Michael D. Moberly June 11, 2010
The Standards and Guideliness Commission of the American Society for Industrial Security International, produced a national standard for security titled ‘Organizational Resilience: Security, Preparedness, and Continuity Management Systems: Requirements with Guidance For Use’. (March, 2009)
This ‘standard’ was approved by the American National Standards Institude as a ‘comprehensive management systems approach for security, preparedness, response, mitigation, business/operational continuity, and recovery for distruptive incidents resulting in an emergency, crisis, or disaster’.
The ASIS/ANSI standard defines
1. Organizational resilience management as systematic and coordinated activities and practices through which an organization manages its operational risks, and the associated potential threats and impacts therein.
2. An organizational resilience management program as an ongoing management and governance process supported by top management; resourced to ensure that the necessary steps taken to identify the impactof potential losses; maintain viable recovery strategies and plans; and ensure continuity of functions, products, and/or services through exercising, rehearsal, testing, training, maintenance, and assurance.
While this standard remains voluntary at this point, when its applied to ‘events of the day’, wherein business risks, risk management, and now organizational (fiscal) resilience of a global company have become routine features in the business and mainstream (politics driven) media, its quite probable the standard will be ratcheted up on company board room agendas as action items?
In other words, will there be business influences, a sense of prudency or perhaps urgency, to elevate these best practices for organizational resilience planning and program management (as conveyed in the ASIS/ANSI standard) beyond their current voluntary status to being a driver for assurance from companies to demonstrate they are accommodating the growing political, consumer, and stakeholder pressures to be legitimately proactive in forseeing and managing risks associated with their projects, initiatives, and diverse businesses.
There’s an important point to be made however. A 2010 version of an organizational resilience management program should not be a mere warmed over, updated, or templated version of a conventional (previously used) ‘business continuity and contingency’ plan that typically focused on company’s tangible (physical) assets.
Rather, the economic facts and business realities associated with global knowledge-based economies in which 65+% of most company’s value, sources of revenue, ‘building blocks’ for growth, future wealth creation, and sustainability lie in – directly evolve from intangible assets must be fully accommodated in company organizational resilience planning, and, not just as afterthoughts or incidentals to the program, rather as key and measurable action points that with consistent oversight and monitoring to reflect a company’s valuable intangibles as they are developed or acquired.
(Each ‘Business IP and Intangible Asset Blog’ post is researched and written by Mr. Moberly to provide respectful and useful insights for companies, their management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets. I welcome and respect your comments and perspectives at m.moberly@kpstrat.com.)
I was reading something about this subject last week, and your post clarifed a lot. Thanks for sharing. As always one can find a bunch of useful info here.