10 Things you should know about Operational Resilience

• Operational Resilience is the ability of an organisation to continue to deliver critical operations throughout a disruption.

• Operational Resilience does not replace Risk Management nor Business Continuity, it enhances them.

• Operational Resilience is an outcome of Risk Management, Information Security (including Cyber), Incident Management, Business Continuity, and IT Disaster Recovery.

• To succeed, a Resilience Plan needs appropriate Governance (i.e. a Policy, an agreed Scope, Responsibilities, Resources, and Reporting).

• Sources of disruption include failures of People, Processes, Technology, Facilities, and Information.

• You need to identify all critical functions / activities and their dependencies (aka Business Impact Analysis).

• Consider setting two ‘Impact Tolerance’ levels: one in which the consumer / customer is adversely affected; and another in which the organisation is affected in an intolerable way.

• Resilience requires four abilities:
  • Anticipation – of longer-term changes,
  • Monitoring – leading indicators (KRIs),
  • Responding – to a disruption, and
  • Learning – from events and scenario testing.

• Scenario Testing is a great technique for validating response plans and identifying gaps.

• Resilience is a journey from ordinary to excellence and the milestones are levels on a maturity model.