A Five-Step Process to Help Organizations Achieve Operational Resilience

Have you done enough to prepare your organization for the next pandemic or any other global crisis? How much is enough?

All organizations need to ask themselves these questions to ensure they are indeed ready to face any external situation similar to the COVID-19 pandemic that occurs in the future. Operational resilience is far more than having business continuity planning (BCP) in place and conducting disaster recovery (DR) drills. It requires strategic decision-making when planning, identifying, defining, working, testing, monitoring and re-defining the multiple sets of parameters that are indicative of operational preparedness at different levels in an organization. At the same time, organizations must also keep tabs on external anomalies, implementing the lessons learned from past events and experiences of others in the industry.

The traditional BCP cycle needs a revamp in terms of assessing external situations by finetuning the necessary parameters in various processes in an organization and analyzing any type of crisis that may come up in routine activities. This additional step of situational analysis is crucial and will remain so. There is a five-step process to help organizations achieve operational resilience:

1. Define business activities—The first step is to list all important business processes and the activities involved in those processes. This helps ensure the resilience plan covers all activities crucial to the business of an organization.
2. Set impact levels—Once all important activities are listed, organizations need to set thresholds up to which they can tolerate any outage or disruption of those activities. Beyond these thresholds, the organization may not be able to survive any impact or loss on those activities.
3. Establish process and system ownership—For building resilience, it is important that each process and system have an owner who is responsible and accountable to take quick action to retain normalcy of operations if anything goes wrong with their process or system.
4. Achieve third-party resilience—There is an increasing number of activities that are being outsourced, and maintaining resilience of each of those activities is critical. Testing, auditing and governing all outsourced activities is important to address all challenges in the smooth functioning of business as usual (BAU) processes.
5. Comply with regulatory requirements—Regulations are varied and multifold in terms of expectations in resilience. Understanding the applicability of regulations to the organization and understanding the regulations themselves helps organizations remain compliant with them while maintaining operational resilience.

The importance of having robust and resilient processes and systems in an organization that can withstand unexpected situations is crucial for every organization regardless of sector or industry. Therefore, achievement and maintenance of operational resilience is among one of the necessities to run a business.

Editor’s note: For further insights on this topic, read Sumedha Adavade’s recent Journal article, “Operational Resilience: Preparing for the Next Global Crisis,” ISACA Journal, volume 3, 2022.

ISACA Journal turns 50 this year! Celebrate with us—and do not forget you can still receive the print copy by visiting your preference center and opting in!