How to handle crisis communication like a pro

Published in Fundamentals
April 10, 2022
3 min read
How to handle crisis communication like a pro

Sometimes, 💩 happens. It’s okay, it happens to all of us. You can’t avoid it, but you can do damage control with a clear process to deal with a crisis. Here’s the process I created for the SaaS I currently work for, I hope it’ll inspire you.

First, some communication guidelines

So your team knows how to effectively communicate to your organization and to your users, let them know the best practices for communicating during a crisis. These guidelines are valid all the time as well, so it never hurts to publish them on your organization’s internal documentation.

Commit to transparency.Practice empathy - put yourself in the user’s shoes.
Provide details, be extensive.Remain transparent and remember who you’re talking to, depending on their level of technical knwoledge, users can easily detect 💩
Provide rough time estimates.Give a realistic timeline whenever possible.
On major outages, share worst-case and best-case scenarios.Provide regular updates.
Post an extensive postmortem.Post an extensive postmortem.

Create a RACI matrix

A RACI matrix is a responsibility chart, it provides a clear vision of the responsibilities of the people assigned. You need it for your crisis communication to optimize the distribution of tasks to the team members and avoid wasting time.

This method is an organizational design tool that maps activities and defines the roles and responsibilities of stakeholders by:

  • visually synthesizing “who does what”,
  • setting the perimeter of the project,
  • defining the field of action to structure it.

What does RACI stand for?

  • Responsible,
  • Accountable,
  • Consulted,
  • Informed.

As a crisis can happen at any time, don’t forget to add the responsible people in case the 1st one is absent, for more time-sensitive or highly technical tasks, you can even put in a 3rd person in case the first two are absent.

Typical tasks to include in your RACI chart might be:

TaskCPOSREPMCustomer SupportMarketingContent
Create, confirm with the team, and update the status page updatesCARIINA
Decide to cut off sign-upsAIRICNA
Update social media accountsNACCIRR
Reply to customer messagesNACCRNAC
Decide to communicate furtherACRCCI
Compare outage downtime to SLAsCCRIINA
Reply to customer inquiries about credit requestsNANACRIC
Decide to stop ad campaignsNANANANARNA

In case of shortages < 3h

🔥 Someone finds a global issue, affecting at least one of the core components (API, servers, admin dashboard)

🚨 That person should inform all relevant teams via the appropriate channels (some relevant chats could be the customer-support channel, the emergency channel or the product team) and should specify:

  • Which areas of the product seem to be down
  • Impact it can have on the end-users and support team
  • How many affected accounts/users or how many errors there are
  • If they found the source of the issue or have a lead

🚧 Declare an incident on your Status page

Incident nameTechnical issue impacting {component}
Affected componentsCreate a list of your core components and choose those that were affected for more than 10 minutes.
Notify usersIf your core feature is impaired, send a notification to your users.
StatusIdentified - when the problem is identified.
Monitoring (optional) - use this status when a big change is applied or when you are not 100% confident if you’re stable
Resolved - The message should explain what happened and what actions were applied.
DescriptionProvide a template and adapt the messaging examples. All messaging, especially choosing how many details you want to disclose, should be confirmed by the teams involved before posting on your Status Page and social media accounts.

📢 When the issue has been resolved:

  • Update the status page.
  • Update waiting tickets via your customer support tool.
  • Update social media (if anything was posted).
  • Write a postmortem about the incident and its root causes (can be done within 24h after the incident).

After long global outages, more communication is necessary:

  • Send out an email to your users if you deemed it necessary.

For longer shortages > 3h

All steps listed above, plus regular updates:

  • Update Twitter every 2 hours.
  • Update StatusPage every 2 hours.

For very long shortages > 24h

All of the above, plus when the outage is finished:

  • Compare the downtime to your SLAs and check which incidents are covered by your SLA:
    • If the outage is out of your control?
    • If the outage occurs during scheduled maintenance?
  • Send out service credits to affected users.

What to do in case of a security breach?

Security breaches are trickier as they have requirements from the GDPR in Europe. Enterprises must comply and notify impacted users of personal data breaches with timely notice in less than 72 hours after having become aware of it. Unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

TaskLead devLegalMarketingPM
Inform the team of a security breachRIIC
Share list of affected accountsRINANA
Approve the communication to affected usersCRCI
Send notification & resolution emailsNANARA

🔥 Someone finds a security breach issue, affecting at least one of your users.

🚨 That person should inform the relevant channel, tag the product, customer support and legal teams and specify:

  • Which accounts are affected by the security breach (give a list of emails when available)
  • Impact it can have on the end-users and support team
  • If it’s safe to communicate about it or not
  • If they found the source of the issue or have a lead
  • If the dev team can work on a bugfix

🚧 Decide if it’s safe enough to communicate the breach to customers or not before the bugfix is released.

  • If it’s safe, engage with the legal team for an announcement, to be sent via email to the affected accounts.
  • If it’s not safe, wait for the bugfix before doing any communication.

📢 Communicate a resolution notification when the bug fix has been released on prod.

Continue your research:

Learn more about GDPR requirements in case of personal data breach


Previous Article
On integrating technical debt in your sprint planning


Case Studies

Related Posts

How to sell your product to developers
April 15, 2022
4 min
© 2023, All Rights Reserved.

Quick Links


Social Media