise and if so, is it worth practicing at that intensity?

A significant number of organisations we speak to want an exercise that represents a ‘walk-through’ of their crisis preparations. Perhaps a ‘desktop’ exercise. That’s fine if your plans are new. Or perhaps you’ve had a turnover of people at senior management level and you need to build familiarity and capability. But that situation can’t go on indefinitely. Sooner or later an organisation needs to step up its exercising until it represents a comprehensive examination of its crisis preparations. A real test. Only that way can you be sure that your processes are going to hold up.

Leading organisations are catching on to this challenge. Many of our crisis exercises are now full-on simulations, with fast-paced, complex scenarios, multiple phone calls to participants requesting urgent decisions, social media and even a ‘live newsroom’ probing and then reporting on the organisation’s public announcements in real-time.

After the exercise we provide a comprehensive report on the team’s crisis management capabilities, something we call the ACID test, representing activation, communication, information-management and decision-making. Underpinning this examination we use a bank of questions to benchmark an organisation against their peers. The report from any exercise should provide a clear, comprehensive set of actions to improve the crisis response, positioning the organisation perfectly for a tougher challenge during the subsequent crisis exercise.

If you really want to be prepared for the challenge of a crisis, why wouldn’t you test your team? Why wouldn’t you set them a tough test of their capabilities? If you’re worried that the crisis management team might not pass the test then dust off the post-exercise report from the last exercise. Read again what was recommended in terms of remediation of problems and gaps. Set the team up to pass the test.