Defining the term: Incident, Emergency or Crisis?
For most, an incident is a low level or localized problem that does not have a serious impact, which can be dealt with by routine procedures and does not require the involvement of senior management of an organisation. More complex in many ways is the comparison to “emergency”; a term more emotive and much used by the emergency services and local authority community (and the Emergency Planning Society) relating generally to either a wide scale problem or one requiring Emergency Service support, but not usually one which threatens the survival of an organisation.
A badly handled emergency will almost always give rise to a crisis: “A time of instability for an organisation in which the impacts of event(s) threaten its operations, survival, or reputation”.
The origins of a crisis can either be external, where the organisation is seen as a victim of an event beyond its control (e.g. natural disasters) or internal, where a crisis occurs due to accidents in the workplace (e.g. technical errors), or due to systemic, preventable errors (e.g. human breakdown accidents, organisational misdeeds causing injury, or the occurrence of a situation that is outside the current capacity and experience of the management team, as a result of, for example, key personnel not being available at a particular point in time.
Key characteristics of crisis:
Crises are unique or rare and unpredictable events that come as a surprise to an organisation. The key characteristics of crisis are:
- Dynamic or Volatile Threat: crises introduce an intense level of dynamic threat and have the potential to impact on an organisation’s high priority goals by creating negative or undesirable outcomes for organisations, their stakeholders, and their industries.
- Urgency/Pressure: crises require response within timeframes not defined by the organisation, often very short, and where the time to implement decisions and actions in order to mitigate the impacts is limited. Pressure is also imposed by the potential for incorrect decisions with far reaching or life threatening consequences.
- Uncertainty: results from decisions needing to be made in the face of incomplete, erroneous, or ambiguous information.
- Lack of boundaries: crises can have the potential to disrupt or affect the entire organisation, and often even transcend organisational, geographic, and economic, boundaries.
- Media scrutiny: crises are events that cause significant public and media interest and influence, where information spreads rapidly and facts are not always checked before they are distributed.
- Complexity: crises are characterized by multiple stakeholder, event‐feedback loops and goals, and decisions result in interdependent impacts or consequences.
Crisis Management: a three-stage process
Crisis Management is a process, delivered by integrated capabilities, which focuses not only on preparedness activities and what to do in the midst of a crisis, but also on the identification and forecasting of why crises happen, and how to recover and learn from incidents. It is a three‐stage process, involving pre‐crisis preparation, crisis response, and post‐crisis recovery.
Crises are unpredictable, but do not have to be entirely unexpected. Thus, while not all can be prevented, managers should develop and embed a wide range of resilience‐building processes and activities to enable an organisation to both prevent and mitigate the impact or duration of those crises that do occur.
Pre-crisis preparation involves crisis management planning and the creation of structures to deliver a crisis response. The Crisis Management Team must be supported by a crisis management plan or manuals (including a Crisis Management Plan, a Crisis Communications Plan and an Information Management strategy).
Crisis Management response involves a number of steps:
- Recognition of a crisis
- Activation of the Crisis Management Team (CMT),
- containment of the incident by that CMT to mitigate damage and risk inflicted on the organization.
While the crisis may end (e.g. in so far as that the building may no longer be burning), the organisation may well be left with a major recovery problem. Post-crisis recovery involves dealing with the longterm effects or impacts of an event and how to return to “business as usual” or the new “normal”, if major change has taken place, in the days, weeks, and sometimes months following the event, when more details and facts about the event emerge. Crisis Management processes may be handed over from the CMT to a Recovery Team in this final phase; however, it is still an integral part of the overall management process.
Crisis Management does not replace Business Continuity nor does it challenge such programs, but it is an associated and often supporting discipline.
Although often it is the lead discipline in times of crisis where a “continuity” response is not required, ORBIT allows the management of testing and Crisis management and the link between (incident management and emergency management).
The extension of the analysis to all assets and business processes, in relation to impact and vulnerability, requires a tool that is able to respond not only to the impact assessment but also to the degree of process resources: ORBIT also covers this need with Risk Impact Analysis.