NORWAY Law and Practice Contributed by: Elisabeth Roscher, Tine Vigmostad, Geir Sviggum and Kristin Nordland Brattli, Wikborg Rein Advokatfirma AS
crisis situations as an external crisis manage- ment specialist advising many different corpo- rations on various types of crises around the world. External counsel can often be helpful in both setting up and managing a crisis situation, depending on the need for resources and the expertise the relevant company has. The more urgent and complex the crisis situation is, the greater the need for external expertise. In addition, engaging external experts may be particularly relevant in relation to investigations and evaluations in the aftermath of a crisis – for instance, by appointing an independent com- mission. When selecting such external experts, the criteria typically include expertise and experience with the type of crisis in question – ie, expertise in data privacy in the event of a cyber-attack. An example is the appointment of an independent commission after a fire on the vessel Scandinavian Star , which culminated in a report to the Norwegian Parliament about the cause of the crisis, responsibilities, etc. 3.6 Assessing Crisis Management Success Metrics used by companies to assess the suc- cess of crisis management efforts typically include (among others): • response and recovery time; • effectiveness of communication; • financial impacts; • operational continuity; • employee and customer safety;
key stakeholders. “lessons learned” workshop would often be part of a post-crisis review.
4. Managing and Preventing Crises 4.1 Identifying a Crisis Robust monitoring systems and employee train- ing are examples of key elements for identifying a crisis – and its legal implications – faster. Some crises are identified immediately due to the nature of the breach, such as a cyber-incident blocking access. Other types of crisis situations develop over time – for instance, where the ini- tial indication is an unclear and unsubstantiated whistle-blowing report alleging potential corrupt practices, this may turn out to be part of a larger- scale corruption matter during the course of the investigation. The pace and urgency will there- fore depend on the nature of the crisis. In certain areas (for instance, data breaches or suspicions of money laundering for obliged enti- ties), clear tools and reporting lines will be set up to deal with the identification and reports of such incidents, and such tools will also be subject to authority-led inspections to check compliance. 4.2 Planning The types of frameworks and models used for crisis management would very much depend on the company and exposure to crises; see also 3.1 Crisis Management Plans and 3.2 Internal Governance on the contents of a crisis manage- ment plan. Some companies use NS-EN ISO 22361, which is an international standard for strategic cri- sis management. Certain guidelines have also been published by public authorities in Nor- way, which may be used as benchmarks for
• supply chain stability; and • feedback from stakeholders.
Continuous improvements to crisis management strategies are typically made by conducting post-crisis reviews and receiving feedback from
119 CHAMBERS.COM
Powered by FlippingBook