These components typically include:
Key Characteristics of Interconnections
Mapping is identifying, documenting, and understanding the "Processes", which are the activities that deliver critical business services.
An organisation should identify, document, and map the following "Resources" that are required to deliver each critical business service (CBS):
This exercise should be undertaken collaboratively across the business to ensure comprehensive mapping. A sample of the detailed mapping is appended below. Each CBS has been mapped to its supporting resources.
|
Component |
Interconnections Details |
|
People |
|
|
Processes |
|
|
Technology |
|
|
Third-Party Vendors |
|
|
Facilities |
|
Organisations must capture the key resources and dependencies that enable each critical business service to understand potential threats to operational resilience.
Mapping involves identifying interdependencies and interconnections among people, processes, information, technology, facilities, and third-party service providers.
The mapping process enables an organisation to have sufficient details to:
When mapping the "Processes," the relationship with key resources should be considered:
Mapping operational resilience dependencies and connections is essential to understanding interdependencies among business units, systems, processes, and external stakeholders.
The following actions are involved:
Together, the “Interdependencies Detail” and “Interconnections” columns form the foundation of a meaningful Interconnections and Interdependencies map at a very strategic level
While “Interdependencies Detail” clarifies who is involved in delivering each sub-process and what it entails, “Interconnections” reveals the operational dynamics and systemic links that underpin the organisation's operational ecosystem.
This combination enables a deep understanding of the service architecture, facilitating targeted risk mitigation, business continuity planning, and operational resilience enhancement for each CBS.
The “Interconnections” column explains how each dependency interacts with CBS or other components within the organisation's operational ecosystem. It articulates the operational relationship and integration points, such as:
This information is crucial because understanding the interdependencies and data or operational flow helps to:
|
Sub-CBS |
Sub-CBS Code |
Component Inter-dependency Type |
Component Interdependency Detail (What/ Who is Involved) |
Interconnections (How it connects/ interacts) |
|
Customer Account Management |
1.1 |
People |
Customer Service Officers, Branch Managers |
Interact with customers to open, close, or manage accounts and feed data to the CRM and Core Banking systems. |
|
Process |
KYC, AML Checks, Account Maintenance Workflow |
Integrated into core banking processes and compliance systems |
||
|
Technology |
Core Banking System (e.g., Silverlake), CRM, Customer Database |
The core engine manages the account lifecycle, synchronising across teller, mobile, and branch services. |
||
|
Third-Party |
Credit Bureau, Document Verification Vendors |
Third-party KYC/AML checks integrated via secure APIs |
| Field | Explanation |
|---|---|
| Connected Component |
The system, application, process, team, facility, third-party service provider, external organisation, infrastructure component, or data source that is connected to and interacts with the Sub-CBS. The Connected Component represents the entity through which information, activities, communications, or transactions flow. Examples include trading venues, market data platforms, network providers, customer systems, operational teams, or regulatory authorities. |
| Connection Type |
Describes the nature of the interaction or linkage between the Sub-CBS and the Connected Component. This field helps categorise how the connection operates. Common connection types include: Data Flow (exchange of information), Network Connectivity (communications infrastructure), Application Integration (system-to-system interaction), Operational Interaction (human or team collaboration), Security Integration (authentication or cybersecurity controls), Governance Connectivity (management oversight), and Infrastructure Connectivity (technology or facility support). |
| Interconnection Description |
A detailed explanation of how the Sub-CBS and Connected Component interact and support one another in delivering the Critical Business Service. The description should clearly identify the operational relationship, the purpose of the connection, the information or activities exchanged, and the role the connection plays within the end-to-end service delivery process. This field provides the business context necessary to understand operational resilience risks and potential impacts of disruption. |
| Upstream Connection |
Identifies the preceding system, process, team, facility, or external entity that provides inputs, data, services, resources, or triggers required by the Sub-CBS. Upstream connections are the sources that the Sub-CBS depends on to perform its function. Understanding upstream connections helps organisations identify where disruptions may originate and how failures can propagate through the service delivery chain. Examples include exchanges that supply market data, reference data providers, authentication services, and earlier stages of processing within the workflow. |
The “Dependency Detail” column identifies and describes the internal or external components that are critical to each process within CBS. This includes:
People: Functional roles or teams responsible for oversight, execution, or decision-making.
Processes: Key activities or workflows that form part of the payment and settlement lifecycle.
Technology: Core systems, interfaces, or digital tools used to execute, monitor, or support transactions.
Third Parties: External service providers, regulatory bodies, and partner institutions that play an operational or regulatory role.
By detailing “what” is being relied upon or “who” is involved, this column helps stakeholders understand the precise nature of each Interdependency, which is critical for assessing potential vulnerabilities, allocating resources, and prioritising in resilience planning.
|
|
|
Components |
Dependency Relationships |
|||
|
Sub-CBS Code |
Sub-CBS |
Processes |
People |
Technology (Applications & Infrastructure) |
Third-Party Vendors |
Upstream/ Downstream Dependencies |
|
1.1 |
Cash Deposit at Branches |
Cash handling, account crediting, cashier operations |
Branch tellers, branch managers, customer service representatives |
Cash deposit machines, banking software, and branch network infrastructure |
None |
Integration with central banking systems for account updating |
A unique identifier assigned to each Sub-Critical Business Service (Sub-CBS) within a Critical Business Service (CBS).
The code provides a structured reference for tracking, analysis, reporting, and resilience assessments.
Example: 2.1 may represent Market Data Source Acquisition and Feed Collection within CBS-2 Market Data Distribution Services.
The official name of the Sub-Critical Business Service being analysed.
This field identifies the specific operational process, capability, or service component that contributes to the delivery of the overall Critical Business Service.
The Sub-CBS Name provides context for understanding the dependencies associated with that process.
Classifies the type of dependency required to support the Sub-CBS.
This field helps group dependencies into meaningful categories for analysis and resilience planning. Common categories include:
The specific organisation, system, platform, team, service, facility, or external entity that the Sub-CBS depends upon.
This field identifies the actual dependency source.
Examples include a market data feed provider, an identity and access management system, a cloud storage service, a telecommunications network, or an operational support team.
A detailed explanation of the dependency relationship and how the Interdependent Entity or Service supports the Sub-CBS.
The description should explain what is provided (for example, data, connectivity, processing capability, operational support, or infrastructure) and why it is necessary to deliver the Critical Business Service.
Indicates whether the dependency is provided from within the organisation or by an external party.
This distinction supports third-party risk management and regulatory reporting requirements.
Describes the operational consequence if the dependency becomes unavailable, degraded, corrupted, delayed, or otherwise fails.
The impact statement should focus on the effect on the Sub-CBS and the overall Critical Business Service, such as:
This field helps assess dependency criticality and supports impact tolerance and scenario testing activities.
These definitions align with operational resilience practices for Mapping Interdependencies, where the objective is to identify and document the reliance relationships that support the delivery of a Critical Business Service and to understand the potential impact if those relationships are disrupted.
While often used together, these terms are not interchangeable. Understanding their distinction is essential for accurate mapping and analysis.
|
Aspect |
Interconnections |
Interdependencies |
|
Definition |
Linkages or connections between components |
Dependency relationships between components |
|
Focus |
Structure and connectivity |
Reliance and impact |
|
Nature |
Describes how things are connected |
Describes how things depend on each other |
|
Risk Perspective |
Identifies pathways of interaction |
Identifies points of failure and vulnerability |
|
Directionality |
May or may not imply dependency |
Always implies dependency (one affects another) |
|
Example |
System A sends data to System B |
System B cannot operate without System A |
|
Usage in Mapping |
Forms the network map |
Enables risk and impact analysis |
| Definition | Explanation | Definition | ||
| Mapping |
is the process of identifying, documenting, and understanding the activities involved in critical business services.
|
|||
| Interconnections | is the linking of an organisation's network to products, services, equipment, or facilities that do not belong to the originating organisation's network. The term may refer to a connection between the organisation's facilities and its customers' equipment, or between two or more parties. |
|||
| Inter-dependencies | are the internal and external dependencies on people, processes, technology, and other resources (including those involving third parties) for each critical business service. | |||
| Mapping Inter-connections and Inter-dependencies | These are steps for the operational resilience mapping process, which involves identifying dependencies and connections between people, processes, information, technology, facilities, and third-party service providers required to deliver each critical business service. | |||
| Identify Critical Business Services | Map Inter-connections and Inter-dependencies |
Set Impact Tolerance |
Conduct Scenario Testing | Improve Lesson Learned | |
|
|
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|