Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

Digital Technology Needed to Implement ISO 22320


Emergency Continuity Management

Published November 13 ,2023

Emergency management requirements for command and control

Between public health crises, industrial and natural disasters, and terrorist attacks, we’ve had no shortage of severe incidents. These crises, in turn, have all demonstrated the importance of effective emergency management. And that’s because done correctly, emergency management can save lives, mitigate harm and damage, as well as ensure the minimum continuity of essential societal functions.

How to get emergency management right, though?

Since its publication, international, emergency management and societal security standard, ISO 22320 has offered common-sense prescriptions for implementing best-practice emergency management systems and measures. The standard, generic in nature, has aimed to help organizations of any shape or size, in any sector, respond effectively to all categories of major incident or emergency.

Of course, the standard can’t be implemented on its own. Organizations have to read through its subsections carefully in order to comply with its requirements. However, aiding them in this approach, should they want to, is digital emergency management technology.

As a result, the subsequent guide will lay out the digital technology capabilities needed to implement the standard, while first providing a primer on what ISO 22320 is all about and then expanding on the challenges to emergency management that digital technology can help overcome.

A primer on ISO 22320

So first, how does the standard work?

ISO 22320 focuses centrally on achieving efficient coordination and cooperation between multiple actors involved in large-scale disaster management. Its explicit goal is to boost various types of interoperability, while enhancing response capabilities and minimizing impact.

Specifically, ISO 22320 lays out a loose framework for establishing the basics of command and control within a single incident response organization. The aspects the standard touches include structures and procedures, decision support, traceability, information management, and, of course, interoperability.

It’s important to note, though, that the standard itself is not intended as a standalone solution.

What does that mean? It means that ISO 22320 is meant to be implemented as part of a larger incident preparedness and operational continuity management program, with a broad scope applicable to any of the following activities:

  • Incident prevention and preparedness to ensure disaster resilience

  • Guidance and direction in incident response

  • Planning for command and control systems

  • Multi-organizational coordination and cooperation

  • Information and communication systems for emergency management

  • Public affairs

Let’s look at some of these activities more closely before discussing the role of digital technology in ensuring their well-functioning.

ISO 22320 requirements for command and control in incident response

ISO 22320 lays out the minimum requirements for a command and control system deployed during an incident response which requires multiple emergency management agencies. The primary objective of such a system is to enable the organization to respond efficiently, both as an independent entity as well as jointly with other parties.

Various elements go into achieving that, including structures, processes, and resources. And so, to be considered ISO-compliant, the command and control system must be able to perform a number of documented actions, including the following:

  • Establishing and updating goals and objectives for the incident response

  • Determining roles, responsibilities, and relationships

  • Establishing rules, constraints, and schedules

  • Ensuring legal compliance and liability protection

  • Monitoring, assessing, and reporting on the situation and progress

  • Recording key decisions

  • Managing resources

  • Disseminating information

As for the command and control structure itself, ISO 22320 stipulates that the objective of a functional hierarchy is simply to make comprehensive and effective decisions in a timely manner.

That common-sense logic also informs how the standard considers roles and responsibilities within the hierarchy. They, too, must contribute to making comprehensive and effective decisions quickly.

What’s more, the standard appreciates the inherent fluidity of the disaster situation. It thus constructs command and control processes that are similarly dynamic (and ongoing).

Decision making, of course, is one of those core processes, treated as such by the standard, because it segues from observation to information gathering, processing, and sharing to assessment to planning to decision making and sharing to implementation to feedback gathering and control measures and back again.

A final point on this command and control in incident response section: effective resource management is constitutive of a successful incident response (We’ll discuss this point further in the context of challenges to emergency management that can be mitigated by digital technology). Flexible processes must, therefore, be provided for to ensure that resources remain available and functional throughout the response.

Coordination among parties

In many respects, that’s the point of ISO 22320, hence why it sets out general requirements for coordination among parties.

For one, the standard stipulates that cooperation must be based on identified risks.

Cooperation must also yield measurable relief during an incident. Indeed, objectives for coordination can’t be theoretical, either. They must be highly relevant to the actual incident in question.

The following assessment criteria for those objectives reflect that fact:

  • The establishment of the incident’s command and control structure

  • Interoperability of communication, geographic and information management network

  • Implementation of a communication flow plan and communication guidelines

  • Identification of critical needs

  • Management of resources

  • Implementation of an information sharing and situation awareness policy

  • Identification of common and transparent decision-making procedures

  • Preparation and implementation of a logistic support network

  • Continuity of the coordination process with the turnover of staff involved

  • Division of operational tasks

  • Setting the boundaries (geographical and areas of responsibility) between the different organizations

Guidance for information sharing

ISO 22320 also offers guidance for information sharing, the basis of coordination and cooperation and often one of the thorniest aspects of interoperability.

Specifically, the standard argues for establishing the appropriate means to enable the sharing of all information that can be shared among participating organizations.

The standard, however, doesn’t neglect the human side of interoperability. A lack of trust and knowledge of other organizations often proves an unexamined barrier to successful interagency cooperation – so too does ignoring whether the capability of a given resource makes that resource incident-ready.

ISO 22320 addresses both human factors in cooperation and coordination, arguing that competency levels, cultural backgrounds, operating protocols, common terminology, and language should be considered in the design of interoperable systems and structures on the ground.

Why implement ISO 22320 in the first place?

But why do we need a standard for emergency management in the first place?

Well, as noted, natural and/or man-made catastrophic events are quickly becoming the norm. Since the 1970s, the number of weather and climate-related disasters alone have more than quadrupled to around 400 per year.

Add to that, trendlines point in the wrong direction. The average number of severe events and their associated costs have all increased since the 1980s.

The spate of a critical events points up one of the traditional challenges to emergency management; and that’s resource management.

After all, few things are more challenging than procuring and deploying the right resources to the right people and places during such complex disasters covering wide areas and causing mass casualty and damage.

In these scenarios, the imperatives of incident response routinely overwhelm the resources and capabilities of individual agencies acting alone. Meeting the life and property-saving objectives of the disaster response, then, requires an influx of personnel, skills, technologies, facilities, equipment, and/or funding from other organizations.

Though the organizations themselves share many of the same functions, the number and weight of those commonalities haven’t been enough to close what’s become an acute incident response performance gap.

The gap has been studied carefully in the emergency management literature. And the consensus seems to be that emergency responses undertaken by clusters of public safety agencies incur a higher likelihood of the following:

  • Extended response times

  • Higher potential for loss of property and life

  • Lack of shared situational awareness on the ground

  • Disputes and competition as to who is in charge, when, and where

  • Difficulties in filtering and validating the flood of information generated during the disaster

  • Difficulties in coordination among response agencies due to incompatible infrastructure

What’s going on, here? Well, researchers have sought explanations to this pattern of delays in getting assistance and rescue underway, not to mention delays in decision making, and lack of clarity in command and control structures.

It turns out there are myriad. Some of the reasons given: individual agencies develop independently of each other, creating heterogeneity in practices. Also cited, inadequate information and knowledge flow between participants, springing either from a lack of trust, confusion on the ground, or competition between agencies.

Significant challenges, all of them; but not insoluble problems. Indeed, the emergency management community has moved aggressively in recent times to correct many of them, foremost the glaring absence of an industry-wide command and control structure for facilitating collaboration and interoperability.

Hence the emergence of ISO 22320 as a command and control standard.

Digital technology to help implement ISO 22320

But how to implement the standard expeditiously, while mitigating resource management challenges? That’s where certain digital technologies come in.

To that end, implementing agencies should consider the following resource management capabilities when procuring integrated emergency management software to increase operational effectiveness, achieve shared situational awareness, and increase the effectiveness of command. Those include:

  • Mapping. Location tracking of resources in relation to assignment locations helps teams find the closest available resources quickly.

  • Mobile app. Mobile-optimized software helps teams communicate with staff and volunteers wherever they are.

  • Rostering and scheduling. Enables teams to create flexible resource assignment structures that can be filled and activated when needed.

  • Resource allocation. Helps teams better engage with staff and volunteers to confirm availability and assign roles via email, SMS, and/ or voice recording.

  • Certification and documentation management. Ensures that documents are managed and kept up to date. Teams won’t have to worry about staff or volunteers with expired certifications.

There’s more to ISO 22320 than resource management, though.

Digital technology capabilities must also help when it comes to standardization and centralization, event management and situational awareness, emergency communications, post-incident reviews, and data and analytics.

To that end, agencies and organizations should consider the following:

  • Centralized response planning. Capabilities should work to effectively prepare for disruption by managing all incident, crisis, and emergency response plans in a centralized location. This facilitates standardization of response plan templates, protocols, and guidelines, ensuring easy access, enhanced coordination, and reduced risk of critical information being missed.

  • Situational awareness. Digital technology should help equip organizations with situational awareness and threat intelligence to quickly detect emerging threats. Integrated data should help organizations easily identify potentially impacted people or assets so they can swiftly to adapt to evolving events, communicate with stakeholders, and escalate any event.

  • Emergency communications. Digital technology should come equipped with in-built crisis communication and collaboration tools like chat, email, SMS, voice, and app push messages. That way they make it easy to work in real-time with teams, better coordinate the response, and keep everyone informed.

  • Post-incident reviews. Agencies and organizations should have the ability to conduct meaningful after-action reviews, improvement activities, and post incident reviews to capture the key takeaways from any incident or exercise.

  • Data and analytics. Of course, analytics and of post-incident reviews. They’re relevant throughout the emergency management lifecycle. And to that end, digital technology should provide for the analysis of trends and creation of dashboards to visualize metrics important to the organization or agency.

Specific capabilities, here, include create custom reports as PDF or Word documents and share with stakeholders to improve data visibility, accountability, and lessons learned.

Finally, while challenging, achieving interoperability is indeed possible. It just takes effort.

To that end, agencies will have to procure and deploy resilience-enhancing incident and emergency management systems (in coordination with their ISO-implementation), to ensure effective interagency cooperation, either in the event of a largescale emergency, a major event, or more day-to-day emergency situations.

Not just any system, either. ISO 22320 explicitly states that when designing or procuring said human-system interfaces, actor’s abilities, characteristics, limitations, skills, and tasks must be primary considerations.

Too many platforms on the market, though, only present the same view for users, irrespective of who they are and what role they play in the organization. Best-practice integrated emergency management software, on the other hand, isn’t one-size fits all. It is purpose built.

And it’s by transitioning to these ISO-compliant interoperable solutions that public safety organizations will take that critical first step toward accelerating coordinated decision making and improving response outcomes.


  1. The Economist: Weather-related disasters are increasing. Available at
  2. Ovidiu Noran, Effective Disaster Management: An Interoperability Perspective.

  3. Ibid.

  4. Ibid.

New call-to-action