When it comes to business continuity management, the bellwether for many industries and businesses is often the financial sector – specifically banking regulators – and a recent discussion paper issued jointly from the Bank of England (BOE) and the U.K.’s Financial Conduct Authority has sounded the call: build operational resilience, or risk failure.
The banking regulators in the United Kingdom and United States continue to provide regulatory leadership that is often followed by other industries, which means organizations should pay close attention to the stringent recommendations of the banking regulators, as laid out in the recent U.K. paper. In other words, if the bankers care about operational resilience, you should, too.
Operational resilience refers to a business’s ability to prevent, respond to, recover and learn from operational disruptions.
Without operational risk management, operational disruption to a business can impact financial stability, threaten the business’s overall viability, and/or harm consumers and other businesses.
Yet challenges to ensuring resilience and continuity abound, and they grow more complex each year. These include ever-evolving technologies; changing consumer behaviors; challenging business environments; outsourcing services; IT system complexities; cyber threats; cost pressures; international expansions; location-based regulations, and more.
But here is the good news: Solutions exist.
While the BOE/FCA paper specifically addresses the financial sector, it offers lessons that businesses in every industry should take to heart, from pharmaceuticals to manufacturing to business services, and beyond.
Some of these include:
- The continuity of business services is an essential component of operational resilience, and thus, organizations must focus on this outcome when designing for operational resilience.
- An organization’s leadership must define their own tolerances for operational disruption in the event of an incident, as this will help to set operational resilience standards and priorities. Prioritize those business services that, if disrupted, most affect a business’s viability, customers or financial stability.
- How an organization manages its response to operational disruptions is critical to maintaining confidence in the business services it provides. An important part of this is the speed and effectiveness of communication with affected customers, which helps maintain and/or restore customer confidence in the business.
An operationally resilient firm should have the following seven pieces in place:
- A clear understanding of their most important business service(s).
- A comprehensive mapping of the systems and processes that support these business services, including those over which the organization may not have direct control over, such as third-party vendors.
- In-depth knowledge of how the failure of an individual system or process could impact the organization’s ability to provide the business service.
- Understanding of which systems and processes can be replaced during disruption.
- Tried-and-tested plans that would enable an organization to continue or resume business services when disruptions occur.
- Effective internal communication plans, escalation paths and identified decision makers.
- Specific external communication plans for the most important business services, which provide timely information for customers, other market participants and regulatory bodies.
A Better Approach to Operational Resilience
Knowledge is power, and in the digital age, knowledge takes the form of data and metrics.
Businesses can choose to prepare for a potential recovery using either data or documents – and anyone trying to contain a disaster is not going to waste time frantically leafing through pages of potentially outdated information, or searching folders of files on a network drive, to try to figure out the next step. It is inefficient, ineffective, expensive, and risky to rely on documents.
Instead, organizations need a store of recent data housed in an accessible technology solution, with everything that leadership needs to know contained in a virtual one-stop shop where data is constantly updated in real time and can digest risks, redundancies are eliminated, and roles are clearly defined.
In the face of a threat, an enterprise needs to be able to immediately contact key decision-makers, review all assets, and determine which locations have been affected, and a nimble technology solution can do much of the heavy lifting here. Pairing technology solution with the human element – experienced business continuity consultants– is an ideal way for a modern organization to ensure disruptions don’t cripple the company.
With an approach that combines consulting experts and technology, and puts data ahead of documents, organizations will be ready when an issue impacts their services. No one is immune to the risks, but the prepared will survive even the worst.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.