The objective for 2021: a better year for Business Continuity & Operational Resilience
The year 2020 was definitely an annus horribilis. The pandemic was not the only subversive agent; other factors have severely impacted the operations of organizations, e.g.., natural disasters and an increasing number of cyberattacks.
Such a scenario has forced organizations to change their modus operandi, for example, in order to survive, they had to: make paradigm shifts in their daily business operations; consider the use of the cloud; and adopt greater mobility and new digital technologies. Furthermore, corporate agility has become almost synonymous of digital transformation and organizations are now, using new technologies to modernize and revolutionize the way they operate. In addition, new working methods and the use of better performing IT-network infrastructures have proved to be more effective and efficient than traditional methods. As a result, organizations - in order to safeguard the continuity of operations - need to rely on an efficient Business Continuity Plan (BCP) and guarantee operational resilience. Today - more than ever - the preparation of a BCP is a fundamental strategic lever for any organization.
The importance of the Business Continuity Plan (BCP)
Interestingly, the “2020 Mercer Covid-19 - Global Survey Coronavirus Impact to Global Market" shows that 51% of organizations worldwide did not have a BCP, thus confirming that the principles of ISO 22301 are not yet sufficiently widespread among organizations.
The importance of BCP has increased considerably in the last 12 months. The proliferation of the pandemic has been an ‘excellent’ test for organizations with a BCP in place as it demonstrated that they were able to better cope with the challenges of the pandemic compared to those organizations that did not have any plans in place.
It has been further proven that BCPs contribute to avoid the negative effects of a crisis and/or disaster-and help to reduce financial losses and maintain relationships with suppliers, other businesses, and stakeholders.
The objective for 2021: a better year for Business Continuity & Operational Resilience
The ambiguous, unstable, volatile, and uncertain historical moment we are experiencing implies that organizations must further evolve in the way they face contingencies and future challenges - especially when considering the actual accelerated process of digital transformation and innovation in progress. It is necessary to give priority to the use of all technologies - based on automation and artificial intelligence - that are able to guarantee the organization’s resilience, agility, and tools to expedite the innovation in supply, operational and business models.
The contingent environment also requires a holistic framework for better decision-making. Therefore, organizations should focus more on operational resilience, as well as cybersecurity, since it is a matter of anticipating, preventing, recovering from adverse events, and adapting to the situations– as a chameleon - to avoid similar events in the future without interrupting or jeopardizing business continuity.
Operational resilience is, therefore, intended to be part of the entire company, influencing people, processes and systems and represents a unique trans-organizational challenge, especially now that digital and physical systems are integrated and operate as a continuum (the so-called Phygital environment).
We have, on one hand business continuity - defined as an organization's ability to continue providing products or services at acceptable and predefined levels as a result of an outage/disruptive event; and, on the other hand, we have the concept of operational resilience conceived as the organization's ability to absorb and adapt in an evolving environment and guarantee the achievement of the organization’s goals. In addition - since vital business processes depend on increasingly articulated IT and digital technologies - resilience is defined as the ability to provide and maintain an acceptable level of service against breakdowns and challenges - vs. the normal functioning of a given communication network - on the basis of set structures that will enable companies to: respond quickly to any circumstances; enable new operational models and services; integrate IT processes and safeguard employees, key businesses, customers, and the brand. In this way our organizations will be more agile in recovering and seizing new opportunities, pursuing new markets, providing new services, and supporting new business models, thanks to the use of automation and Artificial Intelligence tools, as well as ensuring greater resilience and cybersecurity in four key spheres, i.e., workforce, workplace, workload and IT operations, as follows:
- Workforce - i.e., To provide workers with secure services and access to applications while working from home, from the office or wherever they are.
- Workplace - i.e., To allow employees to return to the office safely with Wi-Fi-enabled monitoring, alerts, and insights.
- Workload - i.e., To expedite the use of resilient multi-cloud models and protect data and applications, both in terms of public clouds and on-premises data centers.
- IT Operations - i.e., To implement policies in terms of automated end-to-end network and segmentation and, at the same time, simplify administrative tasks by improving visibility, reducing alerts, and enabling faster repair.
Conclusions & Considerations
The pandemic has put a strain on the organizations’ resilience. It has created a health emergency, put stress on markets and generated technological disruptions. In fact, the coronavirus pandemic has been a stress test for organizations’ operational resilience, and it has revealed how necessary it is to be prepared for the unexpected. Unfortunately, 2020 has ended with another pandemic wave and for 2021 we are expecting the same level of uncertainty and disruption to organizations’ operations.
It is now time, , to ensure operational resilience by considering proactive measures to guarantee organizational efficiency and further strengthen IT networks. It will become even more strategic and fundamental to have an agile and adaptive organization that is able to guarantee operational resilience- by avoiding the limits of a “silos” approach that makes paradigm shifts more burdensome and silos. There is also the need to redesign organizations’ internal structures, namely the “modus operandi and pensandi”.
The adoption of an agile and adaptive working culture will contribute to the creation of an environment capable of prioritizing simplified processes, relying on smaller teams and short-time projects to face the challenges of evolving scenarios. However, we have to consider that the development of an agile and adaptive transformation culture is not an easy process as it requires a highly structured strategy supported by strong leadership. Only those leaderships who adopt a more risk-business continuity-operational resilience-centric approach, will be successful and make better decisions regarding investments and risks. Nowadays our organizations are increasingly based on data; thus, the culture of intelligent data management needs be spread within the organization by programming an ad hoc data-driven and cyber security training to contribute proactively to the Operational Resilience of systems.
As Agostino Santoni - AD of Cisco Italia - says, networks, today, are increasingly intuitive, automated, safer, and performing and support us even in the most complex moments, such as the one we are experiencing with the pandemic. Therefore, we need to guarantee inclusiveness and resilience, i.e., we need to implement the principles of business continuity and operational resilience to guarantee that technology opportunities are available everywhere and to everyone. But it is also necessary to make these powerful tools more and more accessible and also ensure that people become “protagonists” in the use of these tools and have the skills to do so.
At present, we are unable to predict the future and, eventually, we will never know what the “new normal” will look like or when it will take place. It is and will be a matter of managing unknown “unknowns” in a "complex" environment. Therefore, the business continuity and operational resilience professionals need to do their job well and have deep knowledge of the organizations in which they operate in order to be able to cope with future "complicated" situations while safeguarding business continuity and operational resilience of their organizations.
The American sociologist and writer Alvin Toffer - who argued that knowledge, not the workforce or possession of raw materials, would become the most important economic resource in all advanced societies – said that "The illiterates of the future will not be those who cannot read or write, but those who cannot learn, unlearn, and learn again."
About the author
Business Continuity & Risk Management Consultant
In possesso della certificazione Business Continuity - AMBCI BCI, UK e Risk Management FERMA Rimap ® è consulente di Business Continuity & Risk Management. Svolge attività di diffusione e di sviluppo della cultura della resilienza presso varie istituzioni ed università.
Socia AIPSA ed UNI.
· Board del BCI Italy Chapter
· Board ANRA
· Advisory Board di LIUC-ODES Project
· Advisory Board EU SIMARGL Project
· Comitato Scientifico di CLUSIT
· Comitato CLUSIT-Artificial Intelligence/Risk Management
· Conduct Professional Committee – BCI, UK
· Judge at the International Organizational Resilience Awards
· UNI/CT 016/GL 02 "Sistemi di gestione per la qualità" (ISO/TC 176/SC 2), UNI/CT 016/GL 09 "Governance delle organizzazioni" (ISO/TC 309) e UNI/CT 016/GL 89 "Gestione dell'innovazione" (ISO/TC 279) (Commissione Tecnica UNI/CT 016 "Gestione per la qualità e metodi statistici")
Membro de: Associazione Donne 4.0 (Coordinatrice Commissione Reti) e Women for Cyber Security (Comitato Tecnico)
Docente di moduli di introduzione di: ISO 22301 - Business Continuity & Resilience (Università POLIMI–BOCCONI e Università di Verona, Università di Cagliari, Master Ambientale Università di Padova); ISO 31000 - Risk Management (Università Statale di Milano)
Relatrice e moderatrice in diversi seminari, conferenze nazionali ed internazionali.
Autrice di numerosi articoli su diverse riviste online, (i.e.: AgendaDigitale, Cybersecurity360, AI4Business, Risk Management360, EnergyUp, Blockchain4Innovation, Internet4Things, Industry4Business, ANRA - RM Magazine, ISPI online, Insurance Review, INsurzine, UNI Magazine online, The BCI Blog, Data Manager).
Partecipato, in qualità di co-autrice, alle edizioni 2020 e 2021 del Rapporto Clusit - Cyber Security.