How to Prepare for a Crisis: A Field-Tested Playbook

Week 3 – A Good Major Incident Process Saved Downtime ⚡ Major Incidents = High pressure, high visibility. Example: A global company had a full network outage. Instead of chaos, they followed a clear Major Incident process: - Rapid communication to stakeholders. - War room with defined roles (not 50 people shouting). - Post-incident review with action items. ⏱ Result: Downtime reduced by 40%, business impact minimized. 👉 Question: Do you have a structured Major Incident process, or is it “all hands panic mode”?

I was called in after a company lost a $5M shipment because of a $50 gasket. By the time I arrived, the shipment was gone, the line was down, and the customer was angry. The question on everyone’s mind was: how could such a small part create such a big disaster? On paper, the company looked strong. Process maps were spotless, SOPs were clear, metrics were tracked daily. If you only looked inside the process boxes, everything was fine. The problem was never in the process boxes. It was in the lines between them. That gasket request fell into a gray area. Maintenance thought supply chain had it. Supply chain thought production was on it. Three unanswered emails. No clear owner. The part slipped through the cracks, and the cost of silence was millions. When I came in, we didn’t rewrite every process, we zoomed in on the handoffs, we clarified ownership at every transition, we made the gray zones visible, so nothing could hide there. Small changes, but powerful ones. And that’s what I’ve carried forward ever since. Whenever I work on process improvement, I spend as much time on the lines as I do on the boxes. Because that’s where processes really live. It’s easy to admire a clean flowchart. But protecting your shipments, your customers, and your reputation depends on what happens in the gray.

Last I shared the story of the $5 million phone call. How do we avoid this? Simple. Run this drill at your next board meeting: No PowerPoints. No preparation. J ust a realistic scenario and a clock. "It's Saturday. We've been breached. Customer data is encrypted. Customers are calling. What happens in the next hour?" Watch how quickly "we're prepared" becomes "we have no idea." Stop presenting technical metrics. Start asking governance questions: If this happened during the board meeting, who would leave the room to make decisions? "What's our budget authority for emergency spending?" "Who's our single point of contact with legal during a crisis?" The uncomfortable truth.. Incident response isn't a technical problem. It's a leadership problem.

Ever found yourself moving too fast in the digital world, only to face unexpected consequences? Consider the concept of a 'cooldown timer'—a personal safeguard against overzealous actions. It’s a reminder that patience and timing can be crucial, especially when navigating new environments or systems. By understanding the parameters and respecting the process, one can avoid triggering unwanted flags or disruptions. It’s about strategically planning movements and interactions. How do you ensure thoughtful action in your own endeavors? Curious to hear your strategies. #StrategicPlanning #DigitalStrategy #TimeManagement #RiskManagement #ProfessionalDevelopment

A response plan shouldn’t just be for compliance. It should be actionable and enable a fast structured response, even under pressure. That’s why we’ve created this playbook, based on practical examples we’ve seen across the industry. It outlines five core pillars that consistently separate effective plans from those that falter: - Clearly assigned roles and responsibilities - Defined escalation thresholds - Centralised visibility through telemetry and tooling - Structured internal and external communications - Post-incident review and continuous improvement If your plan doesn’t address all five, this is a helpful benchmark to guide your next review. Get the playbook here: https://ow.ly/XRZG50WCBy3

Stop firefighting. Start fixing your flow—today. Most teams spend hours chasing missing parts, approvals, or answers. The result? Delays, finger-pointing, and wasted effort—every single shift. Here’s a lean fix you can trial this week: Map one process on a whiteboard. List each handoff and owner. Walk the line with your team—ask where things stall, who gets stuck, and why. You’ll spot bottlenecks in minutes, not months. This is how we helped one London fit-out firm cut lead-times by over 60% in six months. No theory—just practical, visible change. Curious what’s blocking your flow? Book a 20-minute workflow review. See how fast you can move when everyone owns their part.

Ever inherited a mid-flight project with no manual? (If you said yes, we are now friends). Here’s the takeover playbook I use to turn “uh-oh” into a plan: 0) Prime Directive No blame, no lore—just facts and forward motion. 1) 48-Hour Triage Pull PO/contract/SOW, change orders, risk log, schedule, budget. Read the last 90 days (even Joe’s cryptic emails). Confirm stakeholders + comms prefs and decision rights. Quick reality check: SPI/CPI/BAC/EAC/ETC (are we on time/on budget?) Commercial check: invoices sent? unpaid AR? unapproved work? 2) 7-Day Stabilize Freeze scope; stop non-critical work. Daily 15-min standup: blockers → owners → due dates. Map critical path + top-10 blockers. Develop (or confirm) a decision-rights matrix (RACI-ish). 1:1s with sponsor, customer POC, leads, key vendors. 3) Baseline Reset (week 2) Bottom-up ETC; re-sequence to real constraints & funding. Set new targets (e.g., SPI ≥ 0.95, CPI ≥ 0.98). Rebuild risk register + reserves; tighten change control. Publish Re-Baseline + Stakeholder Alignment Memo (what/why/new dates/cost/risks/comms). Get sign-off. 4) 30/60/90 Recovery 30: kill low-value work, surge the critical path, clear 70% blockers. 60: hit first milestone under the new baseline; SPI/CPI trending up. 90: steady cadence—weekly EVM dashboard, stage-gates, approved changes only. 5) Communicate, communicate, communicate Day 1: State of the Union (what I inherited + when to expect the plan). Days 2–5: targeted 1:1s to align expectations. Day 5–7: reset briefing (15 slides max). Weekly: 1-page traffic light + owners/dates; exec summary for leaders, detail for doers. Pro tip: Add quality/HSE gates and acceptance criteria to every milestone. Saves rework and arguments. Want my takeover checklist + comms cadence matrix + re-baseline memo template? Comment RESET and I’ll share.

When tackling operational inefficiencies, I always break it down into simple steps: 1) Identify the problem. 2) Analyze the root cause. 3) Implement a practical solution. It's about keeping it focused and not getting bogged down in complexity.

A lot of risk reports land on desks telling us about fires that are already out – resulting in old data, siloed teams and a lot of panicked reactions. In NAVEX's latest blog, Kyle Martin, our VP of product management, provides a 5-step, no-nonsense framework to help you: ➡️Stop soft-pedalling risk assessments and find real points of failure ➡️Build a living compliance program instead of a static policy binder ➡️ Shift the conversation from "here's what we fixed" to "here's the value we created" If you're ready to manage the future instead of documenting the past, take a look at our latest blog article here: https://ow.ly/bAlJ30sOXZl

It starts with pleasing everyone, and ends with no one happy. Every incident turns into a research project. Saying “yes” to everything leads to: • More custom solutions • Countless workarounds • Quick fixes with whatever’s available • Dependence on features that were never fully tested Rising Costs & Complexity • More customization = higher maintenance costs • Systems become fragile, complex, and hard to manage Instability & Downtime • Downtime increases • Fixes fail more often • Every incident becomes a lengthy research project No one is happy, not even the people you tried to please. You’re left alone to deal with: • Upgrade hell • Scaling nightmares • The blame for instability and outages After all, it’s your fault. You could have said “no.” They didn’t know better, but you did. Only when you start with “no,” is there something real to talk about. It’s not the end. It’s how you learn about the situation. It forces others to work harder, clarify real needs, expose the details, and learn about the risks. -----