‘Strategic’ and ‘operational’ resilience – establishing more comfortable bedfellows

Untitled-1By Dominic Cockram

The more I hear of the current discourse on organisational resilience, the more uncomfortable I find myself feeling.

The concept has been around for a long time and was brought sharply into focus in 2014 by the British Standard, BS 65000: Guidance on Organisational Resilience. As one of the editors, I was party to vivid and lengthy discussions and much positive disagreement as we ranged around the topic of organisational resilience, what it meant and how best to set it out in a standard. In the end, what came out was a ‘Guidance’ and that was an excellent result. Resilience is a complex and many faceted concept and it would have been wrong to go too far in framing an approach at this stage.

Continue reading

TalkTalk: The twists and turns of the cyber crisis continue

iStock_000006935624_LargeThe story of the TalkTalk cyber crisis and the company’s response continues to unfold as we saw inevitable outrage over the week-end with stories galore of customers with “potentially hacked bank accounts” raising a whole new raft of rumours, heating the debate and breeding more noise about what might have happened and just how great the impacts may be.

The story was moved by the CEO (quite cleverly) to the broader focus of “cyber risk is a wider problem the UK needs to face up to and address” with calls for more Government support to tackle cyber crime.  A fair appeal and one raised by me in my earlier blog – regulation and control or assurance in this domain is very much required –  even though challenging to apply in a reasonable manner. Continue reading

Business Impact Analysis: value added or added toil?

The business impact analysis (BIA) is a key facet of any business continuity programme. It sits right at the heart of the benefit that business continuity can bring to any organisation.

It has concerned me recently that I have read a number of papers suggesting that the business impact analysis is either unnecessary or that short cuts could be used. While it is understandable that people would like to reduce the work involved in delivering a business continuity project, to play around with the business impact analysis without understanding the risks of doing so is to put the whole business continuity plan at risk.

Continue reading

Launch of BS 65000, The new British Standard for Organisational Resilience

The GuildhallThe new British Standard, Guidance on Organisational Resilience (BS 65000: 2014) was launched on 27th November at the Guildhall in the City of London. The venue was an apt choice for the launch of a resilience Standard; built in the 15th century, the Guildhall is one of the older secular buildings in London not only surviving both the Great Fire and the blitz but also remaining relevant today as the high-tech home of the City of London Corporation and the setting for many banquets, receptions and corporate events.  This history of the Guildhall struck me as having parallels with the essence of organisational resilience described by Chairman of the BS 65000 committee, Dr Robert MacFarlane from the UK Cabinet Office. He emphasised that resilience is a dynamic concept requiring organisations not only to be able to continue with their business operations during a sudden change or disruption but also to adapt over time to keep pace with changes in their wider context in order to survive and prosper. It seems the Guildhall has managed this. Continue reading