The coronavirus pandemic (COVID-19) is currently putting high pressure on most countries’ critical infrastructures (not only health care), creating huge uncertainties in supply and demand, and disrupting global supply chains. The global crisis will demonstrate the extent to which different parties (countries, public authorities, private companies etc.) can work together and take holistic decisions in such situations. A core question in supply chain management asks how independent decision-makers at many levels can work together and how this joint work can be governed. Supply chain risk management (SCRM), however, has focused mostly on how focal private companies apply SCRM processes to identify, analyse and mitigate risk related to upstream and downstream flows in their supply networks. At the same time, interorganisational collaboration to handle diverse risks is always needed. A risk that hits one organisation often affects other, interconnected organisations. This study aims to develop the term supply chain risk governance with an associated conceptual framework that embraces various types of supply chains and actors. In a cross-disciplinary literature study, we dissect, compare and combine risk governance with interorganisational aspects of SCRM and find that the mechanisms suggested in the risk governance literature coincide with many of those in SCRM. We suggest a combination of these to govern risk processes at an inter-organisational level, regardless of the type of organisation included in the supply chain. This would be suitable for critical infrastructures that often contain a mixture of private and public actors. The scope of the literature employed is limited, and some articles have played a larger role in the framework development. The paper explores new territory through this cross-disciplinary study, extends existing multi-level frameworks with inter-organisational governance mechanisms and proposes new governance mechanisms to the field. This study could support the understanding of how critical infrastructures in our society are governed so as to increase their resilience to both smaller and larger disruptions.