Crisis Communication Plan Builder

# Crisis Communication Plan: CloudSync SaaS (B2B, 5,000 customers)

1. Crisis Classification Framework

| Level | Description | Examples | Response Time | Who's Notified |

|-------|------------|----------|---------------|----------------|

| **Level 1 — Critical** | Immediate threat to business operations, safety, or legal standing | Data breach with customer PII exposed, service outage >4 hours, regulatory investigation | **1 hour** | CEO, Legal, Head of Engineering, Head of Comms, Board (if public) |

| **Level 2 — Major** | Significant reputational risk or operational disruption | Viral negative social media, major bug affecting subset of customers, employee misconduct news | **4 hours** | CEO, Head of Comms, relevant department head |

| **Level 3 — Minor** | Contained issue with limited exposure | Isolated customer complaint going semi-viral, minor service degradation, industry-wide issue | **24 hours** | Head of Comms, Customer Success lead |

2. Pre-Written Holding Statements

Scenario: Data Breach / Security Incident

Initial Holding Statement (within 1 hour):

> We are aware of a security incident affecting [description of what was affected]. We are actively investigating the scope and impact with our security team and [external forensics firm if applicable].

>

> The security of our customers' data is our highest priority. As a precaution, we have [immediate action taken — e.g., rotated credentials, isolated affected systems].

>

> We will provide an update within [timeframe — 4/8/12 hours] with more details. If you have concerns, contact our dedicated support line at [number/email].

24-Hour Follow-Up Statement:

> **Update on Security Incident — [Date]**

>

> Here's what we know:

> - **What happened:** [factual description of the incident]

> - **What data was affected:** [specific data types — names, emails, payment info, etc.]

> - **Who is affected:** [number of users/accounts impacted]

> - **What we've done:** [remediation steps taken]

> - **What you should do:** [specific actions for affected users — change passwords, monitor accounts, etc.]

>

> We take full responsibility for this incident. [Name], our [CEO/CTO], is personally overseeing the response.

>

> **Next steps:** [what happens next — ongoing investigation, credit monitoring offered, third-party audit]

>

> We'll continue to provide updates at [URL of status page/blog post].

3. Stakeholder Messaging Matrix — Data Breach

| Stakeholder | Key Message | Channel | Timing | Tone |

|-------------|------------|---------|--------|------|

| **Affected customers** | Your data may be affected. Here's what happened and what to do. | Email (direct) + in-app banner | First (within 2 hours) | Empathetic, transparent, action-oriented |

| **All customers** | We had an incident. Here's what we know and what we're doing. | Email + blog post | Second (within 4 hours) | Reassuring, factual |

| **Employees** | Here's what happened, what we're doing, and what to say if asked. | All-hands Slack + emergency meeting | Within 2 hours (parallel to customers) | Honest, calm, directive |

| **Investors/Board** | Incident details, business impact assessment, remediation plan. | Direct call from CEO | Within 1 hour of discovery | Factual, strategic, with action plan |

| **Media** | Official statement only. No speculation. | Press release + prepared spokesperson | Reactive (when asked) or proactive if story is breaking | Professional, accountable, concise |

| **Partners/integrations** | Impact on shared systems, any actions they need to take. | Direct email from partnerships lead | Within 4 hours | Technical, collaborative |

4. Social Media Response Protocol

Detection Triggers

- Brand mentions spike >300% above baseline

- Negative sentiment ratio exceeds 40% of mentions

- Any mention by media outlet or influencer with >10K followers

- Customer screenshot of incident goes viral (>500 shares)

Response Framework

| Sentiment Level | Response | Example |

|----------------|----------|---------|

| **Angry customer (individual)** | Acknowledge publicly, move to DM | "We hear you, [name]. This isn't the experience you should have. Let's fix this — DMing you now." |

| **Growing thread (5-20 mentions)** | Public acknowledgment with link to statement | "We're aware of the issue and actively working on it. Details and updates here: [link]" |

| **Viral (100+ mentions)** | CEO/founder posts personal statement | "I'm [name], CEO of CloudSync. Here's what's happening and what we're doing about it..." |

| **Media picking up** | Refer to official statement. No ad-lib. | "We've published a full statement here: [link]. We'll continue to provide updates." |

Golden Rules

- Never delete complaints (screenshots exist forever)

- Never argue or get defensive

- Respond within 30 minutes during active crises

- One voice: all social responses go through the designated comms person

6. Crisis War Room

Core Team (always present):

- CEO — Final decision authority

- Head of Comms — Message approval, media

- Legal — Liability review of all statements

- Head of Engineering (for technical crises) — Facts and timelines

Cadence:

- Level 1: War room meets every 2 hours until resolved

- Level 2: Daily standup until resolved

- Level 3: Async updates in dedicated Slack channel

7. Post-Crisis Playbook

**Within 1 week:** Blameless post-mortem

- What happened (timeline)

- What went well in our response

- What went poorly

- What we'll change

**Within 2 weeks:** Publish a public post-mortem (for technical incidents) or a "what we've learned" update (for other crises)

**Within 30 days:** Update this crisis plan based on lessons learned

**Ongoing:** Monitor brand sentiment weekly for 90 days to track reputation recovery