Business Resilience
Business resilience includes business continuity and disaster recovery planning. Business resilience is as important, to the national infrastructure, as cyber security. Business resilience planning is an overarching governance and risk management responsibility. Boards have to plan further ahead than simply identifying likely operational disruptions and develop, in their organisations, a level of resilience that will enable them to survive and thrive in an increasingly difficult environment.
Wide range of business risks
Organizations have to deal with a wide range of risks, including:
- Natural disasters, ranging from volcanic ash to the effects of climate change;
- Economic disruption and market turbulence;
- Terrorist-related incidents and disruption;
- Cyber crime and cyber terrorism;
- Civil emergencies, strikes, and similar action - often in distant lands;
- Pandemic threats, including SARS and Avian Flu;
- Compliance failures;
- Disruptive technological advances;
- Technology failure; and
- Supply chain failure.
Business Resilience Strategy
A business resilience strategy should have four core strands:
- A business continuity plan, that plans and rehearses response to all identified and likely operational disruptions;
- A disaster recovery plan, that enables the organisation to recover from real disasters;
- A value protection plan, that ensures that shareholder value is protected at times of disruption;
- An exploitation plan, that enables the organisation to spot - and exploit - commercial opportunities that may present themselves during times of substantial disruption.
Business resilience standards
There are three core standards for business resilience; two of them are American and one British. The three standards which have been adopted by the US Department of Homeland Security, for the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), are:
ASIS SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems – the American Society for Industrial Security is making ASIS SPC 1-2009 available for inspection, downloading, and printing at no cost.
British Standard 25999-2:2007 Business Continuity Management – the British Standards Institution is making BS25999 available for inspection, downloading, and printing at a nominal cost.
National Fire Protection Association 1600:2007 Standard on Disaster/Emergency Management and Business Continuity Programs – the National Fire Protection Association is making NFPA 1600 available for inspection, downloading, and printing at no cost.
