ISO 22361 on crisis management
In February 2023, the new DIN EN ISO 22361:2022 “Crisis management” was published in German by Beuth-Verlag, after ISO 2361 was published in English in November 2022. Our Managing Director, Dr. Klaus Bockslaff, took part in the ISO deliberations as a representative of the Swiss delegation.
You can purchase the standard from Beuth Verlag: https://www.beuth.de/de/norm/din-en-iso-22361/357117954
Objectives and content of ISO 22361
The new standard is essentially aimed at management with strategic responsibility. The emphasis of the new ISO 22361 lies in its methodology and in the fundamental question “How do I proceed in a crisis? If I have nothing left, do I at least have a procedure, a basic structure?”
The aim of the standard is to support strategic decision-makers in building up a “capability” for crisis management in order
- to plan,
- and continuously improve it by learning from the crisis.
The standard is divided into nine chapters:
Chapter 1 “Scope of application” defines the scope of validity, chapter 2 contains the classic normative references and chapter 3 the “Terms and definitions”. Chapter 4 “Crisis management: core concepts and principles of crisis management” sets out the context, basic ideas and principles of crisis management.
Der eigentliche operative Teil des Krisenmanagements ist in den Kapiteln 5 bis 9 der Norm enthalten. Chapters 5 “Building crisis management capabilities”, 6 “Leadership in a crisis” and 7 “Strategic decision-making” are covered in more detail in the rest of the text.
Chapter 8 “Crisis communication” describes the relevant requirements and Chapter 9 “Training, review and learning from crises” rounds off the standard. What is the benefit to companies if they implement the standard?
Many companies are regularly asked by their customers about the quality of their crisis management. KRITIS companies in particular must provide corresponding proof. The new ISO standard is of particular practical importance when it comes to the insurability of ransomware attacks. The quality of existing crisis management plays a major role in the requirements of industrial insurers who offer corresponding policies. This quality can be verified by auditing in accordance with ISO 22361. We have developed our own test procedure for auditing an existing crisis management system and applied it in practice.
At the Risk Management & Rating Association (RMA), the Crisis Management Working Group has developed a “Crisis Management Guideline in accordance with ISO 22361”. This guide is intended to provide support for all organizations in setting up crisis management. It will be published in the RMA series by Erich Schmidt Verlag. The highly practical guide will provide a complete commentary on the new ISO 22361 and advice on implementation in all organizations.
Consulting services for ISO 22361
In the area of crisis management in accordance with ISO 22361, we support you in the following areas
Several of our consultants have contributed to the RMA’s crisis management working group in the development of guidelines for implementing the standard. Based on this guideline, we have developed a tool with which we compare the current status of your crisis management system with the requirements of the standard. You receive a final report with a maturity level analysis, the identification of potential for improvement and recommendations for further development.
In addition to consultations, we offer trainings on the topic of Crisis Management at our course center or individually at your company.