[OR] [ISO] [C2] 22316:2017 Key Principles and Attributes

Building Organisational Resilience: A Strategic Guide for Crisis Management Professionals

Introduction

In an increasingly volatile and uncertain world, organisational resilience—the ability to anticipate, adapt, and recover from disruptions—has become a critical capability. ISO 22316:2017 provides a structured framework for enhancing resilience by outlining key principles and implementation strategies.

For crisis management professionals, understanding and applying these principles ensures that organisations not only survive disruptions but also emerge stronger.

This article expands on the core principles of organisational resilience and provides actionable insights for developing a coordinated resilience strategy.

Core Principles of Organisational Resilience

1. Shared Vision and Purpose

Why it matters: A unified vision ensures that all stakeholders—leadership, employees, and partners—are aligned in their efforts to build resilience.

Key actions:

Clearly articulate resilience objectives within the organisation’s mission.
Foster a culture where resilience is seen as everyone’s responsibility.
Use leadership messaging to reinforce commitment to resilience.

2. Context Awareness

Why it matters: Organisations must continuously monitor internal and external environments to identify emerging risks and opportunities.

Key actions:

Conduct regular environmental scanning (political, economic, technological, and social trends).
Use risk assessments and horizon scanning to anticipate disruptions.
Engage stakeholders to gather diverse perspectives on potential threats.

3. Adaptive Capacity

Why it matters: The ability to absorb shocks, adapt, and transform is crucial in dynamic crises.

Key actions:

Develop scenario planning and stress-testing exercises.
Encourage flexible decision-making structures (e.g., decentralised crisis teams).
Invest in learning mechanisms (after-action reviews, simulations).

4. Good Governance and Management

Why it matters: Strong governance ensures accountability and structured resilience efforts.

Key actions:

Assign clear roles for resilience management (e.g., Chief Resilience Officer).
Integrate resilience into corporate governance and risk committees.
Implement performance metrics to track resilience progress.

5. Diverse Skills, Leadership, and Knowledge

Why it matters: A mix of expertise prevents groupthink and enhances problem-solving.

Key actions:

Promote cross-functional crisis teams with varied expertise.
Invest in leadership development for crisis decision-making.
Encourage knowledge-sharing across departments.

6. Cross-Disciplinary Coordination

Why it matters: Resilience requires collaboration across business functions (operations, IT, HR, finance).

Key actions:

Establish resilience task forces with representatives from all critical areas (critical business services).
Break down silos through integrated crisis exercises.
Leverage external expertise (academia, industry best practices).

7. Effective Risk Management

Why it matters: Proactive risk management reduces vulnerabilities before crises occur.

Key actions:

Align resilience efforts with ISO 31000 (Risk Management).
Use business impact analysis (BIA) to prioritize critical business functions.
Implement adaptive risk mitigation (dynamic risk registers).

Implementing a Coordinated Resilience Strategy

To translate principles into practice, organisations should adopt a structured, organisation-wide approach to resilience.

1. Leadership Commitment & Mandate

Secure C-suite sponsorship for resilience initiatives.
Embed resilience in strategic planning and budgeting.

2. Resource Allocation

Dedicate funding, personnel, and technology to resilience programs.
Balance short-term preparedness (crisis response) and long-term resilience (adaptive capacity).

3. Governance Structures

Create a Resilience Steering Committee to oversee implementation.
Define clear escalation protocols for crisis decision-making.

4. Context-Appropriate Investments

Prioritise resilience measures based on risk appetite and business criticality.
Avoid over-investment in low-probability risks at the expense of likely disruptions.

5. Support Systems & Processes

Implement resilience management software (incident tracking, crisis communication tools).
Develop playbooks for different disruption scenarios (cyberattacks, supply chain failures).

6. Continuous Evaluation & Improvement

Conduct post-incident reviews and resilience audits.
Benchmark against industry standards (ISO 22301, NIST frameworks).

7. Effective Communication

Ensure real-time information flow during crises.
Train leaders in crisis communication to maintain stakeholder trust.

Resilience in Banking & Finance: Case Studies & Best Practices

The banking and financial sector faces unique resilience challenges—cyber threats, market crashes, liquidity crises, and regulatory pressures. This section explores real-world case studies and actionable strategies aligned with ISO 22316, helping financial institutions prepare, adapt, and recover from disruptions.

Case Study 5: Goldman Sachs’ Marcus (2022) – Strategic Pivot to Digital Banking

Challenge:

Rising fintech competition pressured traditional banking models.

Resilience Strategies Applied:

Adaptive Capacity – Launched Marcus as a digital-first retail bank.
Diverse Leadership – Hired tech talent to drive innovation.
Risk Management – Slow, controlled scaling to avoid overextension.

Outcome:

$100B+ in deposits within 5 years.
Proved incumbents can disrupt themselves.

Lesson: Resilience isn’t just about survival—it’s about strategic reinvention.

Conclusion: Building an Unbreakable Bank

Financial resilience requires:

Paranoid governance (assume worst-case scenarios).
Preemptive stress-testing (liquidity, cyber, fraud).
Strategic agility (pivot like Goldman’s Marcus).

Summing Up ... Moving from Reactive to Proactive Resilience

Organisational resilience is not just about surviving crises—it’s about thriving amid uncertainty. By embedding the ISO 22316 principles and adopting a coordinated, leadership-driven approach, crisis management professionals can:

Enhance preparedness through structured governance and risk management.
Improve adaptability by fostering cross-functional collaboration.
Strengthen recovery with continuous learning and investment.

For long-term success, resilience must be woven into the organizational DNA—not treated as a compliance exercise. Crisis leaders play a pivotal role in driving this cultural shift.

Next Steps:

Conduct a resilience maturity assessment.
Develop an integrated resilience roadmap.
Engage leadership in crisis simulation exercises.

Source: ISO 22316:2017 – Security and resilience — Organizational resilience — Principles and attributes

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.