A resilient organisation can anticipate and respond to threats and opportunities arising from sudden or gradual change. In order to meet its objectives, thrive and survive, the organisation must be able to absorb change and adapt to a changing environment. Increasing resilience should therefore be a strategic goal of each organisation.
Many factors influence the true resilience of the organisation. As stated in the international standard ISO 22316, “organisations can only be more or less resilient; there is no absolute benchmark or definitive goal.”
A commitment by top management to increasing an organisation’s resilience can bring a range of benefits – improving the organisation’s ability to anticipate and manage risks and vulnerabilities, improving performance and contributing to the long-term achievement of strategic objectives.
How to build a resilient organisation
International standard ISO 22316 defines the principles for establishing, implementing and evaluating a framework and strategy to achieve increased resilience of the organisation. Organisational resilience is not possible without the support of the organisation’s leaders and senior management or adequate resources or investment in the organisation’s resilience activities. It is also necessary to set up an appropriate management structure, effective communication, staff training and ensure the required competencies of the persons involved.
Attributes of a resilient organisation
Some attributes and activities contribute to increasing the resilience of organisations. These include sharing the vision and values of the organisation, knowledge of the internal and external environment, fulfilling the leading role of top management, sharing knowledge, learning from history, etc.
The development and coordination of managerial disciplines are essential. Key management disciplines needed to ensure an organisation’s resilience include:
- asset management,
- business continuity management,
- crisis management, emergency / emergency management,
- cyber security, information security and privacy management,
- environmental management,
- anti-bribery management and fraud control,
- occupational safety and health management,
- physical security management,
- quality management,
- risk management or
- compliance management.
These and other disciplines are covered mainly by the requirements and recommendations of ISO standards – ISO 22301 for business continuity management, ISO / IEC 27001 for information security management, ISO 37301 for compliance management, etc.
Therefore, the implementation and operation of integrated management systems according to ISO standards significantly contributes to the resilience of organisations.
Evaluation of the resilience of organisations
Part of increasing an organisation’s resilience is to carry out activities that provide information on whether and to what extent (how well) they continue to meet the organisation’s relevant goals and strategies or where there are opportunities for improvement.
Organisations should implement processes to continuously monitor and measure specific indicators that contribute to their resilience. Organisations should also put in place processes to evaluate the performance and effectiveness of established processes and measures to verify the appropriateness of objectives and their approach to achieving them. The information gathered in this way is an essential tool for informed decision-making by top management.