A practical, field-tested framework for managing organizational crises across media and social channels. Based on real-world implementation in highly regulated environments and aligned with UK Government Crisis Communications Operating Model principles.
pip install -r requirements.txtSee the tools directory for Python scripts that automate crisis reporting.
This framework provides:
- Crisis classification and severity assessment
- Response protocols by crisis type and level
- Detection and early warning systems
- Communication templates and playbooks
- Stakeholder coordination guidelines
- Post-crisis analysis methodology
Designed for communications professionals, crisis managers, and organizations seeking to build robust crisis preparedness capabilities.
Based on the UK Government Crisis Communications Operating Model, crises are classified into three levels:
- Impact: Localized incident affecting specific departments or regions
- Response time: < 2 hours
- Coordination: Departmental level
- Examples: Local service disruption, minor data breach, isolated severe weather impact
- Impact: Regional or multi-departmental impact requiring coordinated response
- Response time: < 1 hour
- Coordination: Cross-departmental with executive awareness
- Examples: Major cybersecurity incident, significant operational failure, reputational attack
- Impact: Organization-wide or national-level crisis
- Response time: < 30 minutes
- Coordination: Executive-led crisis team with full organizational mobilization
- Examples: Global pandemic, major leadership crisis, catastrophic system failure
Common scenarios: Data breach, ransomware attack, system compromise, DDoS attack
Key considerations:
- Legal and regulatory obligations (GDPR, data protection laws)
- Customer data exposure risk
- Service continuity impact
- Coordination with IT, legal, and regulatory teams
Initial response priorities:
- Contain the incident (IT-led)
- Assess data exposure scope
- Notify regulatory authorities (if required by law)
- Prepare holding statement
- Monitor social/media for misinformation
Communication approach:
- Transparency within legal constraints
- Focus on actions being taken
- Clear timelines for updates
- Dedicated incident response page
Common scenarios: Pandemic, outbreak affecting operations, health and safety incident
Key considerations:
- Employee safety first
- Government guidance alignment
- Operational continuity
- Customer/public safety communication
Initial response priorities:
- Activate business continuity protocols
- Align messaging with public health authorities
- Communicate safety measures to employees
- Update customers on service impacts
- Monitor for misinformation about organizational response
Communication approach:
- Empathy and care-first messaging
- Clear, factual information
- Regular updates on safety measures
- Support resources for affected stakeholders
Common scenarios: Hurricanes, floods, extreme weather events impacting operations
Key considerations:
- Employee and customer safety
- Service disruption extent
- Geographic impact zones
- Recovery timeline
Initial response priorities:
- Account for employee safety
- Assess operational impact
- Communicate service disruptions
- Coordinate with emergency services
- Provide recovery timeline estimates
Communication approach:
- Safety-first messaging
- Clear service impact information
- Alternative contact methods
- Community support initiatives
Common scenarios: Misinformation campaigns, coordinated negative attacks, viral negative content, brand hijacking
Key considerations:
- Speed of spread (especially on social media)
- Fact vs. fiction assessment
- Amplification risk
- Long-term brand impact
Initial response priorities:
- Verify facts immediately
- Assess sentiment and spread velocity
- Identify inorganic activity (bots, coordinated campaigns)
- Prepare fact-based response
- Monitor all channels continuously
Communication approach:
- Rapid response (minutes, not hours)
- Fact-correction with evidence
- Avoid amplifying false narratives
- Direct engagement when appropriate
- Consider when silence is strategic
Common scenarios: System outages, supply chain failures, major service interruptions
Key considerations:
- Customer impact scope
- Service restoration timeline
- Compensation/resolution approach
- Regulatory reporting requirements
Initial response priorities:
- Acknowledge the issue immediately
- Provide known information
- Set expectations for updates
- Coordinate with operations team
- Monitor customer sentiment
Communication approach:
- Acknowledge, apologize, act
- Transparency about timeline
- Regular updates (even if "no new information")
- Clear restoration milestones
- Post-incident follow-up
Common scenarios: Executive death/serious incident, legal investigations, misconduct allegations, succession crises
Key considerations:
- Legal implications and restrictions
- Employee morale and uncertainty
- Market/investor confidence (if public company)
- Media pressure intensity
- Family/personal privacy
- Regulatory obligations
Initial response priorities:
- Coordinate with legal counsel immediately
- Assess what can/cannot be communicated legally
- Prepare internal communication first (employees before external)
- Brief board/senior leadership
- Designate authorized spokesperson
- Monitor for speculation and misinformation
Communication approach:
- Extreme sensitivity and respect
- Legal review of all statements
- Tiered communication (internal → investors → public)
- Limited, factual information only
- "We cannot comment on ongoing investigations" when appropriate
- Demonstrate organizational stability and continuity
Special considerations:
- Death/bereavement: Compassion first, operational continuity second
- Legal investigations: Coordinate with legal team, respect presumption of innocence
- Misconduct allegations: Balance transparency with fair process
- Succession crisis: Reassure stakeholders of continuity and governance
Media Monitoring:
- Traditional news outlets
- Trade publications
- Regional/local media
- Broadcast media
Social Media Listening:
- Brand mentions (direct and indirect)
- Executive name monitoring
- Industry-relevant keywords
- Sentiment analysis
- Volume spike alerts
Red Flags:
- Sudden volume increase (>200% normal baseline)
- Sentiment shift (positive to negative)
- Inorganic activity patterns (bot networks)
- Coordinated messaging
- Verified account amplification
- Mainstream media pickup of social narrative
Tier 1 - Monitor: Elevated activity, no immediate action Tier 2 - Notify: Brief crisis team, prepare holding statements Tier 3 - Activate: Immediate response required
- Verify: Confirm incident details
- Assess: Determine crisis level (1-3)
- Activate: Notify crisis team
- Contain: Take immediate action to limit damage
- Prepare: Draft holding statement
- Communicate internally: Brief employees
- Communicate externally: Issue initial statement
- Monitor: Track response and emerging narratives
- Coordinate: Align with legal, operations, HR as needed
- Plan: Develop ongoing communication strategy
- Update: Provide new information as available
- Engage: Respond to key stakeholders
- Analyze: Track sentiment and reach
- Adjust: Refine messaging based on response
- Document: Record all actions and decisions
We are aware of [incident description]. The safety and wellbeing of [affected parties]
is our top priority. We are currently [actions being taken] and will provide updates
as more information becomes available. For immediate concerns, please contact
[appropriate channel].
Update on [incident]: [New information]. We have [actions taken] and are continuing
to [ongoing actions]. We expect [timeline/next steps]. Thank you for your patience
and understanding.
Following [incident], we can confirm that [resolution]. We have [corrective actions]
to prevent recurrence. We apologize for [impact] and thank [stakeholders] for
[response/support]. For questions, please contact [channel].
- Employees: First to know, internal channels
- Customers/Users: Direct impact, immediate notification
- Regulators: Legal obligations, formal notification
- Leadership/Board: Executive briefing, decision authority
- Media: Proactive or reactive depending on severity
- Partners/Vendors: If operational impact affects them
- Investors: Public companies, material impact
- Community: Local incidents, social responsibility
- Internal: Email, intranet, team meetings, leadership briefings
- Customers: Social media, website, email, SMS, app notifications
- Media: Press releases, media statements, spokesperson interviews
- Regulators: Formal notifications per legal requirements
What happened:
- Timeline of events
- Initial detection method
- Response activation time
What worked:
- Effective protocols
- Successful communications
- Team coordination strengths
What didn't work:
- Protocol gaps
- Communication delays
- Resource constraints
Lessons learned:
- Process improvements
- Training needs
- Template updates
- Technology enhancements
- Time to detection
- Time to first response
- Stakeholder reach
- Sentiment analysis
- Media coverage (volume, tone, reach)
- Resolution time
- Customer/employee feedback
- Social listening platforms (Sprout Social, Brandwatch, Hootsuite)
- Media monitoring services
- Google Alerts
- Internal reporting systems
- Mass notification systems
- Social media management tools
- Email distribution systems
- Crisis communication hotlines
- UK Government Crisis Communications Operating Model
- Industry-specific regulatory guidelines
- Legal counsel contact protocols
This framework is based on real-world crisis management experience. Contributions, suggestions, and adaptations are welcome. Please open an issue or submit a pull request.
MIT License - Free to use and adapt for your organization's needs.
Begoña Penón
Crisis Communication & Reputational Risk Management Specialist
LinkedIn | GitHub
Developed based on 9+ years managing corporate communications in highly regulated environments, including real-world crisis response during cybersecurity incidents, public health emergencies, and severe weather events.
Una versión completa en español de este framework está disponible bajo petición a la autora.