What is Crisis Management in Security Management System

The process by which a company handled the major threats that can harm a customer, building and assets is called Crisis Management.

These threats includes both natural and unnatural. For example fire, terrorism, floods, earthquakes, twisters etc.






While Risk Management is the process of identifying, assessing and prioritizing the risks that can have a major impact on an organization’s working. In other words through risk management we find out the best ways to avoid any risks which can have a harmful effect on the company.

In Risk management we go through possibility of the risk happening to the organization, therefore, all sections that are identified as high risk sections are dealt first, while section with low possibility of risk are dealt later. The risks are calculated by means of control points, whether they are physical or procedural.


Crisis Management is in accordance to the situation and it clearly determines the response of a company or assets at time of any incidents, the responsibilities of the departments according to their areas and the management of the overall company.It handles the crisis from the initial stage to the final stage which is media release.Crisis management control both physical damage as well as the reputation of the company.

For Example

If asset are deemed as high profile contract to protect delicate information on secure systems for any government company.

The likelihood and possibility of a cyber-attack on the system is considered HIGH. All necessary precautions are taken by the asset to protect the information in consideration with the Data Protection Act. All employees who access the information are carefully monitor and examine.

But in case of a large attack and the asset must Crisis Manage this intrusion of security for the reasons below:

1. The highly sensitive information.

2. The security protocols intrusion
3. The damage of asset and the governmental organization who came into their contract.

The Crisis Management process is started by dividing the teams into different teams to cover all the scenarios. The teams cover following scenarios:
1. Security review locate the area where the intrusion occurred first, weather the intrusion was  inside or outside job.
2. Notifying the customer about the extent of the intrusion and letting them know about information stolen.
3. Contacting the Police.
4. Releasing the information to the press about the intrusion as per the confidentiality clause of the contract.

The above 4 points majorly cover a vast part of action points and all departments are scrutinized to cover all the areas of the crisis.


There are three elements to any Crisis:

  1. What are the threat posed to any company
  2. What is the element of surprise
  3. How short is the time to make the decision


These element are considered on how quickly the decisive action must be taken.

These elements make an influence the image of the company and the company should be always have an alternate contingency plan that can minimize the effects of such a loss.

The final report is made by the help of the tracking the events happening during and after the crisis. The final report is released to the clients and press accordingly.