[OR] [P2-S5] What is "Improve Lesson Learnt" in Operational Resilience?

Written by Moh Heng Goh | Jul 23, 2022 11:54:49 AM

What is "Improve Lesson Learnt"?

The key to improving "Lesson Learnt" is for an organisation to promote a culture of continuous learning and to improve from scenario testing and actual incidents.

It is essential to improve and communicate remediation and vulnerabilities after scenario testing.

What Should an Organisation Be "Learning"?

Lessons learnt in Operational Resilience by an organisation before and after an operational disruption should include the following:

Be able to anticipate disruptive events.
Be constantly learning from adverse events affecting the organisation or the industry.
Be able to form part of an organisation's incident and crisis management processes.
Be able to provide feedback and define better controls or mitigation measures for its key processes and resources.
Be conducted as part of a series of scenario testing exercises in preparation for the actual operational disruption.

After implementing the OR program, an organisation can still experience a disruption or outage in a critical business service.

This can be due to an unpredictable "black swan" event, such as the COVID-19 pandemic, CrordStrike outage, unidentified interdependencies, or "black spots" within the organisation.

These may be some good documents to refer to in your organisation:

Post-incident report
Lesson learned report

Continuous Learning

In addition to the learning described above, the business landscape will continue to shift, requiring reassessment of threats and challenges, as well as impact tolerances, each year.

Hence, there is a need to continually learn and improve operational resilience. This includes defining the current and desired positions, and identifying steps to close the gap between them.

How to Improve and Communicate Lessons Learned?

Improving and communicating lessons learned is crucial for continuously enhancing operational resilience and fostering a culture of learning.

The following steps should be taken:

Analyse and Consolidate Lessons Learned

Identify valuable insights from scenario testing, real-world disruptions, and post-incident reviews.
Analyse common themes and trends across learning sources.
Categorise lessons learned based on impact, urgency, and feasibility of implementation.

Develop and Implement Action Plans

Prioritise high-impact lessons and translate them into actionable improvement plans.
Assign ownership and responsibilities for implementing each action plan.
Set clear timelines and milestones for achieving improvement goals.

Cultivate a Culture of Continuous Improvements

Champion the value of learning from failures and near misses.
Encourage open communication and reporting of potential risks and vulnerabilities.
Foster a collaborative environment where everyone feels empowered to contribute to improvement efforts.

Communicate Lessons Learned Effectively

Tailor communication strategies to different stakeholder groups (management, employees, regulators, etc.).
Utilise diverse communication channels (reports, meetings, training sessions, etc.) to disseminate lessons and best practices.
Craft a compelling narrative that highlights the value and impact of operational resilience improvement initiatives.

Monitor and Evaluate Improvement Efforts

Track progress towards achieving action plan goals.
Measure the effectiveness of implemented improvements through ongoing testing and monitoring.
Adapt and refine action plans based on the collected data and learnings.

Overall, by the completion of Stage 5, "Improve Lesson Learnt" of the “Implement” phase of the Operational Resilience Planning Methodology, the professional will have demonstrated the skills and knowledge to:

Leverage valuable insights from experience to enhance operational resilience.
Drive continuous improvement efforts within their organisations.
Foster a culture of learning and open communication.
Effectively communicate the value and impact of operational resilience to stakeholders.

By completing this phase, OR professionals will help build a more resilient and adaptable organisation prepared to withstand and recover from disruptions.

Definition	Explanation	Definition
Critical Business Service	Defining critical business services at the correct scope level is vital. The challenge is not to be either too granular or not granular; either approach would create excessive work: a detailed drill-down or an overly high level, leaving the OR gaps unmanageable.
Internal and Underpinning Services are NOT Business Services	Differentiate business services into three categories: business, internal, and underpinning services. Internal service and underpinning services are NOT business services.
Levels of Harm	Defining levels of harm, especially "intolerable harm", is crucial to supporting the identification of Important Business Services. The challenge is that the threshold for intolerable harm and the potential consequences of a disruption for individual stakeholders and customers are unclear.
Time Criticality	Time-criticality is often the most significant indicator when assessing the "intolerable harm" caused to customers and stakeholders by a disruptive event. One of the most crucial considerations is the long-term nature of fulfilling the committed obligation to deliver products and services.
Scenario Testing: Business Continuity Vs Operational Resilience	Scenario testing as part of business continuity and disaster recovery often focuses on short-term disruptions posed by technology failures or the unavailability of people, processes and infrastructure. For operational resilience, scenario testing builds and demonstrates an organisation's capacity to anticipate, prepare for, respond to, and adapt to incremental changes and sudden shocks (external disruptive events) in its operating environment.
Internal and External Communications	The ability to communicate effectively is paramount during disruptive events. Built robust internal and external communication strategies to allow organisations to act quickly and effectively to reduce potential harm.

"Implement" Phase of the OR Planning Methodology

Identify Important Business Services	Map Processes and Resources	Set Impact Tolerance	Conduct Scenario Testing	Improve Lesson Learnt

More Information About Operational Resilience OR-5000 [BL-OR-5] or OR-300 [BL-OR-3] Course

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.



	If you have any questions, click to contact us.

View full post