💼

Operational Resilience Seminar

Jul 22, 2024

Operational Resilience Seminar Notes

Introduction

Presenter: Mario (Business Community Consultant and Organizational Resilience Expert at Premier Continuum)

Session Purpose: Launch of Insight Series by Premier Continuum to share actionable insights, tips, and tools for resilience professionals.

  • Goals:
    • Create exchange of experience and lessons learned.
    • Generate ideas and engage through chat.
    • Offer concrete solutions.

Premier Continuum Overview

  • Experience: Over 25 years in the field.
  • Services:
    • Automation with Continuity Software.
    • Certified training with the Business Continuity Institute and IORE.
    • Consulting (e.g., ISO 22301 certification, BCMS implementation).

Keynote Guest Introduction

  • Guest: Marielen Primo (Executive Vice President at Premier Continuum).
    • Background: Over 20 years of experience, former President of BCI Canada, BCI Americas Awards "Consultant of the Year."
    • Encouragement to use chat and Q&A for interaction and questions.

Focus on Operational Resilience

  • Objective: Practical application of operational resilience using real challenges faced by clients.
  • Definition: Encompasses various good practices such as business continuity, operational risk management, supplier management, cyber strategy.
    • Note: The definition indirectly clarifies the difference between operational resilience and business continuity.

Regulatory Landscape

  • Challenges with Regulations: Up to 5 regulations for most organizations, over 5 for some (18.4% more than 5).
  • Mandatory vs. Best Practice: Operational resilience is mandatory for some sectors (e.g., finance, health) but a sound practice for others.
  • Window of Opportunity: Build now before possibly becoming mandatory.

Current State of Operational Resilience

  • Motivations: 58.5% for good practice, 66.2% comply with up to 5 regulations.
  • Challenges: Embedding operational resilience is a major challenge.
  • Critical Processes: Identifying important business services, mapping dependencies, assessing impacts, and addressing vulnerabilities.

Audience Interaction

  • Questions: Do regulators/governments do enough? Experience in operational resilience? Participation through Vvox tool.
  • Audience Results: Mixed views on regulatory effectiveness; various stages of implementation from just started to completed.

Identified Key Challenges

  1. Coordination and Governance: Importance of leveraging existing structures.
  2. Identification of Important Business Services (IBS): Difference from prioritized activities.
  3. Threat Assessments: Built on existing structures.
  4. Solutions and Response Planning: Beyond traditional plans (testing impact tolerances).
  5. Testing and Exercising Plans: Demonstrating readiness.
  6. Meeting Conformities: Providing evidence for auditors and regulators.

Detail on Challenges and Strategies

Coordination and Governance

  • Integrated Effort: Collaborative approach involving various departments.
  • Governance Structures: Steering committees with specific roles.
  • Resources and Competencies: Access to training, conferences, benchmarking.
  • Standard Roles: Defined sponsor and advisor roles; shared responsibilities if budget constraints.
  • Documentation: Consistent updates and integrations with existing BCMS.

Identification of Important Business Services (IBS)

  • Distinction: Important business services (direct client/customer impact) vs. prioritized activities (high organizational impact).
  • Impact Metrics: Utilizing existing metrics, adding customer impact.
  • Mapping End to End: Comprehensive mapping across functions.

Threat Assessments

  • Integrated Risk Management: Combining risk types (operational, IT, cyber, etc.).
  • Profile Creation: Short term, long term projections; leveraging sector insights.
  • Location-Specific Assessments: Different evaluations per site; visual representation (charts).

Solutions and Response Planning

  • Scenario-Based Solutions: Adapted based on identified scenarios and dependencies.
  • High-Level and Detailed Plans: Including incident scenarios and corresponding strategies.
  • Legacy Infrastructures: Addressing gaps, involving important business services owners.

Testing and Exercising Plans

  • Severe but Plausible Scenarios: Linking impact tolerances with scenarios and solutions.
  • Scenario Testing: Reference data for various scenarios; leveraging success/fail records for improvements.

Compliance and Documentation

  • Compliance Tracking: Conformity to standards and regulations; detailed assessments.
  • Tracking KPIs and Approvals: Ensuring audit trails; periodic reviews.
  • Flexible Reporting: Based on needs for compliance and audits.

Conclusion

  • Wrap-Up: Thanks for participation, questions, and interaction.
  • Resource Sharing: Presentation and article to be available on Premier Continuum website.
  • Encouragement: Connect on LinkedIn for more exchange and updates.

Full transcript