10 Key Steps to getting Operational Resilience off the ground

It can seem daunting to begin a brand-new process for your business. However, risk assessments are an easy way to remain resilient in this ever-changing economy, protecting you and your business in the long term.

10 Key Steps to getting Operational Resilience off the ground

  1.  Put resilience on the agenda of the Senior Management Team.

Identify a champion who will drive the initiative. For larger organisations, it would be good if there was a champion per function. A decision-maker is an important part of the process. If you are carrying out a risk assessment, make sure there is someone who can stand up and take action to implement these changes, so these changes can benefit your company in the long run.

  2.  Identify your business-critical services, the systems and the third parties they depend on.

Conduct a detailed risk assessment on the “Service Disruption” risk. Identify any missing controls / protections / mitigation. Address the gaps identified and come up with a strategy to take action.

  3.  Assess your Information security risk (includes cyber-risk)

• Identify
• Protect
• Detect
• Respond
• and Recover

  4.  Develop a response plan to guide your response to a service disruption.

Keep your plan generic, but consider:

loss of building;

loss of systems;

and loss of people.

Then develop contingencies for each loss.

  5.  Develop a Business Continuity plan that focuses on how you will deliver essential services following a severe disruption.

Develop response plans to deal with specific incidents (e.g. cyber-attacks)

Communicate your plans to all relevant employees/third parties.

  6.  Test your plans.

Update your plans after each test, you will always learn something from a test/exercise. Part of risk assessment is taking your findings, learning from them and adapting to grow more resilient in future.

  7.  Consider how you might recover from a Disaster. (e.g. fire, flood)

  8.  If an incident becomes a crisis, you will need a Crisis Management plan

  9.  Manage your Third Parties, they are a risk too.

10. Review and React

Take a resilience self-assessment to see how your risk management would benefit your company’s resilience.

Once these steps are implemented, you can assess how resilient you are.

Find out more on our resilience self-assessment, as well as an in-depth and easy to follow guide on how to get started with operational resilience by downloading our latest White Paper on our website here.