Today, Organizations must be strategically adaptable, operationally aware and tactically capable to respond to the impact of any change. The one discipline that predicates impact upon business capability is Business Continuity Management. Business Continuity Management can be used as a central facilitator to build resilience and sustainability.
Organizations have recognized business continuity management as a response to disruptions in order to continue operations at acceptable predefined levels. However, with growing threats, disruptions, and attacks, the time has come for a more dynamic response to disasters. That comes in the form of organizational resilience.
Resilience needs to be grown from a management-driven approach (as defined by ASIS SPC1 2009) to a culture practiced across the organizations (as defined in the guidelines released under ISO 22313). Resilience, as a goal, can be enhanced by integrating and coordinating various disciplines in an organization: strategic, tactical, and operational. Organizations can explore different methods for remedial responses and find the ideal approach to embed resilience through business continuity.
Resilience is dictated by operational demands, and the ability to respond to these demands determines an organization’s business continuity maturity. The need for organizations to break out of all operational silos and develop an ecosystem with resilience embedded at every layer of the organization is key to being prepared to respond to any disruption.
The ability to respond to a change in the market and get the product out before competition is inherent in any successful business. Customers, suppliers, regulators, and competitors all affect an organization’s capability to continue in business. Therefore, organizations need to keep an eye on the stability of its business facilitators including suppliers, raw materials, manufacturers, distributers, sites, and assets to develop a holistic framework of preparedness and readiness.
Resilience is a continuous requirement and no organization, person, network, or system can be absolutely resilient. An organization should be strategically adaptable, operationally aware, and tactically able to respond to any external or internal event. Resilience can never be static, it is constantly changing.
Using business continuity functions, organizations can identify resilience indicators specific to their business. Once identified, these indicators interact with each other to establish a network which can bounce back from the most disruptive events. Few indicators for building a resilient organization are:
Few questions that need to be asked while developing a resilience program:
According to a paper published by Business Continuity Institute (BCI) on “Organizational Resilience”, the various disciplines involved in developing a resilience program should focus on the following tenets:
The common element across these disciplines is business continuity. Utilizing the BCM process not only provides the necessary linkages to all critical process and functions but also provides a central repository of information across the organization.
The BS 65000 standard provides guidance on achieving enhanced organizational resilience and articulates the benefits of doing so. It provides guidelines to enhance crisis management and business continuity management practices by integrating these into a wider resilience program. Additionally, BS 65000 references other activities including risk management, horizon scanning, and change management.
Traditionally, organizations use ISO 31000 and ISO 22301 standards to address the need for organizational resilience. The growing need for organizational resilience demands a correlation between risk management and business continuity management system models. Establishing a channel of communication between BCM and Enterprise Risk Management systems provide the means to develop a comprehensive resilience program.
Integrating Business Continuity Management program into the resilience program will enable organizations to not only be ready for an event but also continuously exercise recovery measures.
Any disruption-cyber-attacks or physical disruptions - affects business continuity. Keeping the focus on organization resilience, while developing recovery strategies, will go a long away in building an organization which is prepared and ready for any event.