Introduction

This document has been developed to aid in the design and ongoing development of an organization’s crisis management capability. It sets out principles and practices needed by all organizations.

Crises present organizations with complex challenges and, possibly, opportunities that can have profound and far-reaching consequences. An organization’s crisis management capability and its ability to manage a changing environment are key factors in determining whether a situation or incident has the potential to pose a serious or existential threat to the organization and its environment. The crisis affecting an organization can be part of a broader crisis.

To ensure the crisis management capability has the desired outcome, the organization should provide:

— committed leadership;
— structures (e.g. funding, communications, relationships and linkages, equipment, facilities, information management, principles, processes and procedures);
— a supportive culture (e.g. values, ethics, code of conduct);
— competent personnel (e.g. knowledge, skills and attitude, flexible thinking).

An organization’s crisis management capability will be influenced by its relationship with other interdependent areas such as risk management, business continuity, information security, physical security, safety, civil protection, incident response and emergency management.

The organization should adopt a structured approach to crisis management by applying a set of principles on which a crisis management framework can be developed. These interrelated principles, framework and applicable process elements support the implementation of a crisis management capability in a purposeful, consistent and rigorous manner (see Figure 1).

Figure 1 — Building a crisis management capability — Principles, framework and process

Key

	principle (see 4.5)
	framework (see 5.2)
	process (see 5.3)

The structure of the document is as follows:

— the core concepts of crisis management are described (see Clause 4);
— then the framework and process for building a crisis management capability are outlined (see Clause 5).

The clauses that follow provide more detail on:

— crisis leadership (see Clause 6);
— strategic crisis decision-making (see Clause 7);
— crisis communication (see Clause 8);
— training, validation and learning from crises (see Clause 9).

Continual improvement is a component of all elements of this document (see 5.3.7), so that while it is part of the process, it also addresses all capability elements.

BS EN ISO 22361:2022

Security and resilience. Crisis management. Guidelines

Current

Published:

30 Nov 2022