Creating a Resilient Organization
To create a more resilient organization you need to develop the right culture, a culture in which everybody works together and understands the ultimate objective.
When establishing a Resilience Programme there needs to be ownership from Top Management; but this needs to be more than luke-warm approval. An effective resilience programme requires passionate ownership from the top, strong leadership and employee awareness.
All departments need to be aligned in their vision and understanding of the ultimate objective –everybody must be working towards the same goal.
Open and honest communication across the organization is vital to ensuring that lessons are learned, and processes are continuously improved.
Essentially, resilience comes down to your people and how they respond to any given scenario.
A motivated, empowered workforce that are well trained, resourced and agile in their decision-making abilities are an invaluable asset to any organization.
A positive culture for resilience needs to be built from the bottom up on a core of leadership and vision and unites the organization to work towards a strategic end-state.
By keeping this ultimate goal in mind employees have conviction and through training are able to utilize out-of-the-box thinking to withstand or absorb any scenario.
A resilient organization promotes a culture of prevention and awareness in all areas with a focus on identifying vulnerabilities and weakness. The organization can track risks, understand the impact, prepare the team, respond, recover, learn, embed and grow from the disruptive event while others founder.
A resilient culture creates an innate ability to anticipate, overcome, repeat and adapt (whether you have planning in place or not – even for a specific, as yet unimagined threat). The dictionary description of the word ‘resilience’ itself lists its origins as – ‘elasticity’ and ‘buoyancy’ – which suggests ‘not sinking’.
Knowing risks, security layers and plans to respond and recover when all goes pear shaped will give you a certain percentage of resilience but teamwork, positive attitude and belief in ability to adapt and overcome will make all the difference.
Resilient organizations embrace adversity as a norm rather than the exception – which creates a continuous learning experience that allows them to test and refine the business model and state of operating readiness.
In a resilient organization there is ownership and awareness across the organization. It is important that the governance of ownership is taken just as seriously as the desired outcome of the programme.
The first step is to establish an owner of the Business Continuity Management System who is accountable and can break down all the silos; information security, disaster recovery, physical security etc. if they are present in the organization and work together.
This person needs to be passionate about striving for effectiveness in resilience and will never give in with that quest.
In addition to this owner, Top Management who have power and leverage to support the programme, need to do more than just agree to proceed. They must be passionately engaged and willing to get involved regularly as best they can.
Alignment across multiple disciplines is required to proactively prevent and manage threats and incidents.
These disciplines include Business Continuity, Disaster Recovery, Crisis Management, Cyber Security, Physical Security, Health and Safety, Data Protection, Operational Risk. All of them have common objectives – to protect the business and its assets (people, ICT, buildings, data etc.) – they all need to align in terms of strategy and vision.
Organization wide communication of:
- Lessons learnt
- Continuity risks avoided due to early warning indicators
- Recognition/ rewards for outstanding teamwork during periods of operational stress etc.
People are important, they need to know the internal success stories of the business during adversity to learn, adapt and respond.
Resilience is a people focussed, holistic approach that builds a culture of understanding across multiple functions, to deliver the means to plan, respond, recover, learn and embed from disruptive events, linked to the strategic vision of the organization.
While corporate security activities provide the tools to respond, resilience provides the direction of travel and strategic understanding of why the organization needs to respond.
The concept of health as defined by the World Health Organization (1988) is a state of physical, psychological and social well-being and not simply the absence of disease. A business cannot continue unless its people are functioning effectively from a physical, psychological and social perspective.
To achieve a truly resilient organization requires a significant dedication to developing a positive culture of prevention and awareness. Ownership of the program from Top Management, a passionate Business Continuity Manager and awareness at all levels of the organization is essential.
Alignment between the different disciplines within the business is required to ensure everyone is working together. This is aided by effective communication between departments, and organizational communication of lessons learned following a disruption.
Ultimately, resilience is down to people – staff that truly believe in the business and its objectives, who are well trained and willing to work together during any crisis to find the best way forward.
If you want to increase your organizational resilience, you can start by checking out BCP Builder’s Online Business Continuity Plan Template.