|
Element
|
Description
|
|
Purpose
|
- To define the organisation’s operational resilience (OR) strategy and establish a practical roadmap that aligns resilience objectives with business priorities, risk appetite, regulatory requirements, and stakeholder expectations.
- This stage ensures a structured pathway for building OR capability beyond compliance and towards long-term sustainability.
|
| Objectives |
- Formulate an operational resilience strategy that reflects organisational mission, critical business services, and identified vulnerabilities.
- Align OR strategy with enterprise risk management (ERM), business continuity management (BCM), crisis management, IT disaster recovery, and other resilience frameworks.
- Translate strategic intent into a phased roadmap with clear milestones, responsibilities, and timelines.
- Balance resilience investments against business value, risk exposure, and regulatory obligations.
- Gain senior management approval and commitment for strategy execution.
|
|
Inputs
|
- Outcomes from Stage 2: Identify Critical Business Services (prioritised services, dependencies, impact tolerances).
- Risk analysis and vulnerabilities were identified during initial assessments.
- Regulatory and supervisory expectations (e.g., financial regulators, sector-specific authorities).
- Industry benchmarks, best practices, and lessons learned from disruptions.
- Stakeholder needs, including customers, partners, and shareholders.
|
|
Activities
|
- Review prioritised business services, impact tolerances, and dependencies to frame strategy options.
- Identify resilience goals (e.g., service continuity, rapid recovery, adaptability, compliance).
- Evaluate strategic approaches (e.g., diversification of suppliers, technology resilience, workforce flexibility, crisis communication readiness).
- Develop a phased roadmap that defines short, medium, and long-term actions.
- Assign ownership and accountability for roadmap initiatives.
- Validate strategy alignment with executive leadership and board oversight.
- Document the roadmap for communication across the organisation.
|
|
Outputs
|
- Approved Operational Resilience Strategy.
- Documented Operational Resilience Roadmap, including timelines, milestones, and responsibilities.
- Executive endorsement and stakeholder communication plan.
- Integration of OR strategy into enterprise planning and governance frameworks.
|
|
Linkages
|
- Previous Stage (P1-S2: Identify Critical Business Services): Provides prioritized services and impact tolerances that shape strategic focus.
- Next Stage (P1-S4: Define Governance and Operating Model): Strategy and roadmap inform governance structures and operating model design.
- ERM, BCM, IT DR, Crisis Management: Strategy must align and integrate with existing resilience and risk programs.
- Regulators and Industry Standards (e.g., ISO 22316, ISO 22301): Ensure compliance and alignment with resilience expectations.
|