Contributed By Noerr
Key Aspects of Crisis Management
For the purposes of this article, the authors define “crisis” as any internal or external situation that poses an acute and significant threat to an organisation’s reputation, assets or operations and that therefore requires immediate action. Crisis management is understood as dealing with such situations.
The following aspects are particularly important.
Economic challenges
Germany’s 0.2% GDP contraction in 2024 has prompted companies to enhance their crisis preparedness. Businesses are focusing on financial resilience and supply chain stability to navigate economic uncertainties.
Global political developments
Recent political manoeuvres have introduced new risks, leading companies to reassess their crisis management strategies to address potential political instability. Political changes can lead to delays or changes in the legislative process and can affect the country’s geopolitical stance, potentially altering international relations and trade agreements.
Regulatory changes
Germany and the EU have ramped up their crisis legislation. Companies are adapting by updating compliance systems and engaging in scenario-planning to align with such new regulations.
Cyber-attacks and AI
Cyber-risks have become increasingly significant – especially due to an increase in cyber-attacks and the malevolent use of AI.
Product liability/green claims
Companies face liability for defective products and misleading green claims, which can lead to legal action.
Whistle-blowing
As critical behaviour or actions can often only be identified from within an organisation, regulators and other bodies place great importance on employees having appropriate channels to raise concerns. This can effectively spotlight unlawful behaviours that would have otherwise gone unnoticed.
ESG/working conditions
The increasing importance of ESG poses legal risks. This global trend reflects society’s increasing focus on sustainability, which is leading to greater scrutiny and potential legal consequences for companies. As Germany faces more natural disasters, there is an urgent call for enhanced crisis response frameworks that can address environmental catastrophes.
Anti-money laundering
Certain laws, such as Section 5 of the German Anti-Money Laundering Act (Geldwäschegesetz – GWG), mandate risk analysis for money laundering and terrorist financing. The European Union (EU) has established the Anti-Money Laundering Authority (AMLA), which will commence its operations in summer 2025. Companies must stay alert to regulatory changes and address their money-laundering risks.
Competition law and antitrust
Competition law and antitrust regulations play a crucial role in crisis management by promoting fair competition and preventing monopolistic practices that can exacerbate economic downturns. During a crisis, effective enforcement of these laws ensures that businesses remain accountable and prevents anti-competitive behaviour, such as price-fixing or collusion, which can hinder recovery efforts.
Sanctions
Sanctions and export controls have become increasingly important following Russia’s invasion of Ukraine in 2022. Businesses with ties to Russia must remain vigilant as EU sanctions violations are legally punishable in Germany. To strengthen enforcement, Germany introduced the Sanctions Enforcement Acts I and II (Sanktionsdurchsetzungsgesetz – SDG I and II) in 2022, which expanded powers to investigate and seize assets, established a centralised sanctions enforcement body and increased anti-money laundering measures.
Fraud
Another concern is internal fraud, which is experiencing a resurgence. Further development of new technologies and AI presents growing opportunities for malicious actors to exploit them, leading to increasingly sophisticated and innovative fraud schemes.
The following aspects affected crisis management past practice.
Integration of AI
AI and machine learning enhance sales, predictive analytics, real-time monitoring and automated responses. However, ethical considerations are often overlooked, creating risks of manipulation and misconduct. Irresponsible implementation, especially in the absence of clear regulations, can become a catalyst for crises and lead to severe management failures. However, the use of AI in crisis management processes — ranging from predictive analytics for crisis forecasting to automating response plans — has become increasingly important.
Emphasis on mental health
The recognition of mental health’s role in crisis management has grown. Companies are increasingly implementing support systems for employees and communities affected by crises, acknowledging the psychological impact of emergencies.
These trends have driven organisations to adopt proactive and comprehensive crisis management approaches, emphasising agility, regulatory compliance and stakeholder communication to effectively navigate developments.
The energy-intensive industries and the automotive and logistics sectors were the most susceptible to crises in the past 12 months. Geopolitical tensions (eg, between Russia and Ukraine) led to production stoppages, supply chain disruptions and increased costs. To enhance resilience, supply chains are being diversified, and investments in renewable energy are increasing. This is supported by government measures and technological innovations.
In past crises, there have been the following notable examples of acquisitions, in particular.
These examples highlight how major German companies have actively used acquisitions to adapt and strengthen their operations in response to the challenges and opportunities that have emerged from recent crises.
The primary laws governing crisis management in Germany include the following.
These laws are enforced by federal, state and local governments and their designated authorities.
In Germany, there have been recent amendments to or ongoing discussions about amending the following laws, based on past crises.
The Federal Ministry of the Interior (Bundeministerium des Inneren und für Heimat, or BMI) is responsible for co-ordinating civil protection and disaster management at the federal level. It oversees preparedness actions, develops policies, provides guidelines and supports state authorities. The Federal Office of Civil Protection and Disaster Assistance (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe, orBBK) plays a central role in co-ordinating civil defence measures. It implements civil protection policies, organises training, and provides resources and information for crisis management.
The Federal Agency for Technical Relief (Technisches Hilfswerk, or THW) plays a crucial role in technical support during disasters and emergencies, providing equipment and personnel to assist local authorities in their response efforts.
The federal government monitors and evaluates crisis response measures through reporting by the ministries and authorities involved, as well as through reviews and follow-up of operations to optimise future procedures.
Each German state has its own disaster management authority, which is responsible for implementing federal policies and co-ordinating local responses. It works closely with the federal government and local governments to ensure effective crisis management.
Local governments play a key role in crisis management, as they are responsible for the implementation and realisation of specific measures. This includes the implementation of emergency plans, the co-ordination of local resources, and helping affected populations.
As part of their duties, public authorities are obliged to review their ability to respond adequately to crises. This ensures that effective action can be taken if necessary.
The German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin) plays an important role, ensuring that institutions in the financial sector have appropriate emergency and crisis plans in place. It is responsible for monitoring of such institutions’ financial stability.
The Federal Network Agency (Bundesnetzagentur, or BnetzA) ensures that critical infrastructure sectors such as energy, telecommunications and transportation meet specific security and preparedness standards. For public institutions, the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) provides guidelines on IT security and resilience, and assesses measures to secure the digital infrastructure. Independent studies and audits contribute to the review of crisis preparedness and ensure that both private and public organisations have a suitable framework for crisis situations.
There are mandatory mechanisms to ensure public reporting and provide transparency in Germany. This includes but is not limited to sector-specific disclosure requirements designed to create transparency in dealing with crises. For example, there is an ad hoc disclosure obligation in capital markets, and there are reporting obligations under the German Banking Act (Kreditwesengesetz, or KWG) for the granting of certain loans, with regard to ESG, as well as under the Freedom of Information Act (Informationsfreiheitsgesetz, or IFG).
These mandatory mechanisms ensure that both private and public entities remain accountable and transparent about their crisis response actions, thereby enhancing the overall resilience and preparedness of German society.
Germany has established specific regulatory requirements for crisis management and prevention across key sectors such as healthcare, finance, and critical infrastructure.
Healthcare
Hospitals are mandated to enhance their IT security measures in order to comply with the standards of the BSI. By the end of 2021, all hospitals were required to upgrade their IT systems accordingly. Furthermore, each state has its own health authority to supervise public health crisis management, requiring the development of guidelines and response protocols for health crises.
Finance
Financial institutions must adhere to stringent crisis management protocols as outlined by the BaFin. These include maintaining robust risk management frameworks and ensuring liquidity to handle potential crises.
Critical Infrastructure
Since 2009, Germany has a National Strategy for Critical Infrastructure. The Critical Infrastructure Umbrella Law (KRITIS-DachG) should introduce cross-sector requirements for operators of critical infrastructures, necessitating comprehensive risk management strategies. Companies are required to register and implement protective measures to comply with this legislation. The KRITIS-DachG has not yet been adopted. Once implemented, this legislation aims to enhance the resilience of critical infrastructures, ensuring that vital sectors such as energy, water and transportation can withstand crises and continue to operate effectively.
Monitoring and evaluation of these actions are conducted through regular audits and assessments by relevant regulatory bodies. Non-compliance can result in penalties, emphasising the importance for companies to proactively implement and maintain effective crisis management and prevention measures.
In Germany, there are several pre-structured public-private co-operation frameworks to enhance crisis prevention and response.
Germany has a national crisis management policy framework that is structured to address various types of crises. This framework is anchored in several laws and regulations as well as in the crisis management developed at federal and state level.
The national crisis management plan is divided into several stages: prevention, preparation, response and recovery. It includes co-ordination between various state institutions, such as the BBK and other relevant authorities at state and local level.
It is implemented through regular exercises, training and assessments to ensure that the agencies involved can work together effectively.
The BMI supervises crisis management and co-ordinates with other ministries (such as the Federal Ministry of Health) during health crises. Central to this is the federal government’s crisis team, which unites relevant ministries and authorities for a co-ordinated approach when necessary. At the operational level, situation centres in ministries, such as the BBK, are responsible for crisis response (see 2.8 National Crisis Management Plan).
Regular co-ordination at various government levels facilitates real-time communication and strategy adaptation. Federal and state agencies conduct joint exercises and simulations to refine protocols, test communication channels and enhance co-ordination.
Specific laws and guidelines outline the roles and responsibilities of different government entities. This legal structure ensures clarity in operations and decision-making processes during emergencies. Through these mechanisms, Germany ensures that government entities can work together effectively.
Companies typically structure their crisis management plans to align with:
German companies emphasise risk assessment, regulatory compliance and structured response protocols to ensure resilience during crises.
Key components of an effective crisis management strategy in Germany are as follows.
In Germany, various legal provisions require the establishment of a risk management system (eg, Section 91 paragraph 2 of the AktG). However, the specific design of this system is not mandated by law; companies are allowed to design this system according to their individual needs.
Therefore, the organisation of companies’ internal governance depends on multiple factors, such as size of the company, risk proneness of the services provided and previous points of contact with critical issues. Companies typically organise their internal governance for crisis prevention and response through different structures that sometimes also include special crisis committees dealing specifically with the preparation and management of crisis situations. However, there is no obligation to establish a crisis committee; whether this is necessary depends on the impact of the crisis. While a crisis with a low impact might be handled by a sole crisis manager, crises with a higher impact might need to be handled by a dedicated risk management committee.
Larger companies or those in high-risk industries tend to have permanent crisis committees to evaluate risks and prepare for potential crises, while others convene them on an ad hoc basis as required. Their formation and structure can vary by industry, company size and the respective crisis. Common features of crisis committees are a clear structure with defined roles and responsibilities, regular meetings to update crisis plans and the organisation of crisis exercises. In terms of the degree of independence, a crisis committee usually has limited autonomy and works closely with the company management.
A crisis management team typically consists of members from various key departments to ensure a comprehensive response. These members usually include the following:
The frequency of meetings depends on the severity and nature of the crisis. The team may meet daily or even several times a day to assess and respond to urgent developments. In less urgent situations or during regular reviews, meetings may be held quarterly or semi-annually.
In Germany, effective communication is essential for handling crises efficiently. Companies set up internal communication channels to provide regular updates and hold meetings to discuss ongoing developments and the current situation. Collaboration between different departments in the company ensures a cohesive response. Involving management in regular briefings allows for strategic decision-making based on the current situation.
Companies usually engage external experts (such as lawyers and communication experts) to manage crisis management and prevention, especially if they lack specific expertise or need an unbiased, objective perspective. External experts provide specialised knowledge, experience from past crises and resources that are not readily available within the company. If lawyers serve on the crisis committee as external experts, communication may be protected by attorney-client privilege.
External advisers possess strong analytical skills, strategic foresight and the ability to make quick, informed decisions under pressure. Their experience helps businesses prepare for crises. Their investigative skills allow them to assess past failures, mitigate risks and implement sustainable solutions to prevent recurrence.
The criteria for selecting external experts usually include:
Common indicators used by companies to assess the success of crisis management efforts include the response time and the effectiveness of communication strategies. Other indicators include minimising financial losses, maintaining business operations, employee and stakeholder satisfaction, and feedback from people involved in crisis management.
In order to continuously improve crisis management strategies, companies conduct follow-up meetings after a crisis (see 7.1 Post-Crisis Review: Learning Lessons).
A company can identify a crisis and its potential legal implications through several channels. These include a direct approach from authorities (such as a warrant or dawn raid), internal whistle-blower reports, subpoenas, or external sources (such as media articles). The way a crisis is identified will often determine the immediate steps taken in response.
Once a potential crisis is identified, companies typically undertake the following immediate steps to assess the situation.
To assist with the crisis identification and communication, companies may use tools such as risk management software, alert systems and communication platforms. These tools streamline information flow, enable swift internal communication and ensure that accurate information is shared with stakeholders in a timely manner.
Companies use various frameworks or models for crisis management, often inspired by international standards such as ISO 22301 providing a framework for business continuity management. In critical infrastructure sectors in particular, there are strict legal requirements, such as the KRITIS programme (see 2.6 Sectorial Requirements) or the BSI IT baseline protection for cybersecurity (see 3.1 Crisis Management Plans).
Another essential standard is IDW standard No 6. It requires a comprehensive restructuring concept that assesses a company’s viability in crises, and is prepared by an independent third party. Additionally, a draft for a new IDW standard (IDW ES 16), regarding the design of crisis early detection and crisis management according to Section 1 of the StaRUG, has been published.
Typically, a company’s crisis response plan contains several key elements:
Companies usually identify and assess potential risks that could lead to a crisis as part of a systematic risk management process. This process often includes the following steps.
Risk factors relevant for crisis preparation include:
These risks can generally be mitigated by preventative measures:
By systematically identifying and assessing risks and implementing preventative measures, companies seek to minimise the likelihood and impact of potential crises.
Simulation exercises can prepare companies for potential crises. The frequency of such simulation exercises depends on company size, sector and risk exposure. Many companies conduct them at least annually. Some high-risk industries, such as finance, may perform exercises more frequently to ensure preparedness and compliance with regulatory requirements. It allows companies to practise their crisis response procedures and ensure that all team members involved are familiar with their responsibilities in the event of a crisis.
Common scenarios in simulation exercises include the following.
By conducting these exercises regularly, companies aim to refine their crisis management strategies, improve team co-ordination and ensure that employees are well prepared to handle real-life crises effectively.
Companies provide training programmes to ensure employees understand best practices for crisis prevention and response. The training covers the crisis response plan, individual responsibilities and communication procedures. Employees also engage in simulations of critical scenarios to reinforce their roles.
Regular updates and refresher courses are recommended to keep staff informed about crisis management practices, and companies offer handbooks and online resources for easy access to protocols. Co-ordination with legal and compliance teams is essential to ensure awareness of operational and regulatory considerations.
Training initiatives are typically managed by crisis management teams or departments such as HR, with support from senior management to encourage participation.
Many companies implement specific policies for crisis preparation and prevention, establishing a crisis management framework that includes response procedures, communication plans, risk assessments and training for employees. These policies are formally documented and include procedures and measures for activation and communication.
To ensure that the crisis management plan remains effective, companies must regularly review and update their policies to reflect changes in their operational landscape and emerging risks.
When in crisis, companies face a plethora of legal challenges in Germany, not only caused by the crisis itself but by subsequent events such as internal investigations, criminal charges or third-party actions. The scope of potential legal challenges depends heavily on the nature and extent of the crisis.
Overall, the following (potential) legal challenges can be identified.
Addressing these challenges requires proactive and proper legal risk management, continuous monitoring of regulatory changes, and effective communication with stakeholders to mitigate potential legal impacts during a crisis.
Companies must ensure that they comply with all relevant regulations in order to minimise liability risks. This often requires close co-operation with compliance and legal departments. The following main authorities can represent significant exposure to legal liability for companies and management:
For internationally active companies, foreign or European enforcement authorities can also pose a risk. These can include the following:
During a crisis, companies need to co-operate with enforcement and supervisory authorities – particularly on regulatory and legal matters, which may include regular reporting and (at times) appointing an external monitor to ensure compliance. Companies typically provide updates to authorities, with the frequency depending on the crisis’s nature and legal requirements.
German companies assess potential legal risks and liabilities through risk management frameworks, internal audits and legal compliance reviews. This process includes identifying regulatory obligations, evaluating contractual risks and analysing past legal issues to prevent future liabilities. Legal teams, often in collaboration with compliance officers and external counsel, conduct due diligence, monitor legislative changes and review industry-specific risks.
Regulatory compliance is a key factor to be considered in the assessment of potential legal risks and liabilities for companies in Germany. This includes adherence to significant regulations.
Contractual obligations are another critical factor. Companies must ensure that all contractual agreements are clear and enforceable to minimise the risk of breaches or misunderstandings. Data protection risks are also a primary focus, especially given the stringent requirements of the GDPR.
Compliance with labour laws is highly relevant, as breaches of employment regulations can result in significant penalties and legal disputes. This includes maintaining fair employment practices and adhering to health and safety regulations.
Potential litigation risks are carefully analysed and re-evaluated on an ongoing basis to prepare companies for possible legal challenges and to develop appropriate risk mitigation strategies.
Additionally, companies assess financial risks and potential reputational damage, which could occur in the event of negative publicity.
In-house teams play a crucial role in crisis management, ensuring compliance with laws and industry-specific regulations while mitigating legal and reputational risks. They support developing crisis management policies and procedures, and handle regulatory reporting, crisis communication oversight, contract disputes and potential litigation. Legal teams handle communication with regulatory authorities and participate in after-action reviews to assess the company’s response, identify any legal weakness and improve risk management.
The legal team’s structure depends on the company’s size, the industry in which it operates and the specific nature of possible crises. Typically, it includes in-house counsel familiar with the company, compliance officers ensuring regulatory adherence and regulatory experts knowledgeable about complex legal frameworks. The legal team collaborates closely with executives to align legal and business strategies.
Many companies, especially in regulated sectors, engage external legal counsel for specialised expertise. External legal counsel is selected based on:
In complex cases, companies and their boards may even retain multiple law firms to cover different aspects of legal defence and reputation management.
In Germany, companies are subject to retention obligations under commercial law. For example, the German Commercial Code (Handelsgesetzbuch, or HGB) requires that consolidated financial statements, management reports and group management reports – as well as related work instructions – be retained for a period of ten years. Even if not required by German law, companies may consider implementing document holds as part of their due diligence, especially if they operate internationally and may face foreign investigations.
Document preservation should start early in a crisis, suspending deletion protocols to avoid losing relevant information. Close collaboration with the IT department is vital for identifying custodians and determining the preservation scope. Organisations must therefore establish and actively manage clear policies to ensure that all relevant information is properly captured, secured and retained to meet legal requirements.
Methods for capturing and storing relevant documents and evidence include:
These methods also help the company to ensure compliance with legal requirements for evidence preservation.
Settlement arrangements for consensual resolution of litigation derived from the crisis is typically based on the nature of the dispute, the parties involved and the specific circumstances. The following are suitable methods for resolving legal disputes in connection with a crisis:
Non-monetary agreements may include agreements to implement changes in procedures and policies to address the issue that led to the crisis or litigation.
Settlement agreements must comply with the applicable laws and may require approval from authorities.
Common types of insurance include:
Further, the scope of insurances may include:
To manage claims and obtain insurance cover, companies in Germany generally work closely with insurers or insurance brokers. This includes the following.
Through clear communication and compliance, companies can effectively use their insurance cover to manage crisis-related costs and litigation.
The term “reputation” refers to the perception and credibility of a company among its stakeholders – ie, shareholders, customers, employees and the public. Reputation can significantly influence the success and sustainability of a company. Proactive reputational management strategies – such as a functional compliance management system – foster stakeholder trust and ensure transparent communication.
After a crisis, companies must assess the impact on their reputation. Indicators are media analysis, customer feedback, stakeholder interviews and financial performance. Tools such as social media monitoring, brand perception surveys and analysis software aid in assessing public opinion. Additionally, share prices, customer retention rates and regulatory audits are key indicators of reputational damage.
To restore reputation after a crisis, companies take several steps:
There are various crisis reporting requirements in Germany – in particular, including the following.
Establishing crisis management teams and collaborating with legal and compliance departments is essential for companies to effectively navigate crises and meet regulatory requirements. Legal teams ensure compliance with regulations to avoid penalties, while crisis management teams handle the operational response. This collaboration minimises the risk of legal repercussions (such as fines for data breaches), protects the company’s reputation and ensures that communications with stakeholders are legally sound, helping to maintain trust among customers and investors.
Organisations co-ordinate communication between different stakeholders through well-structured communication strategies and clearly defined responsibilities. Typically, a centralised communications team or crisis communications department ensures consistent messaging. In addition to the crisis management team, the public relations officer is involved in drafting and disseminating messages. Companies can use centralised platforms, ensuring consistent updates across multiple channels, such as emails, newsletters and websites, to provide real-time updates.
Common triggers for communicating crises to stakeholders include:
Effective internal communication during a crisis is essential for aligning employee responses and fostering trust. The crisis communication plan should outline how and when to convey information, using centralised channels and intranet updates. Companies must provide ongoing updates and a contact point for employee inquiries. Additionally, debriefing sessions are important for improving responses to future crises.
The first key stakeholders to be informed include:
Informing the supervisory board is essential as it oversees management’s actions during a crisis, provides strategic guidance, and ensures compliance with legal and regulatory requirements. It may also need to engage with stakeholders in alignment with management’s communications.
An effective public and media communication strategy involves prompt and transparent messaging following a crisis to build credibility and trust with stakeholders.
Timing and the extent of the first communication depend on the unique circumstances of the crisis, as the origin and extent of the crisis might still be unknown. Companies must balance the benefits of timely communication with the risks of sharing incomplete or inaccurate information. The initial message sets the tone for future communications, and overpromising can lead to reputational damage. Therefore, it is crucial to avoid definitive commitments that may need to be retracted later.
Furthermore, all communications should deliver consistent messages. After a crisis is resolved, companies provide follow-up communication outlining what has been learned, changes that will be made and how future incidents will be prevented.
Another key strategy for effective crisis communication is proactive media engagement. This enables the company to have established points of contact and trusted sources when a crisis arises, helping to ensure that information is communicated quickly and accurately. Proactive engagement includes providing regular updates to the media, holding press conferences when necessary and giving interviews. This approach helps companies control the narrative, reduce speculation and prevent misinformation.
Main challenges faced by companies include the rapidly changing situation during a crisis. Therefore, a challenge for companies is keeping pace with new information or changing circumstances while deciding on the proper extent and timing of communication. Companies must filter through an overwhelming amount of information, making it difficult to provide a clear response. Successful crisis communication should explain the incident, simplify complex issues and point out possible solutions.
Companies communicate with investors and shareholders about crises and potential legal disputes through official channels such as ad hoc announcements, corporate news, quarterly reports and investor conferences/calls. They aim to communicate clearly and transparently about the nature of the crisis, potential impacts, and the steps being taken to mitigate risks. Transparency and immediate communication are crucial to maintain investor confidence. After the crisis, companies often provide follow-up reports to investors.
In addition, companies engage in direct communication with key institutional investors and major shareholders. This personalised approach helps address any specific concerns and provides a more detailed understanding of the company’s crisis management.
The supervisory board – in particular, the chair – needs to be addressed in a timely manner, as it ensures that the company’s response complies with legal and regulatory requirements. This is sometimes delayed due to reliance on management or lack of established protocols for escalation in critical situations.
During a crisis, addressing customer concerns and maintaining trust is critical for companies. The following strategies are commonly used.
Companies use various channels to communicate with customers, including email, social media, the company website (eg, FAQs and guidance), customer service lines and press releases.
During a crisis, German companies ensure that employees are informed and supported through transparent communication, dedicated support programmes, and leadership engagement. They can use regular updates via email, intranet portals, meetings and crisis hotlines to keep employees informed.
To maintain morale and productivity, companies rely on leadership visibility to foster a sense of stability. Managers are trained to offer reassurance, recognise employee contributions and encourage collaboration.
Companies often establish specific communication channels for those affected by a crisis, sometimes as a requirement based on the crisis’s nature.
For example, data privacy laws mandate notifying affected individuals in the event of a data breach. In addition, product safety and consumer laws require companies to communicate in crisis situations. According to the German Product Safety Act (Produktsicherheitsgesetz, or ProdSG), companies must immediately recall products that pose a risk to the health and safety of consumers and inform the affected consumers. This also requires specific communication measures to reach the affected persons quickly. In connection with the German Act for the Better Protection of Whistle-Blowers (Hinweisgeberschutzgesetz, or HinSchG), companies are required to establish and maintain internal reporting channels to allow employees to report violations.
Clear communication with affected parties is crucial for transparency, trust and damage control. Common communication channels ensure effective two-way communication, ensuring timely updates while offering opportunities for feedback and questions.
Companies carry out the “lessons learned” process after a crisis, conducting analysis workshops to assess the strengths and weaknesses of the crisis management system. This includes stakeholders, the crisis management team, managers and leaders from affected departments. Companies may involve external experts to provide an objective evaluation and specialised insights. Results are documented and reported.
The post-crisis reviews should include answers to the following questions.
All findings need to be documented thoroughly.
Companies update their strategies and procedures after a crisis by transforming the “lessons learned” into concrete measures, which might include updating the crisis management plan, communicating any changes in the crisis management to employees and organising training. Companies establish mechanisms to monitor the effectiveness of updated policies and procedures. Implementing feedback systems also allows for continuous input after updating the policies. The approach outlined in 7.1 Post-Crisis Review: Learning Lessons is an iterative process that ensures that companies continuously learn from past experiences and strengthen their resilience to future crises.
Companies can measure the effectiveness of their crisis management strategies using various methods, such as:
Comparing performance in crisis situations with predefined key performance indicators (KPIs) helps to identify weaknesses and strengths.
There are several public sources for benchmarks, industry standards and best practices in the field of crisis management in Germany, which also help companies to stay updated. Organisations such as the BBK offer guidelines and resources related to crisis management and civil protection. International standards, such as ISO 22301 for business continuity management, also serve as a reference for best practice for companies. IDW standards, such as IDW S6, help enhance risk management by providing a structured and consistent framework that facilitates comprehensive risk assessment and accountability. This standardised approach promotes best practices, ensures regulatory compliance and supports continuous improvement in risk management processes.
Speditionstraße 1
40221 Düsseldorf
Germany
+49 211 499 860
+49 211 499 860 100
info@noerr.com www.noerr.com