Keeping your cool can be challenging when a crisis occurs and you’re faced with a massive wave of customer requests and questions. How can you consistently provide transparent and accurate communication that maintains a trusting relationship with your customers, during a time when your product or service is failing many or all of them?
It all starts with the resolve to be prepared and stay calm — and having a crisis management plan in place (one that you revisit from time to time). That said, depending on the size and maturity of your business, it’s often a crisis that illuminates the need for a plan. The truth is that no one expects a crisis, and so how you respond is always the most important thing.
Whether or not you have a plan in place, jump ahead to the section that will help you respond when you need to respond quickly.
- What qualifies as a crisis?
- The do’s and don’ts of crisis management
- How to communicate during a crisis
- Ongoing communication with customers
- A sample communications cadence
- How to create a crisis management plan
- An example crisis management process
- We’re all in this together
What qualifies as a crisis?
First, what are we talking about when we say “crisis”? There are several types of events that can qualify, including:
- Physical or public health emergency
- Service disruption
- Security incident
- Legal entanglement
- Public relations nightmare
The key element that ties all of these types of crises together is that they can affect many customers at the same time. Unlike events that affect a single customer, when a crisis affects many customers public communication is usually required, and that means you want your team to speak in a single voice.
The do’s and don’ts of crisis management
These situations can damage the trust relationships you have with your customers, so you want to do everything you can to manage and repair, if necessary, that trust — and as quickly as possible. Here are some best practices to keep in mind as you respond to an emergency situation.
Do restore service ASAP (if possible) — In a short-term crisis, the goal should be to resolve the issue and return to normal as quickly as possible. In an ongoing crisis, it may mean trying to mitigate negative impacts while the situation evolves. Share regular updates through email, social media, help center, and your company website. If service can’t be restored at the levels customers are used to, just briefly and honestly explain the situation, convey that you’re working to mitigate it, and outline the best ways to reach you and/or set expectations for response time.
Do provide a consistent response — Your crisis communications should be consistent with your brand’s voice (taking into account the seriousness of the situation) and across teams — this is a time to unite and provide a clear message that you’re there to help. Providing a timely and consistent customer experience during crisis situations also bolsters confidence that the next time there’s a crisis, customers know what to expect and trust you to execute.
Do have a plan — Whether you already have a crisis plan or are developing one on the fly, establishing a plan will help keep everyone in your organization (including your support team) calm. This will also keep your customers calm — hearing from confident, prepared, and knowledgeable employees is exactly what they want from you in an emergency situation. Customers want to know that you can manage the problem (and hopefully prevent it from happening again), and to know that you care about them.
Don’t be defensive — This is no time to deny, cover up, or shift blame. Transparency and honesty are key, both internally and externally. It’s okay to say that you don’t know the answer to a question or that you’re still evaluating the situation. Just keep the lines of communication open between you and your customers. It’s not ‘us’ versus ‘them’ — we’re all in this together.
Don’t make hasty decisions — You may need to shift tactics or reevaluate your plan several times throughout the course of a crisis. You want to act swiftly, but don’t make a hasty decision in the heat of the moment. Keep your options open and revisit your plan as the situation unfolds. You never know when you might need to pivot and you don’t want to be locked into a stance that is no longer appropriate, given the circumstances.
Don’t ignore risk — You can never be too careful, especially if health, safety or security are at risk. That doesn’t mean you should jump to conclusions, but it’s often better to be overly cautious. It’s rare that companies are criticized for being too careful or taking a potential risk too seriously. If anything, your customers may thank you for your abundance of concern.
How to communicate during a crisis
When a crisis strikes, addressing the issue at hand is the first and most critical task, but it’s closely followed by communicating effectively with your customers and stakeholders. Poor communication can destroy the trust that you’ve worked hard to establish with your customers.
Be proactive and let everyone know what’s happening. Here are some tips for communicating calmly and effectively when tensions are high.
Be timely — Communicate as soon as you can, and then follow a set cadence for follow-up communications. If you need to adjust the cadence (for example, if it becomes clear that a situation will last for days or longer), then communicate what the new cadence will be. Meeting a cadence means that sometimes you will not have new information to relay, but radio silence will needlessly increase your customers’ stress.
Be relevant — Communicate the scope of the issue (who is affected, or likely to be), as well as the impact (how it will affect them). Include workarounds, if any.
Be accurate — Don’t speculate. Incorrect information can set unrealistic expectations. Having to correct yourself publicly damages trust in your competence. Therefore, you should ensure that a situation meets your crisis criteria before communicating publicly — build in a window of time at the start of your process for this verification step.
Be compassionate — This means taking ownership and acknowledging the impact the crisis is having on your customers. Apologize for that impact, avoid being defensive, and don’t shift blame — your customers depend on you.
Be honest — This should go without saying, but… don’t lie to your customers. It will come back to haunt you. It’s okay to say you don’t know the answer to something, but try to follow up as soon as you have more information.
Be transparent — Share as much as you can, to the extent that it can be helpful in setting expectations for your customers. They don’t need to know which version of some third-party tool you use to build your software, but it can help them to know (for example) that you’re working on reverting a build, or that you’re having problems with a server that’s impacting connectivity with a particular segment of customers.
Use one voice — There are two parts to this. First, the right hand should know what the left hand’s doing. Marketing should know what customer service is communicating, and vice versa. And how often. Before you talk to customers, convene internally around a single source of truth. By no means should individual employees attempt to dive in and respond ad-hoc, as mixed messages will damage your company’s perceived competence. Second, the voice should be consistent in tone and terminology from one situation to the next. Including sample message templates in your process documentation is a great way to ensure this.
Ongoing communication with customers
One of the best ways to build confidence and trust is to proactively communicate what’s happening during a crisis. This lets your customers know that you’re on top of the situation. Here are effective ways to proactively communicate with your customers.
Provide customers with a system status page — A system status page gives your customers a place to go when they suspect something is amiss. The more detailed you are, the easier it is for your customers to know what’s going on. Include updating the page as part of your crisis management communication cadence, so that it always has the most up-to-date information, as well as links to any related and helpful resources. In a major event, consider highlighting the page prominently on owned channels, like your website, social media or email newsletter, so customers can easily find it.
Post updates on social media — Twitter, for example, is a great way to communicate when a situation is rapidly changing since it’s a place that people often go to follow breaking news. Post updates on all channels where you and your customers are active. If you’re demonstrating competence and warmth here, it can defuse tensions. Note: It’s a good idea to suspend ordinary marketing posts during a crisis, as they’re not likely to go over well with frustrated customers.
Directly contact important customers via email or phone — Critical customers and partners may have special SLAs (service level agreements) and expectations of service, requiring you to contact them when there’s a crisis. Even if this is not the case, doing so can help to demonstrate the importance of your relationship with them. Ideally, all affected customers should be made aware of the situation, but that may not be practical depending on the nature of your business and your scale.
Make a record of all outgoing communications — Your incident chat room or a problem ticket are good places for this. This allows your incident staff and anyone examining your response later on to reconstruct the timeline of events.
Publish a summary of your crisis-management process — This is a great way to set expectations for your customers—if they understand the process and how you’ll be communicating with them, they’ll likely be more patient during a crisis.
A sample communications cadence
Every situation is different. For example, a minor downtime might be resolved within a few hours or a day. However, in a major crisis, you might be communicating updates with your customers for weeks or even months. Your incident team should discuss the situation with your communications staff and come up with a cadence that feels appropriate based on your customers’ needs and your brand values.
Here’s a sample cadence of communications, including some general best practices that will apply in most crisis scenarios.
1. Initial public acknowledgment of incident — ASAP after the incident has occurred. The sooner you acknowledge an incident publicly, the less anxious customers become. This can be as simple as letting your customers know you are looking into the issue and evaluating next steps.
2. Determination of incident scope and impact — Ideally, this should be within the first few hours of an incident or the first few days, depending on the nature and scope of the issue. Communication should be specific enough for customers to self-identify if they are impacted.
3. Status updates on investigation/resolution — You should update your customers regularly on the situation, including every time a significant development occurs. When possible, status updates should provide new information to demonstrate progress is being made toward a resolution. If there is no new information to report, provide an update every few days to make sure your customers know you are monitoring the situation.
4. “All clear” — ASAP after service is restored. Thank your customers for their patience during the crisis, and let them know where to look for your post-incident summary.
5. Post-incident summary — Share a summary of the incident in the days or weeks following. Include scope, impact, timeline, root cause, resolution, and planned improvements.
How to create a crisis management plan
In a crisis situation, it’s important not to panic. Or, at least, not to let your panic be a shared experience. Calmness is a way to demonstrate competence — it’s grace under pressure, not apathy or coldness. Emotions are contagious. If your team is calm, they can help your customers stay calm as well.
What’s more, anxiety can lead to bad decision-making, so keeping your team calm can result in better outcomes for your team and your customers.
The best way to stay calm is to have a strong and tested plan in place, and people available that know how to execute it. If you don’t have a crisis management plan, it will be much more stressful when it happens. And sometimes, there’s nothing like a crisis to help you put a plan into place. For most of us, that’s how we learn.
But when it comes to planning, you’ll need to figure out what to do and how to do it amidst a possibly chaotic and tense situation, making it difficult to be the calm voice of reason your customers need.
Your crisis management plan should include the following:
- Owners responsible for writing, documenting, and maintaining the plan
- A clear definition of what qualifies as a crisis
- Every step in the crisis management process detailed
- Roles and duties: who’s in charge of what during the crisis (including back-ups)
- Staffing: how to ensure people will be available when needed
- Training: how to ensure the team can execute the plan
- Communications: protocols for internal and external communication — who speaks for the company, format and channels used, and the cadence of those messages
- Special cases: anything outside the norm
- Metrics: how you measure success, how you know you’re getting better
- The expectation that it will evolve over time
Partner with internal stakeholders
A crisis management plan doesn’t just involve your support team — there are many internal stakeholders that may need to be involved. Make them a part of your planning phase, whether they’ll need to help manage crises when they occur, or just need to be informed while one is happening.
Here are some stakeholders you should consider including — it’s probably best to meet with these teams one at a time to find out what’s worked and what hasn’t in previous crisis situations, and what their needs are going forward:
Your support team — This may be obvious, but it’s critical that your Support team knows when there’s a crisis situation happening so that they can properly respond to customers, and look for support requests that might help define the scope of an issue when it’s first emerging. It’s important to keep the entire team informed about the current status and messaging that’s going out to customers until the crisis is resolved and they can return to normal procedures.
- Executive team (e.g., if the situation has system-wide impact)
- Human Resources (e.g., if the crisis involves internal personnel or workforce safety)
- Facilities or Disaster Response (e.g., natural disaster or accident)
- Engineering (e.g., to fix problems from bad code deploys)
- Operations (e.g., most SaaS issues)
- IT/Security (e.g., DDoS attacks)
- Legal (e.g., lawsuits)
- Marketing — Marketing teams may want or need to adjust outgoing messaging during the crisis. Sending an email blast encouraging people to try a new feature will not be received well by customers when they can’t use your product at all.
- Public Relations and Legal — These teams may need to get involved if the crisis has an extraordinarily large customer impact, or for crises that involve legal issues.
- Sales, Account Management, Customer Success, and Executives — All of these teams need to know when a crisis is ongoing, so they don’t go into a meeting with a customer or prospect and get ambushed with questions they don’t have the answer for.
- Key customers and partners — Certain customers may expect proactive or verbal confirmation of crisis events as part of your support contract. Similarly, resellers or other partners might need to be kept apprised of the situation in the same way that internal customer-facing teams would. If your business depends on third-party tools, you may want to arrange with them to be notified as part of their crisis-management process (hopefully they have one too).
Document your plan
As with any complex system or process, it’s unrealistic to assume that everyone involved will remember all the details of the plan in the heat of the moment. If your Support team is geographically distributed or divided into shifts, then it’s also important that everyone is using a single source of truth, so that they can all respond consistently. That’s why it’s so important to have everything documented and available to everyone.
“If it isn’t written down, don’t expect anyone to remember it,” says Dave Dyson, a former support advocate and current content marketing manager at Zendesk.
Here’s what you should be aiming for with your documented plan:
Complete — Cover both process and people. To put it simply: if it’s not written down, don’t expect your team to remember it. Cover the process from beginning to end, what the decision points are and how to make them, who’s in charge of what, how to get ahold of them, and sample messages — everything someone might need in order to execute the plan, when they’re by themselves on a weekend evening.
Clear — Be sure your plan is easy to digest when onboarding and in the heat of the moment. Use headings, table of contents, and diagrams. Slide decks and even pre-recorded video can make training easier, but don’t underestimate the time and cost of keeping those up to date when budgeting time and resources, since you know your plan will change over time.
Accessible — Don’t host your plan documentation in your support tool (or the product you support), so that if your support tool goes down, your team will still have all the information they need. This could mean having the plan available in a different software tool or printed out (and stored in a secure location, if it includes privileged information such as passwords to necessary tools).
Up to date — A plan that no longer matches the reality on the ground will only cause problems. Either your team will ignore the documentation, or it will lead them to make incorrect decisions — and any new team members will be getting incorrect information. Review your documentation whenever you make changes to your process, when training new team members, and when reviewing incidents that didn’t go well.
Assemble your incident response team
A crisis-management plan is no good without a team that can execute it successfully and consistently when the need arises. Depending on the size of your organization, your incident response team might just be you, or you might have a dedicated team for whom it’s their primary responsibility. For many organizations, however, crisis management will be a role that’s part of the job of some people in your company, primarily the support team. Here’s a sample team roster, based our process at Zendesk:
Incident Lead — An experienced agent or team lead on your support team, who owns the problem ticket, gathers scope and impact information to share with the rest of the incident team, and provides status updates back to the support team.
Support Duty Manager — A manager on the support team who manages support resources during the crisis (for example, assigning additional staff to phone coverage), crafts the customer-facing messages and coordinates with whoever’s leading the effort to restore service. Pro Tip: Have a backup Support Manager on standby, in case your primary is unavailable. Not only does this help ensure coverage, it allows you to handle multiple simultaneous issues, should that arise.
Operations Manager — A manager from the team that’s working to correct the problem (Operations, Engineering, Security, etc.). Manage the team working to restore service, confirms facts about the incident, and provides the internal-facing post-mortem report.
Incident Manager — A manager from the Support Operations team, who can assist with large incidents as needed, and crafts the public-facing post-mortem from internal version, and can evaluate the quality of the response.
After you have your incident team roles defined, you’ll want to make sure they’re available when lightning strikes. In a small team, this could mean long on-call shifts, but as your team grows, you can and should spread the duty out, across more people and shorter, less frequent shifts. As a global organization, we generally schedule 8-hour shifts spanning normal work hours for seven days at a time, spaced out over several weeks. This allows for good work-life balance while being frequent enough so that skills don’t deteriorate.
Paging systems such as PagerDuty or OpsGenie can allow you to schedule shifts and send notifications when an incident occurs, while group collaboration apps like Slack can make sure your entire team is in the loop. Make sure there’s an escalation path so that if someone can’t be available, there’s someone else who can step in.
After your incident response team has been notified, they need a place to work. Chat rooms are ideal for distributed staff and make it easy to review the incident later. Each member of your incident team should check-in before doing anything—that way everyone involved knows who they’re working with.
Train your team to handle a crisis
Because you’re putting your best people in charge of executing your crisis management process, you might think that they’ll automatically be able to master it on their own. However, because this high-stakes and detail-oriented process is different from the day-to-day processes that your team is used to, they’ll perform better with an effective training program. Here are some training tips you may find useful:
Onboarding — Don’t assume a new person on the team will just pick this up on their own, even though they’re great at the usual tasks they do every day. This is a critical function, and training helps you ensure they understand every step, as well as the reasons behind those steps.
Shadowing — Having a trainee shadow experienced staff during an incident can help reinforce the training they’ve had and may also highlight any discrepancies in your training materials or questions that weren’t answered.
Visual aids — Your plan should be documented and updated in an internal knowledge base, a central repository that all agents can easily access. While additional visual aids such as videos and slide decks may be easier to digest than text, they require additional effort to maintain and update as your crisis management process evolves. Expect to spend time maintaining them.
Drills — If your crises don’t happen very often, congratulations are in order! But that also can mean that your crisis management team might forget key steps in your process. If that’s the case, then running occasional drills can be worthwhile.
Scorecards — This can be a great way to help ensure that all steps were followed, both in onboarding and drills, as well as after any real-world crisis.
Measure how well you did
When crises are sporadic, they can be easy to ignore in favor of day-to-day ticket volume. But they can have a long-term effect on the trust your customers have in you, so it’s important to track them so you have a benchmark to improve upon. Well-structured reports can also help you measure the cost of your crisis situations, which allows you to budget for them going forward. Finally, reports can also help focus attention on areas of your product or service that need attention from your Product teams.
Here are some useful metrics for tracking the impact crises have on your team and business:
Number and rate of incidents — Counting the number of customer incidents is a good way to help quantify the customer impact of your crisis situations. Using “time over time” reporting can show you if you’re improving.
Resolution time per incident — Long resolution times might point to areas that can be improved such as diagnosis, resolution, or communication between teams.
Cost to team — If you have an estimated cost for handling any given support ticket, you can multiply that times the number of incidents to get a rough idea of what it’s costing your time to handle these issues. You can get finer resolution if you capture handle time per ticket, and multiply that times the number of incident reports and an hourly support cost estimate.
Customer impact — Add the duration of all your crisis incidents, multiplied by the number of users affected (either by counting the number of users that report an issue or, if possible, by calculating the number of users). If you have the data available, you could even weight these by the MRR or predicted customer lifetime value, in order to get a sense of the amount of revenue that’s at risk.
Customer satisfaction — Compare the CSAT average of crisis incidents versus other support requests. If your process works well, you might find (as we have, at times) that incident tickets result in a higher satisfaction score than ordinary tickets!
Breakdowns by problem cause (type of incident, product area affected, etc.) — Using a product/feature category drop-down field (for us, it’s our About field) can point you to product, process, or infrastructure areas that might be in need of some love. For a software company, that might mean improvements to a deploy process, a software feature that’s easily overloaded, or servers that need additional redundancy.
Crisis management process scorecard — This is a checklist of all the important steps of your process. As part of your post-mortem review, make sure all the proper steps were followed. To build this checklist, go through your process documentation, and for each of your crisis-management roles include all the tasks that person is responsible for (checking in when notified, meeting internal and external communication cadences, managing incident tickets, crafting the post-mortem, etc.). Then, score the response after each crisis. Gaps can point to you team members that might need coaching or places where your training, documentation or even your process need to be updated to match the “facts on the ground”.
In the event that a crisis is ongoing, or when your company’s service is impacted by events out of the company’s control, it’s still important to take stock of the impact and to monitor how well prepared the team was to handle the resulting volume. In exceptional circumstances, it’s not going to be perfect. That’s okay and to be expected.
An example crisis management process
Now that you’ve got the tools to build your crisis management plan, it’s time to think about the detailed steps to include. Every business will have its own needs, but the following outline should serve well as a template that you and your stakeholders can use to build on.
1. Initial alert — Someone in your internal organization thinks a situation merits a crisis response, and pulls the alarm bell. For example, you might have a special email address to use for this purpose. You might also have software that monitors your systems and pulls the alarm when certain thresholds are met. In any case, automatic alerts are sent to your incident response team and other internal stakeholders.
2. Incident response team check-in — The members of your incident response team respond to their alerts (or escalate them to a backup if they’re unavailable), and gather in the designated chat room or other space.
3. Verify the crisis criteria are met — If the consensus is that the criteria have been met, the incident response team continues with the process; otherwise, they stand down and notify internal stakeholders of the false alarm.
4. Determine scope and impact — Create an internal-facing Problem ticket or launch an incident team chat room, depending on the scale of the crisis. Look for patterns in what your customers are saying about the issue and what your support team is observing. You may also want to monitor what news stations and elected officials are saying, if it’s a physical or public health emergency.
5. Public acknowledgment — Post an acknowledgment to social media, your system status page, your help center, or whatever other public-facing channels that are part of your process. Proactively contact key customers or partners, and create Incident tickets on their behalf to attach to the Problem ticket.
6. Provide status updates — As your operations or other teams work to respond to the situation, follow your defined communications cadence and update customers regularly via the same channels you used initially — social media, help center article, system status page, key customer tickets, etc.
7. Resolve the issue — Once services have been restored, or the situation has stabilized, send an update to your customers and stakeholders, linking to the Help Center article for the crisis, where you’ll publish the post-mortem. Breathe a sigh of relief, as most of your team can resume their normal tasks.
8. Wrap up — Craft the internal and public-facing post-mortem reports and post them. Review your checklist to determine if your incident management process was followed and if any changes need to be made to meet to cover unforeseen circumstances.
We’re all in this together
No one knows when a crisis is going to strike, but we should know that in times of crisis and hardship, we have to work together and show each other a little empathy.
You strive to provide the best customer experience during the good times, and you should take pride in stewarding your customers through challenging times too. It’s your vigilant, empathetic service that will keep them coming back in good times and bad.
Remember, your crisis management plan is going to evolve over time. Use these tips and checklists to inform your strategy, and listen to your team when they suggest improvements. Keep your documentation and training materials up to date. Your metrics will also let you know how well your customers think you’re doing — if they’re not happy, look for ways to improve. Keep talking to your internal stakeholders as well.
Above all, stay calm and remember — we’re all in this together.