This phase involves conducting a thorough risk assessment to identify crisis scenarios, analysing the likelihood of each event, and determining the potential impacts on financial stability, reputation, and overall business continuity. Organisations can allocate resources effectively by prioritising risks based on their probability and impact and developing tailored crisis response strategies.
Similarly, ISO 22361:2022 strongly emphasises the importance of risk assessment in the crisis management process. The standard outlines specific requirements for identifying, analysing, and evaluating risks that could lead to crises. It stresses the importance of regularly reviewing and updating risk assessments to ensure organizations remain aware of evolving threats.
This comparison chart will explore the alignment between Phase 2: Crisis Scenario Risk Assessment in the CM Planning Methodology and the corresponding requirements in ISO 22361:2022, highlighting how both frameworks guide organizations in building a proactive approach to crisis preparedness.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
The primary objective is identifying and assessing potential crises disrupting an organisation’s operations. The phase involves analysing internal and external threats, assessing their likelihood and impact, and prioritising risks to build effective crisis management strategies. |
|
|
ISO 22361:2022 also emphasises identifying risks and vulnerabilities that could affect the organisation. It stresses that risk assessment is integral to the broader crisis management process, helping organizations understand potential crises and their impact on critical business functions. |
|
|
|
Focus: Conducting a comprehensive risk assessment to understand and categorise threats based on their likelihood and potential impact on the organisation. |
|
|
Focus: Understanding the organisation’s risk landscape, vulnerabilities, and interdependencies across business functions, with an emphasis on identifying threats that could cause a crisis. |
|
Both methodologies emphasise the importance of risk assessment as the foundation of effective crisis management. ISO 22361, however, highlights the interconnectedness of vulnerabilities and how they relate to an organisation’s critical functions.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
Identifying Potential Threats: This phase requires organisations to conduct a thorough risk assessment to identify potential crisis scenarios. These could be internal (e.g., operational failures) or external (e.g., natural disasters, regulatory changes). |
|
|
Risk Identification: ISO 22361 emphasises a systematic approach to identifying risks, including assessing external (e.g., environmental, political) and internal (e.g., operational, technical) factors. The standard stresses that risk identification should be comprehensive and include less apparent threats. |
|
|
|
Organisations are encouraged to examine their industry, geography, and unique business vulnerabilities when identifying potential threats. |
|
|
SO 22361:2022 requires organisations to look beyond immediate risks and consider broader socio-economic, technological, and legal developments that may pose a future crisis risk. |
|
Both approaches emphasise comprehensive risk identification, but ISO 22361 highlights a more detailed analysis, including long-term trends, future risks, and immediate threats.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
Likelihood and Impact Analysis: The methodology recommends evaluating the likelihood of each threat occurring and assessing its potential impact on the organisation. The effect could be operational, reputational, or financial. This step helps organisations prioritise risks. |
|
|
Likelihood and Impact Evaluation: ISO 22361 also requires organisations to assess the likelihood of risks materializing and their potential impact on operations. The standard stresses considering not only the direct consequences of a crisis but also the indirect effects, such as cascading impacts across departments or business units. |
|
|
|
The methodology encourages organisations to use a scoring system to categorise risks based on severity. |
|
|
ISO 22361:2022 suggests using quantitative and qualitative methods to assess risk likelihood and impact, integrating this assessment into the broader resilience framework. It also mentions considering interdependencies between risks. |
|
Both methodologies focus on assessing risk likelihood and impact, but ISO 22361 emphasises interdependencies between risks and suggests more structured approaches to quantitative and qualitative risk assessment.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
Risk Prioritisation: Once the risks are identified and assessed, organisations must prioritise them based on their potential impact and likelihood. This ensures that the most critical threats receive attention during the CM planning process. |
|
|
Risk Prioritisation: ISO 22361 requires a risk-based approach to crisis management, where organizations prioritise risks that pose the greatest threat to critical business functions. The standard encourages ongoing risk monitoring and adjusting priorities as circumstances evolve. |
|
|
|
Prioritisation helps organisations allocate resources to mitigate the most significant risks first. |
|
|
ISO 22361 advises organisations to regularly update their risk priorities based on new information, emerging threats, and changes in business operations. |
|
Both methods emphasise the importance of risk prioritisation, but ISO 22361 requires continuous reassessment of risk priorities based on evolving threats and changes in business functions.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
The methodology emphasizes that risk assessments are essential for building a robust CM plan. It provides the foundation for developing crisis response strategies and resource allocation. |
|
|
ISO 22361 positions crisis scenario risk assessments as part of a broader organisational resilience framework. The standard emphasises that risks should be understood in the context of their potential to affect critical business functions, business continuity, and overall resilience. |
|
|
|
Risk assessment in this methodology primarily focuses on protecting operations and mitigating disruption. |
|
|
ISO 22361 stresses that risk assessments should also help inform governance, leadership decision-making, and crisis response strategies, emphasizing the strategic integration of crisis management into the broader organisational resilience plan. |
|
Both approaches recognize the importance of risk assessment in informing crisis response. Still, ISO 22361 integrates risk assessment more broadly into the organisation’s overall resilience strategy, linking it to leadership decision-making and long-term planning.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
The standard mandates that organisations assess how external regulations and stakeholder expectations can influence risk exposure and crisis response strategies. |
|
|
ISO 22361 also sees risk assessment as a precursor to the BIA, with the risk assessment providing critical data on threats and vulnerabilities that will be analysed during the BIA process. |
|
|
|
The risk assessment helps identify critical business functions vulnerable to various crises. |
|
|
ISO 22361 stresses that risk assessments should help determine vulnerabilities in critical business functions and that the BIA should build on this analysis to enhance overall crisis preparedness. |
|
Both methodologies integrate risk assessment with the BIA process. Still, ISO 22361 offers a clearer framework for using risk assessments to inform decision-making at all organisational levels and connect them with the overall resilience framework.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
The methodology suggests considering external risks, including regulatory changes, economic instability, and market volatility, but it does not discuss compliance requirements in detail. |
|
|
ISO 22361:2022 emphasises the importance of understanding legal, regulatory, and industry-specific requirements when conducting risk assessments. It stresses the need for organisations to stay compliant with external obligations as part of their CM planning. |
|
|
|
External risks should be evaluated alongside internal risks to provide a comprehensive view of potential crises. |
|
|
The standard mandates that organisations assess how external regulations and stakeholder expectations can influence risk exposure and crisis response strategies. |
|
Both methodologies consider external risks, but ISO 22361 offers a more structured approach to regulatory compliance and external stakeholder considerations in the risk assessment process.
|
|
Crisis Management Planning Methodology: Phase 2 - Crisis Scenario Risk Assessment |
|
|
ISO 22361:2022 Standard |
|
|
|
The methodology encourages teams to communicate risk assessment results with relevant stakeholders to ensure alignment and buy-in. |
|
|
ISO 22361 specifies that risk information must be shared with key decision-makers and stakeholders to ensure they are aware of potential vulnerabilities and prepared to act on them. The standard requires that risk information be integrated into the organisation's crisis communication strategy. |
|
|
|
Stakeholder communication is critical to ensuring everyone understands the risks and the associated mitigation strategies. |
|
|
ISO 22361 emphasizes that risk information should be communicated across all levels of the organisation, ensuring transparency and preparedness across departments. |
|
Both methodologies stress the importance of communicating risk assessment findings to stakeholders. However, ISO 22361 formalises this process, ensuring it is part of a broader crisis communication plan that includes top management and critical decision-makers.
Map Crisis Management Planning Methodology Against ISO2261:2022 |
|||
| |
|||
Crisis Management Planning Methodology |
|||
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
|
Please feel free to send us a note if you have any questions. |
||||