Tag: crisis management

How to Handle a Big Crisis at Your Event

A recent industry poll found that 77% of event planners find security and safety a growing priority for their events in 2018 – which is no surprise given the world we live in today. Terrorist attacks are now a constant threat to society and consequently, security is now a bigger deal than ever before – especially for those running events in high-target city destinations.

Knowing what to do at a time of crisis has never been more relevant.

As an event planner, you may already have your own organisation’s crisis management policies that you need to follow. The hotels and conference facilities you use will also have their own security and safety procedures that you need to carefully keep in mind.  But what about how you communicate with people at your event at the time of a crisis? Knowing who you should talk to, as well as how and when you do that communication can mean the difference between failure or success.

6 Essential Steps for Managing Communications in a Crisis

Getting crisis communications right is not an easy thing.  The ones that do it well are usually the ones who are well prepared. So if you haven’t done so already, make sure you think about it now and incorporate it as an integral part of your event management strategy. And remember, it’s important to do this for any crisis situation that has the potential to disrupt your event – from fire outbreaks and flooding to any other incident that prompts an emergency evacuation.

Have a look at six key things you can do for an effective crisis communications plan around your events:

1) Identify Your Event Audiences

You need to think about all the different types of people you deal with at and around each one of your events.  In most situations, the stakeholders will include your attendees, on-site suppliers (security personnel, technology, promotion staff, venue, catering), partners such as speakers, sponsors and exhibitors, as well as journalists and colleagues (on ground and off-site).

2) Assign Audience ‘Owners’

Once you have these stakeholder groups listed out, create your internal crisis team by assigning the relationship ‘owners’ for each of your audience groups.  You need to have these dedicated points of contact – you can’t have one person managing everything if you want to be affective in the way you manage a crisis. Each of these relationship owners should create contact lists for their audience groups, which can include mobile numbers, email addresses and social media handles.  Collate these lists from your event registration software and make sure they are regularly updated so that you have the most current information on the day of your event.

3) Decide on Communication Channels

The next thing to determine is how you should communicate with all your stakeholders – needless to say, quick, clear and frequent communication will be appreciated at a time of crisis.  It will also protect your organisation’s reputation on how well you manage the safety of your attendees. Social media (especially Twitter) is a very powerful communication tool, especially given the 24-hour information cycle we currently live in. But it’s important to remember that social media does not guarantee mass reach. According to MarketingLand, about 2 percent of your Twitter followers see your Tweets. Similarly, AdWeek has stated that Facebook organic page reach stands at a fairly shocking 2.6%. Having said that, social media is key to sharing information with media and key influencers who can help amplify your message (journalists are the largest, most active verified user group on Twitter).

Aside from social media, you also have your email databases which can be created using the stakeholders lists you put together. You may have an event app, which is also a great tool to push notifications and update attendees on what they need to do.  You can also put up notices on your event website or screens you may have up around your venue.

4) Find the Best Platform for Each Audience

Notifications via event apps, emails and social media are usually the best option with your attendees. However, not all your stakeholders may be at your event.  Some may be offline and miss the notices you’ve posted online.  So think of other options too like text messages and phone calls.  Your organisation’s management team, for example, will probably need to be updated by phone.  Communications with your on-site team may be better through group calls or messaging apps like WhatsApp.

Bear in mind that immediately after a major incident like a terrorist attack, mobile networks may be unavailable due to excessive demand. Sit down with your management team and identify the most appropriate crisis communications channels for each of your audience categories and have contingency plans for every situation.

5) Draft a Communications Plan

Once you’ve identified your audiences and have a good idea on how you’ll be reaching out to them, the next step is to put together a communications plan. It’s difficult trying to figure out what you’re going to say if you’re not sure what crisis you’ll be facing. However, the last time you want to worry about on the day is putting some sort of plan together and chasing all the necessary approvals.  Have your crisis communications plan pre-approved and ready to go.  You could have a detailed plan for each type of crisis situation or you could have a more generalised one with clear action points.

6) Prepare Crisis Scenarios

Be proactive and start making a list of potential crisis situations around your events now – whether that be a terror attack, a power outage or a fire.  Draft the key messages you want to communicate with each of your stakeholders.  Be personal, transparent and genuine and make public safety your number one priority. Explain what has happened, what actions need to be taken, what information is available and the contact details of each stakeholder ‘owner’.  Include what your organisation’s stance is on the on-going situation, as well as details on when and where they should expect another update. The more information you provide, the less chance of creating an information vacuum, which often causes unnecessary panic and false speculation.

Lastly, train your team members through life-like simulations of all the different crisis scenarios outlined in your plan. Make sure they don’t talk ‘at’ your audiences at a time of crisis without listening and responding to them first as this will undermine their trust in your organisation. Conduct these exercises annually or around each event.

Are there any other considerations we should include in this list?  Let us know as we’d love to hear your views.


Did you find this article interesting? Get weekly updates from our EventTech Talk blog and learn about the latest technology-related trends, discussions and debates shaping the meetings and events industry today.  Click here to join EventTech Talk today.

 

 

Event Spotlight: Women into Leadership Conferences

Women into LeadershipThe annual series of Women into Leadership conferences has established itself as the main go-to event for people interested in seeing more leadership opportunities for women. The 2016 events were held in London, Leeds and Edinburgh, featuring over 50 speakers and more than 1,000 attendees.

EventTech Talk spoke to Claire Walmsley, Senior Content Manager at Dods – organisers of the event – about her experience of working on Women into Leadership as well as getting some insight into what it takes to be successful in event management.

How far in advance do you usually start planning and booking guests? Do you already have dates scheduled for next year?

Women into Leadership is a year-round project that not only covers multiple venues but also numerous sessions within each one that require extensive planning and advertising. As soon as one event finishes, we will move straight onto revamping the agenda for the following year. The conference agenda is shaped by the suggestions offered from our planning group so it’s essential to get the ball rolling as soon as possible.

We already have the dates for 2017 and have added Cardiff to the list. So we’ll have four events next year, spanning across March, May, September and October. This means we have even more pressure on us to be organised and focus on every detail.

Women into Leadership Conference 2015What would you say was the biggest challenge of planning the Women into Leadership events? How do you prepare for a crisis scenario?

There are lots of very high profile speakers at these events, and they really make the events what they are. The biggest challenge is therefore getting the dates in their diaries as early as possible, and keeping them there! It’s crucial we are as flexible as possible with the agenda for as long as possible, as our senior speakers have competing commitments making their way into their diaries all the time. In terms of crisis management, we always expect some last-minute speaker cancellations so we always make sure we have people who could step in at short notice.

Has anything gone wrong at one of the Women into Leadership events that required a quick response and how was it handled? For example, issues with the venue, tech problems, etc.

Yes – when we arrived on site for Women into Leadership Leeds last month, a miscommunication in our operations team led to no AV being ordered for the event. This meant that, in a room with over 150 delegates, there was no PA system, no microphones, nothing. Luckily, we were able to work with our venue contact to get a hand-held microphone straight away, while the in-house AV team worked on getting a more substantial system (lectern, microphone, panel table microphones, etc.) up and running. By the time our first speaker took to the stage, we were all set-up and ready to go, but it was extremely tight! We almost had to go into that first session with one hand-held microphone between the chairperson, keynote speaker and audience!

How big is the team involved in the planning and execution of the conferences? Do you work on multiple events at once? What project management tools do you use to ensure everyone is up-to-date with each stage of the process?

I work on Women into Leadership year round with support from various teams around the company, including sales and marketing. I have support in terms of agenda and speaker ideas from the FDA [the union for senior public servants and professionals], our event partner, and also a wonderful planning group of civil servants who contribute lots of great ideas for content. I also have my lovely colleagues to call on in particularly busy periods and a brilliant team of Dods staff with me on the day to ensure on-site execution is top notch.

Women into Leadership Conference 2015How do you evaluate the success of your events?

The most immediate feedback comes from social media. Our delegates are really active on Twitter and we can always tell straight away how well particular speakers are going down [see @WiLeadership_UK]. We also have a more formal feedback form process, which I write up into an evaluation report and take with me to the subsequent planning meeting. This provides the basis for the next event.

How does the Eventsforce software benefit your events?

All of our delegates register via Eventsforce, so it’s an essential component of the events. We can tailor the sign-up process to our particular events and delegates always feedback that they find the system to be simple and straight forward – exactly what we need with this volume of delegates!

What do you see as the most important trend in the events industry today?

Women into Leadership Conference 2015From a Women into Leadership perspective, speaker line-ups are definitely becoming more diverse and event managers are very aware that they are being judged on the diversity of their speakers – it’s very important. Gone are the days when an all-male panel was acceptable – our audience want to hear from a diverse range of people, which reflects the society we live in!

Which mobile app or social media platform couldn’t you live without?

Twitter!

Is there any advice that you would give to someone considering a career in event management?

Know your industry. Delegates are attracted to events which show a deep understanding and passion for the topic area. Get on Twitter and sign-up to news bulletins, follow all the relevant organisations/groups/individuals who regularly comment on your industry and keep up-to-date. Knowledge is power, and this could not be more true than when working in events – your agendas really need to reflect the most up-to-date policies and ideas to stand out from the crowd.

Click to get in touchDo you have any anecdotes about any of the events? Or is there a special power you sometimes wish you had when planning/managing them?

I often think about Bernard’s Watch (anyone who grew up with kids’ TV in the 90s will understand the reference!) and how totally amazing it would be to have one of my own at these events. It’s basically a pocket watch which, when you press it, stops time for everyone but you. At the London event, there are six breakout sessions running at the same time and I am running all across the venue just to pop my head into a room and check all the speakers are there and the session is ready to start. I really do need to be in six places at once during these times of the day. If only I had Bernard’s Watch, I could actually do it!

Images © Women into Leadership

 

20 Reasons You Should Be Planning Events as a Team

20 Reasons You Should Be Planning Events as a TeamWhile many event planners work independently, and with great success, it’s important to understand the value of a well-formed functional team. Big event planning projects are often done in teams because this is the most efficient, stress-free and collaborative way of working. A team member should be empowered, trusted and respected enough to work on their own under a common goal and then brought together to bask in the mutual success of the team.

Team work is not only beneficial to individuals (if you can’t learn something from someone, you aren’t looking hard enough!). But by adding more staff to your team – all working independently – you will also grow your business.

Here are 20 reasons why it’s good to work as a team in the world of events:

  1. Helps Problem Solving

Team work promotes innovation and ideas sharing. A problem shared is a problem halved, or so the saying goes.  Using the problem solving abilities of a small team doesn’t just resolve issues faster but can also lead to avoiding them again in the future.

  1. Encourages Initiative

Taking initiative is a key ingredient for solving problems, dealing with change, and providing customers with service that far exceeds expectations. With the encouragement of a proactive leader, encouraging initiative can make for a healthy team as it’s essentially assuming risk for a possible failure. The only alternative to putting yourself out there when things go wrong is doing nothing at all and who wants a colleague who does that?

  1. Reduces Stress

Being able to delegate work when your to-do list is longer than your arm will reduce a lot of pressure on event planners. When there are tight – and often competing – deadlines to hit, stress levels can be greatly elevated but being able to share the responsibility can be a load off the shoulders.


Did you know that your event’s team members can be one of your greatest weaknesses when it comes to data security and the chances of breach?  Find out how you can prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


  1. More Self-Awareness

Self-awareness is being conscious of what you’re good at while acknowledging what you still have yet to learn. By working in a team you are constantly learning from others and being aware of any gaps in the knowledge or skills you already have. Self-awareness of your strengths and weaknesses can net you the trust of others and increase your credibility.

  1. Team work promotes learningPromotes Learning

As much as you’d like to, you don’t know everything about everything. Event planning involves combining the differing goals of several departments as well as the requirements of the delegates which can all be incredibly complex. You are not an expert in every department so learning from those who are is vital.

  1. Work to Your Own Schedule

Few people are both a night owl and an early bird. Event planning can require both attributes whether it’s getting up early for an office meeting or staying late to finalise details the night before your big event. Working in a team allows people to play to their strengths as you never know when the tyre will bust on your event. Knowing someone is there will bring comfort to individuals – as a team, your event planning can still be progressing even while you’re taking a well-earned nap. An empowered team can function just as flexibly as an individual doing it alone.

  1. Meet Shorter Deadlines

If you have to put an event together at extremely short notice, then you need a team behind you for support. Working with a few trustworthy, reliable and resourceful individuals with broad expert knowledge – not simply skills enlargement but skills enrichment – can mean quick turnaround on decisions, rapid problem solving and being able to meet shorter targets or deadlines by delegating and saving time.

  1. Team work allows you to work from anywhereWork from Anywhere

Most companies now accept remote working so why should event profs be any different? Everyone has access to WiFi so you don’t need to be in the same room as your team. One member could be checking the venue capabilities, while another is at the office of a potential guest speaker. And this doesn’t prevent you from being in contact with your team. Location isn’t a great priority and things don’t need to be communicated in person as having to attend overly-frequent catch-up meetings can be counter-productive to the workflow of the team. Productivity apps such as Trello, Jira and Asana which are designed to empower team collaboration have solved these problems. They also improve efficiency and project management, so who needs to be in the same room at the same time every day?

  1. Great for Introverts

Introvert abilities such as engaged listening and deep rumination are useful skills to have particularly in event planning and management. It’s good to encourage introverts to be involved in your team – they tend to communicate using concrete facts, which, when expressed correctly, might help lend objectivity to emotional or tense situations. By encouraging a flexible working environment, you can reduce anxiety levels and bring in new ideas because they will be able to work on their own but will still be in constant contact with the rest of the team.

  1. Avoids Arguments

By encouraging problem solving and collaboration, working in a team can avoid arguments that may arise along the way. The array of different personalities, planning styles and opinions that a team can bring shouldn’t be navigated with caution but embraced – the trick is to challenge the idea, not the person. A respectful robust challenge to an idea from a passionate colleague is highly preferably to the end game of the business than the isolated view of a megalomaniac. No-one wants to be the person who does the same stuff they are familiar with as they didn’t have the self-worth to reach out for a different view for fear of a disagreement. Even a two-year-old can play as part of a group; professional event planners can too or ask themselves why not.

  1. Makes Your Event Unique

By combining the knowledge and expertise of several members of a team will ensure that each event is unique but it also defines your company. Not everyone shares the same passions and tastes so it’s important to consider what others might require from your event rather than just relying on your own likes and dislikes. By working in a team you can create a brand with themes and ideas that represent your diversity and cooperation which translates into future events and builds a strong event identity.

  1. Boosts Productivity

Working in a small team can promote day-to-day productivity by playing to strengths and abilities. Everyone has their own area of expertise so they will be able to work independently, with fewer distractions and reduced stress as they will be in their familiar environment. As long as you keep communication active and up-to-date, then organisation shouldn’t be an issue when planning an event.

  1. Great for Fixing Mistakes

The difference between outstanding world class companies and average performers is how well they react to problems when they arise. And, more importantly, how well these problems are dealt with and how quickly. The more eyes you have working on a project, the more likely it is to spot these problems in a timely manner and fix them with minimal confusion.

  1. Pulling in the same directionTakes The Pressure Off

Knowing that a colleague has your back – as you have theirs – brings comfort in itself. Having someone else understand what you are going through – even if they can’t directly help, but are simply with you – can lead to very unusual, lasting friendships. Although people have different ways of working – some like to get things out of the way as quickly as possible while other take time to mull things over – an individual’s approach to a task is secondary to the task itself. Working in a team might mean you’re working at a pace that is unnatural for you.  But with an empowered team sharing transparent goals to defined deadlines, all pulling in the same direction, individuals can work within their remit at a time, pace and location that best suits them. This can be a tough adjustment for a new team player but the reality is, the method an individual takes is largely irrelevant. As long as it’s respectful, ethical and can be made transparent, focus on the output and celebrate diverse personalities and ways of working. Different is OK, it’s 2016!

  1. Boosts Career Prospects

Showing that you can work as part of a team is vital to most employers. While showing you can do a lot yourself may make things more cost-effective, being stressed and struggling to hit deadlines is not going to save money in the long run. Working as a team broadens your range of skills from deepening your understanding of a particular subject area via practical activities to developing interpersonal, leadership and motivational skills. You will be more aware of strengths and weaknesses that will be invaluable when looking to further your career. Working in a team also gives employees a greater sense of belonging and of recognition, which helps them take more pride in their work, and their company.

  1. Fewer Restrictions

Working in a team provides fewer restrictions rather than being limited by your individual skills, knowledge and time. A team gives you access to an enriched source of knowledge, skills, experience, laughter and, of course, the odd celebratory pint. Working alone, you only have yourself to blame if things don’t go quite right. This keeps things on your shoulders rather than being supported, advised and coached by others around you.

  1. Team successFull Credit

It’s great to collaborate. Period. Sometimes credit may not always be fairly distributed, but team players focus on achieving the end goal and being rewarded rather than elbowing others for individual recognition. Working on your own can highlight your great work but it would also highlight the mistakes you make. It may also indicate insecurity in asking others for help.

  1. Fewer Misunderstandings

You may have all the information. You may be able to make informed decisions and choices yourself with all of the knowledge to hand.  However, if you can’t convince your team to try something new around your event, are you likely to succeed in convincing a skeptical delegate? There might be an inclination to follow your gut decisions when working alone but remember: there was once an executive at Decca Records who had a gut decision to reject The Beatles when he first heard them.

  1. Stronger Bond with your Client

Working alone means that all communication has to come through you – this includes having to build a close bond with the client and, essentially, being at their beck and call. While you’re trying to juggle every aspect of planning and management, you might also be trying to deal with emails every 10 minutes asking for constant updates, changes to minute details or any other manner of insignificant contact that will distract you from the really important stuff. And what about the other events you may be working on? What about other clients who wish to talk to you today? Clients rarely arrange their annual calendar conveniently around the diary of their favourite loner event planner.

  1. Challenge Yourself

Working alongside colleagues doesn’t mean sitting back and allowing people to take the lead on certain tasks on occasions. Team players spot learning opportunities from experienced colleagues and pay attention without risking the event. The challenge is about playing to strengths, understanding your own abilities and learning from others. Working on your own can make you blinkered and dated, but pushing yourself in a team environment is the real challenge with the best individual and collective outcome.

Click to get in touchIn Conclusion

The event industry is made up of many freelancers and individuals with experience in niche areas and those who create “event magic” as part of a well-rounded, agile, fast-paced team. Modern day, dynamic events are complex machines that require a multitude of cogs all working together to get a result. One wheel falling off is unacceptable but if you trust them, then there’s always a solution if you appreciate the value of a well-formed functional team.

 

Why Events Need a Crisis Communications Plan

Terror attacks are now a constant threat to society and consequently, security has become top of agenda for many businesses – especially for those organisations involved in running events in big city destinations.  Knowing what to do at a time of crisis has never been more relevant.

As an event planner, you may already have your organisation’s own crisis management policy that you and your team have to follow. The hotels and conference facilities you use for your events will also have their own health and safety procedures that need to be adhered to.  What is equally important, however, is a carefully prepared crisis communications plan around your events.  Knowing whom you communicate with in a crisis, as well as how and when you do that communication can mean the difference between failure or success. And this doesn’t just apply to a terrorist incident, but to any crisis situation that has the potential to disrupt an event – from fire outbreaks and flooding to any other kind of emergency evacuation.

Getting crisis communications right is not an easy thing.  There are countless stories of how organisations got it wrong – from the BP oil spill in the US to the United Airlines passenger scandal earlier this year.  The ones that have done it well are usually the ones who were well prepared. So don’t leave it to chance and don’t underestimate the consequences. Think about it now and have it as an integral part of your overall event management strategy.

Have a look at these five fundamental steps for an effective crisis communications plan around your events:

1) Find Out Who Are Your Key Audiences

GlobeThe first step is to think about all the different types of people you deal with at and around each of your events.  In most situations, the stakeholders will include your attendees, on-site suppliers (security personnel, technology, staff, venue, catering), partners such as speakers, sponsors and exhibitors, as well as journalists and colleagues (on ground and off-site).

2) Identify Audience ‘Owners’

Once you have these stakeholder groups listed out, create your internal crisis team by assigning the relationship ‘owners’ for each of your audience groups.  You need to have these dedicated points of contact – you can’t have one person managing everything if you want to be affective with your communications. Each of these relationship owners should create contact lists for their audience groups, which can include mobile numbers, email addresses and social media handles.  Collate these lists from your event management systems and make sure they are regularly updated so that you have the most current information on the day of your event.

3) Identify Your Different Communications Platforms

calcThe next thing is to determine how you will need to communicate with all your stakeholders. Quick, clear and frequent communication will be appreciated at a time of crisis.  It will also protect your organisation’s reputation on how well you manage the safety of your attendees. Social (especially Twitter) are very powerful communication tools, especially given the 24-hour information cycle we currently live in. However, it is important to note that social media does not guarantee mass reach. According to MarketingLand, about 2 percent of your Twitter followers see your Tweets. Similarly, AdWeek has stated that Facebook organic page reach stands at a fairly shocking 2.6%. Having said that, social media is key to providing information and access to media and key influencers who help amplify your message. In fact, journalists are the largest, most active verified user group on Twitter.

Aside from social media, you also have your email databases which can be created using the stakeholders lists you put together. You may have an event app, which is also a great tool to push notifications and update attendees on what they need to do.  You can also put up notices on your event website or screens you may have up around your venue.

4) Find the Best Platform for Each Audience

Notifications via event apps, emails and social media are usually the best option with your attendees. However, not all your stakeholders may be at your event.  Some may be offline and miss the notices you’ve posted online.  So think of other options too like text messages and phone calls. The management team of your organisation, for example, will probably need to be updated by phone.  Communications between your on-site team members may be better through group calls or messaging on mobile apps like WhatsApp or your own company app. Bear in mind that immediately after a major incident like a terrorist attack, mobile networks may be unavailable due to excessive demand. Sit down with your management team and identify the most appropriate crisis communications channels for each of your audience categories and have contingency plans for every situation.

5) Put Together a Communications Plan

Untitled design (32)Once you’ve identified your audiences and have a good idea on how you’ll be reaching out to them, the next step is to put together a communications plan. It’s difficult trying to figure out what you’re going to say if you’re not sure what crisis you’ll be facing. However, the last time you want to worry about on the day is putting some sort of plan together and chasing all the necessary approvals.  Have your crisis communications plan pre-approved and ready to go.  You could have a detailed plan for each type of crisis situation or you could have a more generalised one with clear action points.

Make a list of potential crisis situations – whether that be a terror attack or a power outage – and draft the key messages you want to communicate with each of your stakeholders.  Be personal, transparent and genuine and make public safety your number one priority. Explain what has happened, what actions need to be taken, what information is available and the contact details of each stakeholder ‘owner’.  Include what your organisation’s stance is on the on-going situation, as well as details on when and where they should expect another update. The more information you provide, the less chance of creating an information vacuum, which often causes unnecessary panic and false speculation.

Click to get in touchLastly, train your team members through life-like simulations of all the different crisis scenarios outlined in your plan. Make sure they don’t talk ‘at’ your audiences at a time of crisis without listening and responding to them first as this will undermine their trust in your organisation. Conduct these exercises annually or around each event.

Are there any other steps you’d like to add to the list?  We’d be happy to publish your views!  

Source:
Raconteur: Terrorist attacks are a constant threat for the events sector
Crisis Management Strategist: 3 Steps to Successful Crisis Communications
Meetings PR: Reactive or Proactive? 7 Factors for Effective Communication for International Meetings
Cision: 6 Social Media ‘Musts’ for Crisis Communications

Delegate Card Payments & Security Compliance: Questions Answered

PCI COmplianceEnter registration details, make your payment and click submit.  It’s the kind of information most event websites ask for. But when your delegate makes a payment, how do we make sure their card details are kept safe? If your organisation is involved in storing, processing or transmitting any delegate cardholder data – manually or electronically – you need to comply with the Payment Card Industry Data Security Standard (PCI DSS).  And that means meeting tough standards that maximise your delegate’s payment card security – or face the prospect of fines.

Unfortunately, many organisations don’t bother thinking about PCI compliance until they are due to be audited, which at best, leaves them playing catch-up or at worst, means they fail because they haven’t met the requirements. A recent report by Verizon – which assessed more than 5,000 organisations across 30 countries – found that nearly 80% of all businesses failed their interim PCI compliance assessment. More importantly, lack of compliance was linked to data breaches: Of all the data breaches studied, not a single company was found to be fully PCI DSS-compliant at the time of breach. The study also found 69% of all consumers were less inclined to do business with a breached organisation1. So the stakes of non-compliance are pretty high.

Last month, Eventsforce conducted its own survey with senior event planners in the UK and the US to assess their understanding of delegate payments and PCI-DSS requirements. The results were quite surprising.  Nearly half of those surveyed didn’t know if they were PCI DSS compliant, with 84% not being able to identify compliance requirements and a further 73% unaware of the fines for non-compliance.

So what exactly is PCI-DSS and what do event planners need to know about it? Below are six of the most common questions we come across when discussing issues around delegate payments and data security.

What is PCI-DSS compliance?

If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard.  PCI DSS is an information security standard for any organisation handling credit card transactions from the major card schemes, including Visa, MasterCard, American Express, Discover and JCB.  The standard was created to increase controls around cardholder data to reduce credit card fraud. It has three basic components which include analysing IT systems for vulnerabilities; patching weaknesses and deleting unnecessarily stored data; and submitting compliance records to banks and card companies (a detailed description of all 12 requirements can be found here).

In the case of events, compliance would mean ensuring that no delegate payment card data is stored unless it is necessary to meet the needs of your event or business. This applies to all types of transactions – electronic (card payments through event website) or manual (card payments over the phone or on-site). If it is absolutely necessary for you to store this information, then you need to know what you can and can’t do. Sensitive data from the magnetic strip or chip, for example, may never be stored but other information such as card numbers (PAN), expiration dates, service codes or cardholder names may be stored if the correct encryption procedures have taken place to ensure data safety (more on this further down).

Isn’t This the Responsibility for My IT/Legal/Finance Department?

 Setting policies and procedures around compliance usually is the responsibility of these departments but adherence to these policies is a shared responsibility across any department dealing with delegate card payments – including the events team. In the case of any fraudulent activity involving the payment card of one of your delegates, a bank can easily trace it back to a PCI-related breach to your organisation and hold you responsible. There are considerable fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds. Many non-compliant organisations have stopped trading because the fines could not be accommodated.

Do I Have to be PCI-DSS Compliant?

PCI-DSS compliance does not just apply to the storage of payment card data but also to the handling of data while it is processed or transmitted over networks or phone lines. While not storing credit card data does eliminate some compliance requirements, the majority of the controls dictated by the DSS remain in effect.

ID-100354956One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. This makes it possible for delegates to interact with the gateway software directly so that card information never hits your own servers. However, make sure you understand how these payment gateways interface with your event management/registration systems. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first.

Read more: Top 5 Things to Think About When Dealing with APIs

Do I Still Need to Consider it if my Payment Gateway is Compliant?

Yes, if you take delegate/attendee payments offline or over the phone. In our event data security survey, 49% of event planners said they take credit/debit card details from their attendees over the phone. This doesn’t help with PCI compliance unless the information is directly entered into the payment gateway system. Even then, are the card details written down somewhere first?  If so, do you dispose of the paper?  How is the paper disposed and when?  Do you email these details to anyone? These are all very important questions you and everyone else on your team need to be very aware of at all times. So make sure you have the correct policies in place and that your staff are trained to follow all necessary procedures that ensure compliance.

What if I do Need to Store Card Details for Some of my Events?

Our survey found that 11% of event planners ask their attendees to fill in card details within registration forms as a form of deposit on possible extras like transport, hotel rooms, dinners, and so on. Some payment gateways like Stripe have a good way of managing this without making your organisation subject to PCI-DSS regulations.  At a minimum, PCI DSS requires card numbers (PAN) to be unreadable anywhere they are stored (the first six and last four digits are the maximum number of digits that may be displayed).  However, as a general rule, it is not advisable to use registration forms to capture credit card details as it does increase the risk of breach.

What Are the Main Data Security Guidelines for PCI-DSS Compliance?

If you do have a legitimate business reason to store your delegate’s payment card data, it is important to understand what data elements PCI-DSS allows them to store and what measures they must take to protect that data. Below are some basic do’s and don’ts for data storage security:

Data Do’s:

  • DO understand where delegate card data flows for the entire payment transaction process – from initial registration until the completion of the event.
  • DO verify that your payment applications (including third-party applications like PayPal) are PCI-DSS compliant. Have clear access and password protection policies and remember, it is your responsibility that compliance is not just met but continuously maintained. Security exploits are non-stop and get stronger every day, which is why compliance efforts should be a continuous process.
  • DO retain cardholder data only if authorised and ensure it is protected
  • DO use strong cryptography to render unreadable cardholder data that you store, and use other security technologies to minimise the risk of exploits of criminals

Data Don’ts

  • DO NOT store cardholder data unless it’s absolutely necessary – delete all data as soon as you know that you no longer need it. Never print or email this information.
  • DO NOT store the 3-digit card validation code on the back of the payment card on paper or any digital format.
  • DO NOT store any payment card data in unprotected devices such as PCs, laptops or smart phones
  • DO NOT permit any unauthorised people to access stored cardholder data

Summary

Understanding and implementing all the requirements of PCI-DSS can seem daunting, especially for those without security or large IT departments.  However, PCI DSS mostly calls for good, basic security.  Even if you don’t have to be PCI-DSS compliant, the best practices we mentioned above are steps that any organisation running events would want to take anyway to protect sensitive delegate data.

Click to get in touch

For further advice and guidance on event card payment security, please contact our friendly team on 0207 785 6997 or fill in our enquiry form here.

1 80 Percent of Businesses Fail Interim PCI Compliance Assessment

Crisis Management: Useful Tips For Event Planners

contingencyIt’s the biggest day in your calendar and t he venue suffers a power cut; it snows; the trains are delayed and there’s a pile-up on the motorway. Your morning speakers don’t show up and half of your delegates can’t get through. Your wonderful, perfectly planned event is a disaster before it even starts… You wake up in a cold sweat: it was just that same nightmare that every event organiser has before a big event.

The events sector is reckoned to be worth some £11bn to the UK economy, making effective crisis management an integral part of any event. A crisis plan can cover everything from what to do when a speaker doesn’t show up, or a microphone cuts out, to a gas leak or fire evacuation.

Of course you need to have a basic emergency plan in place as standard but the more detailed and effective this is the more your business is protected. So what should go into a good crisis plan?

A clear chain of communication

Developing an effective crisis management plan is essential to ensuring everyone from delegates and speakers to venue support staff know exactly what to do in an emergency and are fully briefed on alternative arrangements or evacuation procedures. Whether it is a small workshop or a large annual conference, even the smallest disruption can impact the day and if not dealt with properly, can quickly escalate. Rumours can quickly spread amongst delegates that an event may be cancelled when the start has only been delayed, so you need a clear and confident process of delivering critical information right up to the moment everyone arrives.

Time-critical responses

Whilst the UK is thankfully spared the likes of tornadoes and earthquakes, overnight heavy snowfall in winter and broken air conditioning in summer can still threaten to cancel events at very short notice. Great communication through email, SMS, Twitter etc. is critical to quickly update delegates as events unfold. A time-critical plan covering responses from the first hour onwards ensures delegates and sponsors are kept in the loop with clear, concise reports. Whether it’s a faulty fire alarm or a bomb threat, frequent and clear communication will be appreciated and protects reputations. Social media can easily be leveraged to help with this.

Media response package

Communicating your plan to the media and keeping them updated is also critical. If you have invited journalists or photographers to the event, keep them informed. Do not treat them like second-class citizens just because they haven’t paid to be there. Keep them in the loop as much as anyone else and be helpful. This will help in deflecting any negative focus away from the event.

Event insurance

Proper insurance cover can mitigate some of the risk but reputations are not so easily recovered and are far more precious, and harder to mend. According to Hiscox some 45% of event organisers do not carry specific insurance although 40% have been forced to cancel events. Usually venues expect a public liability limit of indemnity of a minimum of £2m in any one occurrence, so make sure your insurance covers all of your needs.

Contingency plans and simulation

Stopping a small setback from becoming more serious is a critical component of crisis planning. Every time an event experiences difficulties, if a delegate is taken sick or a fire alarm disrupts the day etc. event planners need to add to their individual contingency plans and venue inspection checklists. Crisis simulation can range from running through likely and dramatic scenarios to actually training client employees before the event on how to handle everything from a heart attack to a gun threat.

tin canGreat planning mitigates against a damaged reputation, not only to the event itself but to the venue, the host, your business, the event’s sponsors, local partners and even subcontractors. Take the time to create a great crisis management plan and filter it down to everyone involved.

Click to get in touchIf you want to find out more, or learn more about how Eventsforce can help solve your event headaches please call us on 020 7785 7040 or contact one of the team.

Image source:

http://www.york.ac.uk/communications/internal/

http://crenshawcomm.com/pr-disaster-averted-7-cases-of-good-crisis-management/#.VMoSRWisWmx