Business Resilience

Business Resiliance relates to the ability of an organisation to adapt to the new environment and set of circumstances following a major incident. It is viewed, by many, to be as important to the national infrastructure as cybersecurity.

Business resilience planning is an overarching governance and risk management responsibility. Boards need to plan further ahead and develop a level of resilience that will enable them to survive and thrive in an increasingly difficult environment.

Why worry about Business Resilience?

All organisations, of any size and anywhere in the world, have to deal with, and plan for, a wide range of risks. These can include:

• Natural disasters, ranging from volcanic ash to the effects of climate change.
• Economic disruption and market turbulence.
• Terrorist-related incidents and disruption.
• Cyber crime and cyber terrorism - read more.
• Civil emergencies, strikes, and similar action - often in distant lands.
• Pandemic threats, including SARS and Avian Flu.
• Compliance failures.
• Disruptive technological advances.
• Technology failure.
• Supply chain failure.

Business Resilience Strategy

In order to ensure the resiliance of an organisation in the face of these varied risks, it is essential to have a business resilience strategy. This business resilience strategy should have four core strands:

1. A business continuity plan: Plans and rehearses a response to all identified and likely operational disruptions.
2. A disaster recovery plan: Enables the organisation to recover from real disasters.
3. A value protection plan: Ensures that shareholder value is protected at times of disruption.
4. An exploitation plan: Enables the organisation to spot - and exploit - commercial opportunities that may present themselves during times of substantial disruption.

Business resilience standards

There are three main standards for business resilience; two of them are American and one international.

The three standards which have been adopted by the US Department of Homeland Security, for the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), are:

• ASIS SPC.1-2009 Organisational Resilience: Security Preparedness, and Continuity Management Systems – the American Society for Industrial Security is making ASIS SPC 1-2009 available for inspection, downloading, and printing at no cost.
• National Fire Protection Association 1600:2007 Standard on Disaster/Emergency Management and Business Continuity Programs – the National Fire Protection Association is making NFPA 1600 available for inspection, downloading, and printing at no cost.
• ISO22301:2012 The international standard for a Business Continuity Management (BCM) system.

Download international standards

Business Continuity

• ISO22301:2012 standard
• ISO22301 BCMS Implementation Toolkit to speed and simplify the ISO22301 implementation process.

Cyber Security

• ISO27001 - The world's only cybersecurity standard
• ISO27001 Books
• ISO27001 Toolkits - choose which one is right for you.

Risk Management

• ISO31000 Risk Management Guidelines provides principles and generic guidelines on risk management.
• vsRisk - the Definitive Standalone ISO27001:2005-compliant Cybersecurity Risk Assessment Tool.

• Basel II/III
• Business Continuity Management
  • Business Resilience
• BS25999
• CGEIT
• CISA
• CISM
• CISSP
• CLAS
• Cloud Computing
• COBIT
• Codes of Connection
• Compliance
• CRISC
• Cyber Security
• Data Governance
• Data Protection
• Enterprise Architecture
• Green IT
• Information Security
• ISO 20000
• ISO 22301
• ISO 27001
• ISO 31000
• ISO 38500
• ISO 50001
• IT Audit
• IT Governance
• IT Management Frameworks
• ITIL
• IT Service Management
• Knowledge Management
• M_o_R
• MoV
• MSP
• N3
• P3O
• PCI DSS
• Penetration Testing
• PMBOK
• PRINCE2
• Privacy
• Project Governance
• Risk Management Frameworks
• Security Hardware/Software
• SLAs
• Social Media Governance
• Soft Skills
• Management System Standards
• Technical Services
• TickITplus