ICOR’s Organizational Resilience Framework identifies twelve management disciplines that effectively manage risk. Each of these disciplines must be implemented as a system and then each system integrated into one framework. It is essential to eliminate silos. Click on each discipline to learn more.

In addition to effectively managing risk, it is just as important that the organization has effective and empowered leaders at all levels, leaders who are trusted and respected, and leaders who can make decisions.

Culture also plays an important role in an organization’s resilience. An organizational culture that values input from everyone, fosters creativity and innovation, values knowledge, learning, and continual improvement and that communicates effectively will be more resilient than one that does not.

However, organizational resilience is more than managing risk, engaging leadership, and having a healthy culture. The organization must be financially viable and provide a product or service

Resilience requires a coordinated approach.

While there is no single strategy or solution to make an organization resilient, an organization can enhance its resilience by:

Strengthening of individual management disciplines of the organization that manage risk and doing so in an integrated and coordinated manner.
Building a culture that ensures the organization behaves in a healthy manner.
Increasing its adaptive capacity and ability to manage change.

Each of these aspects plays an important role in building a more resilient organization, but implemented as a framework and as an integrated strategy will bring the most benefit.

Business Continuity / Continuity of Operations

Business Continuity Management (BCM) is a management process that identifies potential threats to an organization and the impacts to business operations if those threats are realized.

Continuity of Operations Planning (COOP) is a similar system designed for continuity of government operations or the “public sector.”

Both systems provide a system for enhancing the resilience of an organization. There are standards that provide requirements and guidance for designing and implementing a Business Continuity Management System.

Crisis Management and Communications

The Crisis Management & Communication Discipline addresses crises that are managed primarily by top management and at a strategic level of the organization.

Crises may emerge as a result of inadequately managed incidents that are allowed to escalate in scale, duration and impact. They may also be the product of multiple incidents that present new types and compound levels of risk. For all of these, crisis management is essentially and primarily a strategic function.

The communications element of this discipline focuses on the strategies, key messages and communications with the varied audiences and interested parties of the organization.

Critical Environments

The focus of the Critical Environments discipline is on the design, build, operations, management, governance, and audit of data centers and other critical environments used to house computer systems, and associated components such as telecommunications and storage systems.

The Critical Environments discipline also includes facility management best practices, safety and security capabilities, as well as energy efficiency and an environmentally friendly design.

Financial Health & Viability

Organizational resilience is more than managing risk, engaging leadership, and having a healthy culture. The organization must be financially viable and provide a product or service under changing conditions.

An organization’s bottom line profit margin is the best single indicator of its financial health and long-term viability. Four main areas of financial health are liquidity, solvency, profitability and operating efficiency.

Human Resource Management

Human Resource Management is a business field focused on maximizing employee productivity. It is a function in organizations designed to maximize employee performance in service of an employer’s strategic objectives. Human Resource Management also concerns itself with managing and encouraging organizational change.

Organizational resilience is enhanced when organizations hire personnel with leadership qualities, leaders who encourage a culture of resilience, and leaders who can adapt to changing circumstances.

In addition, in order for an organization to effectively manage change and risk throughout the organization, it must hire people who not only have adequate competencies to complete the required job function but they must also demonstrate personal resilience attributes and be able to handle stress, make decisions, and work in a team environment.

Information & Communication Technology Continuity

The discipline of Information and Communication Technology (ICT) addresses the need for organizations to protect their technology and telecommunication systems and to minimize the impact of disruptions.

ICT Continuity stresses the role of unified communications and the integration of telecommunications, computers as well as necessary enterprise software, middleware, storage, and audio-visual systems, which enable users to access, store, transmit, and manipulate information while minimizing the impact of disruptions.

For an organization to be more resilient it must understand the nature of the information it is storing and the value the information has to the organization in order to make the right choices about where and how to store their data.

Incident Response

The focus of this discipline is on the planning needed for an effective response to an incident. Organizations need to have procedures in place to manage an incident that impacts life safety and physical assets.

The response structure should meet the needs of the organization and should consider physical security as well as environmental health and safety.

Information Security

Today more than ever, computer system threats need to be both understood and protected against at the highest level possible. With the increase in threats the field of information security has grown and evolved.

Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).

Legal, Audit, and Compliance

The Legal, Compliance and Audit discipline plays two roles in organizational resilience. First, it is a collection of best practices as determined by various industry groups, oversight organizations, and government agencies. Second, inspection procedures up to and including third-party audits are available to ensure alignment with the practices.

When legal, audit and compliance activities work together, the organization will more effectively manage risk and implement controls that support its compliance program.

Organizational Behavior

Organizational Behavior is the study of human behavior in organizational settings, the interface between human behavior and the organization, and the organization itself.

The focus of the ICOR discipline on Organizational Behavior is an understanding of the attributes of resilient organizations including attributes affecting culture, coordination of risk management activities, sharing of information and knowledge, resource availability, understanding of internal and external environments, and being able to anticipate and manage change.

Also included is the need to understand both the role of the organization in the communities in which it resides as well as the overall resilience of those communities and the impact of the community itself on the organization’s resilience.

Risk Management

Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of an incident or to maximize the realization of opportunities.

The objective of risk management is to assure uncertainty does not negatively impact strategic objectives of the organization.

ICOR’s discipline of risk management includes enterprise risk management which deals specifically with the process of planning, organizing, leading and controlling the activities of the organization in order to minimize the impact of risk on an organization’s capital and earnings which includes financial, strategic, and operational risks.

Supply Chain Management

Threats to your supply chain and therefore to your organization abound – their likelihood and consequences heightened by long, global supply chains, ever-shrinking product cycles, and volatile and unpredictable market cycles.

Supply chains are increasingly at risk of disruption. It is important for organizations to implement a process for supply chain continuity, manage supply chain risk, and ensure supply chain security.

This discipline focuses on how to increase the resilience of an organization’s supply chain.