A communication plan is a formal document that describes how information will be shared between the organization and its stakeholders, both internal and external.
The stated aim of such a plan is to anticipate the actions to be taken in given circumstances. For example, in the event of a security incident, when is an announcement made on Twitter? Do we change our home page? etc.
Having such a document greatly improves reaction speed and removes the need to cross-validate it when a crisis arises.
Example of a communication plan
This plan should identify the stakeholders, the type of communication required (e.g. written, oral or electronic), when the communication will take place and how it will be delivered.
A well-written communication plan ensures that all stakeholders receive accurate and timely information from the organization. The plan defines the roles of the organization’s people in terms of communication.
Step 1 – Identify stakeholders.
Stakeholders are individuals or groups who have an interest in, or are affected by, the organization’s activities. They may include employees, customers, suppliers, shareholders, government agencies and members of the community.
Step 2 – Recommended communication tools
This stage consists in determining the way or means used for effective communication.
For example, communication can be written, oral or electronic. Written communication includes memos, letters, reports and e-mails. Oral communication includes face-to-face conversations, telephone calls and videoconferences. Electronic communication includes text messages, social media posts and websites.
Step 3. Determine the frequency of communications.
This step involves determining *when *communication will take place and how often. Communications must be planned and broadcast at regular intervals.
For example, a monthly newsletter could be sent to employees by e-mail. A weekly meeting with key stakeholders could be organized to discuss upcoming changes or challenges facing the organization. In the case of an information security incident, a paper communication could be sent to affected customers, with the steps they should follow.
Step 4 – Who will the communication come from?
The fourth step is to decide who will distribute the communication.
This includes deciding who will deliver the message and determining the format of the communication. For example, the CEO may send a memo to all employees. If necessary, a presentation can be made to shareholders at the next annual meeting.
Step 5 – Do we have a prefabricated message?
Do we have a known and planned communication model, e-mail or alert system in case we need to communicate?
This will ensure that all the necessary information is included in every communication. The template can be customized to a specific format or circumstance, and should be reviewed and updated regularly.
By following these five steps, organizations can develop an effective communications plan that will keep stakeholders informed and engaged.
I invite you to click on “Follow” to continue learning more about the field of information security.