Three Things Executives Should Know About Organizational Resilience Standard ISO 22316

  • 20 Apr 2022

The increasing importance of organizational resilience for executives

A few years back, the ability of an enterprise to absorb and adapt to changes in the business environment might not have been on too many executives’ radars.

Now, with the chaotic business environment, senior leaders – the only people with visibility across the entire enterprise – must reorient their organizational cultures toward achieving organizational resilience. The only question is how?

That’s where organizational-resilience best practices come in. These are strategies that business leaders should strive to adopt in their businesses.

Indeed, many of the practices are found in international standard  ISO 22316: 2017. The security and resilience standard provides sector-agnostic guidance to enhance organizational resilience.

The following article lays out three important takeaways for senior leaders.

Takeaway 1. What resilient organizations look like.

As the standard defines it, resilient organization are those entities that can absorb and adapt to the changing (business) environment while continuing to deliver on the objectives that enable survival and prosperity.

Such entities will have top management committed to enhancing organizational resilience, having understood the attributes that make organizations resilient in the first place. A checklist of those attributes includes the following:

  • Their behavior is aligned with a shared vision and purpose
  • They rely upon an up-to-date understanding of the organization’s context
  • They rely upon an ability to absorb, adapt, and effectively respond to change
  • They rely upon good governance and management
  • They are supported by a diversity of skills, leadership, knowledge, and experience(s)
  • They have coordinated across management disciplines and garnered contributions from technical and scientific areas of expertise
  • They rely upon effectively managing risk

Per ISO 22316, senior leaders of resilient organizations will have also developed and encouraged others to lead under a range of conditions and circumstances, including during periods of uncertainty and disruptions. That’s because those leaders prioritize and resource the following activities:

  • Developing trusted and respected leaders who act with integrity and are committed to a sustained focus on organizational resilience
  • Assigning roles and responsibilities for enhancing organizational resilience
  • Encouraging the creation and sharing of lessons learned about success and failure and promote the adoption of better practice
  • Empowering all levels of the organization to make decisions that protect and enhance the resilience of the organization

Takeaway 2. Leadership is important but so is sharing knowledge and information.

Even with the best leaders, however, not much can get accomplished without the right information, getting to the right people, at the right time.

What does ISO 22316 say about sharing information and knowledge? Firstly, the standard encourages the sharing of important experiences.

Entities should also ensure that information, knowledge, and learning is valued – that they are recognized as critical resources of the organization. Learnings should also be extracted from all available sources.

To make that happen, information must be readily accessible, understandable, and adequate to supporting the organization’s core objectives.

Indeed, knowledge and information must be created, retained, and applied through established systems and processes.

Takeaway 3. Invest in the right resilience-promoting resources.

Of course, efficient information-sharing isn’t easy. Organizations will have to invest in the right knowledge-sharing resources, including people, premises, technology, and/or other assets.

Beyond that, ISO 22316 recommends resourcing the following activities:

  • Taking appropriate decisions on resourcing and capacity diversification, replication, and redundancy to avoid single points of failure and respond to incidents and change, so that core services are maintained at an acceptable, pre-determined level
  • Selecting and developing employees with a diverse set of skills, knowledge, and behavior that can contribute to the organization’s ability to respond and adapt to change
  • Developing an ability to identify and respond to changes in a flexible manner, including modifying and redeploying capabilities, arrangements, structures, activities, and behavior to adjust to new conditions
  • Routinely reviewing the suitability, availability, and allocation of resources, taking account of the impact of any changes in the organization and its context

Finally, senior leaders by now understand that the risk profiles of their organizations have gone up dramatically. They also know that implementing organizational resilience promoting activities is the only way to stay ahead.

But as organizational resilience rises in popularity, what practices will make the difference? Well, as this article has laid out, ISO 22316 provides a set of best practices to which senior leaders should adhere. The best practices help to ensure better incident response, decision-making, and continuous improvement of resilience-enhancing activities. 

And with the next great crisis right around the corner, those best practices might be the only measures that keep your business afloat, enabling you to seize the next great opportunity as soon as it’s presented. Looking for even more resilience best practices? Download Noggin’s free guide for executives: Understanding ISO 22316.

More on