Organisational Resilience: An Integrated Approach to Risk, Security and Resilience
Organizational Resilience has been described as “the ability of an organization to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.” BS65000: 2014 further describes Organizational Resilience as a “strategic imperative for an organization to prosper in today’s dynamic, interconnected world”. The management standard suggests that mastering Organizational Resilience, requires the setting and maintenance of high operational standards and the development of a culture which embraces continual improvement.
Although Business Continuity Management may be viewed to be synonymous with the term resilience, OR is far broader than risk management or business continuity systems, viewed in isolation. While an effective business continuity capability should aspire to meet the management standards as outlined in ISO22301: 2012, BCM programmes can increase resilience levels further, by focusing upon a number of areas. Greater levels of engagement with stakeholders that are involved in businesses operations is one such area. Comprehensive staff inductions should determine what individuals need to know and ensure that they understand their responsibilities within a business continuity system. Having provided such information, organisations should provide staff with ongoing development opportunities, in order to ensure that individuals remain confident and effective in performing their BCM roles. In concert with the cultural commitment to ongoing improvements, organisations that positively engage with exit interview processes, capture tacit knowledge that experienced employees possess about an organisation, it’s strengths, weaknesses and ways that it may be able to improve its performance. This approach towards employee engagements, will strengthen an organisations ability to anticipate, prevent, respond and recover to incidents and crises.
Greater improvements can be made by aligning BCM programmes with the physical and information security systems designed to protect an organisations staff and assets, and the risk management systems adopted to identify the threats and hazards an organisation faces. All too often, these three areas are sold separately to security clients, sometimes by different arms of the same provider. While the provision of consultative services by different ‘specialisms’ within a security business may potentially generate more revenue for the company, it certainly generates confusion for a client. Given that effective risk management, security solution and BCM programme design, each require a detailed understanding of an organisation and the context within which it exists, it would be appropriate for each of the three areas to feed seamlessly into one another. The golden thread of this design cycle is effective engagement with the human component of an organisation, as outlined previously. This is the way our Security by Effect © system is designed; designed to help your organisation to remain secure and to recover from incidents and crises. #emergingrisksglobal #businesscontinuitymanagement #securitybyeffect #risk #securitysolutions #resilience #organisational