Crisis Communication Plan Template

Aligned with NIST SP 800-61r3, NIST SP 800-34r1, and FCA operational resilience expectations.

Document Owner: [Name, Role] Version: 1.0 Next Review Date: [DD/MM/YYYY] Last Updated: [DD/MM/YYYY]

  1. Purpose

To ensure effective internal and external communication during cybersecurity incidents, business disruptions, or crisis events. This plan supports timely, transparent, and compliant messaging to all stakeholders in alignment with regulatory and business continuity objectives.

  1. Scope

This plan covers:

  • Cybersecurity incidents (e.g., data breach, DDoS attack)

  • Technology outages

  • Physical events impacting operations (e.g., fire, flood)

  • Reputational risks or media coverage

  1. Communication Objectives

  • Maintain trust and transparency

  • Mitigate misinformation and reputational harm

  • Comply with FCA and regulatory disclosure requirements

  • Coordinate effectively across internal teams and stakeholders

  • Ensure consistent, factual messaging

  1. Crisis Communications Team

Role
Name
Backup
Contact Info
Responsibility

Crisis Comms Lead

Approves and oversees messaging

Incident Manager

Coordinates incident response updates

Legal/Compliance

Ensures FCA/regulatory compliance

Customer Comms Rep

Drafts and sends customer updates

Internal Comms Lead

Staff updates, intranet, FAQs

Spokesperson (Media)

Public/media statements

  1. Communication Channels

Channel
Use
Owner
Backup

Email

Primary for official comms

SMS/WhatsApp

Urgent updates

Intranet

Internal FAQs, updates

Website Banner

Customer notice

Press Release

Media handling

Regulator Hotline

FCA notification

  1. Activation Criteria

Trigger this plan when any of the following apply:

  • FCA-reportable incident within 72 hours

  • Data breach involving personal or regulated data

  • Disruption to customer-facing services >15 minutes

  • Negative press or social media escalation

  • Declared Major Incident by Crisis Lead

  1. Initial 24-Hour Crisis Comms Timeline

Timeframe
Activity
Owner

0–1 hr

Triage & confirm incident with CISO/IR team

Incident Manager

1–2 hrs

Notify Crisis Comms Team

Crisis Comms Lead

2–4 hrs

Draft regulator/customer/internal statements

Legal + Comms

4–6 hrs

Approve and release holding statement

Crisis Comms Lead

6–12 hrs

Update FAQs, monitor social/press

Comms Team

12–24 hrs

Finalise full comms package, FCA reports

Legal & Compliance

  1. Message Templates

A. Holding Statement (External) "We are currently investigating an incident affecting [service/system]. Our teams are working to resolve the issue quickly. We will provide updates as more information becomes available. We thank you for your patience."

B. Regulator Notification (FCA) "On [date/time], Xcavate experienced [incident]. We are conducting an investigation and will provide required notifications and updates within FCA's 72-hour window."

C. Internal Message (Employees) "We’re aware of a disruption to [system/service]. The IT and security teams are addressing it. Please do not discuss externally. For updates, check [intranet link]."

  1. Stakeholder Communication Matrix

Stakeholder
Priority
Channel
Frequency
Owner

FCA

High

Email/Phone

As required

Legal/Compliance

Customers

High

Email/Website

1st update + every 6 hrs

Customer Comms

Staff

High

Intranet/Email

Initial + every 4 hrs

Internal Comms

Press

Medium

Press Statement

If necessary

Spokesperson

Partners/Suppliers

Medium

Email

If impacted

Procurement Lead

  1. Lessons Learned & Review

  • Conduct post-incident review within 10 business days

  • Evaluate communication effectiveness

  • Update templates, contact lists, escalation points

  • Incorporate into annual BCP/DR test scenarios

PreviousTest Report & Corrective Action LogNextService Continuity Escalation Matrix

Last updated