For those planning training sessions or candidates intending to take an online exam during this period, we will be offering online exam sessions on December 27 and 29, as well as January 5, 2024. You can check the link to online exam events here.
  2. / Resources
  3. / Articles

ISO’s Upcoming Standard for Crisis Management

Governance, Risk, and Compliance 2022-01-21

From the constant change of the business environment to the rapid advancement of technology, the likelihood that an organization will deal with a crisis at some point is very high. Organizations that intend to survive for a long time, should have the necessary capabilities to prevent, respond, and recover from a crisis. However, overcoming a crisis requires preparation, strategic thinking, and building capabilities. The cultivation of these three aspects is the aim of ISO 22361 Security and resilience – Crisis management – Guidelines.

What is the purpose of ISO 22361? 

As stated in the scope, ISO 22361 provides “guidance on crisis management to help organizations plan, establish, maintain, review and continually improve a strategic crisis management capability.” In other words, the standard aims to ensure that when a crisis comes, which at some point is very likely to do, the organization has mechanisms in place to overcome it.

The standard defines crisis as the “abnormal or extraordinary event or situation that threatens an organization or community and requires a strategic, adaptive, and timely response in order to preserve its viability and integrity.” The degree of damage that organizations might encounter after a crisis occurs depends on the nature and complexity of issues resulting from it. 

To achieve this, ISO 22361 provides guidance that can increase the resiliency of the organization, channels appropriate commitment from those at the top of the organization, facilitates decision-making (especially during a crisis), highlights the importance of crisis communication, and cultivates preparedness through training, validation, and learning. These guidelines can be used by all organizations, regardless of their type, size, or complexity. 

The standard emphasizes specific principles and practices that organizations should administer to ensure strategic crisis management capabilities. To increase these capabilities, the standard recommends that organizations provide: 

  • Committed leadership 
  • Structures (e.g., funding, equipment, information management, etc.)
  • Supportive culture 
  • Competent personnel 

Moreover, it highlights the importance of taking into consideration other disciplines of organizations, such as risk management, business continuity, information security, or emergency management. Giving importance to an efficient interrelation between these areas and crisis management capability, the standard intends to provide organizations with the advantage of implementing different phases of managing a crisis and prepare them for any outcome that may jeopardize their work processes.

The structure of the document includes 9 clauses: including scope (clause 1), normative references (clause 2), and terms and definitions (clause 3). In addition, the document describes the context, core concepts, and principles of crisis management (clause 4), the framework and process of building a crisis management capability (clause 5), crisis leadership (clause 6), strategic crisis decision-making (clause 7), crisis communication (clause 8), and training, validation, and learning (clause 9). 

What is the use of the standard?

The guidelines of the standard are primarily dedicated to the top management, but also to those governed by the management, whose responsibility is to implement within the organization a plan and structure for crisis management, and to maintain and assure the relevant procedures related to the crisis management capability. 

The new standard can also be used as a framework to identify the nature, characteristics, and origins of a potential crisis, with the intent to prepare organizations to establish stages of the response and recovery from a crisis.

In addition, organizations facing significant risk of crisis can use the standard’s recommendations to identify the potential challenges that may result from a crisis and to employ the appropriate decision-making that would mitigate or eliminate such issues.

Being prepared for a crisis increases the safety of the personnel, clients, and the public at large. ISO 22361 can also help organizations comply with legal and regulatory requirements, specifically organizations operating in sectors where being prepared for a crisis is mandated by laws and regulations.

By providing principles for crisis communication, the standard provides strategic practices to adopt pre-crisis preparation, manage relationships and reputation, set principles and strategies for effective communication, and reduce barriers which might have a negative impact on these activities. 

Finally, the standard could also be used as a framework for the development of personnel competence by establishing training, validation and learning procedures. As such, it will help an organization establish a solid foundation which will be able to handle any sort of future crisis that might occur within the business operations. 

Note

This article has been updated after the publication of the standard.

About the Author

Florijeta Hulaj is a Junior Course Development Manager at PECB. She is in charge of designing and developing educational content as well as writing articles.


SUBSCRIBE TO OUR NEWSLETTER

Subscribe
Help Center

Training & Certification

Resources

Network

Examination

Certification

Company

Terms, Conditions, and Policies | Privacy Statement | Cookie Preferences

© 2024 Professional Evaluation and Certification Board. All rights reserved.

Scroll to Top