10 Things you should know about Operational Resilience
1. Operational Resilience is the ability of an organisation to continue to deliver critical operations throughout a disruption.
2. Operational Resilience does not replace Risk Management nor Business Continuity, it enhances them.
3. Operational Resilience is an outcome of Risk Management, Information Security (including Cyber), Incident Management, Business Continuity, and IT Disaster Recovery.
4. To succeed, a Resilience Plan needs appropriate Governance (i.e. a Policy, an agreed Scope, Responsibilities, Resources, and Reporting).
5. Sources of disruption include failures of People, Processes, Technology, Facilities, and Information.
6. You need to identify all critical functions / activities and their dependencies (aka Business Impact Analysis).
7. Consider setting two ‘Impact Tolerance’ levels: one in which the consumer / customer is adversely affected; and another in which the organisation is affected in an intolerable way.
8. Resilience requires four abilities:
- Monitoring – leading indicators (KRIs),
- Responding – to a disruption, and
- Learning – from events and scenario testing.
- Anticipation – of longer-term changes,
9. Scenario Testing is a great technique for validating response plans and identifying gaps.
10. Resilience is a journey from ordinary to excellence and the milestones are levels on a maturity model.