About Us
In November 2022, the field of crisis management welcomed a new player: the ISO 22361 standard. You may have already heard of it; if not, it is high time to discover the potential impact this standard can have on your organization's resilience during times of crisis.
A standard facilitates clear agreements on how things operate, enabling various systems, for instance, to collaborate more effectively. Without clear agreements on the technical exchange of patient data, electronic patient record systems would never have achieved success.
Standards also contribute to enhancing quality. By reducing the need to 'reinvent the wheel,' efforts can be directed towards the effective implementation and improvement of existing standards. Information security serves as an excellent example of this. Here, the 'weakest link' principle applies: the chain of security measures fails at its weakest point. This implies that comprehensive measures are essential to establish a robust foundation. The ISO 27001 standard assists in this endeavor.
The International Organization for Standardization (ISO) has been establishing various standards across diverse fields for many years. These standards prescribe an annual Plan, Do, Check, Act (PDCA) cycle. Through this PDCA cycle, the system is regularly evaluated and improved.
Furthermore, ISO standards adhere to the so-called Annex SL. This provides a chapter structure that organizes the standard.
This includes the following chapters:
1. Scope – Which part of the organization or which processes does the system apply to?
2. Normative References – Which standards are relevant and what do they literally state?
3. Terms and Definitions – How do we refer to things?
4. Context of the Organization – What internal and external factors may influence the system's objectives?
5. Leadership – Does management endorse the system? What policies are in place?
6. Planning – How will we improve the system?
7. Support – How do we communicate about the system with others? How do we train personnel?
8. Operation – How will we operate the system?
9. Performance Evaluation – What is happening? What can be improved?
10. Improvement – Implementing incidents, nonconformities, and corrective actions.
Furthermore, most standards are certifiable. Following a thorough audit by an external auditor from an accredited institution, it is formally confirmed that the system complies with the standard. While this does not guarantee that issues will never arise, it signifies that a combination of measures is in place to reduce the likelihood of such occurrences and to ensure adequate response in such situations.
Implementing an ISO standard requires a significant investment of time and attention due to its comprehensive nature. However, it immediately establishes a certain baseline level of quality. Relying solely on isolated measures will not effectively improve overall quality.
Alternatively, the standard can be implemented without an external audit or certification. While this means a certificate cannot be displayed, the quality of the underlying processes will likely still be enhanced.
ISO 22361 for crisis management outlines guidelines for planning, establishing, maintaining, and improving a strategic crisis management system. The first part of these guidelines can be viewed online at ISO: https://www.iso.org/obp/ui/en/#iso:std:iso:22361:ed-1:v1:en
These guidelines build upon ISO 22301, which establishes the standard for a Business Continuity Management System (BCMS).
Standards have long facilitated improved collaboration and the delivery of higher quality. While an ISO standard for crisis management exists, its practical application remains limited. Many organizations are hesitant to undertake a full standard implementation due to the project's scope, but does this outweigh the risk of non-compliance? It is certainly worthwhile to review the standard and identify readily achievable improvements.
