A crisis communication plan is a documented framework that sets out how your organisation communicates before, during and after a crisis. It defines who speaks, what they say, who they say it to, and through which channels. Without it, communication during a crisis defaults to improvisation: inconsistent messages, missed audiences and delayed responses that compound the original problem.
The plan matters because crises rarely arrive with warning and almost never allow time for deliberation. The decisions that would take hours to reach under normal conditions need to happen in minutes. A well-constructed plan makes those decisions in advance, so the people executing the response can focus on the situation rather than the process.
Every organisation's plan will reflect its own size, structure and risk profile, but the following components should be present in any plan that is fit for purpose.
Not every incident is a crisis. Treating a minor operational disruption with the same response as a major emergency depletes credibility and goodwill. Most plans define a tiered classification system: a Level 1 event might be contained within a team and resolved without public communication; a Level 3 event triggers the full crisis response, including executive involvement and external stakeholders. Define the criteria clearly so the person making the call at 2am has a framework rather than a judgement call.
The crisis communication team is the group responsible for drafting, approving and distributing communications during an incident. It typically includes a lead communicator, an executive sponsor, a legal or compliance representative, and named deputies for each role. Every person on the team should know their role before the crisis happens. Deputies are not optional: the most likely time for a key person to be unavailable is during a crisis.
Pre-approved message templates dramatically reduce response time. For the most common and foreseeable crisis scenarios, draft holding statements, internal updates and external communications in advance. These do not need to be complete; they need to be frameworks with the structure and tone agreed, so the person filling them in under pressure is making specific decisions rather than creative ones. A holding statement for a data breach, a template for a site evacuation and a framework for a leadership change cover the majority of situations most organisations face.
The channel inventory lists every communication channel available to the organisation, what it can reach, how fast it reaches it and who controls it. Internal channels (desktop alerts, intranet, email, SMS, digital signage) are separate from external channels (website, social media, press office, customer communications). Each channel should have a named owner and a clear understanding of its limitations: email reaches desk-based staff but misses deskless workers and is easily ignored, while a desktop alert reaches every logged-in device and cannot be dismissed without acknowledgement.
The stakeholder map identifies every audience that needs to receive communication during a crisis and prioritises them by urgency. Internal audiences (employees, contractors, board members) almost always come first. Regulators, customers, suppliers and the media follow in an order determined by the nature of the crisis. Knowing the audience in advance means the right message reaches the right people in the right order without the communication team having to reconstruct the map under pressure.
The escalation process defines who can approve what. In most organisations, a first-response holding statement can be approved by the communications lead; a major statement involving legal risk or board-level decisions requires executive sign-off. Mapping this in advance prevents the two most common failure modes: communications that are delayed because no one knows who needs to approve them, and communications that go out without appropriate review because the approval path is unclear.
The contact directory lists every person who may need to be reached during a crisis: crisis team members, executives, key regulators, media contacts and emergency services. It should include out-of-hours numbers and be updated at least every six months. A contact directory that lives only in the organisation's intranet is not accessible during a system outage, which is precisely when it will be needed. A printed backup or an offline copy is not paranoid; it is sensible.
Identify the most likely crisis scenarios for your organisation. A hospital faces different crises to a manufacturer; a financial services firm faces different scenarios to a construction company. Start with the five or six scenarios most likely to require a crisis response, and build the plan around those. Generic plans that try to cover every eventuality tend to cover none of them usefully.
Agree who is on the crisis communication team, what each person is responsible for, and who deputises for them. Document this formally and make sure every named person has seen and accepted their role. Do not assume people know they are on the crisis team because they have been told verbally.
For each identified scenario, draft a holding statement and an initial internal update. Get these pre-approved by legal and leadership so they are genuinely ready to use. A template that requires full approval every time it is used is not a template; it is a starting point for a process that takes as long as writing from scratch.
Complete the channel inventory and stakeholder map. Test every internal channel to confirm it works as expected: if your desktop alert system has not been used in six months, test it before you need it.
Write the plan into a single, accessible document. Every member of the crisis team should have a copy they can access offline. The plan should be stored somewhere that remains accessible during a system outage.
Run a tabletop exercise at least once a year. Present a realistic scenario to the crisis team and walk through the response: who gets contacted, what gets sent, through which channels, in what order. The exercise will reveal gaps faster than any review of the document. Revise the plan after every exercise and after every real incident.
The hardest part of internal crisis communication is not the message. It is the reach. An organisation with shift workers, deskless employees, remote staff and multiple sites cannot rely on email to get a critical message to everyone simultaneously. The employees who most need the message are often the least connected to the channels the communications team defaults to.
Multi-channel delivery closes that gap. A desktop alert pushed to every logged-in device ensures the message cannot be missed by anyone at a workstation. A corporate lock screen keeps the message visible at every login, reaching staff coming on shift after the initial alert. A desktop ticker maintains awareness of an ongoing situation without interrupting work. For communications that require evidenced receipt, such as a regulatory notification or a mandatory procedure change, acknowledgement tracking provides a timestamped record of who confirmed receipt of each message.
That audit trail is often as important as the message itself. In a regulatory investigation or insurance claim, the ability to demonstrate that every employee was informed, when they were informed, and that they acknowledged the information can be the difference between demonstrable compliance and an undocumentable assertion. See how this works across the full internal communications channel set on our crisis communication solution page.
Use the guides below to go deeper on specific aspects of crisis communication planning and response.
See how Heed streamlines internal communication across desktop, mobile, and shared screens - so every message gets noticed.
We’ll walk you through creating, targeting, and tracking notifications in real time, tailored to your organisation’s goals.
Schedule a Demo
See how Heed works across your channels, sites and shifts, and get answers to the questions specific to your industry and team size.
Schedule a Demo
Talk to use about keeping your employees informed, engaged and inspired - book a call today!
Book a Call
Proudly connecting teams worldwide, enhancing communication, and boosting employee engagement for a unified workforce.
.svg)
.svg)
© Heed 2026 - All Rights Reserved
.svg)
