3. What is Resilience?
Engineering:
Resilience is the property of a material to absorb energy when it is deformed elastically
and then, upon unloading to have this energy recovered.
Psychology:
Resilience in psychology is the positive capacity of people to cope with stress and adversity.
Ecology:
In ecology, resilience is the capacity of an ecosystem to respond to a perturbation or
disturbance by resisting damage and recovering quickly.
Networking:
Resilience is the ability to provide and maintain an acceptable level of service in the face of
faults and challenges to normal operation.
Organisations:
Resilience is defined as “the positive ability of a system or company to adapt itself to the
consequences of a catastrophic event.
4. ASIS Organisational Resilience
Resilience is an organization’s ability to quickly, efficiently, and effectively adapt to
a change, such as disruptive events (natural, intentional or unintentional), by
implementing adaptive, proactive and reactive strategies. (Marc Siegel Sydney 2010)
BCI Organisational Resilience
“Holistic management process that identifies potential threats to an organization
and the impacts to business operations those threats, if realized, might cause, and
which provides a framework for building organizational resilience with the
capability for an effective response that safeguards the interests of its key
stakeholders, reputation, brand and value-creating activities."
19. And Then There Are A Few
Standards
AS/NZS ISO 31000 2009 Risk Management Standard
AS/NZS ISO 9001 2008 Quality Management System
AS 8001 2003 Fraud & Corruption Control
AS 8000 2003 Good Governance Principles
AS 3745 2010 Planning for Emergencies in Facilities
AS/NZ 5050 2010 Business Continuity – Managing disruption related
risk
AS 4083 2010 Planning for Emergencies – Health Care
BS 7799 Information Security Management
BS 31100 2011 Risk Management: Code of Practice
BS 25999-2 2007 Business Continuity management
ASIS SPC. 1 2009 Security, Preparedness and Continuity Management
Systems
ISO/IEC 10181 1996 Security frameworks
ISO/IEC 13335 2001 IT security management
ISO TR 13569 2005 Financial services - information security
guidelines
ISO 20858: 2007 Ships and marine technology -- Maritime port
facility security assessments and security plan
development
IS0 28001 2007 Security Management Systems for the supply chain
20. LEADERSHIP
The Top Down Dynamic
• Leadership align O.R. with business objectives
• Leadership uses O.R. to seize new business practices e.g.
technology
• Leadership embraces new organisational principles i.e. corporate
governance
• Leadership drives and supports change in internal and external
environments
• Leadership MUST delegate operational responsibility to business
units
• Leadership MUST value diversity
• Leaders MUST protect shareholder value
• Leadership can use O.R. to deliver long term value
22. Organisational Resilience is also
BOTTOM UP
• The numerous functional processes including
Security Management, Risk Management, BCM,
Health & Safety, Governance, Internal Audit,
Financial Management drive O.R from bottom up
• Businesses MUST nurture Creativity and
Learnability within to allow bottom up influence on
O.R.
• Behaviours and Trust must be embedded from the
Bottom Up
• Communication MUST be a two way interaction
Bottom up as well as Top Down
24. SO WHERE TO FROM HERE?
• Identify and understand the essential
elements of Organisation Resilience
• Capture the principles
• Deliver a practical O.R. model to
assist organisations to become more
resilient
• Ultimate aim to gain consensus as to
what organisational actually is
Source: Australian Journal Emergency
Management
25. Thank You
Questions
Bruce Braes Dr. David Brooks
AECOM School of Computer & Security Science
Perth Edith Cowan University
Western Autralia Perth
bruce.braes@aecom.com Western Australia
d.brooks@ecu.edu.au
Source: Australian Journal Emergency
Management
Hinweis der Redaktion
Before we begin I would like to set a baseline upon which this presentation is based.Research being conducted for PhD in Australia, USA, UK, Singapore, New Zealand and Hong KongThis presentation represents our understanding from research conducted until now and may not be universally acceptedWhen we use the term Organisational Resilience we refer to Corporate or Business Resilience
Arguments prevail that Organisational Resilience is a rebranding exercise by policy makers. Disagreement exists whether Organisational Resilience is - a framework, process or outcome. Resilience is used extensively in both government and corporate environments; however, there is conjecture as to what Corporate or Organisational Resilience is. The presentation provides a framework that defines and applies corporate resilienceDoes a Standard provide the resolution?
The concept of resilience in academic terms has its origin in fields psychology and child behaviour (Coutu, 2002; Reinmoeller & VanBaardwijk, 2005). Resilience is a fundamental quality of individuals, groups, organisations and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour (Horne III & Orr, 1998)
ASIS promotes organisational resilience as an abilityThe Business Continuity Institute promotes Organisational Resilience as a process
We understand Organisational Resilience as a STATE or CULTUREIt relies upon both Top down and Bottom up interactions i.e LEADERSHIP and PROCESSIt is about It is about ADAPTABILITY TENACITY FLEXIBILITYIt must be FIT FOR PURPOSE = is different for every organisation
Resilience & Maslow’s Theory can be easily mapped against each other
ASISSPC 1 is a very good tactical tool to assist implementation
One of the principal barriers to organizational maturity in this area is that frequently,resilience elements are viewed as separate, with separate sponsors, stakeholders,audiences and objectives.Security generally sits at middle management level, as do Information Security, Health &Safety, BCM etc., with only Crisis Management regularly engaging Senior Management.To truly embed resilience in an organization, all other aspects of resilience must beregarded as part of an integrated whole, owned and driven by senior management andencouraging both individual and collective resilience in all areas of operations. This must bethe level of maturity which we should be promoting organisations to aspire to.We are unlikely ever to see a Security Director on the main board, but if all theResilience disciplines are seen as part of an integrated organizational resilience model directly tied to brand, reputation, stakeholder value or share price, perhaps one day alongside the CEO, CIO and CFO we might see a CRO (Chief Resilience Officer) whose job is to protect the intrinsic value of the organization.