Organizational resilience as process
By Phill BanksFeatures Opinion
Given the economic unrest of the global market place in recent years it is not surprising that security budgets have remained hard fought and challenging. Regardless of geographic location, organizations have been challenged by volatile markets and uncertain futures. During this same time it would be naïve to expect that the threats and risks faced by both the private and public sectors would necessarily decline; actually quite the opposite in some sectors.
The words of Rachel Briggs and Charlie Edwards in their 2006 research paper titled “The Business of Resilience — Corporate Security for the 21st Century” that “security’s role is to help the company to take risks rather than eliminate them” are very much to the point. This has been increasingly the case in recent years and demands have been made of security to mitigate a wider array of threats and risks than ever before and to think as business enablers rather than solely as security professionals.
In the years since 9/11 we have recognized that stopping a threat-event from occurring is difficult to say the least; some might say impossible. Regardless, it is a priority that organizations are prepared if and when the threat-event finally arrives. Preparation of the organization across its entire operation will minimize damage resulting from the threat-event as well as maximize their ability to recover in the shortest time frame. To some it may also mean survival. Working together, functions such as corporate security, risk management, IT security and business continuity management form a formidable team which can achieve the level of preparedness needed in today’s environment.
To reach a heightened and consistent level of preparedness, a formalized process is needed to establish the management framework on which organizational resilience can be developed, managed, maintained and measured for performance. The ASIS International, American Standard for Organizational Resilience, Security, Preparedness and Continuity Management Systems (ASIS SPC.1-2009) provides for such a framework for identifying, establishing and managing the activities required to improve the level of resilience of any organization. These activities include risk management, the organization’s ability to anticipate and prepare for threat events, mitigate the impacts of these events as well as the ability to return to normal business operations in the shortest period of time possible.
The organizational resilience process enhances the role of security and brings it to a closer working and professional relationship with its peer groups.
The ASIS International Canadian Pacific Chapter will be hosting a three day Organizational Resilience Workshop from October 31st to November 2nd, 2011 in Vancouver. For more information, please visit: http://www.asis-canada.org/physical-security-conference-2011/
Phillip Banks, P.Eng. CPP, leads The Banks Group Inc. a Vancouver based risk management and organizational resilience based company which provides security advisory services to its client throughout North America and elsewhere in the globe. Phill served in the RCMP completing his career as the Officer-in-Charge of the national Security Engineering and Electronic Security programs.
Print this page