[OR] [P2] [S2] [MII] What is Mapping Interconnections and Interdependencies in Operational Resilience?

Implement Phase

What is the Mapping of Interconnections and Interdependencies?

What are Interconnections?

Interconnections are the linkages, relationships, and points of interaction among different components within an organisation’s operating environment.

These components typically include:

• Processes (workflows and activities)
• People (staff, teams, roles)
• Technology (applications, systems, infrastructure)
• Facilities (physical locations, data centres)
• Third parties (vendors, service providers)

Key Characteristics of Interconnections

• Represent how components are connected
• Focus on flows and interactions (e.g., data flow, process handoffs)
• Can be internal or external
• Often visualised through process maps, system diagrams, or network maps

Mapping is identifying, documenting, and understanding the "Processes", which are the activities that deliver critical business services.

An organisation should identify, document, and map the following "Resources" that are  required to deliver each critical business service (CBS):

• people
• processes
• information
• technology
• third-party service providers
• facilities

This exercise should be undertaken collaboratively across the business to ensure comprehensive mapping.  A sample of the detailed mapping is appended below.  Each CBS has been mapped to its supporting resources.

[Sample] Mapping of Interconnections for Retail Banking

Why Do We Map Interconnections?

Organisations must capture the key resources and dependencies that enable each critical business service to understand potential threats to operational resilience.

Mapping involves identifying interdependencies and interconnections among people, processes, information, technology, facilities, and third-party service providers.  

The mapping process enables an organisation to have sufficient details to:

• test against the scenario
• test vulnerabilities
• test remediation

When mapping the "Processes," the relationship with key resources should be considered:

• people
• processes
• technology
• third-party vendor
• facilities
• information

How to Map Interconnections and Interdependencies Across the Organisation?

Mapping operational resilience dependencies and connections is essential to understanding interdependencies among business units, systems, processes, and external stakeholders.  

The following actions are involved:

Identify Key Stakeholders

• Engage with business unit leaders, IT managers, risk management teams, and other relevant stakeholders to identify and involve the key departments and individuals responsible for critical business functions.

Conduct Dependency Analysis

• Analyse the dependencies between business units, systems, applications, processes, and external entities (suppliers, partners, regulatory bodies).
• This analysis helps identify the critical links and potential vulnerabilities.

Identify Internal Interdependencies among different Systems, Processes, and Functions.

• Analyse how failures or disruptions in one area can impact others. 
• Consider dependencies on IT infrastructure, data centres, communication networks, and personnel. 
• Document these interdependencies to gain a comprehensive understanding of internal dependencies.

Identify External Interdependencies

• Assess the external interdependencies with third-party vendors, service providers, and other external entities. 
• Identify critical relationships and dependencies on which the institution relies to deliver its services.
  • Includes outsourced processes, cloud service providers, regulatory reporting systems, and other external dependencies. 
• Evaluate the potential impact of disruptions in these relationships on the institution's operations.

Document Interconnections and Interdependencies

• Create a comprehensive inventory that documents [Refer to sample Table on Mapping of Interconnections and Interdependencies] the identified Interconnections and Interdependencies.
  • Include information such as criticality, dependencies, contact persons, and relevant documentation.
• Document the identified Interconnections and Interdependencies in a structured manner. 
• Develop visual representations, such as diagrams or flowcharts, to illustrate relationships and dependencies. 
  • Includes information on the relationship's nature, data flows, communication channels, and any contractual or legal obligations. 
• Serve as a reference documentation for future analysis and planning.

Establish Communication Channels

• Establish effective communication channels to facilitate ongoing collaboration and information sharing among stakeholders.
• Ensure a common understanding of interdependencies and enable efficient coordination during disruptions.

Review and Update Regularly

• Review and update the Interconnections and Interdependencies mapping continuously to reflect changes in the organisational structure, processes, or external relationships.
• Ensure the accuracy and relevance of the mapping information.

[Sample] Table on Mapping of Interconnections and Interdependencies

Together, the “Interdependencies Detail” and “Interconnections” columns form the foundation of a meaningful Interconnections and Interdependencies map at a very strategic level

While “Interdependencies Detail” clarifies who is involved in delivering each sub-process and what it entails, “Interconnections” reveals the operational dynamics and systemic links that underpin the organisation's operational ecosystem.

This combination enables a deep understanding of the service architecture, facilitating targeted risk mitigation, business continuity planning, and operational resilience enhancement for each CBS.

Purpose of Interconnections (Interaction with CBS or Other Components)

The “Interconnections” column explains how each dependency interacts with CBS or other components within the organisation's operational ecosystem. It articulates the operational relationship and integration points, such as:

• How a system supports a process or links to another system (e.g., middleware connecting mobile apps to the core engine).
• How people or teams coordinate across departments or with third parties.
• How external platforms are integrated to facilitate transaction flow, compliance, or settlement.

This information is crucial because understanding the interdependencies and data or operational flow helps to:

• Map single points of failure or cascading impacts in case of disruptions.
  
• Design more effective contingency plans and recovery strategies.
  
• Ensure alignment between internal capabilities and external obligations.
  
• Strengthen real-time monitoring and reduce blind spots in operational risk.

[Sample 1] Table on Mapping of Interconnections

[Sample 2] Table on Mapping of Interconnections

Explanatory Notes for Map Interconnections Fields

Purpose of "Interdependency Detail" (What/Who is Involved)

The “Dependency Detail” column identifies and describes the internal or external components that are critical to each process within CBS. This includes:

People: Functional roles or teams responsible for oversight, execution, or decision-making.

Processes: Key activities or workflows that form part of the payment and settlement lifecycle.

Technology: Core systems, interfaces, or digital tools used to execute, monitor, or support transactions.

Third Parties: External service providers, regulatory bodies, and partner institutions that play an operational or regulatory role.

By detailing “what” is being relied upon or “who” is involved, this column helps stakeholders understand the precise nature of each Interdependency, which is critical for assessing potential vulnerabilities, allocating resources, and prioritising in resilience planning.

[Sample 1] Table on Mapping of Interdependencies

[Sample 2] Table on Mapping of Interdependencies

Explanatory Notes for Map Interdependencies Fields

Sub-CBS Code

A unique identifier assigned to each Sub-Critical Business Service (Sub-CBS) within a Critical Business Service (CBS).

The code provides a structured reference for tracking, analysis, reporting, and resilience assessments.

Example: 2.1 may represent Market Data Source Acquisition and Feed Collection within CBS-2 Market Data Distribution Services.

Sub-CBS Name

The official name of the Sub-Critical Business Service being analysed.

This field identifies the specific operational process, capability, or service component that contributes to the delivery of the overall Critical Business Service.

The Sub-CBS Name provides context for understanding the dependencies associated with that process.

Dependency Category

Classifies the type of dependency required to support the Sub-CBS.

This field helps group dependencies into meaningful categories for analysis and resilience planning. Common categories include:

• People – staff, operational teams, subject matter experts.
• Process – business processes, procedures, workflows.
• Technology – applications, platforms, databases, infrastructure.
• Facilities – offices, data centres, operational sites.
• Third Party – vendors, service providers, cloud providers, telecom carriers.
• Market Infrastructure – exchanges, clearing houses, payment systems, trading venues.
• Information/Data – reference data, market data, security master data, regulatory data.

Interdependent Entity / Service

The specific organisation, system, platform, team, service, facility, or external entity that the Sub-CBS depends upon.

This field identifies the actual dependency source.

Examples include a market data feed provider, an identity and access management system, a cloud storage service, a telecommunications network, or an operational support team.

Dependency Description

A detailed explanation of the dependency relationship and how the Interdependent Entity or Service supports the Sub-CBS.

The description should explain what is provided (for example, data, connectivity, processing capability, operational support, or infrastructure) and why it is necessary to deliver the Critical Business Service.

Dependency Type (Internal / External)

Indicates whether the dependency is provided from within the organisation or by an external party.

• Internal – provided by business units, technology teams, infrastructure teams, operations teams, or internal shared services.
• External – provided by third parties, exchanges, market infrastructure providers, telecom carriers, cloud providers, regulators, or other external organisations.

This distinction supports third-party risk management and regulatory reporting requirements.

Impact if Dependency Fails

Describes the operational consequence if the dependency becomes unavailable, degraded, corrupted, delayed, or otherwise fails.

The impact statement should focus on the effect on the Sub-CBS and the overall Critical Business Service, such as:

• Service outage
• Delayed market data delivery
• Data integrity issues
• Regulatory non-compliance
• Customer access disruption
• Increased latency
• Extended recovery time
• Loss of monitoring visibility

This field helps assess dependency criticality and supports impact tolerance and scenario testing activities.

These definitions align with operational resilience practices for Mapping Interdependencies, where the objective is to identify and document the reliance relationships that support the delivery of a Critical Business Service and to understand the potential impact if those relationships are disrupted.

Interconnections Vs Interdependencies

While often used together, these terms are not interchangeable. Understanding their distinction is essential for accurate mapping and analysis.

	Definition	Explanation	Definition
	Mapping	is the process of identifying, documenting, and understanding the activities involved in critical business services.  Do not map all processes at once or in detail. Start by identifying and agreeing on the critical processes, assigning ownership, and mapping them using a predefined template.
	Interconnections	is the linking of an organisation's network to products, services, equipment, or facilities that do not belong to the originating organisation's network. The term may refer to a connection between the organisation's facilities and its customers' equipment, or between two or more parties.
	Inter-dependencies	are the internal and external dependencies on people, processes, technology, and other resources (including those involving third parties) for each critical business service.
	Mapping Inter-connections and Inter-dependencies	These are steps for the operational resilience mapping process, which involves identifying dependencies and connections between people, processes, information, technology, facilities, and third-party service providers required to deliver each critical business service.

"Implement" Phase of the OR Planning Methodology

Identify Critical Business Services	Map Inter-connections and Inter-dependencies	Set Impact Tolerance	Conduct Scenario Testing	Improve Lesson Learned

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

	If you have any questions, click to contact us.