Earlier this month at the Ontario Disaster & Emergency Management Conference (DEMCON) our resilience experts Mark Heywood and Steve Piggott spoke with contingency planning strategic advisor Katie Baumann about how to execute your operational resilience program with confidence. Below we’ve summarised some of the key learnings from that session, You can also watch the session in full here.
Firstly, what exactly do we mean by operational resilience?
Operational resilience is defined as the routine functioning and activities of an organization and the capacity to recover quickly from difficulties. The evolution of operational resilience is a continuous journey - organizations constantly need to respond to new and changing threats, and Covid has shown that we can’t always predict what new threat is coming.
Until recently, the real-time management of disruptive events was virtually non-existent, and they’re still usually managed with a combination of Word documents, spreadsheets, Sharepoint, and other disparate tools, which create the challenge of maintaining real-time information. In a security event, things change constantly and you need to be quick to respond - which these existing tools don’t make it easy to do.
The need for seamless communication with business partners, vendors, and customers, all the while keeping up with social media, business priorities, and meeting regulations, and orchestrating all these moving parts effectively and providing exceptional customer experiences is impossible to do without the right tools and processes in place.
So how do you execute your operational resilience program with confidence?
- You can’t predict everything, but plan for what you can
Take whatever factor you can predict - people, processes, technology - and ensure they are planned for, scripted, and rehearsed in advance. With this baseline level of visibility and control, the other, unforeseen nuances of a crisis can be quickly addressed in real time.
2. Practice makes perfect
You’re going to have a more successful response if all key players and stakeholders know their roles, have practiced a repeatable process, and use common technologies and terminologies. If you can depend on seamless communication and execution where everyone knows what is expected, how execution will occur, what is occurring in real time, and how to decisively and dynamically pivot when unplanned variations occur, you can have more confidence in your response.
3. Learn from your rehearsals and past events
Collect data on your rehearsals and real event responses, and spend the time to share what worked, what did not, and how to improve your processes and collaborations.
4. Transparent and real-time observability
You can’t fix what you can’t see, or learn from data you don’t have. Find out more about how Cutover has helped our clients improve their planning, testing, invocation, and audit of major security events from this recent report by Forrester.