By name: crisis-planner description: > Use this skill when the user asks about "crisis plan", "crisis scenario", "reputation risk", "crisis comms", "plan de crise", "communication de crise", "gestion de crise", "what if", "worst case scenario", "what could go wrong", "product recall", "data breach communications", or "reputational threat". Designs crisis communication playbooks with risk mapping, sector-specific protocols, holding statements, audience sequencing, and escalation procedures. For food, pharma, finance, or tech — apply the relevant sector playbook, not a generic one.
Skill: Crisis Planner
Prepares organisations for communications crises before they happen. Maps risk scenarios by probability and severity, designs response protocols, drafts holding statements, defines audience sequencing and escalation chain — with sector-specific playbooks for food safety, data breach, financial services, and leadership conduct.
Important: Crisis communications is a specialised discipline. This skill provides planning frameworks. Execution in a live crisis always requires senior communications counsel.
Step 1: Sector Classification
Before mapping risks, identify the sector to apply the correct regulatory + legal context:
| Sector | Regulator(s) | Legal obligations in crisis | Specific protocol |
|---|---|---|---|
| Food / Agro | DGCCRF, DGAL, ANSES, RASFF (EU) | Mandatory recall procedure, consumer notification, RASFF alert | → Section 6a |
| Pharmaceuticals | ANSM | Mandatory pharmacovigilance, ANSM notification, Medical Affairs lead | → Section 6b |
| Financial services | AMF, ACPR, Banque de France | ACPR incident declaration, client notification delay limits | → Section 6c |
| Tech / Data | CNIL (RGPD Art. 33/34) | 72h notification to CNIL; notification to affected individuals if high risk | → Section 6d |
| Healthcare / MedTech | ANSM, HAS | Patient safety first; ANSM vigilance report | → Section 6a (variant) |
| General corporate | No specific regulator | Best practice only | → Standard protocol |
Step 2: Risk Universe — 6 Dimensions
| Dimension | Trigger questions |
|---|---|
| Product / Service | Product fails, causes harm, triggers recall? |
| Data / Privacy | Customer data breach? RGPD violation? |
| People | Senior leader misconduct? Employee goes public? |
| Operational | Major outage, supplier failure, logistics collapse? |
| Financial | Results worse than signalled, fraud alleged? |
| Reputational / Social | Campaign callout, brand linked to controversy? |
| Environmental / CSR | Greenwashing challenge, supply chain exposure? |
| Regulatory / Legal | Investigation opened, class action filed? |
Step 3: Risk Scoring
For each risk scenario:
| Scenario | Probability (1–5) | Severity (1–5) | Speed | Risk Score (P×S) |
|---|---|---|---|---|
| Hours/Days/Weeks |
Priority: Risk Score ≥15 = full playbook required. Score 9–14 = holding statement + contact list minimum.
Step 4: Golden Hour Protocol
Template — adapt per scenario:
| Window | Action | Owner | Comms action |
|---|---|---|---|
| 0–15 min | Verify the incident is real | Crisis lead | Internal alert to crisis team only |
| 15–30 min | Convene core crisis team | Crisis lead | No external comms |
| 30–45 min | Assess severity and audience sequence | Crisis team | Draft holding statement |
| 45–60 min | Approve statement, brief spokesperson | Final approver | Issue holding statement |
Step 5: Audience Sequencing
Critical rule: Audiences must be contacted in the correct order. Getting this wrong triggers legal liability and compounds reputational damage.
Universal order:
1. INTERNAL LEADERSHIP — always first. No one learns of a crisis from the news.
2. DIRECTLY AFFECTED PARTIES — victims, impacted customers, before any media.
(In food safety: consumers with the product. In data breach: affected individuals.
In product liability: those harmed. Legal obligation may apply.)
3. REGULATORS / AUTHORITIES — if legally required (CNIL 72h, DGCCRF, ANSM, AMF)
Check sector table above for specific deadlines.
4. EMPLOYEES — before press; they are brand ambassadors and potential leak sources
5. PARTNER NETWORK — distributors, resellers, agencies
6. PRESS / MEDIA — after internal and direct audiences are addressed
7. GENERAL PUBLIC — via press coverage and/or direct social
Red flag: Any plan that contacts media before directly affected parties is legally and reputationally dangerous.
Step 6: Holding Statement Protocol
A holding statement buys time while the full response is prepared.
Non-negotiable rules:
- Acknowledge the situation WITHOUT admitting liability (consult legal)
- Signal awareness and action
- Commit to a specific update time
- Never speculate on cause, blame, or extent
Template:
"We are aware of [the situation / reports of / an incident involving] [DESCRIPTION].
[If people are affected:] Our immediate priority is [the safety / wellbeing / support] of [those affected].
We are [investigating / taking immediate action to address] this situation and will provide a further update by [TIME/DATE].
Contact: [Name, role, phone/email]"
Section 6: Sector-Specific Playbooks
6a — Food Safety / Product Recall
Regulatory framework: DGCCRF, DGAL, RASFF (Rapid Alert System for Food and Feed — EU)
Legal obligations:
- Notify DGCCRF/DGAL within 24–48h of confirmed contamination
- File RASFF alert if risk affects other EU markets
- Consumer notification: direct contact (if purchaser data available) + press release + store notices
- Lot number traceability communication mandatory
Audience sequence specific to food recall:
- Internal (R&D, Quality, Legal, CEO)
- Directly affected consumers (especially if identifiable through loyalty data)
- DGCCRF / DGAL
- Retail partners (immediate removal from shelves)
- RASFF notification (if EU cross-border)
- Media (press release + FAQ)
- Social media
Communication templates:
- In-store recall notice: [Logo] + [Lot number] + [Specific instruction: DO NOT CONSUME, return to store for refund] + [Contact line]
- Consumer email: factual, specific lot, clear instruction, no minimisation
- Press holding: acknowledge, commit to recall procedure, not liable language
6b — Data Breach (RGPD)
Regulatory framework: CNIL (Règlement 2016/679)
Legal obligations:
- Notify CNIL within 72 hours of discovery if risk to individuals (Art. 33 RGPD)
- If high risk to individuals: also notify affected persons without undue delay (Art. 34)
- Document incident regardless of notification obligation
CNIL notification requires:
- Nature of breach (confidentiality / integrity / availability)
- Categories and approximate number of individuals affected
- Likely consequences
- Measures taken or proposed
Communication tone: Technical, factual, no minimisation, no "no impact on service." If financial data exposed: assume maximum anxiety from users.
6c — Financial Services
Regulatory framework: AMF, ACPR, Banque de France
Key rules:
- All external financial communications may be subject to AMF clearance
- Client notifications must be non-discriminatory (same information to all clients simultaneously)
- Cannot communicate to press before clients on material information
6d — Leadership / Personal Conduct
Universal principle: Do not defend the individual before the investigation is complete. Do not attack the complainant.
Sequence:
- The individual steps back from duties pending investigation
- An independent investigation is announced (external counsel if serious)
- A statement acknowledges the reports and the investigation
- Updates provided as the investigation permits — not on demand
Approved first statement:
"[Individual] has [stepped back / been suspended] pending a full and independent investigation. We take all such matters extremely seriously and are committed to [the safety of our teams / our values / transparency]. We will communicate further as the process allows."
Step 7: Escalation Matrix
| Level | Definition | First responder | Approver | Notify within |
|---|---|---|---|---|
| L1 Routine | Social complaint, minor inquiry | Comms manager | Head of Comms | Same day |
| L2 Significant | Media investigation, employee issue | Head of Comms | CMO | 2 hours |
| L3 Serious | National press, regulator contact, data breach | CMO + CEO | CEO + Chair | 1 hour |
| L4 Crisis | Existential threat, major public incident | Crisis team convened | CEO + Board | Immediate |
Step 8: Post-Crisis Reputation Repair
| Phase | Timing | Objective | Actions |
|---|---|---|---|
| Stabilise | 0–2 weeks | Stop the bleeding | Close media loop, final communications |
| Demonstrate | 2–8 weeks | Show, don't tell | Public proof of remedial action |
| Rebuild | 2–6 months | Re-engage positively | Owned content, third-party endorsement |
| Reassert | 6–12 months | Reclaim the narrative | Campaign, events, media |
Output: Crisis Playbook
Save to data/1-Projets/clients/[client]/crisis-playbook.md
Structure:
- Sector Classification — relevant regulator and legal obligations
- Risk Register — scored scenario list
- Top 5 Scenario Cards — full playbooks
- Golden Hour Protocol — first-hour checklist
- Audience Sequencing — ordered priority list with sector-specific rules
- Escalation Matrix
- Message Templates — holding statements per scenario type
- Sector Playbook — from Section 6 (if applicable)
- Contact Directory — crisis team + external advisors
- Post-Crisis Protocol
Integration Points
- Receives from:
stakeholder-mapper(who to call first),message-architecture(brand voice in crisis) - Triggered by:
/comms:crisis,/comms:strategy