What is operational resilience?
Operational resilience is a business's ability to respond to and overcome adverse circumstances during operation that might cause financial loss or disrupt business services. An organization's operational resilience determines its ability to respond and recover in a timely manner.
Why is operational resilience important and what does it include?
Operational resilience is an important tool for helping businesses to handle adverse situations. Every organization experiences the occasional problem. These problems can range from staffing issues to natural disasters affecting the organization's facilities and making it impossible for normal business operation to continue. The goal behind operational resilience is to identify potential problems before they happen and come up with a plan to either mitigate the effects or to allow the organization to quickly recover.
The following are four stages associated with operational resilience:
- Anticipation of problems. A business will need to figure out what events have the greatest potential of occurring and hampering the organization's ability to do business.
- Develop preventive strategies. Once an organization has anticipated a risk, it can develop a plan for handling that risk. There can be various levels of resilience. A simple event, such as an IT systems failure, can often be mitigated by redundant hardware and automated processes. However, the physical destruction of an entire data center is not quite as easy to overcome.
- Respond and recover. When an event happens, the organization should enact the proper preventive strategy.
- Adapt to the situation. After an event has occurred and been dealt with accordingly, it is important to thoroughly examine the parts of the plan that worked well and to consider whether anything needs to be changed in the future.
Operational resilience vs. business continuity
While it might be easy to assume that operational resilience and business continuity management are synonymous with one another, there are differences between the two. Business continuity management centers around planning for specific incidents that could be disruptive to the business. For example, business continuity management might run mission-critical workloads on failover clusters so that if a server were to fail, the workload could automatically transition to running on a different server, thus preventing an outage.
Operational resilience is an extension to business continuity management. While there is no definitive line between the two, operational resilience generally has a larger scope than business continuity management. One of the key differences between the two is that business continuity management often looks at external factors and the ways that business processes are tied together. An organization that is trying to become operationally resilient might look at how events indirectly related to the business could cause a chain of other events that eventually disrupts operations. For example, a typhoon on the other side of the world might cause shipping delays, which could cause the business to receive the raw materials more slowly than normal. This could eventually affect production and the ability to fulfill orders for customers.
How to achieve operational resilience
One of the key differentiators between operational resilience and other disaster recovery strategies is that operational resilience takes a holistic approach to the organization and its business processes. It examines the ways that processes, even those external to the organization, could conceivably affect the organization's ability to do business.
Risk management is an essential part of achieving operational resilience. An organization that wants to be operationally resilient must begin by performing an in-depth risk assessment. This allows the organization to identify potential risks that could adversely affect the business. These risks could be internal to the organization or might stem from external factors. For example, a supply chain problem could become disruptive to business processes if it means that the business is not able to get the raw materials it needs to function normally.
There are four key areas that organizations must examine as they evaluate risks. These four areas are sometimes called the four pillars of operational resilience. They include the following:
- technology, especially that which is essential to an organization;
- human resources, such as employees and contractors;
- facilities, especially those necessary to do business, such as offices and factories; and
- third parties, such as suppliers and service providers.
Once an organization completes the process of identifying potential risks, the next step is to evaluate each of the risks that have been identified. There are any number of different ways of doing this, but one common approach involves evaluating each risk based on its potential severity and on the likelihood of the event occurring. This can help the organization to figure out which risks it should be focusing on as it strives to achieve operational resilience.