Operational resilience is at the cutting edge of current thinking about how to protect organizations from internal and external threats and incidents. It involves prevention of disruption, adapting processes and operations to continue through disruption, rapid return to business as usual, and having structured processes in place to learn and evolve from both incidents AND near misses.
Operational resilience starts from the perspective of protecting an organization’s key business services and, importantly, begins from the assumption that these services WILL be disrupted at some point in the future.
Operational resilience is a key issue that should be strategically led by boards and senior management. These enterprise leaders have a specific role of setting impact tolerances for key business services, which drive the whole operational resilience program.
What Is Operational Resilience and What Should an Operational Resilience Program Include?
As described above, operational resilience describes an organization’s ability to provide business services in the face of adverse operational events. A company can do so by anticipating, preventing, recovering from, and adapting to such events – and learning from them.
According to the UK financial regulators who are leading the development of operational resilience in Great Britain, an operationally resilient company will have the following in place:
- A clear understanding of their most important business service or services;
- A comprehensive understanding and mapping of the systems and processes that support these business services;
- Knowledge of how the failure of an individual system or process could impact the provision of the business service;
- Knowledge of which systems and processes are capable of being substituted during disruption so that business services can continue to be delivered;
- Tested plans that would enable firms to continue or resume business services when disruptions occur;
- Effective internal communication plans, escalation paths, and identified decision-makers; and
- Specific external communication plans for the most important business services, which provide timely information for customers and other stakeholders.
The Importance of Operational Resilience
In contrast to previous protective strategies from which operational resilience has evolved, it is outward-looking. It starts with a focus on the harm that disruption causes to an organization’s consumers and stakeholders, rather than concentrating on internal structures and systems. As such, the benefits of operational resilience go far beyond risk aversion. It often becomes a significant addition to an enterprise’s value proposition.
Creating an operational resilience program is essential for any long-term success. Among the top reasons why it matters are:
- Any impact is more than internal; it affects the market and customer, too. Businesses must think ahead and outside of themselves.
- It highlights the hidden cracks before they become an issue during a disastrous event.
- Working toward resilience by design is better than recovery after the fact.
The Connection Between Operational Resilience and Business Continuity Management
While operational resilience and business continuity management are not the same things, there is a strong connection between the two.
Business continuity planning allows an organization to maintain consistency in case a disruption to standard operations should occur.
A business continuity management system is an essential aspect of a broader operational resilience program. It can help to integrate innovative approaches, including:
- Simulations for extreme scenarios
- Technology resilience testing
- Cybersecurity attack protocols.
Some of the main benefits of adding operational resilience thinking to your BCM program include:
- Positive business outcomes
- Highlighting blind spots or hidden cracks ahead of time
- Clarity on investing in resilience vs. financial optimization
How to Improve Your Organization’s Operational Resilience
The following steps are vital aspects of an effective operational resilience program:
- Identify your key business services and determine impact tolerances for these;
- Map the systems and processes that support your key business services;
- Assess how system or process failures will impact the delivery of your key business services;
- Develop resilience strategies that meet the set impact tolerances and test these with relevant scenarios and exercises;
- Invest in your organization’s ability to respond to and recover from incidents and disruption;
- Provide timely incident information to customers and stakeholders;
- Develop a process to capture lessons from incidents and near-misses and use this to continually improve your operational resilience program.
While there’s no magic formula to improve your organization’s operational resilience, you’ll need to assemble information through discovery and analysis. As you work through this, you’ll develop a unique point of view that will steer your organization through the process.
It’s critical to facilitate discussion with senior stakeholders during this process. They may provide valuable high-level insight to guide your contingency plans.
Whatever you come up with, the goal is to create a plan that everyone can agree on and implement. If and when disaster strikes, everyone will be on board and ready to go.
How to Get Started
If you’re ready to take action and implement operational resilience into your business model, here are five steps you can take:
- Prepare. Rethink your essential service continuity, supply chain continuity, delivery channel contingency planning, and your overall business model. Accommodate for significant challenges, roadblocks, and interruptions.
- Digitize. Moving everything to a digital home makes it easier to respond when disaster strikes. One option is the cloud, which removes the need for in-house computing infrastructure and enhances continuity.
- Assess Soft Skills. How prepared are you when it comes to customer service, marketing, crisis management, and the like? Strengthening these soft skills makes for a seamless transition when things go wrong.
- Designate a Team. Develop a team with a focus on planning, testing situations, and developing response protocol.
- Create a Multi-Threat Response. What if more than one thing happens at once? Don’t limit yourself. Layer on your possible threats and plan to respond accordingly.
It’s never too late – or too early – to start planning for the future. Achieve operational resilience with the help of the friendly experts at Castellan today. Contact us to learn more.
Develop and quantify your organization’s unique business case for investing in a business continuity and operational resilience capability. Worksheet included.DOWNLOAD NOW