CRITICAL�RESOURCES
IMPORTANT BUSINESS SERVICES
PROCESSES
Risk and Compliance Management includes identifying your risks, assessing them for impact and probability as well as taking appropriate measures to minimize them. To achieve operational resilience, you need to control your ICT and business risks and related assets. Threat management capabilities categorize, score and assess threats and relate them to architecture elements.
Process Intelligence optimizes business processes through modeling and mining. Process Modeling gives you insights into the business and the transparency needed to analyze the processes supporting it. This helps you identify Important Business Services and make them resilient to disruption. Process Mining detects weaknesses and inconsistencies to enable process optimization.
Enterprise Architecture Management (EAM) describes the IT landscape in terms of its business, application, information and technical layers to understand how these fit together and to develop standards for change to guide transformation. It is used to define roles, responsibilities, and processes within IT and between IT and business—critical information for Operational Resilience.
Operations Optimization in the context of Operational Resilience concerns understanding all elements that affect Important Business Services. With these insights you can execute scenario testing for various types of disruption and close any gaps. Risk and control management, business continuity management and security architecture contribute to optimizing the operating model.
IT Governance is about implementing policies, guidelines, standards and controls for IT change. In the context of Operational Resilience, it includes activities such as documenting owners of all ICT assets and responsibilities for risk-related roles, building workflows to anchor risk management processes in organization, and using policies to guide planning and change management of ICT assets.
Business Continuity is the �capability of an organization to �continue the delivery of products �or services following a disruptive incident. It involves anticipating potential threats, identifying critical locations, IT, processes, staff and external suppliers, and defining how to keep critical processes and systems running.
In Service Provider Management, an organization maintains and updates a register of all contractual arrangements on the use of ICT services. IT assets and critical functions are linked to vendors and contracts and their SLAs for an understanding of risks due to a vendor or contract – important for 3rd party risk management in Operational Resilience.
Regulatory Management is about ensuring your company is compliant by being in control of all relevant regulations. Mapping regulatory requirements to your business landscape creates the necessary transparency to know exactly where and how you will have an impact in case of any issues. Regular control tests ensure you are compliant with regulations and internal policies.
Important Business Services are the services that a firm provides, which, if disrupted, could pose a risk to its safety and soundness or, in some cases, the stability of its entire operations. Examples: payment processing, customer support, and critical IT infrastructure.
Supporting processes are the processes that ensure that the ‘Important Business Services (IBS)’ function properly. By mapping processes to the IBS, organizations can pinpoint which processes are essential for delivering these key services.
Critical Resources refer to the essential elements that enable an organization to maintain its operations even during disruptions. These resources are vital for achieving operational resilience. Critical resources can be: technology, people, processes, facilities, information and third parties.
Strategic Portfolio Management (SPM) is used to validate investment in business and IT change and to ensure the business strategy is executed on with a fit-for-purpose IT portfolio. For Operational Resilience, SPM provides transparency into the web of interrelated business and IT activities and change impacts—change that potentially introduces risk into the enterprise.
Security Architecture defines the systems, policies and technologies needed to ward off threats to business operations. Security architecture takes business strategy and risk appetite into account when providing guidance in the form of reference architectures and blueprints for operating models, standard security patterns and platforms for solution architectures and definition of policies and principles.
