While crisis management frameworks exist, interpretations of what constitutes a “crisis” - and when escalation is warranted - vary significantly between organisations depending on context, culture, and discipline.
Broadly speaking, a crisis is typically an event or situation that:
Threatens strategic objectives, reputation, or stability
Exceeds normal operational capacity
Introduces uncertainty with potential to escalate
Because these elements are subjective, what one organisation considers a crisis might be a routine operational issue for another.
For example:
A small IT outage might be minor for a large tech company but a crisis for a financial services firm that relies on real-time trading.
A reputational issue may trigger a full crisis response in the public sector, while being manageable within standard communications processes for a private organisation with low media exposure.
Where the definition of a “crisis” is subjective, effective crisis management frameworks reduce ambiguity by clearly defining escalation thresholds, responsibilities, and context-specific triggers.
In most organisations, incidents are managed according to the principle of subsidiarity: issues are handled at the lowest appropriate level, escalating only when necessary.
This is a typical escalation model, just an example - explained from the bottom up to demonstrate subsidiarity.
1. IT Incident Management
Handles day-to-day operational issues and IT disruptions.
Most frequent activations; many incidents are resolved here without the need for escalation.
2. Business Continuity
Activated when a disruption impacts critical business services.
Focuses on maintaining operations through contingency measures.
3. Crisis Management
Activated for significant incidents affecting reputation, regulatory obligations, or strategic objectives.
Manages external communications, stakeholder engagement, and organisational protection.
Typically involves senior leadership.
An issue may begin as a technical incident managed by IT Incident Management. If the disruption affects critical services, Business Continuity arrangements may be invoked. If impacts escalate further - for example, customers are unable to access essential services, regulatory concerns emerge, or media attention increases - a Crisis Management response may be activated.
Importantly, escalation does not imply replacement.
The gaps between layers in the model are intentional. Each layer can be activated independently and operate autonomously. Once activated, these functions often work side by side, rather than one handing over completely to another.
Clear communication and shared situational awareness across disciplines are essential to ensure a coordinated and effective response.
Effective crisis management frameworks are characterised by:
clear escalation pathways
defined thresholds, roles, and responsibilities
coordination across operational, tactical, and strategic layers
Together, these principles support a structured yet flexible approach to managing crises - protecting people, reputation, and organisational resilience while enabling informed decision-making under pressure.