Crisis management is the strategic leadership an organisation applies when an incident is serious, uncertain or prolonged enough to threaten its objectives or reputation. It is distinct from the immediate emergency response and from day-to-day business continuity, and in Australia, it draws on the international guideline ISO 22361:2022. Its value lies in the ability to make good decisions under pressure with incomplete information.
For executives and boards, the question is not whether a crisis will come but whether the organisation is ready to lead through one. This page explains what crisis management is, what good practice looks like under ISO 22361, how a crisis management team is structured, and how crisis management connects to the continuity and emergency plans around it.
Overview
What is crisis management?
Crisis management is the capability to take strategic decisions and lead an organisation through an event that its normal management arrangements cannot handle. A crisis is not just a large incident: it is an event marked by uncertainty, urgency and high stakes, where the right course of action is not obvious, and the consequences of getting it wrong are significant.
Where emergency management protects life safety and business continuity keeps operations running, crisis management sits above both, setting direction, managing reputation and stakeholders, and making the calls that only senior leaders can make.
The standard
ISO 22361:2022 and good-practice crisis management
ISO 22361:2022, Security and resilience — Crisis management — Guidelines, is the international standard for crisis management. It provides guidance on building and maintaining a strategic crisis management capability, covering crisis leadership, the decision-making challenges a crisis team faces, crisis communication, and the training and validation that keep the capability sharp.
It is a guideline rather than a certifiable requirement, which suits a discipline that depends more on judgement, leadership and rehearsal than on a checklist.
The team
The crisis management team and structure
A crisis management team (CMT) is the group that runs the strategic response. It is led by a crisis leader and brings together the functions a crisis demands: operations, communications, people and welfare, continuity and recovery, and a disciplined record of decisions. Clear escalation triggers tell the organisation when to convene the team, so that it is activated early rather than once the situation is out of hand.
Structure matters less than clarity. Everyone should know who leads, who makes decisions, and how the team connects with the emergency and continuity teams working on the immediate impact.
A crisis team and its plan are only proven when they are rehearsed. A crisis simulation puts the team into a fast-moving, ambiguous scenario to test decision-making, delegation, and communication under pressure, where gaps in roles or escalation become clear. The method is set out on the exercising and testing pillar.
Under pressure
Crisis communications and decision making
Two things separate organisations that handle a crisis well from those that do not: how they communicate and how they decide. Crisis communication means telling stakeholders, staff, customers, regulators and the public what they need to know, quickly, honestly and consistently. Decision making under uncertainty means acting on the best available information, accepting that it will be incomplete, and revisiting decisions as the picture changes.
Both improve with rehearsal. A crisis team that has exercised together makes faster, calmer decisions when a real event arrives.
The bigger picture
How crisis management connects to continuity and emergency plans
Crisis management is the top tier of an organisation’s resilience. Beneath it, emergency management protects life safety in the first minutes, and business continuity keeps the critical activities running. A serious event can demand all three at once, which is why they should be planned together and tested together. Crisis management gives that combined response its strategic direction.
A security incident can also become a crisis. An active armed offender, an intruder, or a bomb threat triggers an immediate security response, but it can quickly escalate to the point where the crisis management team must take charge of decisions, communications, and recovery. The immediate response is covered on the physical and facility security pillar, and testing how a security incident escalates into a crisis is part of the exercising and testing programme.
How we help
How Agilient supports crisis management
Agilient builds crisis management capability that holds up under pressure, from the team structure and plan to the exercises that rehearse it. The work spans government, healthcare, aviation, defence and critical infrastructure.
Crisis team and structure
Designing the crisis management team and its escalation triggers.
Crisis management plans
Practical plans aligned to ISO 22361:2022.
Crisis communications
Communication strategy, protocols and holding statements.
Decision-making support
Frameworks for leading and deciding under uncertainty.
Crisis simulations
Realistic exercises that rehearse the team.
Review and improvement
Learning from exercises and real events.
Agilient works across Sydney, Melbourne, Brisbane, Adelaide and Canberra.
Be ready to lead through a crisis
A trained crisis team, a clear plan, and a rehearsed escalation path are what enable an organisation to make good decisions when it matters most.
FAQs
Frequently asked questions
What is crisis management?
What is ISO 22361?
What is a crisis management team?
How is crisis management different from emergency management?
How do you prepare a crisis team?
How do you rehearse or test a crisis management plan?
References
- ISO, ISO 22361:2022 Security and resilience — Crisis management — Guidelines, iso.org