Element
|
Description
|
Purpose
|
- To evaluate the organisation’s current level of resilience maturity, capability, and readiness to embark on the Operational Resilience (OR) journey.
- This establishes a baseline that informs strategy, resource allocation, and leadership buy-in.
|
Objectives |
- Identify the current state of resilience maturity across critical business services, functions, and dependencies.
- Benchmark against industry standards, regulations, and best practices (e.g., ISO 22316, supervisory requirements).
- Highlight strengths, gaps, and areas requiring urgent improvement.
- Develop a maturity roadmap that guides subsequent OR implementation stages.
|
Inputs
|
- Existing BCM, crisis management, IT disaster recovery, and risk management frameworks.
- Regulatory requirements and supervisory guidelines (e.g., financial regulators, sectoral authorities).
- Organisational policies, governance structures, and resilience-related audits or assessments.
- Stakeholder expectations and tolerance levels.
|
Activities
|
- Conduct a maturity assessment using structured frameworks (e.g., maturity models, diagnostic tools).
- Review existing resilience practices (BCM, cyber resilience, outsourcing/vendor management, operational risk management).
- Assess governance, accountability, and ownership structures for resilience.
- Identify critical business services and supporting dependencies already recognised within the organisation.
- Compare current practices with regulatory expectations and industry benchmarks.
- Document capability levels, gaps, and required resources.
|
Outputs
|
- OR Capability and Maturity Assessment Report.
- Gap analysis highlighting weaknesses and strengths.
- Maturity roadmap aligned with regulatory requirements and business priorities.
- Recommendations for building leadership awareness and securing resources.
|
Linkages
|
- Forms the foundation for P1-S2: Define Scope and Governance by identifying the current state and setting boundaries.
- Provides baseline metrics for P2 (Implement phase) activities, ensuring initiatives target real capability gaps.
- Links to BCMBoK 2 (Risk Analysis and Review) and BCMBoK 7 (Program Management) as part of an integrated resilience assessment.
- Supports alignment with external regulators and industry standards for compliance.
|