After a test, it's important to review the results, discuss what worked and what didn't work, and make the necessary changes to the plan.
Training sessions should be held so everyone involved knows their role.
Testing ranges from tabletop exercises to full simulations.
Contact lists for all these audiences should be updated regularly.
During an incident, the message should remain consistent across the different audiences.
The standard "offers guidance to help management plan, establish, operate, maintain and improve their organization's crisis management capability," and is relevant to any size or type of organization, according to the BSI.
The standard includes sections on crisis management core concepts and principles, crisis leadership, crisis decision-making and crisis communications.If an organization resolves a crisis situation quickly enough, bringing the event to the attention of the public may not be necessary and could even bring unwanted attention.In an age of increased cybersecurity attacks, organizations should have a " A crisis -- which can last from a few hours to several days or longer -- requires decisions to be made quickly to limit damage to an organization, its stakeholders and the public.A crisis management plan (CMP) is a document that outlines the processes an organization will use to respond to a critical situation that would negatively affect its profitability, reputation or ability to operate.CMPs are used by business continuity teams, emergency management teams, crisis management teams and damage assessment teams to avoid or minimize damage, and to provide direction on staffing, resources and communications.As part of emergency preparedness, an organization conducts a risk assessment to determine potential threats.