. .
Driving Enterprise Resilience: Implementation Blueprint for Security Bank
OR BB FI MY Gen-2

[OR] [SBC] [E2] [P1 to P3] [C1] OR Planning Methodology

x [OR] [SBC] Title Banner

This chapter introduces the three-phase Operational Resilience Planning Methodology adopted by Security Bank Corporation to strengthen its ability to anticipate, withstand, respond to, and recover from disruptive events.

eBook Cover [OR] [SBC] [PH] [E2] [2D]As a leading financial institution operating in an increasingly complex regulatory and risk landscape, Security Bank must ensure that its critical business services remain resilient under a wide range of operational stresses, including cyber threats, technology failures, third-party disruptions, and external crises.

The methodology presented in this chapter provides a structured, practical approach to embedding resilience into the bank’s operations, aligned with regulatory expectations, including the Bangko Sentral ng Pilipinas (BSP) guidelines on operational resilience.

New call-to-action

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

[OR] [SBC] Legal Disclaimer Banner

New call-to-action

Operational Resilience Planning Methodology for Security Bank Corporation

Introduction


eBook Cover [OR] [SBC] [PH] [E2] [2D][OR] [SBC] [PH] [E2] [P1 to P3] [C1] OR Planning Methodology

This chapter introduces the three-phase Operational Resilience Planning Methodology adopted by Security Bank Corporation to strengthen its ability to anticipate, withstand, respond to, and recover from disruptive events.

As a leading financial institution operating in an increasingly complex regulatory and risk landscape, Security Bank must ensure that its critical business services remain resilient under a wide range of operational stresses, including cyber threats, technology failures, third-party disruptions, and external crises.

The methodology presented in this chapter provides a structured, practical approach to embedding resilience into the bank’s operations, aligned with regulatory expectations, including the Bangko Sentral ng Pilipinas (BSP) guidelines on operational resilience.

The methodology is organised into three interrelated phases—Plan, Implement, and Sustain—each consisting of five structured stages.

 New call-to-actionThe Plan phase focuses on establishing a strong foundation by assessing current capabilities, identifying gaps, defining strategic direction, aligning with risk appetite, and embedding governance.

The Implement phase translates strategy into actionable outcomes by identifying critical business services, mapping dependencies, setting impact tolerances, conducting scenario testing, and incorporating lessons learned.

Finally, the Sustain phase ensures that operational resilience becomes an integral and enduring capability through cultural transformation, communication, continuous training, self-assessment, and independent review.

Together, these phases form a continuous lifecycle that enables Security Bank to maintain resilience in a dynamic operating environment.

Purpose of the Chapter

The purpose of this chapter is to provide readers with a clear and structured overview of Security Bank’s Operational Resilience Planning Methodology, enabling them to understand how resilience can be systematically designed, implemented, and sustained within a financial institution.

It sets the foundation for subsequent chapters by presenting a cohesive framework that integrates governance, risk management, business continuity, and operational resilience into a unified approach.

By the end of this chapter, readers are expected to gain a comprehensive understanding of the three-phase methodology and its fifteen stages, and how each stage contributes to building a resilient organisation.

This includes recognising the importance of aligning resilience initiatives with regulatory expectations, identifying critical services and their dependencies, establishing measurable impact tolerances, and embedding resilience into organisational culture and continuous improvement practices.

Ultimately, the chapter prepares readers to apply this methodology at Security Bank or similar institutions to achieve robust, sustainable operational resilience.

 

 

Overview of the Three Phases of Operational Resilience Planning Methodology

 

New call-to-action

Phase 1: Plan

New call-to-action

The Plan phase establishes the strategic and governance foundation required to build operational resilience.

It ensures that Security Bank clearly understands its current maturity, identifies areas for improvement, and aligns its resilience objectives with its overall business strategy and risk appetite.

The five stages are:

  • Assess Capability and Maturity [Stage 1]
    Evaluate existing resilience capabilities across business continuity, IT disaster recovery, risk management, and crisis management.
  • Analyse Gap [Stage 2]
    Identify gaps between current capabilities and regulatory expectations or industry best practices.
  • Develop Strategy and Roadmap [Stage 3]
    Define a structured roadmap outlining initiatives, priorities, timelines, and resource requirements.
  • Confirm Risk Appetite [Stage 4]
    Align resilience objectives with the bank’s tolerance for disruption, including acceptable levels of operational impact.
  • Develop and Embed Governance [Stage 5]
    Establish governance structures, roles, responsibilities, and oversight mechanisms to support the implementation of resilience.

 

Implement Phase Management Report

Phase 2: Implement

New call-to-action

The Implement phase operationalises the strategy by focusing on identifying, analysing, and testing critical business services. It ensures that Security Bank can maintain service continuity within defined impact tolerances during disruptions.

The five stages are:

  • Identify Critical Business Services [Stage 1]
    Determine the services that are essential to customers and the financial system.
  • Map Processes and Resources [Stage 2]
    Identify the end-to-end processes, people, technology, facilities, and third parties supporting each critical service.
  • Set Impact Tolerance [Stage 3]
    Define the maximum acceptable level of disruption (e.g., downtime, data loss, customer impact).
  • Conduct Scenario Testing [Stage 4]
    Test resilience capabilities against severe but plausible scenarios to validate preparedness.
  • Improve Lessons Learned [Stage 5]
    Analyse test outcomes and real incidents to strengthen controls and response capabilities.

 

New call-to-action

Phase 3: Sustain

New call-to-action

The Sustain phase ensures that operational resilience is continuously maintained, enhanced, and embedded into the organisational culture of Security Bank.

It transforms resilience from a one-time initiative into an ongoing discipline.

The five stages are:

  • Introduce Cultural Change [Stage 1]
    Promote a resilience mindset across all levels of the organisation.
  • Develop Communication Strategy [Stage 2]
    Ensure clear and consistent communication of resilience objectives, roles, and expectations.
  • Implement Training and Awareness [Stage 3]
    Build staff competency through structured training and awareness programmes.
  • Provide Self-assessment [Stage 4]
    Enable business units to regularly assess their own resilience capabilities and compliance.
  • Conduct Independent Quality Review [Stage 5]
    Perform independent reviews and audits to validate effectiveness and identify areas for improvement.

 

x [Banner] [Summing] [OR] [E2] [C1] Overview of Operational Resilience Planning Methodology

The three-phase Operational Resilience Planning Methodology provides Security Bank with a comprehensive and structured approach to building, implementing, and sustaining resilience across its operations.

By integrating strategic planning, operational execution, and continuous improvement, the bank is better positioned to safeguard its critical business services against disruption while meeting regulatory expectations and maintaining customer trust.

This methodology is not a linear process but a continuous cycle of enhancement, where insights from implementation and sustainment feed back into planning.

As such, it equips Security Bank with the agility and discipline required to navigate an evolving risk landscape and ensures that operational resilience remains a core organisational capability rather than a standalone initiative.

BL-OR-3-5 Blog Under Construction

Blogs marked [x] are under construction

x [OR] [SBC] Title Banner

ebook 2: Implementing Operational Resilience for Security Bank Corporation
      
C1 C2 [x] C8 [x]  C14 [x]      
 [OR] [SBC] [PH] [E2] [P1 to P3] [C1] OR Planning Methodology  [OR] [GEN] [P1] [S1-S5] [C2] Five Stages of the _Plan_ Phase [OR] [GEN] [P2] [S1-S5] [C8] Five Stages of the _Implement_ Phase [OR] [GEN] [E2] [P3] [C14] The Five Stages of the Sustain Phase      
  ebook 2: Implementing Operational Resilience for Security Bank Corporation
   BSP OR Policy eBook 1 eBook 2 eBook 3   C20 [x] C21 [x] 
   [OR][BSP Guidelines] Key Implementation and Components  eBook Cover [OR] [SBC] [PH] [E1] [2D] eBook Cover [OR] [SBC] [PH] [E2] [2D] eBook Cover [OR] [SBC] [PH] [E3] [2D] [OR] [GEN] [E2] [C20] Conclusion for eBook 2 [OR] [GEN] [E2] [C21] [Back Cover] for eBook 2
  "Plan" Phase of the Operational Resilience Planning Methodology
  C2 [x] C3 [x] C4 [x] C5 [x] C6 [x] C7 [x]
New call-to-action [OR] [GEN] [P1] [S1-S5] [C2] Five Stages of the _Plan_ Phase [OR] [GEN] [E2] [P1] [S1] [C3] Assessing Capability and Maturity [OR] [GEN] [E2] [P1] [S2] [C4] Analysing Gaps [OR] [GEN] [E2] [P1] [S3] [C5] Developing Strategy and Roadmap [OR] [GEN] [E2] [P1] [S4] [C6] Confirming Risk Appetite [OR] [GEN] [E2] [P1] [S5] [C7] Developing and Embedding Governance
  "Implement" Phase of the Operational Resilience Planning Methodology
  C8 [x] C9 [x] C10 [x] C11 [x] C12 [x] C13 [x]
  [OR] [GEN] [P2] [S1-S5] [C8] Five Stages of the _Implement_ Phase [OR] [GEN] [E2] [P2] [S1] [C9] Identifying Critical Business Services [OR] [GEN] [E2] [P2] [S2] [C10] Mapping of Processes and Resources [OR] [GEN] [E2] [P2] [S3] [C11] Establishing Impact Tolerance [OR] [GEN] [E2] [P2] [S4] [C12] Performing Scenario Testing [OR] [GEN] [E2] [P2] [S5] [C13] Improving Lessons Learned
  "Sustain" Phase of the Operational Resilience Planning Methodology
  C14 [x] C15 [x] C16 [x] C17 [x] C18 [x] C19 [x]
  [OR] [GEN] [E2] [P3] [C14] The Five Stages of the Sustain Phase [OR] [GEN] [E2] [P3] [S1] [C15] Introducing Cultural Change Management [OR] [GEN] [E2] [P3] [S2] [C16] Developing a Communication Strategy [OR] [GEN] [E2] [P3] [S3] C17] Implementing Training and Awareness [OR] [GEN] [E2] [P3] [S4] [C18] Providing Self-Assessment [OR] [GEN] [E2] [P3] [S5] [C19] Conducting Independent Quality Reviews

New call-to-action
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

 FAQ BL-OR-5 OR-5000
OR Implementer Landing Page

New call-to-action

 New call-to-action

 

Comments:

 
CTA Banner_OR
CTA Banner_ORA
CTA Banner_BCM
CTA Banner_ITDR
CTA Banner_CM
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2026