I’m Peter Webster, chief executive of Corps Security, and this is where I examine the issues affecting the security industry. My thoughts and opinions are intended to generate debate, and whether you agree or disagree with them, you’re welcome to post your comments below.
We live in uncertain and worrying times. The current UK threat level for international terrorism is severe, meaning that an attack is highly likely, and there appears to be a proliferation of natural disasters such as flooding, storms, fires and even sinkholes, occurring with alarming frequency. It’s not until an unplanned and unexpected event occurs that an organisation’s true vulnerabilities are exposed, which is why organisational resilience is far more than just a trendy buzz-phrase – it could be the difference between the destruction of a business and the potential loss of life, and staying safe and secure.
Working in the security industry, it’s always surprising just how often I hear the words ‘it’ll never happen to us’. I think there’s a certain amount of denial in people not wishing to think the worst and trying to remain optimistic. Although there’s nothing wrong with a bit of optimism, when it takes the place of realism it’s a problem.
Even though the world has become a more dangerous place since 2001, the need for organisational resilience should not be thought of only in terms of terrorism – there are of course the problems associated with more natural disasters.
We can all remember a couple of years ago when torrential rain triggered flooding, affecting many homes and businesses. Major cities are not immune from mother-nature’s wrath either, and as recently February this year flood alerts were put in place for London after the River Thames burst its banks due to tides and heavy rain. A total of 16 warnings were issued, as water levels reached almost as high as the pavements in some parts of central London.
Therefore, having a strategy in place that can help deal with an unplanned event while it is actually happening is vital in order to protect people and property. Organisational resilience is the term used to determine how adaptable, competitive, agile and robust an enterprise is, and encourages a proactive and determined attitude to dealing with incidents. Put simply, it should be on the radars of public and private enterprises of all kinds.
In late 2014, BSI published BS 65000 Guidance for Organizational Resilience. This landmark standard provides an overview of resilience, describing the foundations required and explaining how to build it in to all aspects of an operation. It deals with an organisation’s capacity to anticipate, respond and adapt – which could be crucial to its survival. Organisational resilience works alongside existing risk, crisis and business continuity management strategies to provide a solid defence against anything that could affect an enterprise.
Although they are linked, organisational resilience should always be considered separately to disaster recovery and business continuity. While these two processes deal with the immediate after-effects, organisational resilience is concerned with what happens during an event itself. There are three key elements to organisational resilience – anticipation, preparation and response. It involves being aware of potential situations and the risks, vulnerabilities and capabilities involved in dealing with them, as well as the need to be able to make informed tactical and strategic decisions.
The best way to maximise the effectiveness of such a strategy is by integrating and coordinating the various operational disciplines throughout an organisation. Security forms an important part of organisational resilience, regardless of whether it applies to physical, financial, personnel, cyber or any other asset. Effective resilience requires more than just a defensive security and protection approach though, and necessitates the use of an organisation’s inherent strength to withstand a crisis and deflect attacks. While all of the above is vital, so too is stakeholder buy-in. Certain individuals must also be given decision-making responsibilities for major calls such as whether to evacuate, invacuate or even lockdown a premises.
In my opinion, this is where specialist security services providers like Corps Security, which can deal with the wider issues surrounding organisational resilience, are an important part of the jigsaw. The ability to complete strategic security reviews, develop corporate security policy and strategy documents, carry out risk and threat assessments and security audits, as well as train personnel, should not be underestimated.
Enterprises that take organisational resilience seriously increase their chances of maintaining successful and thriving enterprises that can deal with unplanned events immediately, rather than relying on a disaster recovery or business continuity strategy to kick in. If all organisations take this step it will also strengthen the national infrastructure, which is why influential bodies like the government’s Centre for the Protection of National Infrastructure (CPNI) are taking it so seriously.
So is organisational resilience scaremongering or a call to action that should be heeded? I know what I think and I’d like to hear your opinions on the subject.