Chapter 18
Provide Self-Assessment – Stage 4 of the Sustain Phase of BSN’s Operational Resilience Planning Methodology
Introduction
![[OR] [BSN] [E2] [C18] Providing Self-Assessment](https://no-cache.hubspot.com/cta/default/3893111/6d299181-a6c8-402e-bb3d-4cc6e5d6fd16.png)
In the Sustain phase of Bank Simpanan Nasional’s (BSN) Operational Resilience Planning Methodology, the “Provide Self-Assessment” stage is a critical activity that ensures the continuous health and maturity of operational resilience practices across the institution.
This stage focuses on internal reflection, gap identification, and proactive refinement of resilience capabilities.
It ensures that BSN’s Critical Business Functions (CBFs) are not only compliant with regulatory requirements but also effectively prepared for disruption scenarios.
Objectives of Self-Assessment
- Evaluate the effectiveness of operational resilience implementation.
- Validate compliance with internal policies and regulatory expectations (e.g., BNM guidelines).
- Identify resilience gaps in processes, technology, people, and third-party dependencies.
- Foster a culture of continuous improvement and preparedness.
Implementation Steps with Examples
Step 1: Establish Self-Assessment Governance and Ownership
Action
Assign responsibilities to relevant function heads, operational risk managers, and resilience coordinators to lead the assessment of their respective CBFs.
Example
- The Head of Digital Banking is responsible for assessing CBS-4 (Digital Banking) performance during simulated outages, ensuring that failover mechanisms for the myBSN mobile app meet recovery objectives.
Step 2: Define Assessment Criteria and Metrics
Action
Develop clear and measurable criteria aligned with BSN’s resilience goals, regulatory requirements (e.g., BNM RMiT, Operational Resilience Guidelines), and key risk indicators (KRIs).
Assessment Criteria May Include
- Recovery Time Objectives (RTOs) vs actual recovery times during tests.
- Availability and integrity of alternate processing arrangements.
- Staff preparedness and knowledge.
- Communications and escalation effectiveness during simulations.
Example
- For CBS-2 (Government Aid and Disbursement Services), the self-assessment metric could include the percentage of successful disbursement transactions within SLA during DR drills.
Step 3: Conduct Structured Reviews and Workshops
Action
Perform workshops, tabletop exercises, and documentation reviews for each CBF. Engage cross-functional teams to provide feedback and validate resilience assumptions.
Example
- A joint review session is conducted for CBS-8 (Core Banking System) and CBS-1 (Retail Banking Services) to assess interdependencies, confirm that backup systems function independently, and validate the integrity of system interfaces.
Step 4: Simulate Scenarios and Test Response
Action
Test the response capability of business units through simulations of cyberattacks, natural disasters, third-party outages, and pandemics to assess real-time decision-making and execution.
Example
- For CBS-6 (Agent Banking), simulate a connectivity outage in rural branches. Evaluate whether BSN agents can continue operations using contingency processes such as offline transaction logging and delayed synchronisation.
Step 5: Document Findings and Identify Gaps
Action
Capture all findings and observations in a centralised assessment report, categorising them based on severity, business impact, and remediation urgency.
Example
- CBS-10 (Regulatory Reporting and Compliance) self-assessment identifies a delay in regulatory data generation due to misconfigured data feeds during failover. The gap is recorded for prioritised remediation.
Step 6: Define Remediation Plans and Timeline
Action
Each department drafts an action plan to address identified gaps, assigns an owner, and sets deadlines. These plans are tracked centrally by the operational resilience office.
Example
- For CBS-3 (ATM and Self-Service Banking Infrastructure), a plan is developed to improve the redundancy of the ATM switch architecture, targeting a 50% improvement in recovery speed within six months.
Step 7: Escalate Key Issues to Senior Management and Board
Action
Key systemic risks, unresolved vulnerabilities, and strategic gaps are escalated through dashboards or reports to the Operational Risk Committee and BSN Board for governance and funding decisions.
Example
- A chronic staffing shortfall in CBS-9 (Customer Complaint and Dispute Resolution) during crisis scenarios is escalated with a proposed plan to upskill support staff from other functions for crisis surge capacity.
Step 8: Integrate Lessons Learned and Update Frameworks
Action
Use the insights from self-assessment to enhance policies, standard operating procedures, and the overall Operational Resilience Framework. Ensure institutional learning is embedded.
Example
- The incident response protocol for CBS-5 (Loan Disbursement and Repayment Processing) is revised to include earlier invocation triggers and customer notification templates based on the self-assessment outcomes.
Summing Up ...
The Provide Self-Assessment stage enables Bank Simpanan Nasional to validate the robustness of its operational resilience program continuously.
Through structured evaluations, scenario testing, and institutional learning, BSN ensures that its ten critical business functions remain resilient, responsive, and aligned with national and global best practices.
As threats evolve, this internal assessment capability positions BSN to adapt quickly, protect stakeholders, and maintain public confidence in all operating conditions.
![[OR] [BSN] [E2] [C14] Five Stages of the "Sustain" Phase](https://no-cache.hubspot.com/cta/default/3893111/19244967-77c7-4b1a-9f99-ed65fb8ab4d5.png)
![[OR] [BSN] [E2] [C15] Introducing Cultural Change Management](https://no-cache.hubspot.com/cta/default/3893111/e62ca31e-de83-4ad8-9a58-f8b82f5a4e7d.png)
![[OR] [BSN] [E2] [C16] Developing a Communication Strategy](https://no-cache.hubspot.com/cta/default/3893111/ffc59ebf-45c6-47b7-8c7c-57b1428a3525.png)
![[OR] [BSN] [E2] [C17] Implementing Training and Awareness](https://no-cache.hubspot.com/cta/default/3893111/9b22a18e-8379-4c3a-a1f5-eac70c865c53.png)
![[OR] [BSN] [E2] [C19] Conducting Independent Quality Reviews](https://no-cache.hubspot.com/cta/default/3893111/38b0f4ab-20ed-42c0-b9d1-e29cce4798f1.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
