10 Things you should know about Operational Resilience

10 Things you should know about Operational Resilience

 

  • Operational Resilience is the ability of an organisation to continue to deliver critical operations throughout a disruption.
  • Operational Resilience does not replace Risk Management nor Business Continuity, it enhances them.
  • Operational Resilience is an outcome of Risk Management, Information Security (including Cyber), Incident Management, Business Continuity, and IT Disaster Recovery.
  • To succeed, a Resilience Plan needs appropriate Governance (i.e. a Policy, an agreed Scope, Responsibilities, Resources, and Reporting).
  • Sources of disruption include failures of People, Processes, Technology, Facilities, and Information.
  • You need to identify all critical functions / activities and their dependencies (aka Business Impact Analysis).
  • Consider setting two ‘Impact Tolerance’ levels: one in which the consumer / customer is adversely affected; and another in which the organisation is affected in an intolerable way.
  • Resilience requires four abilities:
    • Anticipation – of longer-term changes,
    • Monitoring – leading indicators (KRIs),
    • Responding – to a disruption, and
    • Learning – from events and scenario testing.
  • Scenario Testing is a great technique for validating response plans and identifying gaps.
  • Resilience is a journey from ordinary to excellence and the milestones are levels on a maturity model.

 

Blog