Crisis Communication Management

Crisis Communication Management

Coordinate clear, timely, and consistent communications during support crises — major outages, security breaches, and public incidents — to maintain trust and minimize customer impact.

Workflow

1. Crisis detected: Major incident identified through monitoring or customer reports.
2. Incident commander declared; communication lead assigned.
3. Internal stakeholder alert: Engineering, support, executive team notified.
4. First customer communication sent within target timeframe (15–60 min depending on severity).
5. Status page updated with incident details and expected next update time.
6. Communication cadence maintained: Updates every 30–60 minutes during active crisis.
7. Support team briefed with talking points; macros updated for consistent messaging.
8. Social media monitored for customer sentiment and misinformation.
9. Resolution communication sent with root cause, impact summary, and prevention steps.
10. Post-incident review: Communication effectiveness analyzed and improved.

Crisis Severity Classification

CRISIS SEVERITY LEVELS
=======================

SEV-1 — CRITICAL (Maximum Response):
  Impact: Complete service outage OR data breach affecting all customers
  Scope: 100% of customers affected
  Response:
    → First communication: Within 15 minutes
    → Update frequency: Every 30 minutes
    → Channels: Email, status page, social media, SMS (enterprise customers)
    → Internal: All-hands notification, war room activated
    → External: PR team engaged, media monitoring active
    → Executive: CEO/CTO personally communicates with top 20 accounts
    → Duration: Until resolution + 24-hour monitoring period
  Examples: Complete platform outage, data breach, payment processing failure

SEV-2 — MAJOR (Elevated Response):
  Impact: Major feature outage or degradation affecting majority of customers
  Scope: 50–99% of customers affected OR all customers in specific region/segment
  Response:
    → First communication: Within 30 minutes
    → Update frequency: Every 60 minutes
    → Channels: Status page, email blast, social media
    → Internal: Support team briefed, macros updated
    → External: PR monitoring (no proactive media outreach unless requested)
    → Executive: VP-level outreach to top 10 accounts
    → Duration: Until resolution + monitoring period
  Examples: API downtime, major feature broken, regional outage, performance degradation > 50%

SEV-3 — MODERATE (Standard Response):
  Impact: Partial feature degradation or minor functionality issues
  Scope: < 50% of customers affected OR non-critical features
  Response:
    → First communication: Within 2 hours
    → Update frequency: Every 2–4 hours
    → Channels: Status page, in-app notification
    → Internal: Support team aware, FAQ prepared
    → External: No PR involvement needed
    → Duration: Until resolution
  Examples: UI bug, minor integration issue, non-critical feature unavailable

SEV-4 — MINOR (Low Response):
  Impact: Cosmetic issues, very limited scope
  Scope: < 5% of customers affected
  Response:
    → First communication: When resolved (no proactive communication needed)
    → Status page: Post-resolution update
    → Internal: Support team informed via internal channel
  Examples: Typo in UI, minor styling issue, very isolated bug

RESPONSE TIME MATRIX:
  ════════════════════════════════════════════════════════════════════════
  Severity | First Comms | Update Freq | Channels                     | Executive Alert
  ════════════════════════════════════════════════════════════════════════
  SEV-1    | 15 min      | 30 min      | All channels + direct calls   | CEO + CTO
  SEV-2    | 30 min      | 60 min      | Status + email + social       | VP level
  SEV-3    | 2 hours     | 2–4 hours   | Status + in-app               | Director
  SEV-4    | On resolve  | N/A         | Status page                   | Team lead
  ════════════════════════════════════════════════════════════════════════

Crisis Communication Templates

TEMPLATE 1 — SEV-1 INITIAL CUSTOMER EMAIL
==========================================

Subject: [IMPORTANT] Service Disruption — We're Investigating

Hi [Customer Name],

We're currently experiencing a [brief description: complete platform outage / 
data processing issue / service disruption] that is affecting [scope: all 
customers / customers in X region / users of X feature].

What we know:
  → Issue began at [time, timezone]
  → [Brief description of what's impacted and how]
  → Our engineering team is actively working on a resolution

What we're doing:
  → Our incident response team has been activated
  → We are [specific action: investigating root cause / implementing fix / 
     rolling back recent change]
  → We expect to have more information within [timeframe: 30 minutes]

What you can do:
  → [Workaround if available, or: We'll notify you when service is restored]
  → For urgent questions, reply to this email or call [priority support number]

We understand the impact this has on your business and are treating this with 
the highest priority. We'll send another update within 30 minutes.

Apologies for the inconvenience.

[Company] Support Team

---

TEMPLATE 2 — SEV-1 UPDATE (30–60 min into incident)
=====================================================

Subject: Update: [Original Issue] — [Status: Investigating / Identifying Fix / Implementing Fix]

Hi [Customer Name],

Here's our latest update on the [issue]:

Current Status: [Investigating / Identifying Fix / Implementing Fix / Monitoring]

What we've learned:
  → [Root cause or progress update]
  → [Specific actions taken]
  → [ETA for resolution, or: We don't have an ETA yet but are making progress]

Next Steps:
  → [What the team is doing next]
  → [Expected timeline for next update]

We know this is frustrating. Thank you for your patience while we work through this.

Next update: Within [30/60] minutes.

[Company] Support Team

---

TEMPLATE 3 — SEV-1 RESOLUTION
================================

Subject: Resolved: [Original Issue] — Service Restored

Hi [Customer Name],

The [issue] has been resolved. Service is fully restored as of [time, timezone].

Summary:
  → Issue: [What happened — brief, clear explanation]
  → Root cause: [Technical explanation at appropriate level]
  → Impact: [Duration, scope, any data affected]
  → Resolution: [What was done to fix it]

Prevention:
  → [What we're doing to prevent recurrence]
  → [Specific changes: monitoring improvement, process change, code fix]
  → [Timeline for preventive measures]

If you experience any ongoing issues, please reply to this email or contact 
support. We'll monitor closely over the next 24 hours.

[Optional: Service credit / compensation details]

We apologize for the disruption and appreciate your patience.

[Company] Support Team

---

TEMPLATE 4 — STATUS PAGE POST
================================

[Incident Title]: [Brief description]

Status: [Investigating / Identified / Monitoring / Resolved]

Timeline:
  [HH:MM TZ] — Incident detected. Investigation started.
  [HH:MM TZ] — [Update: what's known, what's being done]
  [HH:MM TZ] — [Update: fix identified/implemented]
  [HH:MM TZ] — [Update: monitoring fix]
  [HH:MM TZ] — Resolved. Service restored.

Impact: [What was affected and who]

We'll continue to monitor. Thank you for your patience.

Support Team Crisis Playbook

SUPPORT TEAM CRISIS PROTOCOL
==============================

When a SEV-1/SEV-2 is declared, support team activates crisis mode:

Step 1 — Immediate Actions (0–15 minutes):
  → Team lead announces incident in support Slack channel
  → All agents switch to crisis mode:
     - Pause non-urgent ticket work
     - Update signatures with incident link
     - Enable macro for crisis acknowledgment
  → Create incident tag for all related tickets
  → Set up dedicated incident queue/channel

Step 2 — Customer Communication (15–30 minutes):
  → Email blast sent to all affected customers (marketing automation)
  → Social media post: "We're aware of an issue affecting [scope]. 
     We're investigating and will update at [time]. [Status page link]"
  → Status page: Incident created with initial details
  → Support macros updated with crisis response template

Step 3 — Ongoing Support (Throughout Incident):
  → Macro for incoming tickets:
     "Hi [Name], thanks for reaching out. We're currently experiencing [issue] 
     and our team is working on a fix. You can follow updates here: 
     [status page link]. We'll notify you when resolved."
  → Bulk-close duplicate tickets: Merge into master incident ticket
  → Monitor social media for customer complaints and respond publicly
  → Enterprise customers: Direct calls from CSMs (list provided by team lead)
  → Escalate complex impact questions to incident commander

Step 4 — Post-Resolution (0–24 hours after fix):
  → Resolution email sent to all affected customers
  → Individual ticket responses: "Issue resolved as of [time]. 
     Please verify on your end and let us know if you need anything."
  → Monitor for residual issues (customers discovering impact post-resolution)
  → Offer service credits per policy (automated or manual)
  → CSAT survey sent after 48 hours

CRISIS MODE MACRO LIBRARY:
  ════════════════════════════════════════════════════════════════════════
  Macro Name              | Trigger                    | Response Template
  ════════════════════════════════════════════════════════════════════════
  Crisis Acknowledgment   | Any ticket during incident | "We're aware of [issue]. Updates: [link]"
  Duplicate Incident      | Duplicate complaint ticket | Merge + "Added to incident thread"
  Enterprise Escalation   | Enterprise customer ticket | CSM notified + direct call within 30 min
  Social Media Response   | Tweet/post about issue     | "We're on it. Full updates: [link]"
  Post-Resolution Follow  | Ticket after fix           | "Resolved at [time]. Please verify. [Credit info]"
  ════════════════════════════════════════════════════════════════════════

CRISIS MODE METRICS:
  ════════════════════════════════════════════════════════════════════
  Metric                                | Target
  ════════════════════════════════════════════════════════════════════
  First communication sent within SLA   | 100%
  Duplicate ticket reduction            | > 75%
  Customer notification coverage        | > 95%
  Social media response time            | < 15 min
  Post-incident CSAT                    | > 3.5/5.0
  Service credit processing time        | < 48 hours
  ════════════════════════════════════════════════════════════════════════

Social Media Crisis Management

SOCIAL MEDIA MONITORING AND RESPONSE
======================================

Monitoring Setup:
  → Tools: Hootsuite, Sprout Social, Brand24, Mention
  → Keywords: Company name, product name, "down", "outage", "broken", 
     "can't access", competitor comparisons during incident
  → Channels: Twitter/X, LinkedIn, Reddit, Facebook, product review sites 
     (G2, Capterra, Trustpilot)
  → Alert threshold: > 5 mentions in 15 minutes triggers alert
  → On-call social media responder: Rotating duty during business hours

Response Protocol:

  Public Responses (visible to all):
    → Acknowledge: "We're aware of this issue and our team is working on it."
    → Redirect: "Full updates: [status page link]"
    → Empathize: "We know this is frustrating. Thank you for your patience."
    → Avoid: Speculating on cause, blaming others, sharing technical details
    → Tone: Professional, empathetic, transparent without oversharing

  Private Responses (DMs, direct messages):
    → Gather customer information (account email, company name)
    → Assure: "I've escalated this to our team. You'll receive an email update."
    → Follow up: Ensure customer received blast email and status updates
    → Escalate: Flag enterprise/VIP customers for direct CSM outreach

SOCIAL MEDIA ESCALATION TRIGGERS:
  ════════════════════════════════════════════════════════════════════
  Trigger                              | Action
  ════════════════════════════════════════════════════════════════════
  > 50 negative mentions in 1 hour     | Alert PR team + executive
  Influential customer complaining     | Direct outreach by CSM/VP
  Misinformation spreading             | Correction post + engagement
  Competitor capitalizing on incident  | Alert competitive intelligence
  Media inquiry on social              | Redirect to PR contact
  Threat of class action/legal action  | Escalate to Legal immediately
  ════════════════════════════════════════════════════════════════════

Post-Incident Review and Improvement

POST-INCIDENT COMMUNICATION REVIEW
====================================

Within 5 business days of resolution:

Review Areas:
  1. TIMELINESS:
     → Was first communication sent within SLA?
     → Were updates sent on schedule?
     → Were there gaps in communication?
     → Timeline: Map all communications against actual incident events

  2. ACCURACY:
     → Were early communications accurate (no false ETAs)?
     → Were root cause explanations correct?
     → Did communications contradict each other?
     → Were customers misinformed at any point?

  3. COVERAGE:
     → Were all affected customers notified?
     → Were all channels used appropriately?
     → Did social media monitoring catch all customer concerns?
     → Were enterprise customers reached personally?

  4. CUSTOMER IMPACT:
     → CSAT scores during/after incident vs. baseline
     → Social media sentiment trend
     → Churn risk assessment for heavily impacted customers
     → Support ticket volume spike analysis

  5. TEAM PERFORMANCE:
     → Agent handling of crisis tickets (quality review)
     → Macro effectiveness (did templates work?)
     → Internal communication clarity
     → Escalation effectiveness

IMPROVEMENT ACTIONS:
  → Update templates based on lessons learned
  → Adjust response time targets if SLAs missed
  → Add monitoring keywords based on social media gaps
  → Improve internal alerting if detection was slow
  → Update crisis playbook with new procedures
  → Train support team on lessons learned
  → Share post-mortem with customers (builds trust)

COMMUNICATION QUALITY SCORECARD:
  ════════════════════════════════════════════════════════════════════
  Criterion                        | Score (1–5) | Notes
  ════════════════════════════════════════════════════════════════════
  First communication timeliness   |
  Update frequency consistency     |
  Message clarity and accuracy     |
  Tone and empathy                 |
  Channel coverage                 |
  Social media responsiveness      |
  Enterprise customer outreach     |
  Post-resolution completeness     |
  ════════════════════════════════════════════════════════════════════
  Overall target: > 4.0/5.0
  ════════════════════════════════════════════════════════════════════

Integration Points

• Status Page (Statuspage.io, Atlassian Statuspage): Real-time incident status, customer-facing timeline, subscriber notifications
• Incident Management (PagerDuty, Opsgenie): Incident declaration, escalation, team coordination
• Communication (Twilio, SendGrid, SES): Email blast delivery, SMS notifications, delivery tracking
• Social Media (Hootsuite, Sprout Social, Brand24): Monitoring, response, sentiment analysis
• Help Desk (Zendesk, Intercom): Ticket tagging, macro management, bulk operations
• CRM (Salesforce, HubSpot): Enterprise customer lists, account tier prioritization
• Internal Communication (Slack, MS Teams): Crisis channels, team coordination, announcement distribution
• Analytics: Post-incident CSAT analysis, sentiment tracking, ticket volume correlation

Edge Cases

• Extended outage (hours to days): Resolution timeline extends beyond expectations
• Increase communication frequency during first 4 hours
• After 4 hours: Provide interim workardings or alternatives
• After 8 hours: Executive personal outreach to top 50 accounts
• After 24 hours: Consider customer migration options, temporary credits
• Daily executive update to all enterprise customers

• Data breach crisis: Requires legal notification in addition to customer communication
• Legal team determines notification requirements by jurisdiction
• Communication must balance transparency with legal obligations
• Provide specific remediation steps: password reset, credit monitoring, account security
• Dedicated breach response website with FAQ and resources
• 24/7 dedicated support line for breach-related questions

• Customer blames product for external issue: Customer thinks it's your fault but it's their ISP, etc.
• Acknowledge customer frustration
• Provide troubleshooting steps privately
• Do not argue publicly on social media
• Escalate to support ticket for detailed diagnosis
• If pattern: Create educational content (blog, KB article)

• Competitor exploitation: Competitors publicly mock or capitalize on your outage
• Do not engage with competitor posts
• Focus on your customers and resolution
• Alert competitive intelligence team for tracking
• Post-incident: Highlight reliability improvements in marketing

• Internal misinformation: Employee posts inaccurate information on personal social media
• Provide employees with approved talking points and social media guidance
• Monitor for employee posts about incident
• Privately request correction if misinformation found
• Post-incident: Update employee social media policy if needed

• Multi-region incident with language barriers: Global outage requires multi-language communication
• Prepare templates in top 5 customer languages
• Use translation services for real-time social media responses
• Regional support leads handle local communications
• Status page supports multiple language views
• Time zone considerations: Communicate in each region's business hours when possible