How to Educate Clients on ISO 22361
With everything going on in 2022, clients likely missed the release of another, international standard. But this one’s important, especially as the critical event threat escalates. So, what’s all the fuss about? ISO 22361, the first, international standard for crisis management is here.
What clients should know about ISO 22361
For starters, the standard follows the organization’s earlier forays into security and resilience-promoting best practices, e.g., organizational resilience (ISO 22316), crisis testing and exercises (ISO 22398), business continuity management systems (ISO 22301), and emergency management systems (ISO 22320).
Why, then, a standalone standard for crisis management, clients might ask?
Well, the critical event climate – not just COVID and its overhang, but related supply chain, labor, and wellbeing crises, as well as geopolitical conflict and the sharp uptick in high-profile data breaches, e.g., Optus incident – demands special focus on the building of a crisis management capability.
That’s where the standard, with its clear roots in British standard, BS 12000, comes in, to aid organizations in the design and ongoing development of such a capability.
Attributes of crisis readiness
Like BS 12000, the international standard lays out the manifold triggers for critical events – from a lack of governance to the multiplication of workaround strategies.
How, then, does ISO 22361 address the crisis threat with so many potential crisis triggers? For basic crisis readiness, the standard demands the following:
- Clarification of crisis roles and responsibilities
- Overseeing and direction of coherent actions and transparent communications during a crisis
- Plans to mobilize of crisis management resources and activate associated processes.
That’s not all.
Flexibility and creativity are also attributes of crisis readiness, as notes the standard. Clients must therefore be educated to step outside normal rules and justify the action.
Beyond resources, clarity of thought, strategic vision, decision, and the ability to act in ways that reflect the core values of the organization will also be needed by clients to prepare for crises.
All these attributes of crisis readiness assist clients in anticipating, responding, and recovering from crises in a manner that protects assets and objectives.
And, of course, those are characteristic of well-functioning crisis management capabilities.
Further attributes include:
- Recognition of situations that require activation of crisis management
- People who are competent and responsible for quickly analyzing situations, setting strategies, determining options, making decisions, and evaluating their potential impact
- A common understanding of the principles that underpin crisis management structures and processes to translate decisions into actions, assign activities, and evaluate the results
- Personnel able to share, support, and implement top management’s vision, intentions, and policies
- The ability to support solutions by applying the appropriate resources in a timely manner
- An organizational structure that supports and maintains the ongoing crisis response capability
- A culture that supports the crisis management principles
Building such a capability, however, entails clients establish the appropriate frameworks and processes. What are those frameworks and processes? For more on how to educate clients on the first international standard for crisis management, download Noggin's Guide to Understanding ISO 22361.