Free Corporate Crisis Communication Plan Template

Corporate Crisis Communication Plan


I. Introduction

Purpose:

This plan outlines the procedures and responsibilities for effectively managing and communicating during a data breach or cyber attack at [YOUR COMPANY NAME]. The goal is to ensure timely and accurate information dissemination to all stakeholders, minimize damage, and restore normal operations swiftly.

Scope:

This plan applies to all employees, departments, and locations of [YOUR COMPANY NAME].

II. Crisis Management Team

Members

Name

Role

[MEMBER'S NAME]

Chief Communications Officer

[MEMBER'S NAME]

Chief Information Officer

[MEMBER'S NAME]

General Counsel

[MEMBER'S NAME]

Head of Human Resources

[MEMBER'S NAME]

Public Relations Manager

Roles and Responsibilities

Role

Responsibilities

Chief Communications Officer (CCO)

Oversee communication efforts, coordinate with team members, and ensure consistent messaging.

Chief Information Officer (CIO)

Manage technical aspects, contain, investigate, and remediate the breach.

General Counsel

Provide legal guidance, ensure compliance, and manage legal implications.

Head of Human Resources (HR)

Communicate with employees, ensure understanding and cooperation, and address internal concerns.

Public Relations (PR) Manager

Manage media relations, draft press releases, and oversee external communications.

III. Crisis Identification and Assessment

Steps:

  1. Detection: Immediate identification of a data breach or cyber attack by the IT department. This involves monitoring systems for unusual activity, alerts from security software, or reports from employees.

  2. Assessment: Evaluation of the breach's scope, data compromise, and potential impact. This includes determining the type of data affected (e.g., personal information, financial data) and the number of individuals or systems impacted.

  3. Notification: Inform the Crisis Management Team immediately, providing a preliminary incident report and any urgent actions needed to contain the breach.

IV. Communication Protocols

Internal Communication

Action

Responsible Party

Description

Initial Notification

IT Department

Notify the Crisis Management Team with a detailed incident report.

Employee Notification

[EMPLOYEE NAME]

Inform all employees about the breach, emphasize data protection measures, and use email, messaging systems, and meetings.

External Communication

Action

Responsible Party

Description

Stakeholder Notification

[EMPLOYEE NAME]

Inform key stakeholders, including breach acknowledgment, actions taken, and ongoing efforts.

Customer Notification

[EMPLOYEE NAME]

Draft and send notification emails to customers, provide information on the breach, actions taken, and support.

Media Communication

[EMPLOYEE NAME]

Draft press releases, prepare media statements, and utilize website and social media for updates.

Communication Channels

Channel

Description

Email

Company-wide email for internal and external notifications.

Website

Post updates and information on [YOUR COMPANY WEBSITE].

Social Media

Share updates and direct stakeholders to the website for detailed information.

Media Briefings

Hold press conferences with prepared statements and Q&A sessions.

V. Key Messages

Initial Statement

"Our team at [YOUR COMPANY NAME] has identified a data breach affecting our systems. We are currently investigating the extent of the breach and taking all necessary steps to protect our data and prevent further unauthorized access. We are committed to transparency and will keep you updated as more information becomes available."

Follow-Up Messages

Message Type

Description

Updates on the Investigation

Regular updates on the progress of the investigation and any findings.

Measures Taken

Information on steps taken to secure systems and prevent future breaches.

Support Information

Contact details for customer support and FAQs addressing common concerns and questions related to the breach.

VI. Post-Crisis Evaluation

Review and Analysis

Task

Description

Conduct Review

Thorough review of the incident response, including timeline, actions, and communication effectiveness.

Analyze Effectiveness

Evaluate the communication plan's effectiveness, identifying strengths and areas for improvement.

Gather Feedback

Collect feedback from the Crisis Management Team, employees, customers, and stakeholders.

Report

Task

Responsible Party

Description

Compile Report

[EMPLOYEE NAME]

Detailed report on the incident, response actions, outcomes, and lessons learned.

Share Report

[EMPLOYEE NAME]

Distribute the report to the Crisis Management Team, senior leadership, and relevant stakeholders.

VII. Appendices

Appendix A: Incident Report Template

Field

Details

Date and Time of Incident

June 1, 2050, 2:30 PM

Description of Incident

Unauthorized access to the customer database

Systems Affected

Customer Relationship Management (CRM) system

Data Compromised

Customer names, email addresses, phone numbers, and purchase histories

Immediate Actions Taken

Isolated affected systems, initiated a forensic investigation

Further Steps Required

Notify affected customers, enhance security measures, conduct employee training

VIII. Conclusion

The Corporate Crisis Communication Plan for [YOUR COMPANY NAME] is designed to ensure that our organization can respond swiftly and effectively to data breaches and cyber-attacks. By following the outlined procedures and protocols, we can manage the crisis, protect our stakeholders, and maintain our company's reputation. It is imperative that all members of the Crisis Management Team and relevant departments are familiar with this plan and prepared to act promptly in the event of a crisis. Continuous improvement through post-crisis evaluation will help us enhance our response strategies and better safeguard our organization's integrity and trustworthiness.

Plan Templates @ Template.net