Skip to main content

About ISO 22320:2018 Emergency Management-Guidelines for Incident Management

🟢 ISO 22320:2018 provides guidelines for effective incident management to help organizations prepare for, respond to, and recover from emergencies and crises of all types. 

🔵 In an increasingly interconnected world, incidents—whether natural, technological, or human-induced—can quickly escalate in scale and complexity, affecting communities, infrastructure, and economies. 

🟠 This standard aims to support coordinated and structured responses by enhancing command and control, decision-making, communication, and cooperation among involved parties.

🟣 It encourages organizations to adopt a clear incident management framework that promotes interoperability across agencies, fosters collaboration, and ensures timely information sharing. 

🔴 ISO 22320 is applicable to all types and sizes of organizations, in both the public and private sectors, and is designed to be adaptable to specific legal, regulatory, or cultural contexts. 

🟡 It also promotes a cycle of continuous improvement through lessons learned, regular training, and evaluations. 

🟢 As part of the ISO 22300 family of standards on security and resilience, ISO 22320 complements other standards such as ISO 22301 (business continuity) and ISO 22324 (emergency alerting), contributing to a comprehensive approach to managing emergencies effectively and minimizing their impacts.

Main Highlights

ISO 22320:2018 outlines key principles and guidelines that support effective incident management across all types of organizations. 

At its core, the standard emphasizes the importance of a clear command and control structure to ensure well-defined leadership, roles, and decision-making during emergencies. 

It promotes efficient operational information management by enabling timely collection, analysis, and sharing of accurate data, which is critical for situational awareness and coordinated action. 

The standard also highlights the need for strong coordination and cooperation among multiple stakeholders—including public agencies, private sector entities, and NGOs—to enhance interoperability and joint response efforts. 

Resource management is addressed through guidance on identifying, mobilizing, and allocating resources in a scalable and flexible manner. 

Additionally, the standard encourages the development of adaptable plans and procedures, backed by regular training and exercises. 

Public communication is another essential element, with the standard supporting transparent, consistent, and trusted messaging to the public and media during crises. 

Designed to be scalable, ISO 22320:2018 applies to incidents of any size or complexity and promotes continuous improvement by incorporating lessons learned from past events. 

Collectively, these highlights make ISO 22320 a practical tool for building resilient and coordinated emergency response capabilities.

Brief about the ISO standard

➝ ISO 22320:2018 provides guidelines for effective incident management during emergencies.
➝ Focuses on establishing clear command and control structures.
➝ Enhances coordination and cooperation among multiple responding organizations.
➝ Promotes accurate and timely information management for better decision-making.
➝ Guides effective resource management—mobilizing and allocating personnel, equipment, and                  logistics.
➝ Encourages adaptable planning and procedures to handle various types of incidents.
➝ Supports clear and consistent public communication during crises.
➝ Designed to be scalable and flexible, suitable for any organization or incident size.
➝ Emphasizes continuous improvement through lessons learned and regular exercises.
➝ Part of the broader ISO 22300 family focused on security and resilience.

  • icon

    Implementing ISO 22320:2018 offers several key benefits for organizations involved in emergency management.

  • icon

    It improves the overall response to incidents by providing a structured and coordinated framework, ensuring that leadership roles and responsibilities are clearly defined through effective command and control.

  • icon

    The standard enhances coordination among multiple organizations and agencies, fostering greater interoperability and joint action.

  • icon

    It supports better decision-making by enabling the timely and accurate flow of critical information, while also guiding the efficient allocation and use of resources under high-pressure situations.

  • icon

    ISO 22320 also strengthens both internal and public communication during emergencies, reducing confusion and increasing trust.

  • icon

    Its scalable and flexible nature allows it to be adapted to incidents of any type or size, across various sectors.

  • icon

    By aligning with international best practices, the standard helps organizations increase their overall resilience and preparedness.

  • icon

    Furthermore, it promotes a culture of continuous improvement, encouraging regular reviews, training, and learning from past incidents to enhance future performance.

Brixton Assessment Certification Methodology

 

 

 

 

STEP 1: Application & Contract (Phase 1)

 Purpose:

The organization formally begins the certification process by applying to a certification body (CB).

Activities:

  • Submission of the application form with organization details.
  • Discussion of the scope of certification (i.e., what part of the business or what standard is being applied for).
  • Review of the organization's readiness.
  • The certification body issues a quotation or proposal.
  • Signing of a contract that outlines terms, conditions, audit plan, and costs.

Outcome:

  • A legally binding agreement between the organization and certification body.
  • Audit process planning starts.

STEP 2: Pre-Audit (Optional) (Phase 2)

Purpose:

To evaluate the organization’s current system and readiness before the formal certification audit.

Activities:

  • A Pre Audit is performed to identify missing elements in the management system
  • Evaluation of documentation, processes, and compliance with the chosen standard (e.g., ISO 9001).
  • Feedback is provided but no certificate is issued at this stage.

Outcome:

  • Organization receives a preliminary assessment report.
  • Identifies areas for improvement before the actual certification audit.
  • Optional, but recommended for first-time applicants.

STEP 3: Certification Audit (Phase 3)

Purpose:

To conduct a formal, in-depth audit to verify compliance with the applicable standard.

Activities:

  • Conducted in two stages:
    • Stage 1 Audit: Review of documentation, processes, and readiness.
    • Stage 2 Audit: On-site audit of actual implementation.
  • Auditors assess:
    • Policy and objectives
    • Risk assessments
    • Employee competence
    • Records and evidence of compliance
  • If non-conformities are found, Corrective Actions (CA) must be taken.

 Outcome:

  • Audit report with findings.
  • If all requirements are met (or after CAs are addressed), the process proceeds to certification.

STEP 4: Certificate Issue (Phase 4)

Purpose:

To grant official certification once the organization has passed the audit.

Activities:

  • Review of audit report by the certification body.
  • Verification of implemented corrective actions (if any).
  • Issuance of the Certificate of Conformance, valid for typically 3 years.

Outcome:

  • The organization becomes certified to the chosen standard.
  • Public recognition, enhanced credibility, and business opportunities.

STEP 5: Surveillance Audit (Phase 5)

Purpose:

To ensure ongoing compliance with the standard during the certificate’s validity period.

Activities:

  • Surveillance audits are conducted at least once a year.
  • Partial audit of processes and systems.
  • Review of continual improvement, internal audits, management reviews, and corrective actions.

Outcome:

  • If compliant, the certificate remains valid.
  • If issues are found, Corrective Actions (CA) must be taken.

STEP 6: Re-Certification Audit (Phase 6)

Purpose:

To renew the certification before its expiration (usually every 3 years).

Activities:

  • A full system audit is performed, similar to the initial certification audit.
  • Review of system performance over the previous cycle.
  • Evaluation of effectiveness and continual improvement.

Outcome:

  • A new certificate is issued for the next cycle if the audit is successful.
  • If major non-conformities are found, certification may be suspended or withdrawn.

Corrective Action (CA) – Throughout the Process

  • Applicable in Steps 3, 4, 5, and 6.
  • If non-conformities are identified during any audit, the organization must:
    • Investigate the root cause.
    • Implement corrective actions.
    • Provide evidence of resolution.
  • Certification body verifies effectiveness of corrective actions before moving to the next step.

Certification Details

 

BAS is a versatile ISO certification body, with various industrial expertise and strong exposures in the field of Quality, Health, Safety and Environmental, Service Management and Information Security Management. We provide reliable services in the UK, Middle East, India and Other countries.

 

We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service. 

 

The following are the steps in this phase we do as part of certification

 

Contract signature

BAS representative sends out an application which is a questionnaire to the organization which is the applicant for the Certification.

Once BAS receives the filled in application, the BAS representative sends an official quote to the applicant for approval.

 

Pre-audit (optional):

Gap analysis and diagnosis of your systems current position against requirements of the standard - A pre-certification audit is a high level evaluation indicating where your company currently stands in compliance with specific standards before the main certification audit. 

 

Audit Stage 1- Initial Visit: to verify the establishment and implementation of the basic structure of your Management System

 

BAS will carry out a Document review Assessment of the client�s Management System according to the requirements of  Standard in order to establish to what extent the System addresses the requirements of the standard and if a subsequent Initial Assessment for Accredited Certificate is likely to result in successful certification at an early stage, by which usually companies take the necessary corrective/preventive actions as appropriate and prior to the Initial Assessment. The Pre-audit should not be considered as a Consultancy Service

 

Audit Stage 2 - Certification audit (certificate issued after successful certification audit)

 

The principal purpose of the Initial Assessment is to audit the Company�s Management Systems for compliance with the the standard. Please note that Initial Assessment is the obligatory service.   In this phase if there are any opportunities for improvements identified BAS auditors would report them in the interest of the organization.  

 

Surveillance audits to follow the continual improvement

 

It is also an obligatory service; BAS will perform Surveillance Visit approximately after every year i.e. a total of 3 Surveillance Visits will be performed every year during the 3 years validation period of the Certificate. Such routine surveillance Visits are performed to ensure the continuous compliance of your Management System to the requirements of  Standards.

 

Re-certification after 3 years through full audit or continual assessment.

What we do?

  • BAS can assist your organization to acquire any relevant ISO certifications in UAE which is well-known internationally. It will generate additional business opportunities, exhibit the organizations compliance and commitment to the best-practices in any industries in order to be more competitive in today�s market.
  • We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service.
  • When you choose BAS as your certification partner you stand to gain monetarily in your business by our straight forward assessment. The overall aim of certification is to give confidence to all parties that a management system fulfills specified requirements. The value of certification is the degree of public confidence and trust that is established by an Impartial and competent assessment by a third party. 
  • With BAS, you will have the capability to deliver on the promises you make � this helps you to enhance your     reputation, creates confidence in your capabilities, substantiates claims and differentiates your     organization; 
  • With BAS,  Obtains the full tangible benefits and value of your management systems � this helps you to     link assessment system benefits to financial performance or improvements in effectiveness     and efficiency that help drive your business forward in  measurable and verifiable ways; and develops your capability to better manage a range of non-financial risks. 
  • As an integral part of this process, BAS will evaluate the relevance of the quality objectives against the analysis of stakeholder expectations and strategic goals of the company. We will assess the capability of the management system in controlling the defined processes. We will assess the effectiveness of the management decision making in respect to this data and, on the basis of this assessment, we will help senior management identify any changes required to support continual improvement. 
  • Providing more opportunities for improvements than just performing a compliance audit against the standards requirements.  
  • Understand the local culture and working patterns of the clients will facilitate better communication and understanding between BAS and the clients.
  • BAS possesses resources who have the knowledge and skills of multiple standards such as ISO 20000, ISO 27001, SKEA for eg., in Abu Dhabi for Business Excellence programs etc.,. This greatly helps the clients to have better inputs as the standards can be applied in an integrated way and the auditors can provide a holistic feedback. 
  • BAS has offices around the world and the auditors  have access to the knowledge from all around the global parts which will be helpful to the clients as they can have a better understanding and more practical suggestions from BAS auditors.
  • BAS location advantage within the Emirates on the following: Abu Dhabi, Dubai, Al Ain, Sharja, Ajman, Ras Al Kaimah and Fujairah (We have successfully completed many and different projects locally and also internationally).
  • BAS strongly promotes and implements the facilitations on the relevant Management System not only for the sake of certification but to really make a difference in the processes and procedures that will be implemented throughout any organization.
  • BAS consist of some project members which are also EFQM International Assessors this can add value to the assignment as Abu Dhabi government is highly recommending Organizational Excellence program across Abu Dhabi Emirate (and UAE).