From Chaos to Control: How ISO 22320 Strengthens Emergency & Incident Response

In today’s increasingly interconnected and unpredictable world, organizations face a wide range of threats to their people and operations—from cyberattacks and natural disasters to political unrest and supply chain disruptions. These risks may vary in cause and scope, but they all demand one essential capability: the ability to respond quickly, clearly, and in a coordinated manner. Without a structured plan in place, even a minor disruption can escalate into a full-blown crisis, with widespread operational, financial, and reputational consequences.

That’s where ISO 22320 comes in. This international standard for emergency management provides a comprehensive framework for managing incidents of all types. It emphasizes clear communication, defined roles and responsibilities, and seamless coordination between internal teams and external stakeholders. Whether navigating a localized emergency or a large-scale disruption, ISO 22320 helps ensure your organization is prepared to respond with clarity, efficiency, and control.

ISO 22320:2018 Scope, Objectives, and Why It Matters

ISO 22320 (more formally titled ISO 22320:2018 Emergency Management – Guidelines for Incident Management) is a standard designed to complement an all-hazards approach to emergency response. The standard was first published in 2011 and updated in 2018. it has since been reviewed and confirmed by the International Organization for Standardization without revision in 2024.

To remain adaptable to any emergency—natural disaster, cyberattack, or health crisis—ISO 22320 emphasizes broad, flexible principles rather than prescribing responses to specific scenarios. This makes it well-suited for organizations of any size or sector.

The standard focuses on three primary principles:

• Coordination: Encourage collaboration across organizations and sectors to ensure that resources, incident information, and responsibilities are shared effectively during a crisis.
• Command and control: Establish clear leadership structures and decision-making authority for efficient and consistent emergency response.
• Information management: Promote the structured collection, analysis, and dissemination of accurate information, which is essential for informed decision-making during an incident.

ISO 22320 also includes additional supporting practices, such as resource management, public communication, and decision support, to enhance the overall effectiveness of incident response.

Balancing the Benefits and Challenges of ISO 22320

Because ISO 22320 serves as a foundational program for organizational crisis response and societal security, it offers organizations a wide range of benefits. Information gleaned from your efforts to protect your business from harm can also strengthen communication, clarify leadership roles, and improve coordination with external stakeholders.

By implementing the essential components of incident management under ISO 22320, organizations can:

• Enhance situational awareness: Structured information management helps ensure decision-makers and technical committees have accurate, real-time data during incidents.
• Improve coordination and collaboration: Clear processes and shared terminology promote cooperation across departments, agencies, or international partners.
• Establish consistent leadership structures: Well-defined command and control frameworks reduce confusion and enable faster, more effective responses.
• Support regulatory and stakeholder expectations: Adherence to international standards can help demonstrate a proactive approach to risk management and crisis preparedness.
• Build long-term resilience: Lessons learned through incident management planning and execution feed into organizational improvement and business continuity efforts.

Overall, ISO 22320 helps organizations turn crisis response into a strategic strength. Of course, like any standard, only proper implementation can help you realize its benefits. In many cases, the standard’s challenges are directly tied to that process.

As a broad standard, ISO 22320 leaves much room for interpretation. This flexibility can make it challenging to translate high-level guidance into concrete actions, especially for organizations without established incident management structures or resources for allocation. Without clear direction, teams may struggle to define roles, coordinate across departments, or align the standard with existing business continuity or emergency protocols.

Additionally, implementing ISO 22320 often requires cross-functional buy-in across the organization and incident command, consistent training, and the integration of multiple systems and processes, each of which can be a hurdle on its own. Luckily, the right crisis management strategies can help you overcome many of these hurdles and realize the benefits of the incident management process.

A Practical Guide to ISO 22320 Implementation

Creating an emergency response plan is one thing; implementing it is another challenge entirely. While it’s easy to outline procedures on paper, real-world execution often falls apart without a clear emergency communication plan, defined roles, and coordination across all levels of an organization.

To implement ISO 22320 effectively, organizations must take a strategic approach to its three core principles: coordination, command and control, and information management. These pillars are the key to bridging the gap between incident management planning and action.

In an episode of The Employee Safety Podcast, David Markley, Director of Operations at Grace Covenant Church in Austin, Texas, provides some insights into managing this. With a defense, engineering, and security background, David offers practical, on-the-ground lessons in improving emergency response and situational awareness in line with ISO 22320 best practices.

1. Build a clear incident action plan structure before the crisis hits

In the heat of the moment, predicting how people will respond is difficult, especially if they don’t know their role or what actions to take to stay safe. The time to shape your response isn’t during the emergency; it’s long before it begins.
ISO 22320 emphasizes the importance of pre-defined command and control structures to ensure clarity during emergencies. That structure is a framework for turning information into fast, coordinated decisions.

David Markley’s defense background speaks directly to this principle. During his time in the military and defense industry, he focused on enabling situational awareness and actionable decision-making under pressure.

“Picture troops on the ground… they want to know the location and movement of their adversaries, if a cleared building is still unoccupied, or if nearby vehicles are friend or foe.”

This is an example of risk intelligence in practice: the ability to gather, assess, and act on real-time information sharing. ISO 22320 supports this by requiring organizations to establish a response structure to manage information flow, define responsibilities, and ensure decision-making is not delayed by confusion or uncertainty.

Markley applied this same mindset at Grace Covenant Church, where he had to coordinate emergency communication across a large campus with thousands of attendees and dozens of volunteers. In one case, a medical incident revealed the fragility of relying on informal communication plans of texting pastors, using radios, and hoping someone picked up a call. This fracture in the response structure was a minor oversight but affected the combined organizational structure.

ISO 22320 helps avoid these breakdowns by encouraging organizations to define responsibilities and establish escalation paths. It also ensures that responders, whether full-time staff or part-time volunteers, know exactly how to act.

2. Design emergency communications systems for your users

In a survey AlertMedia conducted with emergency communication professionals, 45% cited employee adoption as their top pain point. It’s a simple but critical truth: You can’t communicate through a system your people don’t use. Other top challenges—such as maintaining accurate contact information and location data—were also tied to low participation and lack of system engagement.

Problems with engagement are rarely about the people. More often, they stem from communication systems that are too broad, clunky, or hard to use under pressure.

“You don’t want to over-alert people. You want to get the right information to the right people—without overwhelming everyone else.”

At Grace Covenant Church, David Markley described a receptionist’s hesitation to use their legacy alert system during a potentially escalating situation. The system was limited, overly broad, and not intuitive, raising concerns that using it might make things worse. That hesitation delayed the response and highlighted the need for something simpler, more targeted, and easier to trust.

To improve engagement and meet ISO 22320’s guidance on information management, prioritize communication flowing to the worker, not just from the top down—and it must do so without overwhelming them. Adoption improves when communication tools are intuitive, segmented, and directly relevant to each person’s role, and so does response effectiveness.

3. Involve everyone who helps keep people safe

Collaboration is what gets every organization through a crisis. Your ability to coordinate with internal teams, volunteers, and external stakeholders, like law enforcement, suppliers, or partner organizations, can determine whether your response is calm and controlled or scattered and reactive.

ISO 22320 emphasizes coordination and collaboration as a core principle of emergency response. That means knowing who is connected to your organization, their role, and how to activate those connections when they matter most.

David Markley discusses this point in the podcast, reflecting on how many people are already helping behind the scenes without being formally recognized. By formalizing their roles, he expanded his team.

“We’ve multiplied the number of people on our security team[…] just by giving more people a way to report what they’re seeing.”

One example is a longtime volunteer who regularly served as a greeter. He already had strong situational awareness and a natural sense of when something felt off. The team could extend their reach and improve response times by formally recognizing his role and including him in the church’s communication process.

ISO 22320 supports this kind of inclusive, real-world collaboration: identifying valuable contributors already in your environment and giving them a defined role in your emergency structure.

4. Improve as you go; don’t wait for perfect

ISO 22320 emphasizes the importance of ongoing learning and adaptation. Real-world emergency response is rarely flawless, so build continuous improvement into your crisis management plan from the start. You don’t need to get everything right the first time, but you do need to make sure your system evolves based on what works and what doesn’t.

As David Markley put it:

“Don’t wait to have a perfect system. Put a system in place and then perfect it.”

At Grace Covenant Church, that mindset was tested during a nearby shooting. Despite having trained the staff, the church hadn’t yet rolled out its new emergency communication tool to volunteers. When police alerted them to the threat, communication had to happen manually through radios, word-of-mouth, and hallway conversations. Critical updates couldn’t reach everyone quickly, and some staff only found out when parents arrived to pick up children.

The following week, they rolled the tool out to volunteer leaders. It wasn’t perfect, but it was in place and ready to improve through use.

ISO 22320 encourages this kind of incremental, feedback-driven process. Emergency response systems must be adaptable. By reviewing each incident or near-miss, updating tools, and listening to user experiences, you create a system that gets better over time.

Structure Your Response, Strengthen Your Business Resilience

Aligning with ISO 22320 can help your organization refine its emergency response and build a scalable and dependable system. The standard’s three core principles—coordination, command and control, and information management—offer a clear framework for structuring how people, processes, and tools come together during a crisis.

Whether starting from scratch or improving an existing plan, structured implementation is key. That means defining roles, building collaborative networks, and equipping your teams with tools they’ll use before an emergency begins.

Download our Definitive Guide to Emergency Communication for practical tips, real-world examples, and tools to help you turn ISO 22320 principles into action.