Resilient. Rapid. Responsible.
1. Purpose
To establish a robust, structured, and proactive Crisis Management System that enables the organization to respond swiftly, protect people and assets, minimize operational disruption, and maintain regulatory compliance during emergencies or unexpected critical events.
This SOP ensures preparedness, rapid decision-making, transparent communication, and effective recovery — safeguarding business continuity and organizational reputation.
2. Scope
This SOP applies to all departments, employees, contractors, and stakeholders across the organization and covers all potential crises, including but not limited to:
- Operational failures
- Regulatory non-compliance events
- Product quality incidents
- Data breaches and cybersecurity threats
- Natural disasters and fire
- Workplace accidents
- Public relations emergencies
- Supply chain disruptions
3. Definition of Crisis
A crisis is any unexpected event that:
- Threatens employee safety
- Impacts product quality or patient safety
- Disrupts business continuity
- Risks regulatory non-compliance
- Damages organizational reputation
4. Crisis Management Principles
- Safety First – Protect human life above all else
- Transparency – Communicate clearly and honestly
- Accountability – Assign defined leadership roles
- Compliance – Meet all regulatory obligations
- Speed with Control – Act quickly, but responsibly
- Continuous Improvement – Learn from every event
5. Crisis Management Structure
5.1 Crisis Management Team (CMT)
A dedicated Crisis Management Team (CMT) shall be established comprising:
- Senior Management Representative (Crisis Leader)
- Quality Head
- Operations Head
- HR Representative
- IT Head (if applicable)
- EHS Representative
- Legal & Regulatory Affairs Representative
- Communications/PR Lead
The CMT must have clear authority to make urgent operational and strategic decisions.
6. Crisis Classification
| Level | Description | Example |
|---|---|---|
| Level 1 – Minor | Localized, manageable impact | Temporary equipment failure |
| Level 2 – Major | Multi-department impact | Significant product deviation |
| Level 3 – Critical | Severe safety, regulatory, or reputation impact | Product recall, fire, data breach |
7. Crisis Response Procedure
7.1 Immediate Actions
- Ensure employee safety and medical support.
- Contain the situation to prevent escalation.
- Inform Department Head and Quality immediately.
- Escalate to CMT for Level 2 & 3 crises.
7.2 Crisis Activation
- CMT convenes immediately (physical/virtual).
- Assign Crisis Incident Number.
- Establish Command Center (if required).
- Activate Business Continuity Plan (BCP) if applicable.
7.3 Communication Protocol
Internal Communication
- Inform employees through official channels.
- Provide clear instructions and safety guidance.
External Communication
- Regulatory authorities (if required)
- Clients and partners
- Media (only via authorized spokesperson)
- Vendors and supply chain partners
No employee shall communicate externally without authorization.
7.4 Investigation & Documentation
- Conduct Root Cause Analysis (RCA).
- Document events chronologically.
- Record decisions taken by CMT.
- Maintain evidence integrity.
All crisis documentation shall be securely archived.
7.5 Corrective & Preventive Actions (CAPA)
- Identify immediate corrective actions.
- Develop preventive measures.
- Assign responsibilities with timelines.
- Monitor effectiveness.
7.6 Recovery & Restoration
- Gradually resume normal operations.
- Verify system integrity before restart.
- Obtain Quality approval (if applicable).
- Inform stakeholders about recovery status.
8. Training & Preparedness
- Annual crisis management training for key personnel.
- Mock drills and simulation exercises.
- Periodic review of crisis scenarios.
- Contact list updates every 6 months.
9. Documentation & Record Retention
Maintain records of:
- Crisis reports
- Meeting minutes
- Communication logs
- RCA reports
- CAPA records
Records must comply with document retention policies.
10. Review & Continuous Improvement
- Post-crisis review meeting within 7 days of closure.
- Performance evaluation of response effectiveness.
- SOP revision if required.
- Leadership review of major crises.
❓ Crisis Management SOP – Frequently Asked Questions (FAQ)
1. What is considered a crisis in an organization?
A crisis is any unexpected event that threatens employee safety, product quality, regulatory compliance, business continuity, data security, or the organization’s reputation.
2. Who has the authority to declare a crisis?
A crisis may be declared by Senior Management, the Department Head, Quality Head, or any designated authority based on risk severity and impact assessment.
3. What is the role of the Crisis Management Team (CMT)?
The CMT leads the response by assessing risk, making urgent decisions, coordinating communication, ensuring compliance, and overseeing recovery and corrective actions.
4. How are crises classified?
Crises are typically classified into three levels:
- Level 1 (Minor): Limited impact, manageable locally
- Level 2 (Major): Multi-department impact
- Level 3 (Critical): Severe safety, regulatory, financial, or reputational risk
5. What is the first priority during a crisis?
Employee and public safety is always the highest priority, followed by containment, compliance, and operational stabilization.
6. Who can communicate with regulatory authorities or media?
Only the officially authorized spokesperson or designated leadership may communicate externally. Unauthorized communication is strictly prohibited.
7. Is documentation required during a crisis?
Yes. All actions, decisions, communications, and timelines must be documented to ensure traceability, compliance, and accountability.
8. When should regulatory authorities be notified?
Regulatory notification must be initiated immediately if the crisis impacts product quality, patient safety, data integrity, or statutory compliance.
9. What happens after the crisis is controlled?
A formal Root Cause Analysis (RCA) is conducted, followed by Corrective and Preventive Actions (CAPA), effectiveness checks, and a post-crisis review.
10. How often should crisis management training be conducted?
Training and mock drills should be conducted at least annually or as per risk assessment and regulatory requirements.
11. What is the purpose of a post-crisis review?
To evaluate response effectiveness, identify gaps, strengthen preventive systems, and update the SOP if necessary.
12. How does crisis management support business continuity?
By ensuring structured response, rapid containment, regulatory compliance, stakeholder communication, and controlled recovery — minimizing long-term impact.
For more articles, Kindly Click here
For pharmaceutical jobs, follow us on LinkedIn
For Editable SOPs in Word format contact us on info@pharmaceuticalcarrier.com
For more information kindly follow us on www.pharmaguidelines.co.uk
