Top Enterprise Priorities: Being Resilient by Design and Aligning to Regulations Like DORAOperational Resilience | 3 Min Read |03 August 22|by Victoria Boreham
Resilience is a term that gets a lot of airtime today. In the week leading up to my recent travel, I was avidly watching the flight cancellations hoping there would be no impact on my travel plans. I’d also seen photos of security lines outside the doors to the airport. I was lucky enough to make it to the airport and the flight still be scheduled! But as I arrived at the airport, I noticed the flurry of people at the bag drop. Now we’re talking super early in the morning before workers even manned the desks. It was chaos. I spoke to one man who had missed his connecting flight and looked destined to miss his next one. This was all due to the fact he was unable to talk to a human to get his boarding pass reprinted. When things don’t quite go to plan you hope that the processes organizations put in place can support you, or in this case, get you on a flight.
The sheer amount of flight disruptions, airspace closures, and even train cancellations due to strikes show how increasingly common parts of everyday life (like traveling to work) and the exciting plans we make (like travel) can be impacted when things don’t quite go to plan. Resilience is tested when operations are disrupted, leaving consumers to wait with eagerness for business as usual.
Travel ramblings aside – the above examples demonstrate the interconnected impacts of digital risk and physical risks and the knock-on impact which is felt by various parts of the business and/or consumers.
But that’s not all! Organizations need to deal with more than ‘bouncing back’ for their customers. They also need to effectively manage the increasing regulatory pressures, frequent cyber risks, and climate catastrophes. Additionally, they need to show that they can continue business as usual, effectively combat issues surrounding the supply chain, and protect customer data when migrating customers to the cloud, or even simply storing customer data in the cloud!
Prioritizing Operational Resilience as Part of the Organizational DNA Has Never Been More Important
Organizations that are proactive and prioritize the tracking and management of risks are ahead of the curve. Resilience embedded in controls as part of core business functions and business DNA enables a greater chance for success – and continuous improvement.
If resilience is not prioritized, core business functions may become vulnerable during cyberattacks, geo-political events, human intervention, and even pandemics. Building resilience with real-time visibility into processes and critical assets enables better preparedness for an enterprise-wide plan and response. Firms that successfully prioritize resilience are shifting their mindset away from the conventional and myopic business continuity/disaster recovery model to being “resilient by design.”
The Digital Operational Resilience Act Will Foster a Strategic Effort to Improve Operational Resilience
Early in May 2022, the European Council announced in a Press Release that they had reached an agreement with the European Parliament on the Digital Operational Resilience Act (DORA). The main purpose of DORA is to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyberattacks and other risks.
DORA sets consistent requirements for the financial sector and critical third-parties who provide ICT services like cloud platforms or data analytics. More importantly, DORA provides a framework for digital operational resilience ensuring that all firms need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The requirements are consistent across all EU member states with the aim to prevent and mitigate cyber threats. DORA, when formally adopted, will serve the purpose of fostering a strategic effort to effectively improve operational resilience.
The provisional agreement is now subject to approval by the Council and the European Parliament before the formal adoption procedure. Once formally adopted it will be passed into law by each EU member state.
Streamline Processes and Build Resilience with MetricStream
It doesn’t matter where you are in your resilience journey, at MetricStream we have you covered with:
- Real-time aggregated view of risks and compliance status
- Quantifiable risks to prioritize risk treatment plans and investments
- Advanced AI-enabled automation and continuous monitoring capabilities
- Federated data model to bind together your core GRC libraries
- Secure private cloud architecture
Check out more resources on how you can build operational resilience with MetricStream: