I started reading ISO 22316:2017 about 2 months ago. My impression about Organisational Resilience was at the most BCM, Risk Management and Crisis Management put together.
After going through the standard, I realised that there are about 20 domains/ disciplines in the organisation that play together in making an organisation 'resilient' - Cyber Security Management, Information Security Management being two of those.
In the current Covid-19 Pandemic period, when most worked from home (some still continue to do, some organisations have announced that to be the affair for ever now), I believe we need to focus a lot more on these two domains.
While the media is full of coverage that the number of cyber attacks have increased in this period, the challenge that I see is lack of information about how many of those attacks have been successful, how many have lost, how much data/ money. In absence of these facts, I believe, people ae still not taking the issue seriously.
I also believe, that the home environment can never meet the office environment when it comes to security (physical or information). I believe that the customer and the vendor both have done some unsaid compromises that no one is willing to admit or put on the paper.
I liked the standard (ISO 22316) so much that I developed a course on Organisational Resilience that has received high accolades. I now see the depth and width of Organisational Resilience.
I coined this term 'a Risk Managing, Learning, and Continually Improving organisation is a Resilient Organisation'.
I look forward to experts'views.
Comments