Organizational resilience is key to a company's long-term survival. It is a holistic approach to ensuring the organization's ability to function after a disaster. It is also much more than just backup and disaster recovery, and it relies on operational resilience.
Organizational resilience generally encompasses everything that an organization needs in order to continue to function in times of crisis. An organizational resilience plan addresses IT systems, facilities and employees. An organization might not have to initiate every part of its resilience plan: The response depends on the severity of the disaster.
Let's look at some organizational resilience examples.
IT during the pandemic
In 2020, the COVID-19 pandemic brought the concept of organizational resilience to the forefront of nearly every industry. Businesses suddenly had to figure out how they could continue to function in a world in which employees were largely unable to enter the workplace for an undetermined amount of time.
Office work. Organizational resilience comes in many forms. Every organization took a different approach to dealing with the situation at hand, which resulted in a variety of organizational resilience examples. Office workers, for example, primarily worked from home. Corporations quickly deployed VPNs and video conferencing software to enable remote workers to do their jobs.
Service industry. Restaurants largely transitioned to a takeout-only business model, with some implementing delivery services they didn't previously offer. Restaurants that could continue to offer in-person dining put physical barriers between tables or replaced paper menus with digital menus that patrons could access from their smartphones.
Essential workers. Businesses that were deemed essential, such as those in healthcare, education, grocery stores, public works, transportation and some manufacturing, focused primarily on protecting employees. They put safeguards in place that physically isolated employees from one another, while also taking measures such as employee health checks.
In each of these organizational resilience examples, companies were forced to make a major change to their operational procedures to maintain business continuity. In some cases, these changes focused on employees. In others, they were based on IT systems or customers. The underlying thread that ties all these examples together is that each organization focused on what it would take to resume and maintain day-to-day operations.
Where operational resilience fits in
Operational resilience is a major component of organizational resilience. While organizational resilience encompasses an entire company, operational resilience focuses on the ability to modify specific operations to maintain business continuity. For one example, operational resilience played a large role in the organizational strategy of an insurance company where I previously worked.
This company valued risk management and invested heavily in operational resilience. It purchased a facility located about an hour away from its main office. During normal operations, this facility functioned primarily as a location to print marketing materials and welcome packets for people who recently enrolled in its services. With the space the company did not use, it constructed a data center within the facility to serve as a disaster recovery location. In addition, they deployed numerous desktop PCs at the facility to enable employees to work remotely if the main office was inaccessible. The IT team actively replicated key systems to this secondary facility, and could also redirect phone lines from the primary to the secondary office.
This facility's location is far enough away from the primary office that the two places are serviced by different utility companies. As such, a regional blackout in one location would be unlikely to impact the other location. However, the secondary facility is only an hour's drive from the primary facility. In the event of a crisis, most employees could get to the backup facility.
This operational consideration enabled the organization to maintain companywide resilience, keeping operations running and giving employees a second location to work from.
Key elements of organizational resilience
Organizational resilience requirements vary considerably for each type of organization. The resiliency requirements for a restaurant are far different from those of an insurance company.
An organizational resilience strategy must address:
- IT systems;
- the physical facility; and
- any other systems or channels that an organization needs in order to function in times of crisis.
An organization should be able to implement crisis countermeasures independently of one another. After all, not every disaster is going to affect every aspect of an organization's business operations.
For example, an organization experiences a ransomware attack. The attack brings down the organization's IT systems, but does not affect the facility, nor the employees. The company must have an organizational resilience plan for its IT systems that does not incorporate areas of the business that aren't directly affected.
In another example, a blizzard or pandemic makes it impossible for employees to come to the company offices but does not cause any damage to the facility or to the organization's IT systems. In these situations, an organization should focus solely on the part of its resilience plan pertaining to the staff.
Dig Deeper on Disaster recovery planning and management
Related Q&A from Brien Posey
Public bucket access is a prevalent and discussed S3 security issue. However, there are several other important security measures to take, including ... Continue Reading
Tape still plays a key role in backup, including offline protection from ransomware. What are some key improvements that will keep tape backup ... Continue Reading
Cloud-based video surveillance storage can help organizations with compliance and retention. Be mindful, though, as high storage volume can quickly ... Continue Reading