ISO 22316:2017 pdf download – Security and resilience — Organizational resilience — Principles and attributes.
4 Principles 4.1 General The principles provide the foundation upon which a framework and strategy to achieve an enhanced state of organizational resilience can be developed, implemented and evaluated. An organization’s resilience: a) is enhanced when behaviour is aligned with a shared vision and purpose; b) relies upon an up-to-date understanding of an organization’s context; c) relies upon an ability to absorb, adapt and effectively respond to change; d) relies upon good governance and management; e) is supported by a diversity of skills, leadership, knowledge and experience; f) is enhanced by coordination across management disciplines and contributions from technical and scientific areas of expertise; g) relies upon effectively managing risk. 4.2 Coordinated approach The organization should develop a coordinated approach that provides: — a mandate to ensure its leaders and top management are committed to enhance organizational resilience; — adequate resources needed to enhance the organization’s resilience; — appropriate governance structures to achieve the effective coordination of organizational resilience activities; — mechanisms to ensure investments in resilience activities are appropriate to the organization’s internal and external context; — systems that support the effective implementation of organizational resilience activities; — arrangements to evaluate and enhance resilience in support of organizational requirements; — effective communications to improve understanding and decision making. 5 Attributes for organizational resilience 5.1 General An organization that has adopted the resilience principles will demonstrate common attributes supported by activities, which guide their utilization, evaluation and enhancement. Such attributes include those described in 5.2 to 5.10. 5.2 Shared vision and clarity of purpose Organizational resilience is enhanced by a clearly articulated and understood purpose, vision and values to provide clarity to decision making at all levels of the organization.
The organization should prioritize and resource the following activities: a) articulate its vision, purpose and core values to all interested parties to provide strategic direction, coherence and clarity in all decision-making; b) ensure individual goals and objectives are aligned with and committed to the organization’s purpose, vision and values; c) monitor and review regularly the suitability of the organization’s strategies and their alignment with purpose, vision, core values and objectives; d) recognize the need to reflect on and, if necessary, revise the organization’s purpose, vision and core values in response to external and internal changes; e) seek out and promote new and innovative ideas to achieve and develop its strategic objectives. 5.3? Understanding? and? influencing? context A comprehensive understanding of the organization’s internal and external environments will help the organization make more effective strategic decisions about the priorities for resilience. The organization should demonstrate and enhance the following: — the ability to think beyond current activities, strategy, and organizational boundaries; — understanding, collaborating and strengthening of relationships with relevant interested parties to support the delivery of the organization’s purpose and vision.