Tech Accelerator What is BCDR? Business continuity and disaster recovery guide

Prev Next

Definition

business resilience

Paul Kirvan

By

Paul Kirvan

What is business resilience?

Business resilience is the ability of an organization to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Business resilience goes beyond disaster recovery (DR) and business continuity by offering post-disaster strategies to avoid costly downtime, shore up vulnerabilities and maintain business operations in the face of additional, unexpected breaches.

Business resilience begins with an understanding that business processes and workflows must be preserved for organizations to survive unexpected events. Among the important challenges of business resilience planning is the human element. People must be prepared and educated on how to respond to a chaotic situation.

A business resilience plan is sometimes referred to as a business continuity plan (BCP). Resilience is an outcome of various approaches to readiness, including business continuity, technology DR, crisis management, risk management and incident management.

Business resilience includes various elements of overall resilience, such as organizational resilience, operational resilience, cyber resilience and supply chain resilience. The expansion of the term reflects how important resilience has become to businesses, governments and other organizations.

This article is part of

What is BCDR? Business continuity and disaster recovery guide

Why is business resilience planning important?

It is no longer sufficient to simply recover business operations and mission-critical applications after a natural disaster, cyber attack or other event. Organizations must be ready to adapt as circumstances change. As the COVID-19 crisis demonstrated, businesses had to quickly adjust to changing work environments that included support of remote work and hybrid setups.

Organizations have a responsibility to remain in business, unless extenuating circumstances -- such as a merger -- make it impossible. Shareholders and other stakeholders expect the business to remain operational despite the chance of a disruptive event hurting the firm.

In many cases, it may not be enough to return to the previous norms; the old ways might not accommodate the way the business now operates. Resilience goes beyond strict business continuity and DR, providing the agility, adaptability and sustainability organizations need to adjust to long-term changes in how they operate.

What should a business resilience plan include?

A business resilience plan includes various elements. Among them are the following:

business impact analysis
risk assessment
risk management
testing and running exercises
emergency communications plan
BCP
DR plan
incident response plan
emergency management plan

Each of these components can stand alone. However, combined they create a framework from which an overall resilience plan is developed.

The most important aspect of a business resilience plan is to define the end state of the organization following completion of all recovery plan and resumption processes. It's easy to say a business has recovered from an incident once it has resumed operations. But does that mean it's resilient? Ultimately, an organization must determine what its end state should be following an incident. To achieve that, it must determine what constitutes a state of resilience.

diagram of the elements of a business resilience plan — A business resilience plan combines various types of business continuity and disaster recovery planning.

Following an event and the completion of response activities, business continuity and DR activities get the business back in operation. However, based on the specific event and how it affects the organization's ability to conduct business, it may be necessary to establish new or modify existing business activities for the new normal. It's this last part where an organization demonstrates it has a resilient business.

timeline of how a business resilience plan works — Business continuity and business resilience planning are closely bound together as this timeline shows.

Steps for building a business resilience plan

A business resilience plan can be as simple as combining business continuity management, DR and other plans into a business resilience plan. Chances are, many of those activities will be in the resilience plan.

The following are four key steps in a business resilience plan:

Identify how the organization should function after the event.
Define how it anticipates the potential for an incident and prepares for it.
Determine alternate or interim methods of operating the business.
Identify the effect of the company culture on recovering the business.

The current standards for resilience have no specific frameworks for developing resilience plans. They primarily define the activities that should be part of a holistic plan.

More business continuity help

Check out our business continuity guidance and download a free business continuity plan template that can provide the foundation for a business resilience plan.

Who should be the business resilience manager in an organization?

Determining who should lead business resilience management activities has been a perennial question. Some organizations have standalone business continuity and disaster recovery (BCDR) departments. Others divide the decision-making and other duties up among business leaders in various groups and departments, such as information technology, legal, human resources, senior management, compliance, risk management, emergency management and facilities management.

In the federal government, resilience-related activities align with two federal standards, Federal Continuity Directive 1 (FCD 1) and Federal Continuity Directive 2 (FCD 2). Achieving compliance with the requirements in these two directives helps federal agencies build continuity of operations plans and achieve a level of resilience. Most federal agencies, especially those in the executive branch, must regularly demonstrate compliance with FCD 1 and 2. Each agency assigns FCD compliance to different departments, but most often administrative units manage them.

Business resilience standards and guidelines

Two standards currently define resilience and establish methods for achieving it. They are the following:

ASIS SPC.1-2009 was developed by ASIS International and dates back to 2009. It is titled Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use. It uses the same management system model that other standards organizations, such as the International Organization for Standardization (ISO), use.

ISO 22316:2017 is titled Security and resilience -- Organizational resilience -- Principles and attributes. ISO 22316:2017 uses risk management and other techniques to better identify potential business risks, threats and vulnerabilities before they happen. This standard also embraces the need to focus on company culture as part of an organization's ability to prepare for and prevent disruptive events.

Learn about the five essential areas to pay attention to when building a business resilience plan, including power and system protection, data backup, staffing and cybersecurity.

This was last updated in May 2022

Continue Reading About business resilience

Compare and contrast business resilience vs. business continuity

IT resilience management planning top of mind for DR pros

Why business resilience management should be high on the agenda

Best practices for social media and business resilience

Prepare for the unknown with an organizational resilience model

Dig Deeper on Risk management and governance

Search Cloud Computing

10 cloud programming languages developers need to know
Cloud programming languages are not one-size-fits-all. Learn about the top cloud programming languages, and use our expert ...
A snapshot of Oracle AI in the cloud market
Oracle AI is riding recent success in the cloud market. Can Oracle Cloud Infrastructure rise to become a standard in enterprise ...
What does a cloud network engineer do?
A cloud network engineer juggles a number of responsibilities -- from network design and troubleshooting to learning about ...

Search Mobile Computing

Building mobile security awareness training for end users
Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place...
How to remove a work profile from an Android device
When a user leaves their organization or loses their device, it's time to remove their Android work profile. Learn three methods ...
How to set up a work profile on Android
IT can enable devices for both work and personal use, but this raises questions about security and privacy. Learn how Android ...

Search Data Center

Google Cloud Platform adds WAN and on-premises AI services
A handful of infrastructure announcements for the Google Cloud Platform debut at Next 2025 including a Cloud WAN service, ...
The state of quantum computing: What businesses need to know
Quantum computing's potential and steady advancement make the technology worth investigating, but adopters still need to deal ...
Broadcom VMware hardens vDefend, drops Tanzu branding in VCF
The VMware Cloud Foundation private cloud platform sheds the Tanzu branding for Kubernetes and adds new capabilities to vDefend, ...

Sustainability
and ESG

14 types of diversity in the workplace
Diversity can help improve a company's bottom line, but the term often causes confusion. Learn about the different types and how ...
5 main types of greenhouse gases explained
If you're confused about what greenhouse gases are and why they matter, you're not alone. Learn about carbon, methane and others,...
15 sustainable office ideas that businesses should explore
Learn how to create a more sustainable workplace with these eco-friendly ideas everyone can support. Leaders, managers and ...

Close