Writing the crisis communications manual: the vulnerability audit

The vulnerability audit is a useful first step in the research communicators will undertake as part of their work on the crisis communications plan.

About 59% of businesses have a crisis communications manual in place that is constantly updated, according to a 2019 survey from PR News and Crisp. The ones who do not have a manual in place are missing out on an important tool to prepare themselves for efficient communication with their stakeholders at their brand’s moment of truth.

One of the reasons, in my experience, that companies will not have a crisis communications manual ready at hand is that a great many PR managers are not versed in crisis communications, and for that reason simply don’t know where to start. Inexperienced communications managers dread that the production of the manual will become too much of a burden on a team that is already tackling a multitude of other priorities, and also overestimate the costs they will need to incur if they decide to acquire the help from a specialized consultancy.

In this series of articles on how to write the crisis communications manual, I will take a look at the work that goes into drafting a crisis communications manual. If the effort is focused on what is truly critical to communicating in a professional manner during a crisis, the development of the manual does not need to be a daunting task. Actually, the end result of this endeavor could be limited to 20 to 25 pages and still cover all the basics.

Conducting the vulnerability audit

Through a vulnerability audit, companies list and then score the multifold ways they are exposed to either an operational or non-operational risk. Operational risks are any risks that are endemic to the way the company produces and delivers goods and services. A fire at a production site is an example of an operational risk. Non-operational risks are all other risks, for example a member of the executive team committing an act of bribery.

Once all the imaginable risks are included in a MECE list they are scored on both their likelihood of materializing and their potential impact if they occurred. Let there be no misunderstanding about the use of the ranking however: The crisis communications manual will not be written to just accommodate for the events in the high-likelihood, high-impact quadrant, but will provide resources and processes that are scenario-agnostic.

Putting the risk assessment to use

The list you made will serve the production of the manual well, as it will provide a holistic view on

all the different stakeholders you would need to engage with in a crisis (clients and employees are among the most important ones, but let’s not forget suppliers, partners, regulators, etc.)
all the different channels on which you would need to engage stakeholders in a crisis (to a large extent, but not entirely, you will be using existing channels)
all the different types of formats that would need to employed in a crisis on those channels (the dark pages on a website form an example of a format that is only employed in a crisis, in most instances you will be using existing formats)

The crisis communications manual will arm the team with the processes and resources that will allow for the deployment of the necessary content formats on all channels that matter in communicating to all the stakeholders that needs to be addressed in a given crisis.

But you might wonder, why did we start off also scoring the risks on likelihood and impact? I see the use of scoring to lie mostly in informing the scenarios that are picked for the preparedness exercises with the crisis communications team. It will be easier to raise awareness with staff on the need for an exercise, and on the importance of learnings acquired during an exercise, if that exercise revolves around a scenario that is perceived to be not too unlikely and potentially of great importance to the organization.

Did you enjoy this piece on the use of vulnerability audits?

You might also like our article on how two heuristic biases will derail crisis communicators.

492 people already subscribed to our quarterly newsletter. Join them today.

Email
Consent*
I agree to the privacy policy.
Privacy Policy
Effective March 1, 2019

Privacy Policy of Detavernier Strategic Communication, Inc.

Notification of Privacy Policy Changes

We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Detavernier Strategic Communication wants you to know how the data, including, personally identifiable information (PII) and non-personally identifiable information, it collects or obtains is used. Accordingly, the data collection, acquisition, use and dissemination practices of Detavernier Strategic Communication are discussed in this policy. This policy applies to data collected on our websites (“Websites”).

Information You Give Us

Detavernier Strategic Communication collects PII and/or other data from individuals when you voluntarily enter one of our websites and complete a survey, order form or registration page, either online or offline. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features or be eligible to receive the services offered by this site. The information that you are asked to provide may include, but is not limited to, your name, postal address, email address, street address, zip code, telephone number(s), gender, salary range, education, marital status, occupation, employment status as well as other information that may be requested from time to time. We may also collect information, including, but limited to, your web browser and your Internet Protocol (IP) address.

Blogs

Our Web site offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.

Information From Third Parties

We may also have access to your PII and/or other data when you provide it to a third party, and we subsequently purchase, license or otherwise acquire it from such third parties. In such cases, this Privacy Policy will be applicable.

Other Information Provided To Us

Other times that we may obtain PII and/or other data from you include (1) when you make a claim for an offer or seek to redeem an offer by us or a third party, (2) when you request assistance through our customer service department, or (3) when you voluntarily subscribe to a service or newsletter provided by us or a third party. We may also receive information about you from a third party or from other sources including information located in public databases.

What We Do With The Information That We Obtain

We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.

Also, we use individual information to provide products and services to you. The promotional offers may be made to you by us by means of email advertising, telephone marketing, or postal mail. By registering at this Website, or other third party web sites as described herein, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR Section 310 et seq.), as amended from time to time (“ATSR”). Notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, we reserved the right to contact you via telemarketing in accordance with ATSR.

We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Website.

Cookies

A cookie is a small file that is placed on your hard drive that enables us to analyze our web page effectiveness and identify you with the corresponding data that we have in our database. Detavernier Strategic Communication reserves the right to retain cookie data indefinitely.

Google Analytics: These cookies are set by Google Universal Analytics. They are used to calculate visitor, session and campaign data for the Sites’ analytics reports. The default lifespan of the cookie is 1 hour – 2 years.

Web Beacons

Web pages may contain electronic images (called a “single-pixel GIF” or “web beacon”) that allow a web site to count users who have visited that page or to access certain cookies. We may use web beacons to track the effectiveness of a promotional campaign and to transfer an individual’s unique user identification (often in the form of a cookie) and associate your updated information into our database. Our practice can include web beacons in HTML-formatted email messages (messages that include graphics) that we send directly or through third parties in order to determine, among many other items, which email messages were opened and to note whether a message was acted upon. In general, any electronic image viewed as part of a web page, including an ad banner, can act as a web beacon. Detavernier Strategic Communication reserves the right to retain Web Beacon data indefinitely.

New Technology

Since the use of new technology including cookies, web beacons, and other technology is rapidly evolving, as is our use of new and evolving technology, we may change or use additional or new technology from time to time.

No Information Collected from Minors

MINORS UNDER THE AGE OF 18 SHOULD NOT PROVIDE ANY PII AND/OR OTHER INFORMATION, INCLUDING THEIR EMAIL ADDRESS, TO DETAVERNIER STRATEGIC COMMUNICATION. DETAVERNIER STRATEGIC COMMUNICATION ALSO DOES NOT KNOWINGLY ACCEPT PII AND/OR OTHER DATA FROM ANY SUCH USERS OF ITS WEBSITES AND/OR ANY THIRD PARTIES.

How to Unsubscribe

If you wish to unsubscribe from all of our offers, please send us an email at jo.detavernier@gmail.com (subject line: unsubscribe) and we will globally suppress your email address in our system.

Please note that users can not update or delete previously submitted information. If your information (such as your email address) should change, we ask that you re-submit a registration form or request.

Practices of Third Parties

We cannot control, and are not responsible, for any third party’s use of cookies, web beacons or other technology to collect information about an individual.

Links to Other Web Sites

Our Site includes links to other Web sites whose privacy practices may differ from those of Detavernier Strategic Communication. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Web site you visit.

Security

The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Data Retention:

We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at jo.detavernier@gmail.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

GDPR

We provide many choices about the collection, use and sharing of your data, from deleting or correcting data you include in your profile to advertising opt-outs and communication controls.

For personal information that we have about you, you can request the following:

Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).

Change or Correct Data: If you have created an account on our website, you can edit some of your personal data by contacting us. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.

Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., your personal data is inaccurate or unlawfully held).

Right to Access and/or Take Your Data: You may contact Detavernier Strategic Communication to request a copy of your personal data and can ask for a copy of personal data be provided in machine readable form. You can also ask to review any of the information that we have retained, how we have used it, and to whom we have disclosed it at any time by contacting us.

California Privacy Rights

California Civil Code Section 1798.83 enables California residents who have provided PII to Detavernier Strategic Communication, and/or to a third party who has then shared such information with Detavernier Strategic Communication, to request information regarding the company's disclosure of such PII information to third parties. Within thirty days of receipt of such a request, Detavernier Strategic Communication will provide a list of the PII disclosed to third parties for the past calendar year, along with the names and addresses of such third parties. This request may not be made more than once per calendar year. Should you wish to exercise your rights under this Section, please use the postal address listed below. Detavernier Strategic Communication reserves the right not to honor and/or respond to such requests that are not sent to the address below.

More Information

If you have questions about this Privacy Policy, please contact us at: jo.detavernier@gmail.com

Author
Recent Posts

Jo Detavernier, SCMP, APR

Principal

Latest posts by Jo Detavernier, SCMP, APR (see all)

Jo Detavernier participates in Crisis Comms Mastery event - January 18, 2022
Detavernier Strategic Communication among 19 best Austin PR firms - October 4, 2021
How to share information under embargo with U.S. media - July 7, 2021

Additional menu

Conducting the vulnerability audit

Putting the risk assessment to use

Did you enjoy this piece on the use of vulnerability audits?

492 people already subscribed to our quarterly newsletter. Join them today.

Subscribe