ISO 22316. Organizational resilience
Published in 2017, this standard sets out principles, attributes and activities that an organization must consider in order to maintain and enhance its resilience.
Organizational resilience is the ability to absorb and adapt in a constantly changing environment to meet its objectives and prosper.
Principles proposed by standard are the following:
- Aligned behaviour with vision, mission and values.
- Context understanding.
- Ability to absorb, adapt and effectively respond to change.
- Good governance and management.
- Diversity of skills, leadership, knowledge and experience.
- Coordination of all areas.
- Risk management.
Vision, mission and values must be shared throughout organization and be reflected in the low-level objectives of all areas, always aligned with business strategy. They must be reviewed regularly in order to be adapted to the changes produced.
We should not limit ourselves to current strategy and scope of the organization, it is necessary to reflect on a wider scope and following strategic evolution, counting on interested parties that are convenient, strengthening relation and commitments with them.
Organization Resilience Strategic Committee
A strategic organizational resilience committee is usually constituted to complement crisis committee, since its mission is to make decisions at strategic level. It must take into account various scenarios in different time horizons. To identify the most resilient and damaging situations and to know margins of maneuver available in the worst-case scenarios. Decisions taken by this committee are initiatives, actions that must be managed to endow them with resources and put them into action. Although it may be activation points of these actions are defined according to the fulfilment of certain criteria.
It is necessary to establish and promote a culture of organizational resilience, mainly through leadership, at all levels, adapted to change, integral and goal-oriented. Sharing lessons learned at the appropriate level for effective learning and improvement. This will transmit values in behavior and enable us to get staff to commit to these values.
Coordination between all areas of the organization is essential, as they support the mission and strategy individually and collectively. Each area must to know how to contribute and participate. It is necessary to promote fluid communication between areas to avoid mismatches and inefficiencies.
By encouraging creativity and innovation among staff, it will be possible to identify threats and opportunities associated with organizational resilience, which after further analysis, can potentially be converted into improvement actions and activities to be implemented in the company.
We must not forget that all principles must consider a certain degree of flexibility in order to have a margin and not lose the ability to adapt to any event that occurs.
Standard suggest us following tools to work on principles:
Standard suggest us following tools to work on principles: Likewise, availability of resources is essential for proper management. We must consider personnel, facilities, technology, financing and information, in order to manage all vulnerabilities that can be detected and thus improve organizational resilience.
With sufficient and available resources, single points of failure will be avoided by treating them with redundancy and business continuity solutions. Thus, we will have a flexible response to adapt to the new circumstances that may arise.
Communication, not only as a coordination tool, but also as a way to promote shared knowledge and learning. It is essential that knowledge acquired by company over time is accessible by all people involved and can thus make proper use of it.
Continuous assessment should lead to continuous improvement. If we get to monitor behavior and processes against previously defined criteria, we will be in a position to identify potential weaknesses, which we must assess to convert into improvement actions. This monitoring must be constant in order not to miss any event that hinders achievement of objectives.
En Decision criteria must consider effectiveness of monitored actions, must establish measurement methods and thresholds that indicate us levels of efficacy against which we must compare the results of monitoring. These criteria and indicators must also be reviewed and updated so that monitoring carried out is always adjusted.
In summary, standard promotes improvement of organizational resilience, translated into the ability to anticipate changes: Provide services under changing circumstances, adapting business processes with the aim of absorbing impacts and giving an adequate response to change.
- Managing personal data in schools
- Changes in data protection and the importance of risk analysis
- The figure of the Data Controller and Data Processor in the GDPR
- Protecting personal data in the coronavirus crisis
- What is it and how to develop a Record of Processing Activities, risk analysis and impact assessment?