Enhancing global resilience through a common methodology

New global Operational Resilience regulations are appearing regularly.  We are in consultation and engagements with firms covering the UK (FCA and PRA), Ireland (CBI), Hong Kong (HKMA), Australia (APRA), and of course, for ICT resilience, DORA.
 
For firms who want to enable and co-ordinate global operational resilience capability and effectiveness, these implementations shouldn’t take place in a vacuum. 
 
A siloed approach means each programme will have different methodologies, different definitions of resilience, and different interpretations of what good looks like. 
 
Firms with a global presence should consider developing a global methodology for operational resilience.  The methodology can be applied to all entities, those in scope and those out of scope. 
 
A starting place for developing such an approach might include:

• Defining what resilience means for the organisation and how that should be applied to firm resources, e.g., IT applications
• Defining a common methodology around the identification of Important and Critical Business Services
• Defining what firm and customer harm means and how to identify when harm is caused
• Designing a singular flexible approach to setting and testing impact tolerances
• A global library of severe but plausible scenarios
• Setting a common global operational resilience vocabulary   
• Setting a baseline ICT Resilience approach through DORA regulatory standards
  

The approach will support firms in developing a holistic approach; ensuring that local resilience programmes are implemented, managed, governed, and reported upon in a common way. 

Through an intrinsically aligned and linked methodology, firms should achieve stronger local and global resilience with a more robust capability to identify, adapt and respond to, and recover and learn from resilience incidents.