ISO 22361 Certification | Crisis Management Systems
ISO 22361
In today’s unpredictable business world, effective crisis management is essential. Organizations that fail to prepare risk operational disruption, reputational damage, and loss of stakeholder trust. ISO 22361:2022 provides a globally recognized framework to help businesses develop a robust crisis management system based on seven core principles, ensuring timely response and protection of operations, reputation, and stakeholders.
ISO 22361 replaces earlier standards such as PD CEN/TS 17091:2018 and BS 11200:2014, modernizing proven methodologies and aligning with contemporary management system standards. It applies to organizations of all sizes and industries, making it a flexible solution for improving crisis preparedness, risk management, and overall organizational resilience.
ISO 22361 is a vital tool for businesses aiming to minimize disruption, maintain operational stability, and navigate crises with confidence. By adopting this standard, organizations can proactively manage risks, safeguard stakeholders, and secure sustainable growth in a rapidly changing global environment.
What is difference between an Incident and Crisis
The terms crisis and incident are often confused, and many so-called “crisis management plans” are actually incident management plans. Mislabelling incidents as crises can lead to overreactions or misaligned strategies, which is why understanding the difference is critical for effective crisis management.
According to ISO 22361 a crisis is an “abnormal or extraordinary event or situation that threatens an organization or community and requires a strategic, adaptive, and timely response to preserve its viability and integrity.” Crises are characterized by complexity, uncertainty, instability, and the need for flexible, dynamic responses.
In contrast, an incident is defined as “an event or situation that can be, or could lead to, a disruption, loss, emergency, or crisis.” Incidents may escalate into crises if not managed properly, but they are not inherently strategic threats on their own.
Crisis Management Core concepts, and principles of ISO 22361
ISO 22361 provides a clear framework for understanding and managing crises, distinguishing them from regular incidents. The standard highlights key characteristics across predictability, onset, urgency, impacts, public scrutiny, and manageability.
Crises, in contrast, are rare or unique events that may emerge suddenly or evolve from incidents. They demand immediate attention, can affect an entire organization, and often have catastrophic or irreversible impacts. Crises attract significant public, media, and stakeholder scrutiny and may exceed the scope of pre-established plans and procedures.
ISO 22361 Principles for Effective Crisis Management
The standard outlines seven core principles as the foundation of sound crisis management:
- Governance – Establish clear structures, roles, responsibilities, and competence.
- Strategy – Leadership commitment, well-defined objectives, and allocated resources.
- Risk Management – Maintain acute awareness of risks and respond appropriately.
- Decision-Making – Base choices on reliable, timely, and accurate information.
- Communication – Provide credible and transparent information to all stakeholders.
- Ethics – Ensure responses align with organizational values and ethical standards.
- Learning – Continuously improve through exercises, training, and lessons learned.
