Canadian Security Magazine

Preview of ISO’s new Crisis Management Standard: Who will benefit?

By Canadian Security Staff   

News crisis management editors pick iso

Grant Lecky

Grant Lecky, co-founder of the Security Partners’ Forum, is the lead Canadian representative on the ISO Working Group that developed the ISO 22361 Crisis Management Standard.

According to ISO (International Organization for Standardization), the new standard “provides guidance on crisis management to help organizations plan, establish, maintain, review and continually improve a strategic crisis management capability.” (Read an abstract on the ISO website.)

Lecky recently spoke to Canadian Security about some of the aims of the standard as well as his advisory role in its development. Lecky responded to questions via email.

What was your role in advising on the creation of ISO 22361:2022 and what is your own experience in terms of crisis management?

I currently serve as a member of Working Group 9 within the larger ISO TC 292 – Security & Resilience Committee. In that role I contributed to the development of the newly published ISO 22361 – Crisis Management under the leadership of Kev Brear. In terms of my own experience, I have operated in the resilience domain for nearly 18 years.


What was the starting point for the establishment of this standard? What are the perceived gaps in current best practices regarding crisis management?

In terms of a starting point, when the BS 25999 (Business Continuity) was developed in 2005-2006, there was a very lengthy debate in the project team about the relationship between business continuity and crisis management (CM). The consensus of the committee was that the two disciplines were inextricably linked, but that they were not one and the same.
It was then determined that formal guidance on CM was required and so the British Standards Institute (with sponsorship from the U.K. Government Cabinet Office) developed the Publicly Available Specification (PAS) 200.

Since a PAS is subordinate to a full standard, the decision was made to create a full British Standard on crisis management. In 2014, the BS 11200 was published becoming the world’s first standard on crisis management.

In 2018, the European Committee for Standardization (CEN) developed a technical specification on Crisis Management (based on the BS 11200). In 2019, ISO began the work of developing International Standards in Crisis Management (22361 & 22360).

In terms of gaps in relation to current best practices in crisis management, the only gap I can speak to is that in 2019, we already had existing standards in related disciplines such as business continuity, emergency management, security management, cybersecurity and organizational resilience. For many of us, we simply felt that it was long past time that a global standard in crisis management be developed.

Who is the target audience for ISO 22361:2022 and what is the designed scope?

The target audience for this standard is senior management with strategic responsibilities for the delivery of a crisis management capability in their organization, as well as those who operate under the direction of top management. It would apply to all organizations (private, public and/or not-for profit sectors).

As for scope, the new Standard provides guidance on crisis management to help organizations plan, establish, maintain, review and continually improve a strategic crisis management capability.

What can organizations that adopt the standard expect to gain in terms of crisis management?

Standards are developed as a result of drawing upon international best practice. Once published they serve as a baseline until updated with additional best practice – essentially inviting the industry to continue to develop better standards.

What I like about this particular standard is that its development began in the early stages of the COVID-19 pandemic, and the Working Group continued to work on the Standard throughout the pandemic. This allowed us to simultaneously adapt the Standards to lessons learned during the pandemic in as close to “real time” as one could get.

Organizations that adopt (or at the very least align) to the ISO 22361 can have some peace of mind that this standard can serve as a powerful tool in terms of developing and enhancing their crisis management capacity.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *