Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

What You Need to Know about ISO 22361: Crisis Management Standard

Following on the heels of previous resilience management standards, last year, the International Organization for Standardization released its first, comprehensive standard for crisis management. That standard is ISO 22361.

So, what do you need to know about ISO 22361: crisis management standard? Read on to find out.

Why a standalone international standard for crisis management?

The first thing to know about the crisis management standard is the why, or why now.

Well, the critical event climate – not just COVID and its overhang, but related supply chain, labor, cybersecurity, and wellbeing crises – necessitated special focus on the building of a crisis management capability.

The international crisis management standard, with its clear roots in British standard, BS 12000, was therefore developed to aid organizations in the design and ongoing development of such a capability.    

Core crisis management concepts in ISO 22361

So, what else do you need to know about ISO 22361? For one, what’s in it?

The standard lays out the exact principles and practices needed by all organizations to achieve resilience.

Those principles and practices must be implemented, though.

And so, the standard compels organizations to furnish their own set of committed leaders and competent personnel, structures (e.g., funding, communications, relationships and linkages, equipment, facilities, information management, principles, processes, and procedures), as well as develop a culture supportive of resilience-aims.

What’s more, the standard urges organizations to adopt a structured approach to crisis management, applying a set of principles on which a crisis management framework can be developed.

Four differences between crises and incidents explained in ISO 22361

What else does the standard have to say?

One of the most important distinctions the ISO 22361 crisis management standard lays out is that between crises and incidents.

Often precipitated by unaddressed incidents, crises have their own characteristics. But the four main differences between crises and incidents follow below:




1. Predictability

Incidents are generally foreseeable and amenable to pre-planned response measures, although their specific timing, nature and spread of implications is variable and therefore unpredictable in detail.

Crises are unique, rare, unforeseen or poorly managed events, or combinations of such events, that can create exceptional challenges for an organization and are not well served by prescriptive, pre-planned responses.

2. Urgency and pressure

Incident response usually spans a short time frame of activity and is resolved before exposure to longer-term or permanent significant impacts on the organization.

Crises have a higher sense of urgency and might require the response to run over longer periods of time to ensure that impacts are minimized.

3. Impacts

Incidents are adverse events that are reasonably well understood and are therefore amenable to a predefined response. Their impacts are potentially widespread.

Due to their strategic nature, crises can disrupt or affect the entire organization, and transcend organizational, geographical and sectoral boundaries. Because crises tend to be complex and inherently uncertain, e.g. because a decision needs to be made with incomplete, ambiguous information, the spread of impacts is difficult to assess and appreciate.

4. Manageability through established plans and procedures

Incidents can be resolved by applying appropriate, predefined procedures and plans to intercept adverse events, mitigate their impacts and recover to normal operations.


Incident responses are likely to have available adequate resources as planned.

Crises, through a combination of their novelty, inherent uncertainty and potential scale and duration of impact, are rarely resolvable through the application of predefined procedures and plans. They demand a flexible, creative, strategic and sustained response that is rooted in the values of the organization and sound crisis management structures and planning.

What else is there to glean from ISO 22361? There’s plenty more if you’re looking to build a best-practice crisis management capability. And so, to find out, download our Authoritative Guide to ISO 22361.

Download the Authoritative Guide to Crisis Management Standard ISO 22361