Many organisations embarking on a Crisis Management (CM) programme often use the terms Crisis Management Policy and Crisis Management Framework interchangeably.
While both are essential components of an effective crisis management capability, they serve distinctly different purposes.
Confusing these two documents can result in unclear governance, inconsistent implementation, and gaps in organisational preparedness.
A Crisis Management Policy establishes the organisation’s commitment, objectives, and management direction for crisis management.
In contrast, a Crisis Management Framework translates that commitment into a structured system of governance, processes, roles, and capabilities that enable the organisation to prepare for, respond to, and recover from crises.
Together, they form the foundation of a robust crisis management programme, but each plays a unique role within the overall management system.
To understand the difference between a policy and a framework, it is useful to view crisis management documentation as a hierarchy.
The highest-level document that provides strategic direction and executive commitment.
The management structure that translates policy into an operational programme.
The documented arrangements and procedures for managing crises.
Detailed instructions and task-specific actions.
Activities that validate and enhance the crisis management capability.
This hierarchy demonstrates that the policy establishes what the organisation intends to achieve, while the framework defines how the organisation will achieve it.
A Crisis Management Policy is a formal statement approved by senior management that establishes the organisation’s commitment to managing crises.
It typically defines:
The policy serves as a strategic document that communicates leadership expectations and organisational intent.
“Why do we have a crisis management programme, and what are we trying to achieve?”
A Crisis Management Framework is the structure that enables the organisation to implement the policy.
It typically defines:
The framework provides the organisational blueprint for managing crises.
“How will we organise, govern, and operate our crisis management capability?”
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| Establishes management commitment and direction. | Establishes the structure and methodology for implementation. |
The policy provides strategic intent, while the framework provides operational structure.
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| Strategic. | Tactical and managerial. |
The policy focuses on organisational goals and expectations. The framework focuses on execution and governance.
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| Board of Directors, Executive Management, Regulators, Employees. | Crisis Management Teams, Functional Leaders, Department Heads, Response Teams. |
Senior leadership primarily owns the policy, whereas crisis management practitioners use the framework to manage crises.
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| High-level. | Detailed and operational. |
A policy may be only a few pages long, while a framework can be significantly more comprehensive.
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| Approved by Board or Senior Management. | Approved by Executive Management or Crisis Governance Committee. |
Because the policy represents organisational commitment, it typically requires the highest level of approval.
| Crisis Management Policy | Crisis Management Framework |
|---|---|
| Relatively stable. | Updated more frequently. |
The framework often evolves as organisational structures, risks, and crisis management practices change.
Consider an organisation implementing a new crisis management programme.
"The organisation is committed to protecting its people, assets, operations, reputation, and stakeholders through the establishment and maintenance of an effective crisis management programme."
This statement communicates commitment and direction.
The framework would then describe:
The framework operationalises the policy statement.
The relationship between the policy and the framework can be compared to building a house.
The policy defines:
The framework defines:
Without the policy, the framework lacks direction.
Without the framework, the policy remains only an aspiration.
Both are required to create an effective crisis management capability.
ISO 22361, Security and Resilience – Crisis Management – Guidelines, emphasises the importance of leadership commitment, governance, preparedness, response, and continual improvement.
Within this context:
Together, they support the implementation of a comprehensive crisis management programme aligned with international good practices.
Some organisations create a policy document and assume they have established a crisis management capability.
Without a framework, there is no clear governance structure, escalation process, or response methodology.
Others develop detailed crisis management procedures without obtaining executive commitment through a formal policy.
This often results in:
Large documents that attempt to serve as policies, frameworks, plans, and procedures often become difficult to maintain and understand.
A better practice is to maintain separate but linked documents that serve distinct purposes.
Organisations that establish both documents benefit from:
The policy provides strategic guidance and organisational commitment.
The framework establishes roles, responsibilities, and decision-making structures.
The framework enables the systematic development of crisis management capabilities.
The policy defines expectations while the framework defines implementation responsibilities.
Together, they create a coordinated and sustainable approach to managing crises.
A mature organisation may maintain the following documentation structure:
This layered approach improves clarity and maintainability.
A Crisis Management Policy and a Crisis Management Framework are complementary but fundamentally different components of a crisis management programme.
The policy establishes the organisation’s commitment, objectives, and strategic direction, while the framework provides the governance structures, processes, roles, and capabilities needed to implement that direction.
In simple terms, the policy explains why crisis management is important and what the organisation intends to achieve, whereas the framework explains how the organisation will organise and manage its crisis management capability.
Organisations that clearly distinguish between these two documents create stronger governance, improve preparedness, enhance decision-making, and build a more resilient and effective crisis management programme.
By ensuring that the policy drives the framework, and the framework supports operational plans and procedures, organisations establish a solid foundation for navigating crises with confidence and competence.
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
To learn more about the course and schedule, click the buttons below for the CM-3 Blended Learning or CM-300 Crisis Management Implementer course and the CM-5 Blended Learning or CM-5000 Crisis Management Expert Implementer course.
| Please feel free to send us a note if you have any of these questions to |