The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.
Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.
A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.
Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.
Resilience Management Software
Published June 20, 2023
In the business world, we define resilience as the ability to recover quickly from a crisis and to bounce back better. What then are the set of business processes responsible for ensuring that that happens? That’s resilience management, the process of integrating all of an organization’s protective activities.
Resilience management, as we commonly understand it, consists of two primary areas:
Both areas fall under the unified resilience management structure.
Resilience management might appear to us today as a new field in business management. But it has a lengthy history, going back to the introduction of the first business computer systems.
Like today’s systems, the business computer systems of the past served the purpose of integrating mission-critical data. They offered significant productivity gains. However, they also introduced new points of failure.
As a result, disaster recovery plans – the first resilience management outputs – began to crop up in IT departments.
Regulators also began taking an interest, beginning in the U.S. financial services industry, home to a high concentration of corporate data centers. The Office of
the Comptroller of Currency, for instance, issued a circular in the early 1980s, compelling U.S. banks to have formal disaster recovery plans with provisions for their off-site assets.
In the 1990s, policymakers and regulators in public healthcare, telecommunications, and government services also intervened, with legislation like the Health Insurance Portability and Accountability Act (HIPAA) (1996) and Telecommunications Act (1996).
Both pieces required organizations to have IT disaster recovery provisions to ensure the availability of systems and the security of customer records respectively.
Meanwhile, in the government services sector, a significant Executive Order mandated heads of federal departments and agencies to ensure the continuity of essential functions by (a) safekeeping essential resources and records and (b) developing emergency operating capabilities.
What about today?
Just like in the past, historic crises and/or major technological developments have a way of bringing resilience management to the fore. We’ve experience both with the pandemic and the increasing rise of service dependencies on cloud-based technologies.
In particular, the risk businesses face of disruption, realized during the pandemic, has only intensified, given the widespread adoption of digital solutions and the increasing use of outsourced service providers.
Add to the mix, organizations, since the pandemic, are functioning in a completely different operational environment, often having fundamentally changed the way they interact with technology, customers, and their own employees.
It’s this need to adapt to (and accelerate) the pace of change that increases the risk of disruption, particularly to digital capabilities.
However, it’s the same need to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets, and brand equity that makes resilience management more important than ever before.
So, how do resilience management activities help, actually? Well, some of the key benefits of resilience management include:
Resilience management helps to improve the management of information. Relevant information is made available to decision makers in a timely manner, helping to facilitate proactive decision making.
Proactive decisions are made before incidents occur. As a result of resilience management initiatives, then, companies get the benefit of controlling abrupt disruptions – or preventing them altogether.
Should those disruptions happen anyway, resilience management ensures that organizations are able to respond and recover quickly. Benefits such as information management, improved collaboration, and better decision making, therefore, serve the purpose of accelerating recovery when disruptions do occur.
As noted, the number of service-delivery dependencies a given company has keeps increasing. By providing visibility into those dependencies, as resilience management seeks to do, risk is mitigated.
One of the primary risk vectors companies face today is cyber and ransomware risk. By highlighting these vulnerabilities, resilience management forces companies to act to ensure cyber risk has been mitigated. The same applies to digital services that have not been outsourced.
As noted, the pandemic has precipitated stark changes in the way businesses interact with technology, customers, and their own employees. These changes can invite new risks. Resilience management, by uncovering these risks, can help companies address new threats.
Resilience management offers myriad benefits because of the number of modalities it encompasses. The main types of resilience management include:
Gartner defines operational resilience as initiatives that expand business continuity management programs to focus on the impacts, connected risk appetite, and tolerance levels for disruption of product or service delivery to internal and external stakeholders, e.g., employees, customers, citizens, and partners.
The broad category of resilience management known as organizational resilience refers to the ability of an enterprise to absorb change and adapt to a new environment.
According to the National Institute of Standards and Technology, cyber resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. A set of capabilities, cyber resiliency enables companies to pursue those business objectives dependent on cyber resources in a contested cyber environment.
Often, the modalities, or types, of resilience management overlap. Nevertheless, it’s important to understand some of the salient differences.
For instance, organizational resilience deals more broadly with the ability of an enterprise to absorb change and adapt to a new environment.
On the other hand, operational resilience relates to initiatives that expand business continuity management programs to focus on the impacts, connected risk appetite, and tolerance levels for disruption of product or service delivery to internal and external stakeholders.
How, then, does operational resilience contrast with the related field of business continuity management?
One of the differences between business continuity and operational resilience is that practitioners of the former are responsible for the management of prioritized activities, i.e., those activities that make critical products and services happen. These activities are discovered during the Business Impact Analysis (BIA) process.
Indeed, business continuity focuses on getting processes back up and running in an agreed timescale, with the Recovery Time Objective (RTO) focusing on the time it takes to get a process back up and running following a disruption.
Where this differs from operational resilience is that the latter field is concerned with the management of critical products and services. These are defined as products or services provided by an organization, or another organization on behalf of the organization to one or more clients, which if disrupted cause intolerable harm to the customers or pose risk to the soundness, stability, or resilience of the organization or the market in which it operates.
As a result, operational resilience measures focus on getting a process up and running before that process causes intolerable harm to the business, its customers, or the market. An impact tolerance goes a step further with a service-based objective focus on preventing harm to customers and risk to the market in which they operate.
Read more about the differences between operational resilience and business continuity management, here.
So, how to achieve resilience management aims in your business? Integrated resilience management software helps implement resilience management practices expeditiously, scale programs, and ensure constant improvement.
A resilience workplace should be able to consolidate all your resilience data in one secure, centrally governed platform, as opposed to the typical practice of running different point solutions for communication, collaboration, risk, incident management, safety, security, business continuity planning, and more.
The platform-first approach also cuts down on integration work (and costs), while avoiding the user experience messiness so common in this field.
Getting started quickly is important, but your resilience management platform should also make life easier for you and your team when it’s up and running, as well. Needed to make that happen is a platform with a powerful workflow engine. This engine should allow Managers to automate key resilience tasks, by building their own workflows with notifications, business rules, approvals, and much more.
You can get better bang for your buck with a resilience management platform that includes Governance, Risk, & Compliance (GRC) functionality. Why? Besides avoiding redundancy, such a Module will work to manage cyber, emergency, and security threats, risks, and treatments based on industry bestpractice guidelines and ISO standards, as well.
Besides including a GRC Module, a resilience management platform should also come equipped with a full range of integration options. Indeed, the platform, to garner better ROI, should be deliberately architected to play well with other resilience-enhancing technologies.
The BIA remains a mainstay exercise in resilience management. And so, your resilience management platform should work with forward-looking Managers to make that exercise more agile and pleasurable for all involved. To that end, the platform should make the BIA process as simple and efficient as possible, with the aim of promoting greater usability across the entire organization.
The resilience management platform itself should function as a plan. That way when customers need to develop their business continuity plans (BCPs) or other resilience assets, all the data they have previously entered seamlessly comes together. Managers, then, won’t have to go sifting through documents to find the data they need. And the risk of someone referencing an out-of-date BCP during a crisis is removed.
Plans, of course, must be tested and exercised. To facilitate exercising, resilience management software should provide exercise dashboards that navigate users and their teams through each stage of an exercise. That will help ensure that everyone understands what needs to be completed and when.
Finally, resilience management, after the experience of the pandemic, is a mantra in business circles, as the ability to prepare for, recover quickly from, and bounce back better from a crisis becomes mission critical.
As this article has noted, there are many approaches to and aspects of resilience management. But key to getting resilience management right is having the appropriate digital tools for getting best-practice resilience management activities up and running. For more on the capabilities needed to ensure resilience, download our Buyer’s Guide to Resilience Management Software.