About Us
In November 2022, the field of crisis management welcomed a new player: the ISO 22361 standard. You may have already heard of it, but if not, now is the time to find out how this standard can impact your organization’s resilience in times of crisis.
A standard helps establish clear guidelines on how things work, so that different systems can, for example, interoperate more effectively. Without clear guidelines on the technical exchange of patient data, electronic health record systems would never have become a success.
Standards also help improve quality. Since less time needs to be spent on reinventing the wheel, energy can be channeled into properly implementing and improving the existing standard. Information security is a good example of this. Here, the “weakest link” principle applies; the chain of security measures fails at its weakest point. This means that measures across the board are necessary to lay a solid foundation. The ISO 27001 standard helps with this.
For many years, the International Organization for Standardization (ISO) has been establishing various standards in a wide range of fields. These standards require an annual Plan-Do-Check-Act (PDCA) cycle. This PDCA cycle ensures that the system is regularly evaluated and improved.
In addition, ISO standards follow what is known as Annex SL. This is a chapter-based outline that structures the standard.
This concerns the following chapters:
1. Scope – To which part of the organization or which processes does the system apply?
2. References to standards – Which standards are relevant, and what do they actually say?
3. Terms and Definitions – What Do We Call Things?
4. Organizational context – What factors within and outside the organization could influence the system’s objectives?
5. Leadership – Does management endorse the system? What policies are in place?
6. Planning – How are we going to improve the system?
7. Support – How do we communicate with others about the system? How do we train people?
8. Implementation – How will we use the system?
9. Evaluation – What’s happening? What could be improved?
10. Improvement – Implementing incidents, deviations, and corrections.
Furthermore, most standards are certifiable. Following a thorough audit by an external auditor from an accredited body, it is then formally confirmed in writing that the system complies with the standard. Of course, this does not mean that nothing can ever go wrong again, but it does mean that there is a set of measures in place to reduce the likelihood of such incidents and, in any case, to respond appropriately should they occur.
Implementing an ISO standard requires a significant amount of time and attention, as it is a thorough process. On the other hand, it ensures that a certain baseline level is achieved right away. Simply implementing isolated measures here and there does not improve quality across the board.
You can also choose to implement the standard without undergoing an external audit or seeking certification. Unfortunately, this means you won’t be able to display a certificate on the wall, but the quality of the underlying processes will likely have improved.
The ISO 22361 standard for crisis management outlines a set of guidelines for planning, establishing, maintaining, and improving a strategic crisis management system. The first part of the guidelines can be viewed online on the ISO website: https://www.iso.org/obp/ui/en/#iso:std:iso:22361:ed-1:v1:en
The guidelines build upon ISO 22301, which establishes the standard for a Business Continuity Management System (BCMS) *ding, ding, double meaning*.
Standards have long been used to improve collaboration and deliver higher quality. There is an ISO standard for crisis management, but in practice, we rarely encounter it. Many organizations are daunted by the prospect of full standard implementation due to the scale of such a project, but does that outweigh the risk of not doing it? In any case, it’s worth taking the time to browse through the standard and see where there are low-hanging fruits available.
