By Dominic Cockram
The more I hear of the current discourse on organisational resilience, the more uncomfortable I find myself feeling.
The concept has been around for a long time and was brought sharply into focus in 2014 by the British Standard, BS 65000: Guidance on Organisational Resilience. As one of the editors, I was party to vivid and lengthy discussions and much positive disagreement as we ranged around the topic of organisational resilience, what it meant and how best to set it out in a standard. In the end, what came out was a ‘Guidance’ and that was an excellent result. Resilience is a complex and many faceted concept and it would have been wrong to go too far in framing an approach at this stage.
Posted in BS 65000, Business Continuity, Crisis Management, Organisational Resilience, Resilience
- Tagged BS 65000, BS65000, business, business continuity, crisis management, organisational resilience, resilience, risk, risk management, strategy
The story of the TalkTalk cyber crisis and the company’s response continues to unfold as we saw inevitable outrage over the week-end with stories galore of customers with “potentially hacked bank accounts” raising a whole new raft of rumours, heating the debate and breeding more noise about what might have happened and just how great the impacts may be.
The story was moved by the CEO (quite cleverly) to the broader focus of “cyber risk is a wider problem the UK needs to face up to and address” with calls for more Government support to tackle cyber crime. A fair appeal and one raised by me in my earlier blog – regulation and control or assurance in this domain is very much required – even though challenging to apply in a reasonable manner. Continue reading
Posted in Business Continuity, Case Studies, Crisis Communications, Crisis Lessons, Crisis Management, Crisis Management Exercises, Cyber Resilience, Reputation Risk, Resilience
- Tagged communicating in a cyber crisis, cyber, cyber attack, cyber crime, cyber crisis, cyber crisis management, cyber resilience, cyber risk, cyber security, data breach, talk talk, talk talk hack, Talktalk
The business impact analysis (BIA) is a key facet of any business continuity programme. It sits right at the heart of the benefit that business continuity can bring to any organisation.
It has concerned me recently that I have read a number of papers suggesting that the business impact analysis is either unnecessary or that short cuts could be used. While it is understandable that people would like to reduce the work involved in delivering a business continuity project, to play around with the business impact analysis without understanding the risks of doing so is to put the whole business continuity plan at risk.
Posted in Business Continuity, Business continuity planning, Business Impact Analysis, Continuity planning, Crisis Management, Implementing ISO 22301, Organisational Resilience, recovery time objectives, Resilience
- Tagged bia, business, business continuity, business continuity management, business continuity plan, business impact analysis, recovery point objective, Recovery time objective
The new British Standard, Guidance on Organisational Resilience (BS 65000: 2014) was launched on 27th November at the Guildhall in the City of London. The venue was an apt choice for the launch of a resilience Standard; built in the 15th century, the Guildhall is one of the older secular buildings in London not only surviving both the Great Fire and the blitz but also remaining relevant today as the high-tech home of the City of London Corporation and the setting for many banquets, receptions and corporate events. This history of the Guildhall struck me as having parallels with the essence of organisational resilience described by Chairman of the BS 65000 committee, Dr Robert MacFarlane from the UK Cabinet Office. He emphasised that resilience is a dynamic concept requiring organisations not only to be able to continue with their business operations during a sudden change or disruption but also to adapt over time to keep pace with changes in their wider context in order to survive and prosper. It seems the Guildhall has managed this. Continue reading
Posted in BS 65000, Business Continuity, Crisis Communications, Crisis Leadership, Crisis Lessons, Resilience
- Tagged BS 65000, BS65000, business continuity, crisis management, crisis planning, London, reputation, resilience, risk, Standard, Standards, strategy