Disaster Recovery Journal Winter 2024

Is resilience just a re-branded version of business continuity management, or does it signal a fundamental shift in how we ensure organizational stability? “

Cloud mistakenly deleted the account of UniSuper, a $125 billion Australian pen sion fund, affecting over 600,000 users for two weeks. Fortunately, UniSuper’s multi cloud backup strategy greatly facilitated recovery. This underscores the importance of a robust BCM/DR plan. In another case, CrowdStrike CEO George Kurtz used “resilience” to describe his company’s ability to maintain finan cial stability and client confidence after a disruptive software update. Despite the setback, adherence to ISO 22301 stan dards could have helped mitigate risks and prevented the incident. Key clauses in the standard, such as Clause 6.1 (planning), Clause 7.2 (competence), and Clause 8.1 (operational planning and control), emphasizes gaps in these areas that had led to the incident and underscores the importance of implementing ISO 22301 standards effectively to enhance resilience and prevent similar issues. Throughout corporate history, regretta ble decisions have often served as caution ary tales. Kodak’s reluctance to embrace digital photography, Blockbuster’s dis missal of streaming, and Nokia’s failure to adapt to smartphones are prime examples. Cobra Beer’s exit from the Indian market, along with the decline of HMT, Rajdoot, and others, highlight how technological shifts and changing consumer preferences can outpace established business models. These examples show the importance of resilience in staying competitive. Organizations that innovate and turn risks into opportunities, such as Facebook’s acquisitions of WhatsApp and Instagram or Grab’s acquisition of Uber in Southeast Asia, demonstrate resil ience. However, events like the arrest of Telegram’s founder for failing to address alleged illegal activities on his platform highlight vulnerabilities that can quickly turn a resilient company fragile, especially in regions with strict regulations. Understanding Business Purpose and the Need for Resilient Transformation Resilience is the ability to thrive in a vulnerable, uncertain, complex, and ambiguous (VUCA) environment. In such an environment, protecting assets (people,

property, information, and reputation) is vital. However, resilience goes beyond merely surviving; it’s about flourish ing and emerging stronger. Like bamboo bending in adversity but not breaking, businesses must adapt and remain resil ient. Achieving resilience starts with understanding business objectives and purpose. The goal is a sustainable future- balancing community needs, company profit, and environmental responsibility. Customer satisfaction remains the core purpose, achieved through excellence in products, services, and processes. This requires transformation at both opera tional and strategic levels. Operationally, excellence requires both in core business functions and enabling areas like supply chain management, compliance, ESG, IT, quality, security, and facility management that support core businesses. Strategically, it involves planning, change management, digital transformation, reputation management, financial management, geopolitical adapt ability etc. Leadership commitment is crucial, as is employee resilience, which collectively drive sustainability and stake holder happiness. As a matter of fact, when developing a resilience framework, professionals do identify critical services and safeguard every step of the process chain, includ ing outsourced processes by developing solutions regardless of the type or sever ity of scenario(s), so client services won’t get interrupted. ISO 22301 clearly recom mends focusing on products and services

used by end customers, ensuring flexibil ity and service continuity despite disrup tions. This is references in Clause 4.3.2 (b) and Clause: 8.2.2 (b). The introduction of the standard outlines four perspectives – business, financial, interested parties, and internal processes – which must be consid ered while developing BCMS for an orga nization and these perspectives perfectly Resilience advocates suggest a chief resilience officer (CReO) should lead resil ience initiatives across the organization. However, existing roles such as the chief risk officer or enterprise risk management leader, chief security officer, chief tech nology officer or chief continuity officer (CCO) can also manage this agenda too. The CCO, with BCM expertise, is well suited be a part of C-Suite to infuse culture of resilience, risk management, training and awareness, and continual improve ment across the enterprise; align resil ience programs with business priorities; bridge different pieces in the organization by coordinating with various functions in both operational and strategic layers; breakdown silos and sharpening the com petitive advantage. If BCM professionals fail to execute resilience effectively or they are not allowed to be part of senior management, the issue lies in implementa tion or leadership commitment, not in the fundamentals of BCM. Since it is humanly impossible to master every detail of all activities and associ align with the ideals of resilience. Who should drive the resilient transformation agenda?

“

DISASTER RECOVERY JOURNAL | WINTER 2024 37