![BB OR [D] 6](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20D/BB%20OR%20%5BD%5D%206.jpg?width=2000&height=1333&name=BB%20OR%20%5BD%5D%206.jpg "BB OR [D] 6")
Chapter 5
![[OR] [Pillar] [Banner] Identifying Critical Business Services](https://no-cache.hubspot.com/cta/default/3893111/f5244393-5a7d-455a-94f2-d843b5d524bc.png)
Methodology for Identifying Critical Business Services
Introduction
![[OR] [P2] [S1] [CBS] [C5] Methodology for Identifying Critical Business Services](https://no-cache.hubspot.com/cta/default/3893111/52fce9d7-691a-4cd3-abfd-cfdb229c704c.png)
A structured and disciplined methodology is essential for identifying Critical Business Services (CBS) in a consistent, defensible, and regulator-aligned manner.
This methodology ensures that organisations move beyond subjective judgment and adopt a systematic approach that is transparent, repeatable, and auditable.
The following six-step methodology provides a practical framework for identifying CBS, from initial service inventory to final governance approval.
Step 1: Identify All Business Services
The first step is to develop a comprehensive inventory of all business services delivered by the organisation. This serves as the foundation for subsequent analysis.
Key activities include:
- Listing all services across business lines and functions
- Grouping services into logical categories (e.g., retail banking, payments, corporate services)
- Ensuring completeness while avoiding unnecessary duplication
Key consideration:
Avoid excessive granularity. Services should be defined at a level that reflects meaningful customer outcomes rather than internal task-level activities.
Step 2: Define Service Boundaries
Once services are identified, organisations must clearly define their boundaries to ensure consistency and clarity.
Key elements include:
- Start Point: Customer request, trigger, or initiation event
- End Point: Delivery of the service outcome
- Scope: Inclusion of all supporting processes, systems, people, and third parties
Key consideration:
Service boundaries should reflect an end-to-end perspective, ensuring that the full delivery chain is captured rather than isolated components.
Step 3: Establish Criticality Criteria
To determine which services are critical, organisations must establish clear and measurable criteria for assessing criticality.
Typical criteria include:
- Customer Harm: Financial loss, inability to access essential services, or safety concerns
- Market/Systemic Impact: Disruption to the broader financial system or economy
- Financial Impact: Direct or indirect financial loss to the organisation
- Regulatory Impact: Breach of legal or regulatory obligations
- Reputational Damage: Loss of trust and brand value
Key consideration:
Criteria should be supported by defined thresholds to ensure consistency and objectivity in assessment.
Step 4: Assess and Score Services
Each service is then assessed against the defined criteria using qualitative and/or quantitative scoring models.
Key activities include:
- Assigning scores for each criterion
- Aggregating scores to determine overall criticality
- Ranking services based on the severity of impact
Common tools:
- Risk matrices (e.g., impact vs likelihood)
- Weighted scoring models
- Threshold-based classification (e.g., Critical, Important, Non-Critical)
Key consideration:
The scoring process must be transparent and documented to support auditability and regulatory review.
Step 5: Validate with Stakeholders
The preliminary list of CBS must be validated through structured engagement with key stakeholders across the organisation.
Stakeholders typically include:
- Business unit leaders
- Operations and IT teams
- Risk and compliance functions
- Senior management
Validation activities:
- Reviewing assumptions and scoring outcomes
- Challenging and refining service definitions
- Confirming alignment with business priorities and risk appetite
Key consideration:
Validation ensures that CBS identification is not purely theoretical but grounded in operational reality.
Step 6: Finalise the List of CBS
The final step is to formally approve and document the list of Critical Business Services.
Key activities include:
- Obtaining approval from relevant governance bodies (e.g., risk committee, executive management)
- Documenting CBS definitions, rationale, and supporting evidence
- Establishing version control and change management processes
- Aligning CBS with the broader operational resilience strategy
Key consideration:
Formal approval ensures accountability and provides a clear reference point for all subsequent resilience activities.
Conclusion of Methodology Section
A structured methodology for identifying Critical Business Services ensures that organisations adopt a consistent, transparent, and outcome-driven approach. By progressing through service identification, boundary definition, criticality assessment, stakeholder validation, and governance approval, organisations can confidently determine which services are truly critical.
This methodology not only supports regulatory compliance but also lays the groundwork for effective operational resilience—enabling organisations to prioritise resources, manage risks, and maintain the continuity of essential services under all conditions.
![[OR] [Pillar] [Thin Banner] Operational Risk Management](https://no-cache.hubspot.com/cta/default/3893111/05f77efd-5703-4216-a89a-5d22943fa1f3.png)
![[OR] [P2] [S1] [CBS] [C1] Purpose and Importance](https://no-cache.hubspot.com/cta/default/3893111/9209b90a-6f30-44d4-8312-7e07d8e15e58.png)
![[OR] [P2] [S1] [CBS] [C2] Defining a Critical Business Service](https://no-cache.hubspot.com/cta/default/3893111/0bd2a7d8-3e51-4108-afae-863ea1091523.png)
![[OR] [P2] [S1] [CBS] [C3] Key Regulatory Expectations](https://no-cache.hubspot.com/cta/default/3893111/71523836-ca82-45c7-8cf6-9cdb8f2ddf7d.png)
![[OR] [P2] [S1] [CBS] [C4] Principles for Identifying CBS](https://no-cache.hubspot.com/cta/default/3893111/9eccbeab-f423-4f60-861d-53925fefc630.png)
![[OR] [P2] [S1] [CBS] [C6] Tools and Techniques](https://no-cache.hubspot.com/cta/default/3893111/0d09d714-62e2-471f-9526-a7c054f9bc21.png)
![[OR] [P2] [S1] [CBS] [C7] Common Challenges and Pitfalls](https://no-cache.hubspot.com/cta/default/3893111/fa7fd783-a1f2-4964-9116-94e4e67ea8dd.png)
![[OR] [P2] [S1] [CBS] [C8] Practical Example](https://no-cache.hubspot.com/cta/default/3893111/90c32cff-7453-47c3-ba0e-30bd7f2d1b47.png)
![[OR] [P2] [S1] [CBS] [C9] Integration with Or Framework](https://no-cache.hubspot.com/cta/default/3893111/29dc7521-86eb-42d3-abba-483c80477470.png)
![[OR] [P2] [S1] [CBS] [C10] Governance and Continuous Review](https://no-cache.hubspot.com/cta/default/3893111/c35c8551-7ed5-4184-81ce-358c4d8a3e49.png)
![[OR] [P2] [S1] [CBS] [C11] Key Takeaways](https://no-cache.hubspot.com/cta/default/3893111/b81baa15-cf37-474c-abfb-39be84eecf15.png)
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
