Introduction

Each organization is exposed to threats and vulnerabilities. In order to survive they need to safeguard their business from different disruptions such as global hazards, cyber-attacks, and natural disasters. Sudden disruptions in organizations can cause the breakdown of a key supplier, a breakdown in your production line, or unsatisfied employees that may instigate chaos. Ensuring organizational resilience should be an important goal of any business to control or prevent abrupt disruptions.

What Does it Mean to be Resilient?

ISO 22316 defines Resilience as the ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper. Resilience is therefore the ability to forestall disruptions and efficiently and effectively recover from unwanted situations. Resilience means you can recover control rapidly in times of unexpected change and maintain a general sense of comfort and equilibrium even when managing several disruptive changes simultaneously.

What is Organizational Resilience?

The Traditional View of Organizational Resilience was being able to prepare for disruptive events by instituting Disaster Recovery Plans, preparing Business Continuity measures ant through Risk Mitigation.

By definition, Organizational Resilience is the ability of an organization to anticipate, prepare for, respond to ad adapt to incremental changes and sudden disruptions in order to survive and prosper (BS 65000, Guidance on Organizational Resilience).

The resilience of an organization is a link that is dependent on the resilience of other organizations aside from your own individual resilience, resilience in industry, in societies and at this time, nationally and internationally. An organizations resilience is directly related to the resilience of the other organizations and is dependent on its customers, its suppliers, its community, its government and its competitors. Organizations are also dependent on and contribute to the individual resilience of its staff and the society they operate in. Organizational Resilience becomes therefore an imperative in the areas of Operations, Information and the overall Supply chain.

It must be robust, adaptive and agile. This is done by addressing your customers needs, safeguarding people, managing and securing information, protecting your infrastructure, enabling trust and reputation, ensuring regulatory compliance, governance and involvement of Top Management, ensuring the continuity of the supply chain, minimizing security risk and mitigating social risk.

Why do Organizations Fail?

Organizations like Kodak, Sun Microsystems, Motorola, Lehman Brothers all have one thing in common. Theyre failing because they were not responsive to changes and did not have the organizational resilience to be able to weather the storm.

There are four pillars that provide the framework of Organizational Resilience. It is People, the Leadership, Organizational Processes and the Product.

The key is the interconnectivity of all categories in the framework.

How do you address Disruptions to Achieve Resiliency?

Leadership

- Organizational Commitment. This means engaged activities focused on both short and long term objectives, communication, engagement and balancing of the needs of stakeholders with business priorities and good decision making during incremental change and disruption.

- A Focus on Vision and Purpose. The organization defines a purpose that reflects a compelling vision of what the future will look like. The vision is the statement of why an organization exists. Clear future aspirations, core values and the standards a organization sets to achieve the vision.

- Looking at Reputational Risk. An organization is perceived by others in certain ways and this perception can make or break an organization. How the people feel about an organizations brands, products, services and behavior may spell the difference between success and failure.

- Ensuring Financial Resiliency. This includes financial hygiene, legal, statutory and regulatory reporting requirements, taking advantage of growth, development opportunities as well as weathering difficult times.

- Keeping a keen eye on Resource Management. This is the effective and efficient allocation of an organizations resources (labour, finances, goods, equipment, technology, information) when and where they are needed to anticipate, absorb, adapt and ensure optimal efficiency. This ensures that waste is minimized if not totally eliminated.

People

- Culture is where the shared values of the organization and related behaviors are defined and embedded. In order to ensure resiliency, the organizational attitudes, beliefs, perceptions and feelings of people working for the organization must be communicated in an open and transparent manner, aligned and embedded to establish the desired behavior.

- Community Engagement in an organization is important to maintain its interrelation with its stakeholders. Its the organizations interrelation with its stakeholders, environment and community that will sustain you through trying times. Its about doing the right thing and building ongoing, permanent relationships for the benefit of the business and its community.

- Awareness and Training are the activities developed, planned and implemented to embed Organizational Resilience in the organizations products, processes and people culture.

- Alignment of the people to direction must be maintained to ensure that all aspects of the organization are aligned with its strategy. It includes effective communication of its values, activities, plans and strategic priorities to engage and achieve coherence across various management divisions, departments using defined policies, management systems and processes. This ensures seamless realization of your goals with minimal effort.

Process

- Governance and accountability. Governance according to Dr. Nigel Crofts definition is The way in which an organization makes and implements decisions in pursuit of its objectives. It is the glue which holds the organization together, while risk management provides the resilience. It therefore must be maintained by an organization if they are to maintain resiliency. The responsibilities and authorities on the organizational mechanisms, processes, policies, structures and relations by which corporations are controlled and directed are clearly defined, established, implemented, maintained and continually improved.

- Business Continuity in an organizations management systems, processes and behavior must be ensured to enable the capability of the organization to deliver its products or services at acceptable, predefined levels following a disruptive incident.

- Supply Chain resiliency in the organizations systems, processes, policies, activities must be ensured as well as control of its behavior in procurement and logistics. An organization must maintain resiliency in managing traceability, supplier compliance, product conformity and moving a product or service from supplier to customer and further lifecycle stages as necessary. Modern supply chains are extremely complex because of the balance between the flows of product/service, information and resources from raw materials to components to the manufacturer, distributor, retailer and ultimately to the customer.

- Information and Knowledge management has a positive and significant relationship with organizational resilience. Knowledge management enhances organizational resilience through knowledge acquisition, knowledge storage, knowledge sharing and knowledge utilization enhances organizational adaptation, organizational resourcefulness, and organizational learning. Organizations should continue to strengthen their knowledge management practices in their everyday activities as this is a sure guarantee for their resilience.

Product

- Engage in Horizon Scanning. It is an organized (and sometimes) formal process of systematic examination of information to identify potential threats, risks, emerging issues and opportunities allowing a better preparedness to support decision making.

- Focus on Innovation. Innovate not only the products/services but also the organizations methods and activities to encourage the development and application of better solutions that meet new requirements, unarticulated needs or existing market needs.

- Ensure that the organization has adaptive capacity. This is the organizations ability to identify and adapt to change and uncertainty before the case for change becomes urgent. Proactiveness ensures that organizations are prepared for disruptive eventualities as they arrive.

What is the ISO 22316 standard?

ISO 22316 provides guidance on accomplishing boosted organizational resilience for any size or type of organization and is not precise to any industry or area. It can help by explaining the nature and scope of resilience. The standard identifies the attributes and activities which support an organization in enhancing its resilience in a world where change is happening rapidly. This international standard drives organizational resilience to identify the key elements of resilience, and assists in the implementing and measuring of improvements.

Does an organization have to be certified to ISO 22316?

ISO 22316 was developed by working group WG 2, Continuity and organizational resilience, of technical committee ISO/TC 292, Security and resilience, whose secretariat is held by SIS, the ISO member for Sweden. The standard takes a wide view of the things that can drive resilience in an organization; many of these are behavioral and have historically been overlooked. This is why one of the key principles of the standard is to help them develop a culture that supports resilience. It also involves building upon existing forms of risk management, having shared values and an awareness of changing contexts, all the while underpinned by strong and empowered leadership. However, even if there are certifications to this standard, the focus of ISO 22316:2017 is on principles, attributes, and activities that support an organization in enhancing its resilience. This is a practicable position to take while the concepts around resilience are still evolving and the underlying mix of contributing disciplines are subject to their own varying standards and regulations. It is more of a guidance than anything else.

We are not saying that you should not be certified to this but careful consideration should be made as this entails considerable commitment for sustained certification.

Contributor:

Jun Villalon has over than 20 years experience in Management Systems and Process Reengineering and has a strong background in ICT. He is also the BCJA Chief Operations Officer and course designer and trainer. If you have any questions, please do not hesitate to contact him: svillalon@bcjaconsultancy.com