Crisis Communication Pack

The 3 AM Slack Pings and the Missing Playbook

We've all seen the pattern. The P1 alert fires at 3 AM. The engineering team is triaging a database leak or a third-party API outage, but the communications lead is scrambling to find a template that doesn't sound defensive, vague, or legally exposed. You don't need another generic "crisis management" PDF buried in your Confluence. You need a structured, executable workflow that classifies severity, maps stakeholders, and forces legal review flags before a single word goes to the press.

When an AI agent or a human operator tries to draft a crisis response from scratch, they hallucinate. They miss critical fields like stakeholder_mapping, they forget to flag legal_review, and they default to a P2 response for a P1 incident. This isn't just about tone; it's about structural integrity. Without a canonical schema, your crisis plan is just a collection of unverified assumptions. We built the Crisis Communication Pack so you don't have to architect your response protocols from zero. We enforced the standards, so you can execute them under pressure.

Reputational Bankruptcy and Regulatory Fines

When your response is slow, inconsistent, or structurally flawed, you aren't just losing hours; you're burning your reputation bank. Research confirms that organizations with a strong prior reputation can weather a crisis better, but only if they activate that goodwill correctly through coordinated communication ^[1]. Without a structured plan, you risk violating ISO 22301 communication requirements, which mandate specific protocols for warning and coordination during disruptions ^[5]. Every minute of silence is a vacuum filled by speculation, and speculation kills trust faster than the incident itself ^[3].

The cost of ignoring this isn't abstract. It's measured in regulatory fines, customer churn, and board-level interventions. ISO 22301 crisis management frameworks help organizations handle disruptions and reduce risk, but they rely entirely on the quality of the communication protocols embedded within them ^[6]. If your crisis plan lacks severity classification, response timelines, and stakeholder contacts, you're non-compliant by design. The 24/72-hour response window isn't a suggestion; it's the threshold where public narrative hardens. Miss it, and you spend months trying to recover trust instead of minutes fixing the incident ^[4].

A P1 Data Breach: How a Missing Holding Statement Costs You $2M in Trust

Imagine a fintech with 200 endpoints that suffers a P1 credential leak. The engineering team contains the breach in 45 minutes. The comms lead, however, hasn't run a tabletop exercise in two years. They draft a holding statement that omits the scope of data exposure. The PR team posts it to Twitter. Within 20 minutes, a tech journalist calls out the omission. The narrative shifts from "we fixed it" to "they're hiding it."

If that team had used a severity-classified response matrix, the P1 classification would have triggered an automatic escalation to the board, a pre-approved holding statement template, and a media handling workflow aligned with ISO 22301 best practices ^[7]. Instead, they spent three days correcting the record, and their customer churn spiked 12%. The board demanded a post-mortem that exposed the lack of a validated crisis plan. The incident wasn't just technical; it was a communication failure that compounded the technical damage.

This hypothetical scenario mirrors real-world failures where organizations lack the structural scaffolding to respond rapidly. Without a response-matrix.yaml to map crisis types to spokesperson assignments, or a holding-statement.yaml to enforce verified facts, teams default to ad-hoc responses that fail validation. The result is always the same: delayed containment, amplified reputational damage, and avoidable regulatory scrutiny.

From Firefighting to RFC-Compliant Response Protocols

Once you install this pack, the chaos stops. The orchestrator (skill.md) enforces a P1-P4 severity classification system. When a crisis hits, the AI agent doesn't guess; it pulls the correct templates, validates the plan against plan-schema.json, and runs validate-plan.sh to ensure critical fields—like legal review flags and stakeholder contacts—are populated. You get ISO 22301-aligned communication protocols embedded in your workflow.

The pack transforms crisis communication from an art into a verifiable process. The scripts/run-tabletop.py simulator generates scenario branches, tracks decision latency, and simulates stakeholder reactions, outputting a post-exercise debrief report based on P1-P4 severity parameters. You can test your response before the real event hits. The references/canonical-protocols.md file provides embedded crisis management knowledge, including early warning detection signals and reputation recovery phases, ensuring your team follows proven leadership communication principles.

For security-specific events, the Incident Response Pack provides the detection and triage framework that feeds into these comms workflows, ensuring technical containment and public messaging stay synchronized. For internal alignment, use the Internal Communications Pack to keep your engineering teams in the loop, and leverage the Stakeholder Communication Pack to manage executive expectations. If you need to test your response rigorously, run simulations with the Crisis Communication Simulation Pack, and for comprehensive threat visibility, pair it with our Risk Management Pack for end-to-end threat identification. You can also integrate it with Automated Crisis Management Protocols if you want to trigger comms workflows automatically from your incident response tools.

What's in the Crisis Communication Pack

Here is the exact file manifest. Every file is designed to be executed by an AI agent or used by a human operator. This isn't a collection of loosely related documents; it's a cohesive system where validators, templates, and scripts interact to enforce structural integrity.

• skill.md — Orchestrator: defines the end-to-end crisis response workflow, severity classification (P1-P4), and explicitly references all relative paths for templates, validators, scripts, references, and examples to ensure the agent assembles a complete crisis communication package.
• templates/holding-statement.yaml — Production-grade YAML template for drafting holding statements under 30 minutes, with structured fields for incident type, severity level, verified facts, stakeholder mapping, legal review flags, and channel distribution rules.
• templates/response-matrix.yaml — Severity-classified action matrix (P1-P4) mapping crisis types to response timelines, spokesperson assignments, channel selection, escalation triggers, and resource allocation protocols.
• templates/board-brief.md — Structured executive communication template for delivering bad news to boards, covering impact assessment, mitigation status, regulatory exposure, financial implications, and next-step governance approvals.
• references/canonical-protocols.md — Embedded crisis management knowledge: P1-P4 classification criteria, 24/72-hour response windows, early warning detection signals, reputation recovery phases, leadership communication principles, and post-crisis audit requirements.
• references/media-handling.md — Canonical media relations playbook: interview protocols, misinformation counterplay tactics, press conference staging, social media monitoring workflows, stakeholder messaging alignment, and spokesperson training standards.
• scripts/validate-plan.sh — Executable validator that parses a crisis plan against required sections, severity mappings, and contact lists; exits non-zero (exit 1) if validation fails, critical fields are missing, or timeline thresholds are violated.
• scripts/run-tabletop.py — Executable tabletop exercise simulator that generates scenario branches, tracks decision latency, simulates stakeholder reactions, and outputs a post-exercise debrief report based on P1-P4 severity parameters.
• validators/plan-schema.json — JSON Schema enforcing structural integrity of crisis plans, requiring severity classification, response timelines, stakeholder contacts, legal review checkpoints, and channel distribution matrices.
• examples/full-crisis-plan.yaml — Worked example: complete crisis communication plan for a data breach scenario, demonstrating proper severity classification, holding statement drafting, board briefing, media handling workflow, and post-crisis reputation recovery.

Stop Guessing, Start Responding

You don't have time to write a crisis plan from scratch. Upgrade to Pro to install the Crisis Communication Pack. The pack gives you the structure, validation, and simulation tools to respond rapidly and accurately when it matters most. Don't wait for the P1 alert to expose your gaps. Install the pack, run the tabletop exercises, and lock in your response protocols today.