Crisis Communication Is Now a Certified Requirement

Dear {{ first_name | reader }},

Last year I was in Sharjah, delivering a crisis, risk, and communication masterclass with Divakar Pandian for the team at BEEAH Group — one of the UAE’s most ambitious sustainability and innovation organisations.

Good room. Sharp questions. And somewhere between the sessions, Divakar mentioned he was working on something bigger. That something is now published.

In February 2026, Resilience Next released GRS 1001-RN:2026 — the Global Resilience Standard. Version 1.0. Available for adoption. With a certification scheme attached.

I was one of the contributors, alongside nearly forty practitioners from across the industry. I am not a neutral observer, so take that into account.

But I would not be writing about it if I did not think it mattered for the people who read this newsletter.

Happy reading.

The world is not short of frameworks. ISO 22301 covers business continuity. ISO 31000 covers risk. ISO 27001 covers information security. There are national standards, sector-specific requirements, regulatory regimes — and enough acronyms to fill a whiteboard twice over.

The problem is not that we lack standards. The problem is that the existing ones were built in silos, and organisations consistently fail in the gaps between them. The cyber team does not talk to the communications team until something is already on fire.

The risk register and the crisis plan live in different departments, updated on different schedules by people who rarely meet. ESG gets bolted onto governance structures rather than woven into them. Nobody connects the social and environmental stakes of a disruption to the operational response before it happens.

GRS 1001-RN:2026 tries to close those gaps. It proposes a single Global Resilience Management System (a GRMS) that brings enterprise risk, business continuity, cybersecurity, crisis management, health and safety, crisis communications, ESG, AI governance, and third-party risk management into one integrated model. One governance structure. One audit. One certification.

Version 1.0 will have gaps. It is explicit about that — Version 1.1 is already scoped. But the architecture is sound, and for the first time in my experience, crisis communication is not an afterthought.

For most of the history of this profession, crisis communication has been a response function. Something happens, you call the communications team, and they draft a statement. The argument that communicators should be embedded in risk planning and governance (not just activated when things go wrong ) has been made many times. It has rarely been implemented.

GRS 1001-RN:2026 bakes it in from the start.

The Resilience Management Committee, the governing body overseeing the entire framework, explicitly seats a Communications lead alongside risk, continuity, cybersecurity, legal, and HSE functions.

The Respond pillar requires a documented Crisis Communications Plan as a certified deliverable, not an annex. And the standard applies the same four-stage lifecycle to communication that it applies to every other discipline: Define, Design, Embed, and Improve.

That last point deserves a moment. Communication in a crisis is not improvised. It is designed, practised, and continuously improved — or it fails. The standard treats it the same way it treats a recovery time objective or a supply chain redundancy plan.

If you have spent years making the case for a permanent seat in governance, this framework gives you a new argument. A certified one.

One of the most practically useful concepts in the document is the Crisis Activation Threshold; pre-defined, documented criteria that determine when an Incident becomes an Emergency, and when an Emergency becomes a Crisis.

Most organisations do not actually have this. What they have is a vague understanding that someone will escalate to the CEO when things get bad enough. The result is predictable: slow decisions, the wrong people in the room, reactive communication, and the first hours spent arguing about whether this is actually a crisis rather than managing it.

The standard requires those thresholds to be documented and aligned with the organisation’s Risk Appetite, approved at board level before anything goes wrong.

For communication professionals, this changes the game. Pre-defined activation criteria mean pre-positioned messages, pre-approved spokespersons, and pre-tested channels. You are not starting from zero at the worst possible moment.

Standards shape professions. ISO 22301 turned business continuity from a specialist niche into a certified discipline with auditable requirements and board-level visibility. ISO 27001 did the same for information security.

When a standard exists with a governance structure and a certification pathway, it changes what organisations ask for when they hire, what procurement teams require when they buy services, and what boards expect when they ask about resilience.

GRS 1001-RN:2026 includes crisis communication as a certified requirement. For those of us who have long argued that communication is the connective tissue of every crisis response — the mechanism by which organisations maintain legitimacy when everything else is breaking down — that is a meaningful shift.

This will not be the last time I write about this standard in Wag The Dog. As certification pathways open, capacity building develops, and early adopters begin implementation, I will keep you updated.

The standard is available for free download at globalresiliencestandard.org. Read it. Share it with the people in your organisation who own risk, continuity, and governance. Start mapping where your current frameworks align, and where the gaps are.

The conversation is just beginning.

_{Transparency & Disclosures}

_{AI Transparency: In alignment with EU AI Act requirements, please note that AI technology was used in the research, drafting, and/or image generation for this edition. All strategic analysis, professional opinions, and final editorial oversight are conducted exclusively by the author. Affiliate Disclosure: Some links in this briefing may be affiliate links. I only recommend tools and services I use personally or have vetted for professional efficacy. Professional Advice: This newsletter is for educational and informational purposes only and does not constitute legal or professional crisis management advice. © 2026 RiskComms FZCO. All rights reserved.}