Organisational Resilience in Business Continuity

by David Booth

in it-support,

February 25, 2010

Following my previous blog post on Business Continuity, I would like to continue today on the same theme, but this time moving to the concept of resilience. 

Resilience in the context of Business Continuity can be defined as a combination of the following:

**Not being vulnerable
**Is your infrastructure, processes and plans capable of responding to threats that you have not even thought about, the so called “Black Swan” events.

**Robustness
**Is your organisation able to withstand stresses, pressures, or changes in procedure or circumstance without failing?

**Redundancy
**Do you have fall back plans / systems / processes to keep the business running?  These redundant options may require the business to chop and change in the event of the disaster …

Adaptability and Agility
Is the organisation agile enough to adjust to the changes imposed by the above?

Resilience is a property of not an activity.  That is to say it is what your organisation is that makes it resilient, not what it does.  Therefore resilience is a function of the People, Processes, Technology and Partners.  Moreover, resilience is determined by what your organisation is capable of doing, rather than the number of plans and documents you have.  Practice and rehearsals are much valuable to developing resilience than the plan artefacts, which reinforces the points made about BCP above. Resilience can be developed in an organisation, but it is difficult to measure.  However the level of resilience in an organisation can be observed during and after an incident. 

As with BCP, building resilience is a journey, not a destination.  As your organisation continues to evolve, so must the business continue to think about ways to ensure it remains resilient.

For further information on resilience, business continuity and disaster recovery, I would recommend reading Ken Simpson’s blog here.