The latest resilience news from around the world

Operational Resilience Framework published by GRF Business Resilience Council

Details

The Global Resilience Federation’s (GRF) Business Resilience Council (BRC) has published an Operational Resilience Framework, after more than a year of development by a cross-sector team.

Traditional disaster recovery and business continuity efforts have focused on data recovery with little regard for providing services during an impaired state, says the BRC. The framework working group sought to help solve that challenge.

The goal of the Operational Resilience Framework is to reduce operational risk, minimize service disruptions, and limit systemic impacts from destructive attacks and adverse events. The framework’s rules and implementation aids, aligned to existing standards, including NIST and ISO, help ensure that services critical to customers and partners continue to operate through a crisis – even if impaired.

The Operational Resilience Framework rules define the ‘Path to Operational Resilience’ with seven steps:

  • Implement industry-recognized risk management, information technology and cybersecurity control frameworks.
  • Understand the organization’s role in the ecosystem.
  • Define the Minimum Viable Service Levels for each Operations Critical and Business Critical service.
  • Establish Service Delivery Objectives for each Operations Critical and Business Critical service.
  • Preserve the Data Sets necessary to support Operations Critical and Business Critical services.
  • Implement processes to enable recovery and restoration of Operations Critical and Business Critical services to meet Service Delivery Objectives.
  • Independently evaluate design and test periodically.  

The BRC says that aspects of the Operational Resilience Framework that distinguish it from other efforts include:

  • Planning for delivery of critical services in an impaired state until services can be fully restored;
  • Implementing immutable backup and restoration systems for data, systems, applications, networks, and configurations; and
  • Requiring executive-level sponsorship and support from the business to build a culture that achieves resilient business services.

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The BIA Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.