ISO 22361 | Crisis Management

Imagine your organization goes through an event that causes irreparable damage and you discover that the situation could have been avoided or addressed better. Many times, organizations may prevent a crisis by managing small situations and incidents in a timely manner. 

They can also mitigate the effects of a crisis, even if its occurrence could not be stopped. This can be done by implementing processes and procedures for preventing, preparing for, and responding to a crisis, which constitutes crisis management.

A crisis is an abnormal event that threatens the continuity of an organization’s operations and may even lead to its collapse. These events may have natural causes or may be man-made, e.g., natural disasters, environmental issues, terrorism, cybersecurity breaches, and employee misconduct. 

A crisis can occur abruptly or may emerge from small incidents that have not been addressed or have been managed inappropriately. By improving their crisis management capability, not only can organizations prepare for and prevent crises, but they can also manage crises more effectively and learn from them by identifying opportunities for improvement.

What is ISO 22361?

The ISO 22361 standard provides guidance for organizations to develop, establish, maintain, monitor, and continually improve a strategic crisis management capability. In addition, it outlines principles and practices needed to identify and manage a crisis.

ISO 22361 recommends that organizations adopt a structured approach to crisis management by establishing a framework for crisis management based on leadership, structure, culture, and competence, and adhering to principles for crisis management: governance, strategy, risk, decision-making, communication, ethics, and learning.

Moreover, the standard describes the crisis management process, which consists of seven steps: anticipation, assessment, prevention and mitigation, preparedness, response, recovery, and continual improvement.

ISO 22361 guidelines can be helpful in identifying and managing for any organization, regardless of their type, size, or industry. The standard is especially intended for organizations’ top management, who have strategic responsibilities for establishing and improving a crisis management capability, and those who work under the control of the top management.

Why is Crisis Management Important?

How an organization responds to a crisis is very important as it affects its existence and reputation. Crisis management enables organizations to implement effective standardized procedures for identifying and assessing potential crises. This enables organizations to establish procedures for preventing crises. When preventing is not possible, crisis management will also enable organizations to successfully prepare for, respond to, and recover from a crisis.

Preparing for crises includes developing a crisis management plan, which will direct crisis management and enable the organization to prepare its response procedures. Crisis response management procedures enable organizations to make sound decisions within time constraints and conduct initial impact assessments in order to mitigate the negative consequences of a crisis. Whereas, crisis recovery helps organizations regain their reputation, develop adequate strategies to return to normal operations, and adapt to potential changes arising from a crisis.

A significant factor that impacts crisis management is the establishment of effective communication channels and development of a communication plan. Nowadays, news can travel very fast through online platforms. Hence, it is important that organizations communicate with relevant stakeholders regularly and not withhold information that is relevant to employees, customers, and other interested parties. If not managed appropriately, ineffective communication may lead to irreparable damage to the organization’s reputation and, eventually, to its demise.

Lastly, crisis management includes exercises and evaluation as part of continual improvement. Exercises enhance employee competence by preparing them to respond to a crisis effectively. In addition, by evaluating the employees’ performance while doing the exercises, the organization can identify opportunities for improving its crisis management capability.

Benefits of ISO 22361

Organizations that establish a crisis management capability based on the ISO 22361 guidelines will be able to:

• Maintain, monitor, and improve their crisis management capability

• Ensure the commitment of leadership to crisis management

• Facilitate strategic decision-making before, during, and after a crisis

• Establish effective internal and external communication channels that are beneficial in times of crisis

• Improve organizational resilience

• Establish, foster, and promote safety culture