10 Key Steps to getting Operational Resilience off the ground

It can seem daunting to begin a brand-new process for your business. However, risk assessments are an easy way to remain resilient in this ever-changing economy, protecting you and your business in the long term.


10 Key Steps to getting Operational Resilience off the ground

  1.  Put resilience on the agenda of the Senior Management Team.

Identify a champion who will drive the initiative. For larger organisations, it would be good if there was a champion per function. A decision-maker is an important part of the process. If you are carrying out a risk assessment, make sure there is someone who can stand up and take action to implement these changes, so these changes can benefit your company in the long run.

  2.  Identify your business-critical services, the systems and the third parties they depend on.

Conduct a detailed risk assessment on the “Service Disruption” risk. Identify any missing controls / protections / mitigation. Address the gaps identified and come up with a strategy to take action.

  3.  Assess your Information security risk (includes cyber-risk)

  • Identify
  • Protect
  • Detect
  • Respond
  • and Recover

  4.  Develop a response plan to guide your response to a service disruption.

Keep your plan generic, but consider:

loss of building;

loss of systems;

and loss of people.

Then develop contingencies for each loss.

  5.  Develop a Business Continuity plan that focuses on how you will deliver essential services following a severe disruption.

Develop response plans to deal with specific incidents (e.g. cyber-attacks)

Communicate your plans to all relevant employees/third parties.

  6.  Test your plans.

Update your plans after each test, you will always learn something from a test/exercise. Part of risk assessment is taking your findings, learning from them and adapting to grow more resilient in future.

  7.  Consider how you might recover from a Disaster. (e.g. fire, flood)

  8.  If an incident becomes a crisis, you will need a Crisis Management plan

  9.  Manage your Third Parties, they are a risk too.

10. Review and React

Take a resilience self-assessment to see how your risk management would benefit your company’s resilience.


Once these steps are implemented, you can assess how resilient you are.

Find out more on our resilience self-assessment, as well as an in-depth and easy to follow guide on how to get started with operational resilience by downloading our latest White Paper on our website here.

Recent News

The Golden Thread – Governance, Risk & Compliance

A joined-up approach to governance, risk and compliance (GRC) is something all GRC practitioners aspire to – but, ...
Read More

Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may ...
Read More

Over 100 Credit Unions Now Using CalQRisk

CalQRisk now has over 100 credit unions actively using their Governance, Risk Management and Compliance solution across the ...
Read More
risk management words

Governance, Risk and Compliance – An Integrated Process

Three-letter acronyms. Love them or hate them, we can appreciate that they are convenient shortcuts. Many of us ...
Read More

Paralympics Ireland choose CalQRisk to streamline their Governance, Risk & Compliance efforts 

Paralympics Ireland has recently implemented the CalQRisk solution to streamline their Governance, Risk Management and Compliance efforts.  Paralympics ...
Read More

Changes to ISO 27001

ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It ...
Read More

DORA – What you need to know

The purpose of the EU’s new Digital Operational Resilience Act (DORA) is to ensure the safety and security ...
Read More

ILCU and CalQRisk form Alliance

The Irish League of Credit Unions (ILCU) has collaborated with CalQRisk to offer a best-in-class governance, risk management ...
Read More

Top Cyber Risks in 2023

In 2023, there are several cyber risks of which organisations and individuals should be aware. These risks can ...
Read More
office meeting at sunrise

10 Things to Ask When Outsourcing / Choosing a Supplier

Many organisations choose to outsource critical functions or services to third parties/contractors. However, outsourcing the work does not ...
Read More