Crisis Comms Playbook: Prepare on Calm Days

Introduction

Real crisis communications starts long before the incident. On calm days you design the system—roles, channels, templates, and proof—so on hot days you can move fast without guessing. This playbook gives you the assets and rhythms to prepare now: a severity model everyone understands, a 60‑minute response loop, reusable holding statements, and a war‑room workflow that doesn’t drown the team.

What Counts as a Crisis (and What Doesn’t)

A crisis is any event that threatens safety, continuity, legal standing, or trust at scale. Missed SLA for a handful of users? Incident. Breach exposing customer data? Crisis. Use this quick filter:

Impact: many people affected, or critical stakeholders (customers, employees, regulators, partners).
Irreversibility: harm grows with time or is hard to undo.
Visibility: newsworthy, trending, or likely to spread via search/social.
Agency: you can take actions that materially reduce harm now. If ≥2 are true, activate the crisis protocol.

The 6 Ps for Calm‑Day Readiness

1) People — name your core team and backups.
2) Playbooks — short, scenario‑specific steps.
3) Platforms — where you coordinate and where you publish.
4) Proof — facts and logs to avoid speculation.
5) Practice — drills and debriefs.
6) Policy — governance rules that hold under stress.

1) People: Roles, RACI, Bench

Core roles (one person each, backups named):

Incident Lead (IL): overall decision maker; runs the bat‑signal, calls severity.
Comms Lead (CL): owns external/internal messages, channels, cadence.
Legal/Privacy Lead (LL): approves risk language; defines what must be disclosed.
Tech/Operations Lead (TL/OL): source of technical facts and remediation timelines.
People/HR Lead (HR): employee comms, safety, labor issues.
Spokesperson (SP): trained voice for press and customers.
Social/Community Lead (SL): monitors and responds on social and forums.
Customer Success Lead (CS): writes customer‑facing notices, routes escalations.

RACI (sample): IL = Accountable; CL/TL = Responsible; LL/HR = Consulted; Execs = Informed.

Bench: maintain a contact sheet with time‑zones, mobiles, and preferred channels. Review quarterly.

2) Playbooks: Short Scenarios You’ll Actually Use

Create 2–3 page runbooks for your top risks. Each includes: Trigger, First Hour, First Day, Audiences, Channels, Templates, Approval path, Owner.

Common scenarios

Security/data: suspected breach, credential leak, vendor compromise.
Product/safety: physical product recall, safety advisory, UX/regression causing loss.
Operational: extended outage, payments failure, logistics disruption.
People: executive behavior, workplace harm, layoffs.
External: regulatory action, litigation, natural disaster affecting operations.

Keep playbooks in a shared folder with version history; print the one‑pagers.

3) Platforms: Where You Coordinate and Publish

War‑room stack

Coordination: Slack/Teams channel #crisis‑<date‑peg>, private Zoom/Meet bridge, and a running notes doc.
Records: one source‑of‑truth doc with timestamped updates; link to tickets/logs.
Status: public status page with incident log and historical uptime.
Dark site: prebuilt hidden web page to publish long‑form updates, FAQs, and resources.
Email/SMS: customer notification lists by segment; internal all‑hands list.
Social: pre‑approved handles and password manager access; pin policy.

Run a 15‑minute drill confirming all logins quarterly.

4) Proof: Facts Beat Adjectives

Decisions and statements must rest on verifiable facts. On calm days, prepare:

Metrics shelf: list the KPIs you’ll cite (MAU, orders/day, uptime, % affected)—with definitions.
Evidence templates: Metric, number, time window, source, limitation.
Data retainers: how to pull logs quickly (SQL notebooks, dashboards).
Artifact library: diagrams, screenshots, certification letters, audit scope.

Never say “no evidence” unless you actually searched; log what you checked.

5) Practice: Drills That Build Reflexes

Tabletop (quarterly): 60–90 minutes; choose a scenario; walk the first 24 hours.
Red team (bi‑annually): simulate hostile questions and social rumors.
Timer drills (monthly): write a holding statement in 15 minutes; legal review in 15; publish to a test dark site.

Capture learnings in an after‑action doc with owners and due dates.

6) Policy: Rules You Pre‑Agree

Disclosure: what you must disclose (by law, contract) and when.
Approval path: names and time limits (e.g., legal has 15 minutes for first pass).
Channels: where each audience hears first (employees, customers, partners, press).
Spokesperson rules: who can speak, when, and with what prep.
Records: how you timestamp updates and archive artifacts.
Accessibility: alt text, subtitles, contrast, and translations for material updates.

Severity Model (Speak the Same Language)

Define severity before you need it. Example:

SEV‑1 (Critical): safety risk, legal exposure, widespread outage (>40% users), data exposure. Goal: first public note in ≤60 minutes; updates every 60–90 minutes.
SEV‑2 (High): major functionality loss (10–40%), high‑value customers impacted, rumor with credible source. Goal: note in ≤2 hours; updates every 2–3 hours.
SEV‑3 (Medium): partial degradation, localized bug, niche press interest. Goal: note same business day; daily updates.
SEV‑4 (Low): minor issue; monitor, no public post.

Post the declared severity in the war room and on the status page.

First 60 Minutes (Play‑by‑Play)

00:00–00:10 — Verify & classify. Confirm facts, call SEV, open war‑room.
00:10–00:20 — Stakeholders map. Who’s affected? Customers, employees, partners, regulators, media.
00:20–00:35 — Draft holding statement. (Template below) + internal note; legal quick pass.
00:35–00:45 — Publish & pin. Status page + dark site + social pin; email priority segments.
00:45–01:00 — Availability & Q&A. Schedule briefings, prep spokesperson with 3×20‑second bites and a Q list.

Holding Statement Templates (Fill‑in‑the‑Blanks)

Short (status/social):
“We’re investigating an issue affecting [what/who] since [time zone + time]. Our current focus is [safety/data protection/service restoration]. Next update by [time] here: [link].”

Medium (email/dark site):
“Today at [time], we identified [describe what’s known] affecting [scope/segment %]. We have [temporarily disabled X / added Y controls] while we investigate with [internal team / external experts]. At this time, [what we know + what we don’t]. We will update [cadence] at [URL] and notify affected customers directly. Contact [address] for urgent needs.”

If people may be harmed: put safety first, link to resources, publish emergency contacts, and avoid self‑congratulation.

Audience Matrix: Who Hears What, Where, and When

Audience	Channel	Owner	Cadence	Content
Employees	Slack #announcements, email	HR + CL	First, then at every external update	What happened, how to help, where to direct inquiries
Customers	Status page, email, in‑app	CS + CL	Per severity	Impact, steps, timelines, FAQs
Partners	Direct email	CL	Per impact	Operational changes, joint statements
Regulators	Formal notices	LL	As required	Scope, remediation, contact
Press	Email to beat reporters + newsroom page	CL + SP	As news develops	Holding statement, Q&A, briefing slots

Media Q&A Prep (The “BRIDGE” Loop)

Answer the question, then bridge to facts and next steps. Keep three soundbites ready (20–25 seconds each) with a number and a limitation line. Never speculate; label uncertainty; avoid “no comment”—say what you can’t discuss and why.

Set up saved searches/alerts for brand, executives, product names, and crisis keywords.
Route screenshots (with links) to the war‑room; avoid driving traffic to harmful content.
Post one clear thread with timestamps; update that thread rather than spawning new posts.
For misinformation, reply with a single corrective link and move on; do not debate.

Ethics and Legal Guardrails

Prioritize safety over reputation.
Avoid naming individuals without consent or necessity.
Don’t promise outcomes you can’t guarantee.
Timestamp every public update and keep an archive.
Translate key notices for major customer locales.

After‑Action Review (Within 7 Days)

Agenda:

Timeline reconstruction (what/when/who).
What worked, what didn’t (people/process/tools).
Customer/employee feedback.
Metrics (response times, accuracy, reach, sentiment, support load).
Decisions and owners—due dates on the board.

Publish a short internal summary and update playbooks.

Metrics That Matter

T‑to‑first statement (minutes) by severity.
Accuracy score (corrections requested / total updates).
Support backlog delta and time to resolution.
Share of coverage using your verified facts.
Employee confidence pulse (pre/post incident).
Search/Social lift + sentiment trend with context (avoid vanity).

Appendix A — One‑Page Crisis Card (Print This)

Who to call: IL, CL, LL, TL, HR, SP (mobiles).
Declare severity: SEV‑1/2/3/4 with examples.
First hour: verify → classify → war‑room → draft → publish → brief.
Links: status page, dark site CMS, newsroom, press list, regulator portals.
Templates: short + medium holding statements, employee memo, customer email.
Do/Don’t: name limits, avoid speculation, timestamp everything, empathy first.

Appendix B — Sample Employee Memo (Internal)

Subject: What happened today and how to help
Hi team—
At [time] we identified [issue] affecting [scope]. Customer‑facing updates live at [link]; please direct external questions there. If you see posts, screenshot and drop in [#crisis‑channel]. Managers: hold team standups [time]. We’ll update again by [time]. Thank you for staying calm and focused on customers.
— [CL + IL]

Conclusion

Calm days are your only chance to build speed without sloppiness. Name owners, pre‑write the first words, decide severity, and practice publishing with a clock. When the real thing hits, you’ll act in minutes, speak with proof and humility, and protect what matters: people first, then trust, then reputation.

Working Hours

Crisis Comms Playbook: Prepare on Calm Days