Crises present organizations with complex challenges and, possibly, opportunities with far-reaching consequences. ISO 22361:2022 provides guidance on crisis management to help organizations plan, establish, maintain, review & continually improve a strategic crisis management capability.
The Principles for Crisis Management have been clearly laid out in ISO 22361:2022:
– Governance – the need for clearly understood structures, roles, responsibilities & competence
– Strategy – Leadership, clear objectives, allocated resource
– Risk Management – an acute awareness of risk & ability to assess & respond appropriately
– Decision Making – based on sound info
– Communication – accurate, credible & timely info to interested parties
– Ethics – response should be driven by an organization’s core values and ethical expectations
– Learning – exercise, training & learning through experience
To ensure the crisis management capability has the desired outcome, the organization should provide:
– Committed Leadership
– Structures (funding, communications, relationships & linkages, equipment, facilities, info management, principles, processes & procedures)
– Supportive Culture (values, ethics, code of conduct)
– Competent Personnel (knowledge, skills and attitude, flexible thinking)
An organization’s crisis management capability will be influenced by its relationship with other interdependent areas: risk management, business continuity, infosec, physical security, safety, civil protection, incident response & emergency management.
It specifically highlights the importance of training senior management to deal with the crisis: “The strategic crisis management training provided by the organization should address the ability to improvise, innovate & should be flexible when a situation is not addressed by current plans.”
