• ISO Standards

ISO 22361:2022 Security and resilience — Crisis management — Guidelines

The UAE operates at the intersection of global commerce, rapid urban development, and complex geopolitical dynamics. Organizations across Dubai, Abu Dhabi, Sharjah, and Ajman face a wide spectrum of crisis scenarios, from reputational events triggered by social media, to regulatory investigations, to supply chain disruptions affecting international operations. In this environment, the ability to manage a crisis at the strategic level is not a theoretical governance requirement. It is a practical business necessity.

ISO 22361:2022 is the internationally recognized standard for crisis management. Published by the International Organization for Standardization, it provides guidance to help organizations plan, establish, maintain, review, and continually improve a strategic crisis management capability. It is designed for top management with strategic responsibilities, and for those who operate under the direction of top management in implementing crisis plans and maintaining associated procedures.

UCS is an accredited ISO certification body headquartered in Ajman, UAE, with operations across Dubai, Abu Dhabi, Sharjah, and the wider region. UCS provides ISO certification and auditing services across all major management system standards.

What Is ISO 22361:2022?

ISO 22361:2022 — Security and Resilience: Crisis Management — Guidelines — is an international standard published by the International Organization for Standardization under Technical Committee ISO/TC 292, Security and Resilience.

ISO 22361:2022 is distinct from emergency management and incident management standards. It is not intended for operational emergency response. It addresses the strategic level of crisis management, covering the decisions, communication, leadership, and organizational capability required to manage events that exceed normal operational procedures and threaten the strategic position of the organization.

Organizations across the UAE increasingly reference ISO 22361:2022 when developing crisis management programs, responding to governance and regulatory requirements, and demonstrating strategic resilience capability to boards, investors, free zone authorities, and government clients.

The standard addresses six interconnected areas of crisis management:

  • Context, core concepts, principles, and challenges
  • Developing an organization’s crisis management capability
  • Crisis leadership
  • Decision-making challenges and complexities facing a crisis team
  • Crisis communication
  • Validation, testing, and learning from crises

What ISO 22361:2022 Covers

Context, Core Concepts, and Principles

ISO 22361:2022 establishes the context in which crises occur and the foundational principles that distinguish effective crisis management from reactive response. A crisis is defined as an event or situation that involves a high degree of complexity, instability, and uncertainty, and that can exceed the response capacity or capability of the organization. In the UAE, where organizations operate across multiple jurisdictions, regulatory environments, and cultural contexts, understanding this complexity is the essential starting point for building a credible crisis management capability.

Developing Crisis Management Capability

The standard provides guidance on how organizations establish and sustain a crisis management capability. This includes defining governance arrangements, establishing a crisis management team with clearly assigned roles, developing crisis plans and procedures, and ensuring that the capability is integrated with the organization’s broader risk management and business continuity arrangements. The standard is clear that crisis management capability must be developed before a crisis occurs, not improvised during one.

Crisis Leadership

ISO 22361:2022 dedicates specific attention to crisis leadership, recognizing that the quality of leadership during a crisis is often the determining factor in how well an organization manages the event and protects its strategic position. The standard addresses how leaders make decisions under conditions of uncertainty and time pressure, how they maintain situational awareness, and how they demonstrate the authority and composure required to guide their organization through a crisis. In the UAE’s high-visibility business environment, leadership credibility during a crisis directly affects stakeholder confidence and organizational reputation.

Decision-Making During a Crisis

Crisis conditions are characterized by incomplete information, time pressure, and rapidly evolving circumstances. ISO 22361:2022 provides guidance on the decision-making challenges facing a crisis team in action. It addresses how to establish a structured decision-making process that remains effective even when information is limited or conflicting, and how to avoid common cognitive failures that undermine crisis response at the strategic level.

Crisis Communication

Effective crisis communication is a strategic function, not a public relations task. ISO 22361:2022 addresses how organizations communicate with internal stakeholders, external parties, regulators, media, and the public during a crisis. In the UAE, where organizations operate in a multilingual, multicultural environment and face simultaneous scrutiny from local regulators, international media, and global investors, structured crisis communication is a critical strategic capability. The standard covers the principles of timely, accurate, and consistent communication, and the importance of maintaining credibility and trust throughout the crisis lifecycle.

Validation, Testing, and Learning

ISO 22361:2022 requires organizations to validate their crisis management capability through exercises and simulations, and to learn from both exercises and real crisis events. Post-crisis reviews, lessons-learned processes, and capability assessments are built into the standard’s guidance, ensuring that the organization’s crisis management capability strengthens over time through structured continual improvement.

UCS — CTA Snippet 2
Start your ISO 22361:2022 journey today. Accredited certification · Fast turnaround · UAE-based team
Inquire Now

ISO 22361:2022 in the UAE Context

UAE Vision 2031 and Organizational Resilience

The UAE’s national development agenda places significant emphasis on organizational resilience, governance quality, and institutional preparedness across all sectors. ISO 22361:2022 provides organizations with an internationally recognized standard for strategic crisis management capability that directly supports the UAE’s broader goals of building a resilient, well-governed, and globally competitive economy.

Regulatory and Free Zone Governance Requirements

Organizations operating across UAE free zones and under federal and emirate-level regulatory authorities are increasingly expected to demonstrate structured governance arrangements for crisis preparedness. Free zone licensing processes, government contract prequalification criteria, and regulatory governance reviews all place growing emphasis on an organization’s ability to demonstrate crisis management capability at the board and executive level. ISO 22361:2022 provides the internationally recognized standard that supports these requirements.

NCEMA Compatibility

The National Emergency Crisis and Disaster Management Authority (NCEMA) provides the federal structure for crisis and emergency management across the UAE. ISO 22361:2022 provides organizations with a strategic crisis management capability that is compatible with NCEMA’s broader national crisis management structures, supporting effective coordination between organizational crisis management teams and federal and emirate-level authorities during major events.

Reputational Risk in a High-Visibility Environment

The UAE’s position as a global business hub means that organizational crises attract rapid and widespread media attention, both regionally and internationally. Organizations that lack structured crisis management capability face significantly greater reputational exposure when a crisis occurs. ISO 22361:2022 provides the communication principles and leadership structures required to manage crisis events in a high-visibility environment where stakeholder confidence is both easily damaged and difficult to restore.

Which Organizations in the UAE Need ISO 22361:2022

ISO 22361:2022 is applicable to any organization, regardless of size, type, or sector. In the UAE, it is particularly relevant to:

Large Private and Multinational Organizations

Major private sector organizations and multinational companies operating in the UAE face crisis scenarios that can affect operations across multiple jurisdictions simultaneously. ISO 22361:2022 provides the strategic crisis management structure required to manage these events at the board and executive level, protecting organizational reputation and stakeholder relationships across complex operating environments.

Government and Semi-Government Entities

Federal and emirate-level government entities, as well as semi-government organizations operating in sectors such as utilities, transport, and public services, face crisis events that attract significant public and media attention. ISO 22361:2022 supports the development of structured crisis management capability that enables government leadership teams to manage these events transparently and effectively.

Financial Services Organizations

Banks, insurance companies, and financial institutions operating in the UAE under Central Bank of the UAE and other regulatory authority requirements face crisis scenarios involving financial market events, regulatory investigations, and data security incidents. ISO 22361:2022 provides the governance structure and communication protocols required to manage these events at the board and executive level.

Oil, Gas, and Energy Organizations

The UAE’s energy sector operates in a high-visibility, high-consequence environment where operational incidents, environmental events, and regulatory investigations can rapidly escalate to organizational crises. ISO 22361:2022 provides the strategic crisis management capability that complements existing operational emergency response arrangements, ensuring that leadership teams are equipped to manage major events at the strategic level.

Hospitality, Real Estate, and Events Organizations

Hotels, real estate developers, entertainment venues, and major event organizers across the UAE operate in environments where crises, including safety incidents, reputational events, and regulatory actions, can attract rapid and widespread public attention. ISO 22361:2022 provides the crisis leadership and communication structures required to manage these events effectively and protect organizational reputation.

Healthcare Providers and Medical Networks

Hospitals, clinics, and healthcare networks operating under Dubai Health Authority, Department of Health Abu Dhabi, and Ministry of Health and Prevention requirements face crisis events involving patient safety, regulatory compliance, and public health that carry significant institutional and reputational risk. ISO 22361:2022 supports the development of strategic crisis management capability at the executive and board level of healthcare organizations.

Core Principles of ISO 22361:2022

Strategic Focus

ISO 22361:2022 is explicitly focused on the strategic level of crisis management. It is not an operational procedure or incident response checklist. It addresses how an organization’s leadership team makes decisions, communicates, and maintains strategic control during events that threaten the organization’s fundamental interests and stakeholder relationships.

Preparedness Before the Crisis

The standard is clear that crisis management capability must be developed, tested, and embedded before a crisis occurs. Organizations that attempt to build crisis management capability during a crisis will almost certainly fail to manage it effectively. ISO 22361:2022 provides the guidance required to build genuine preparedness into the organization’s governance and operating model.

Leadership and Decision-Making Under Uncertainty

ISO 22361:2022 recognizes that crises are characterized by uncertainty, incomplete information, and time pressure. It provides guidance on how leaders can structure their decision-making processes to remain effective under these conditions, avoiding cognitive failures that commonly undermine crisis response at the strategic level.

Communication as a Strategic Function

The standard treats crisis communication as a strategic leadership responsibility. How an organization communicates during a crisis directly affects its credibility, stakeholder relationships, and long-term reputation. ISO 22361:2022 provides the principles and structure required to manage crisis communication at the level it demands, particularly relevant in the UAE’s multilingual and multicultural operating environment.

Continual Improvement

ISO 22361:2022 requires organizations to learn from both exercises and real crisis events. Structured post-crisis reviews and lessons-learned processes are built into the standard’s guidance, ensuring that crisis management capability is continually strengthened rather than allowed to degrade between events.

Benefits of Implementing ISO 22361:2022 for UAE Organizations

Stronger Board and Executive Governance

ISO 22361:2022 provides a recognized international standard against which boards and executive teams can assess their crisis management governance. Organizations in the UAE that reference this standard demonstrate to free zone authorities, government clients, investors, and regulators that crisis management is embedded in their governance model.

Reduced Reputational and Commercial Exposure

Poorly managed crises destroy organizational reputation and commercial relationships in the UAE’s competitive business environment. Organizations with structured, tested crisis management capability recover more quickly, communicate more effectively, and demonstrate the leadership composure that stakeholders expect. ISO 22361:2022 provides the structure that makes this possible.

Better Regulatory and Government Relations

UAE regulators and government authorities expect organizations to demonstrate structured crisis management governance, particularly in sectors such as financial services, healthcare, and energy. Organizations that reference ISO 22361:2022 are better positioned in regulatory interactions, government contract processes, and free zone governance reviews.

Stronger Positioning in Government and Private Sector Tenders

Government and major private sector procurement processes in the UAE increasingly require evidence of structured crisis management and organizational resilience capability. Organizations that reference ISO 22361:2022 alongside certifiable standards such as ISO 22301:2019 and ISO 45001:2018 present a more complete and credible resilience profile in tender submissions and supplier prequalification processes.

A Complete Organizational Resilience Architecture

ISO 22361:2022 complements ISO 22320:2018 for operational incident management and ISO 22301:2019 for business continuity management. Organizations that implement all three create a complete resilience architecture covering strategic crisis management, operational incident response, and business continuity recovery. UCS provides ISO certification and auditing services for all certifiable standards in this resilience category.

UCS Certification Process

For organizations seeking ISO certification with UCS, our certification process follows a structured six-stage pathway:

  1. Application — Submit your certification inquiry and define the scope of the management system to be assessed.
  2. Certification Agreement — UCS prepares and issues a formal certification agreement for your review and signature prior to audit commencement.
  3. Stage 1 Audit — A structured review of your documented management system to assess readiness for Stage 2.
  4. Stage 1 Audit Report — UCS provides a formal report detailing findings and any observations to be addressed before Stage 2 proceeds.
  5. Stage 2 Audit — An on-site or remote assessment of your system’s implementation, operational effectiveness, and conformance with the relevant standard. Following Stage 2, the recommendation goes to the certification committee for review and approval.
  6. Final Report and Certification Issuance — UCS issues the Stage 2 audit report. Following resolution of any findings, your ISO certificate is formally issued within 2 working days.

Certificates issued by UCS are valid for three years and are subject to annual surveillance audits to confirm ongoing compliance and system effectiveness.

ISO 22361:2022 – CTA Banner Variant
ISO 22361:2022

Crisis Management Standard

Security and resilience guidelines to help your organization plan, establish, and continually improve its strategic crisis management capability.

Inquire Now Learn More

What is ISO 22361:2022 and why is it relevant to organizations in the UAE?

ISO 22361:2022 — Security and Resilience: Crisis Management — Guidelines — is an international standard that provides guidance to help organizations plan, establish, maintain, review, and continually improve a strategic crisis management capability. In the UAE, it is relevant to any organization with board or executive-level responsibility for crisis preparedness, including organizations operating in financial services, energy, healthcare, hospitality, real estate, and government sectors. It provides a recognized international standard for strategic crisis management that supports governance requirements across UAE free zones and regulatory environments.

How is ISO 22361:2022 different from ISO 22320:2018?

ISO 22361:2022 and ISO 22320:2018 address different levels of organizational response. ISO 22361:2022 addresses the strategic level, covering how leadership teams manage crises that threaten the fundamental interests and reputation of the organization. ISO 22320:2018 addresses the operational level, covering incident management, command and control, and inter-agency coordination during emergency response. The two standards are complementary and are often referenced together as part of a broader organizational resilience program.

Which types of organizations in the UAE benefit most from ISO 22361:2022?

ISO 22361:2022 is relevant to any organization whose board or executive team has strategic responsibility for crisis preparedness. In the UAE, this includes large private and multinational organizations, government and semi-government entities, financial services organizations, oil, gas, and energy companies, hospitality and events organizations, and healthcare providers. Any organization required to demonstrate crisis management governance as part of a free zone licensing process, government tender, or regulatory requirement will benefit from referencing this standard.

How does ISO 22361:2022 relate to ISO 22301:2019 for business continuity?

ISO 22361:2022 and ISO 22301:2019 address different but complementary phases of organizational resilience. ISO 22361:2022 addresses the strategic crisis management capability required to manage events that threaten the organization’s fundamental interests and reputation. ISO 22301:2019 addresses the business continuity management system required to maintain and restore critical functions following a disruption. Many organizations in the UAE reference both standards as part of a complete resilience program. UCS provides ISO certification and auditing services for ISO 22301:2019 and all other certifiable ISO management system standards.

Get ISO 22361:2022 Security and resilience — Crisis management — Guidelines Services:

Our Services :

Certifications

Training

Safety and Environmental Assessment

Our latest Blogs :

Certified Management System Auditor

This online training course helps you to understand the key elements to implement and manage internal auditing as specified in ISO 19011 standard so that your organization can gain check its performance and improve its management system.

I have taught internal audit courses in person to hundreds of internal auditors and other interested professionals and I would finally like to share this with you as well online. The course covers all areas in which you need to be proficient through light lectures and practices.

This course has helped many people improve their knowledge and experience in auditing their organization management system and to develop their carriers.

It will assist you in comprehending the role of internal audit functions in a business as well as the profession’s principles and standards. It will show you how to apply fundamental principles like objectivity and independence. You will learn how to maintain a good reputation by adhering to the code of ethics and demonstrating due professional care and proficiency.

It will help you determine whether your reporting lines are acceptable and how to enhance your department through quality assurance if you run an internal audit team or want to be prepared for when you do. You’ll learn about the critical areas of governance, risk management, and internal controls, which are where auditors spend the majority of their time.

Most importantly, it aims to help you ‘think’ like an internal auditor.

Buy Now

ISO/IEC 27001:2013 Internal Auditor Course

This online training course helps you to understand the key elements to implement and manage ISMS (information security management system) as specified in ISO/IEC 27001:2013 standard so that your organization can gain more customer satisfaction, enhance its performance & security.

You will gain deeper understanding of the ISO/IEC 27001:2013 terms, definitions and structure, so that you will be able to apply its concepts and principles to your existing organization.

Consolidate your experience with the latest innovations and help your company to grow continuously.

This course is ideal for anyone in need to understand, plan, implement or maintain an organization’s ISO/IEC 27001:2013 ISMS.

Use the internationally recognized ISO/IEC 27001:2013 to enhance your auditing skills, as the effectiveness of an audit will have a significant impact on the regulatory compliance and customer satisfaction.

Gain your customers’ trust by planning and executing and efficient audit and monitor and take corrective actions where appropriate.

 

In this course we will learn.

  • The requirements of ISO/IEC 27001 ISMS
  • Information security controls as per ISO/IEC 27001 ISMS
  • Internal audit process and practice
  • Information security principles and concepts
  • How to obtain ISO/IEC 27001 certification
  • How to implement ISO/IEC 27001 requirements
Buy Now

ISO 45001:2018 Internal Auditor Course

This course is a complete guideline on how to understand, implement, audit and improve the Occupational Health and Safety Management System as per the ISO 45001:2018 standard. Also, this course will provide details on how to create an audit program, audit plan, audit checklist, non-conformity report and audit report.

This 90-minutes course will take you through the ISO 45001:2018 requirements and the process of auditing by real examples and practical methods. This course will increase your skills and knowledge in safety management and help you develop your career path.

The instructor will show you how each document will be created and used by discussing real life examples.

At the end of the course, you will be able to create your own checklist and audit documents to start your auditing and implement the ISO 45001:2018 standard requirements. Also, you will be able to audit the organization’s safety process and procedure against the ISO 45001:2018 requirements and improve the system.

Buy Now

ISO 21001:2018 Internal Auditor Course

This course is a complete guideline on how to read the ISO 21001:2018 standard and understand its requirement and how to implement it then how to create an audit checklist and the audit process from the audit plan to the NC report.

This 2-hour course will take you through the process of auditing by real examples and practical way.

The instructor will show how each document will be create and show how to use it.

At the end of the course, you will be able to create your own checklist and audit documents to start your auditing and implementing the ISO 21001:2018 standard requirement. Also, you will be able to audit the organization safety process and procedure against the ISO 21001:2018 requirements and improve the system.

 

Course Outcomes:

 

  1. You will become a certified EOMS Internal Auditor.
  2. You will be able to lead ISO 21001:2018 internal audits for the educational organizations.
  3. You will be able to identify the areas for improvement in the educational organizations.
  4. You can combine the new knowledge with your experience to transform the educational organizations worldwide.
Buy Now

ISO 14001:2015 Internal Auditor Course

This course is a complete guideline on how to read the ISO 14001:2015 standard and understand its requirement and how to implement it then how to create an audit checklist and the audit process from the audit plan to the NC report.

This course will take you through the process of auditing by real examples and practical way.

The instructor will show how each document will be create and show how to use it.

At the end of the course, you will be able to create your own checklist and audit documents to start your auditing and implementing the ISO 14001:2015 standard requirement. Also, you will be able to audit the organization safety process and procedure against the ISO 14001:2015 requirements and improve the system.

Buy Now

ISO 9001:2015 Internal Auditor Course

This online/live training course helps you to understand the key elements to implement and manage a QMS (quality management system) as specified in ISO 9001:2015 standard so that your organization can gain more customer satisfaction and enhance its performance.

You will gain deeper understanding of the ISO 9001:2015 terms, definitions and structure, so that you will be able to apply its concepts and principles to your existing organization ;

Consolidate your experience with the latest innovations and help your company to grow continuously.

This course is ideal for anyone in need to understand, plan, implement or maintain an organization’s ISO 9001:2015 QMS.

Use the internationally recognized ISO 9001:2015 to enhance your auditing skills, as the effectiveness of an audit will have a significant impact on the regulatory compliance and customer satisfaction.

Gain your customers’ trust by planning and executing and efficient audit, and monitor and take corrective actions where appropriate.

 

In this course you will learn how to:

  • Identify the purpose and benefits of a QMS.
  • Understand the operations of a QMS based on ISO 9001:2015 standard.
  • Increase your employees’, customers’ and stakeholders’ trust and loyalty.
  • Provide the highest quality to your customers.
  • Initiate, plan and conduct an audit.
  • Prepare and distribute audit reports.
  • Apply the ISO 9001:2015 requirements and benefits.
  • Evaluate an organization’s ability to handle its QMS.
  • Write accurate audit reports and suggest corrective actions.
Buy Now