 |
| Organizational resilience takes all appropriate actions to help ensure the organization’s continued viability |
In this day and age, the traditional components of security officers, cameras, access control and alarm systems aren’t enough to protect a company or organization.
No matter how good your preparations, security sometimes breaks down, and bad things happen. That can take a toll on a business. Today, security’s role extends to organizational resilience.
What is organizational resilience? The ASIS International American National Standard on Organizational Resilience (OR) defines it as “a management framework for action planning and decision making needed to anticipate, prevent if possible, and prepare for and respond to a disruptive incident (emergency, crisis or disaster). It enhances an organization’s capacity to manage and survive the event and take all appropriate actions to help ensure the organization’s continued viability.”
Organizational resilience is perhaps the most important responsibility that security has today. It goes beyond traditional security and provides business value to the organization by ensuring business continuity.
“Businesses are in business to create value,” says Marc Siegel, the commissioner, global standards initiative for ASIS International’s European Bureau. “Crisis management is the process of facilitating the recovery of business functions after an event.”
That idea suggests a new way of conceiving of the role of security. Traditionally, the idea that security could and probably would break down one day went unspoken and unrecognised.
 |
| see bigger image |
Today, we know better. Good security organizations and systems work fine most of the time. Sometimes, though, airplanes fly into buildings and people with guns burst into company offices and start shooting. Now, the security team becomes a response, recovery and business continuity team.
Response, of course, comes first. In the case of an active shooter, for instance, the response and recovery work would involve calling the police, hustling people to safety when possible, providing first aid for the injured, supporting the police when they arrive and initiating recovery plans that will enable business to continue with as little downtime as possible.
Then comes recovery. How did this event affect the company’s ability to do business? How can you help organize a return to full service capabilities?
Identifying and recovering from problems
Response and recovery deals with a variety of threats to a business, criminal and otherwise. For instance, Siegel once consulted with a client that generated hazardous materials during manufacturing. Disposing of the waste cost so much that the company found it easier and less expensive to store the waste in barrels at the plant.
Was on-site storage really less expensive? The barrels cluttered up the plant and created an eyesore for neighbors. As the company’s security consultant, Siegel decided to check. After all, storing hazardous material on site seemed like a safety risk.
“When we investigated, we found that it was not really a hazardous waste problem,” he says. “It was an accounting problem. Purchasing was buying chemicals in bulk to for the volume discounts.”
 |
| Building OR begins with eliminating security silos and divisional silos within a business |
“While that seemed like a good idea, when we added in the lifecycle costs of the chemicals, including final disposal, we discovered that it was actually more cost effective to buy smaller quantities of chemicals, generate less waste and pay a reasonable disposal fee.”
By solving the hazardous waste problem, Siegel solved two other problems no one had noticed before. The workers felt safer with the hazardous materials gone and grew more efficient, and the neighbours saw that the waste had been cleaned up and grew more comfortable with the plant. Overall, OR improved.
Building organizational resilience
“Building OR begins with eliminating security silos and divisional silos within a business,” Siegel says. “We have to begin thinking of ourselves as risk managers. We have to get to know the managers in other divisions and the risks they need help managing. There are risks in every department, and so everyone is part of risk management solutions.”
“In the end, OR is the outcome of hitting the sweet spot between business management and risk management processes,” says Siegel.
