The operational resilience model is changing. Businesses have spent years and countless money trying to stop bad things happening. Now they are accepting that bad things will happen – and it’s what they do about it that matters. This panel atRiskMinds Internationalexplores the fundamentals of building a resilient business while involving various stakeholders in the business.
Left to right: Mihai Popa, ING Bank; Nicky Russell, HSBC; Naomi Springate, Lloyds Bank; Matthew Field, HSBC
将Cyber Fort和Cente在恢复力计划中放置的传统方法正在发展,以至于,完全成熟的模型需要考虑更广泛的风险。
在技术风险和运营弹性峰会上发表演讲,Nicky Russell那Director, Global Operational Resilience, HSBC, told delegates about the importance of taking an end-to-end approach. Rather than focusing on assets, businesses now need to focus on outcomes: what is an alternative way of delivering business services and keeping up and running while resolving the problem.
这意味着映射出每个业务关键函数并识别整个供应链中的风险。这些关键柱的每个业主需要询问他们的功能有何弹性 - 以及如何根据威胁景观将在未来中的弹性。
对于银行而言,拉塞尔说,这通常需要对思维的根本转变。它不再是关于你愿意花费多少钱以尝试抵消风险,而是更多关于“影响宽容”。这个概念最近介绍a Bank of England paper那refers to the point at which there is risk or harm to the customer, marketplace or viability of the firm. Businesses need to hypothesise where this impact tolerance is, and then test that. And very few have the capability or mindset to do that.
链中最薄弱的一环
Increasingly, companies are recognising that operational resilience is a board-level issue. It is something that has to be planned into the infrastructure of a business. And it is a critical consideration during business transformation.
同样重要的是要记住,管理风险的责任需要与技术的个人境内居住在于答案不是答案,面板警告这个“往往会导致尾部摇摆狗”。
Mihai Popa.那它Area Lead Continuous IT Operations, ING Bank, highlighted that businesses are only ever as strong as the weakest link in the chain. This means an operational resilience plan needs to take account of suppliers and third parties – and by extension, their third parties.
对于Popa来说,建立操作弹性意味着不断地测试业务并通过无限的“如果”方案会发生什么事。这可能意味着删除代码,脱机服务器,或计划第三方的失败。大多数企业尚未计划对业务关键函数的失败,并且没有尝试和测试的替代方案可以插入到位。
A customer-first approach
对于Naomi弹簧,董事,运营复原力和安全,首席安全办公室,劳埃德银行,不断变化的业务弹性态度意味着侧重于对客户最重要的事情。最重要的地区是那些影响企业能够以客户或客户预期的方式提供服务或产品的能力。对于每个关键函数,Lloyds将跟踪和收集来自所使用的技术的所有内容以及从其使用的人员使用的人,并在其使用的第三方达到董事会级别。
合作将成为创造未来最具弹性风险模型的关键。这意味着企业内的合作,跨职能,也考虑到他们与之合作的第三方。在有效的战略伙伴关系中,其他玩家将能够进入并在失败点进入并取得重量,因此向客户提供服务不会中断。需要识别并避免单点故障。
From a regulatory perspective too, working together will be key. Some of the most detailed organisational resilience regulations are coming out of the UK and there is now a growing focus from businesses to coordinate and help avoid too many different requirements in different countries.
Watch this space, saidMatthew Field那Senior Manager, Digital Public Policy, HSBC – there is going to be a lot more discussion about operational resilience in the future. And planning for when things go wrong will be the mark of a successful business.
