10 Things you should know about Operational Resilience

Operational Resilience is the ability of an organisation to continue to deliver critical operations throughout a disruption.

Operational Resilience does not replace Risk Management nor Business Continuity, it enhances them.

Operational Resilience is an outcome of Risk Management, Information Security (including Cyber), Incident Management, Business Continuity, and IT Disaster Recovery.

To succeed, a Resilience Plan needs appropriate Governance (i.e. a Policy, an agreed Scope, Responsibilities, Resources, and Reporting).

Sources of disruption include failures of People, Processes, Technology, Facilities, and Information.

You need to identify all critical functions / activities and their dependencies (aka Business Impact Analysis).

Consider setting two ‘Impact Tolerance’ levels: one in which the consumer / customer is adversely affected; and another in which the organisation is affected in an intolerable way.

Resilience requires four abilities:
- Anticipation – of longer-term changes,
- Monitoring – leading indicators (KRIs),
- Responding – to a disruption, and
- Learning – from events and scenario testing.

Scenario Testing is a great technique for validating response plans and identifying gaps.

Resilience is a journey from ordinary to excellence and the milestones are levels on a maturity model.

Recent News

Minimum Competency Code – ‘And miles to go before I sleep’

The 1st October 2024 effective date for the expansion of the scope of the Minimum Competency Code 2017 ...

Read More →

Decoding the Digital Operational Resilience Act (DORA): CalQRisk’s Jargon Buster

Navigating the complexities of regulatory compliance can be daunting, especially with evolving digital landscapes. Enter the Digital Operational ...

Read More →

Ten Things to Learn from Managing an Incident

Incidents, while often complex and challenging, provide valuable learning opportunities that can enhance an organisation's resilience and strategic ...

Read More →