• Steven Horgan, Manager |
  • John Matthews, Managing Associate |
3 min read

Why Resilience by Design?

Resilience by Design is a new methodology that can help your organisation manage resilience gaps in the face of change and defend against emerging threats. In today's world, operational resilience is more critical than ever, with cyber-attacks, pandemics, and extreme weather events adding to ever-increasing challenges. By adopting a principles-led, risk-based approach to managing change to Important Business Services, organisations can ensure that they continue to be well-prepared to weather any storm. Resilience by Design is a component part of an organisation’s approach and complements the operating model, tooling, and people elements by supporting the resilience lifecycle and change processes.

So, what is Resilience by Design?

Resilience by Design is a set of tools that can help you achieve this goal. It involves implementing comprehensive resilience principles into your organisation's change management processes, ensuring comprehensive coverage across all scenarios and pillars of resilience, including people, property, technology, third-party, and data/security. Resilience principles are intended as a guide for change practitioners to enable them to enhance an Important Business Service and prove its resilience through leveraging automated solutions, whilst ensuring appropriate oversight and approval to ensure the recovery of the service within impact tolerance. By developing and implementing these principles iteratively, you can ensure that Resilience by Design is embedded within your business-as-usual organisational change processes, without significantly increasing cost, resource, or timelines for future changes.

What do I need to think about when implementing Resilience by Design?

Before implementing Resilience by Design, it's important to confirm the scope of the principles. You'll need to consider the cost, time, and resource implications of increasing the resilience requirements for your services through change activity and determine whether you want to implement the approach for Important Business Services only or to include other business services and systems. Regardless of your decision, you'll need to assess your principles against severe but plausible scenarios, known vulnerabilities, and historic incidents to ensure that they provide appropriate coverage. This assessment will help develop requirements that will underpin the overarching principles for change practitioners to use as a handrail.

To ensure that Resilience by Design is successful, you'll need to confirm that there are appropriate checkpoints and controls in your organisation's business-as-usual change management process. By doing so, you can monitor the adoption of and compliance with the Resilience by Design principles, identify and remediate areas of exposure through non-compliance, and address thematic resilience issues if recurring resilience gaps are identified. It is important to extend the adoption of Resilience by Design to your third-party providers, requiring compliance through contractual obligations or considering alternative mitigation.

It’s not just a process it’s a change in mindset

Implementing Resilience by Design is a transformative process that surpasses simple changes to structure, policy and process. It requires a fundamental shift in the organisation’s culture and mindset. As Resilience by Design focuses on proactively anticipating and adapting to future challenges, instead of reacting to them, the Board and senior executives must set the tone from the top with their commitment to the required cultural change. Through championing Resilience by Design the Board and senior executives can create a ripple through the organisation which empowers and motivates individual colleagues to seek opportunities to improve resilience and find innovative solutions.

Ultimately, the goal of Resilience by Design is to ensure that your organisation remains operationally resilient, no matter how much changes or what challenges come your way. By continuously scanning the horizon for emerging threats, gathering strong market intelligence, and updating your resilience principles accordingly, you can ensure that you are well positioned to recover your Important Business Services within impact tolerance in the face of any disruptions. It’s important to achieve operational resilience, but it’s essential to maintain it. So why not take the first step towards implementing Resilience by Design in your organisation today?