Resilience and crisis management according to the ISO 22361 standard

04 Jun 2025 12:13 PM - By itSMF Staff

Reading time: ~ 3 min.

direttiva sulla responsabilità da intelligenza artificiale itsmf blog

ISO 22361 standard: the resilience and crisis management 

The ISO 22361:2022 standard on «Security and resilience – Crisis management – Guidelines» provides an effective guidance for every kind of organizations aside from their type, size or industry to improve their crisis management capability.

This document is useful not only to plan, but also to set, keep up-to-date and enhance the strategic crisis management ability in every organization. It helps also to improve the capability to identify and manage crisis.

The ISO 22361 standard is relevant for the top management (strategic responsabilities) and useful for everyone who operates under the direction of top management. The guidance has several relationships and interdepencies with other topics.

In particular, the application of ISO 22361 can be suggested by ISO 22301:2019 standard on «Security and resilience – Business continuity management systems requirements».

This document defines the requirements for a business continuity management system, remembering that crisis management is very important.

The ISO 22361:2022 standard structure

The ISO 22361:2022 helps to design and develop the crisis management capability in organizations, setting out the principles and practises needed.


Organizations have to provide committed leadership, structures, supportive culture and competent personnel to enhance their crisis management capability. To make effective their approach to crisis management, organizations should apply a set of principles that determine the development of a crisis management framework.


The standard outlines them into the following main clauses:

  • Chapter 1: scope
  • Chapter 2: normative reference
  • Chapter 3: terms and definitions
  • Chapter 4: crisis management – ​​context, core concepts, principles
  • Chapter 5: building a crisis management capabilities (with crisis management framework and crisis management process focus)
  • Chapter 6: crisis leadership
  • Chapter 7: strategic crisis decision making (challenges and complexities)
  • Chapter 8: crisis communication (guidelines from strategy, management of relationships and reputation, consistency of message, …)
  • Chapter 9: training, validation and learning from crises.

Our infographic on ISO 22361:2022 standard

To better figure out  the «big picture» on ISO 22361 standard, take a look at our infographic:

By Andrea Leonardi (Minerva Group Service, Alpemi Consulting & itSMF Swizerland board member).

ISO 22361 standard and its main references

The ISO 22361 standard not only provides an effective guidance on «Security and resilience – Crisis management»: it can be used to in the context of management systems for information security (ISO 27001 standard) and for IT services (ISO 20000-1 standard).

If we extend our point of view on ISO 22361 to other regulations, we find many references in the following:

  • 📘 European Directive NIS 2 cybersecurity

  • 📘 European DORA regulation (Digital Operational Resilience Act) for the finance sector

  • 📘 Bank of Italy Circular 285 for resilience requirements

  • 📘 Circular 01/2023 from FINMA (Switzerland) for resilience requirements

If you want to keep you up-to-date with the most recent news on this topic, don't forget to subscribe to our newsletter: you will get a monthly update with the most relevant and valuable content from our experts!

SUBSCRIBE TO OUR NEWSLETTER

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
CONTACT US TO SEND YOUR MESSAGE
DISCOVER OUR EVENT CALENDAR
Get the benefits of Membership Program

Our sponsors

A special thanks to our Advanced Sponsors:

itSMF Staff

Categories :
Tags :