Digital Operational Resilience vs. BCM – Two Approaches, One Goal
In today's world, information and communication technology (ICT) plays a crucial role in the way financial institutions operate and deliver value to their customers. However, with the growing use of technology follows an increased risk of cyber threats and disruptions, which can significantly impact an organisation's ability to operate and serve its customers.
DORA’s central role in future resilience
Having a reliable infrastructure and ICT services which can ensure business operations even in the face of disruptions is a necessary capability for financial institutions to possess in today’s business landscape. This applies both to financial institutions’ internal contingency as well as the stability of the financial system. This is where DORA comes in. One of the core purposes of the regulation is to achieve such stability through ensuring digital operational resilience among financial institutions.
Since DORA was published, we have seen several discussions on the topic of what is digital operational resilience, as well as how it relates to business continuity management (BCM). These are two interrelated areas, which strive for the same goal of ensuring operational stability. It would however be a mistake for a financial institution to assume a well-functioning BCM can be interchanged with having achieved digital operational resilience. It is therefore crucial to understand the differences between the areas as well as how they relate, when striving to achieve digital operational resilience. Let us break down what the two different areas entail.
Defining BCM and digital operational resilience
BCM is the process of developing and implementing strategies and plans to ensure the continuity of critical business functions in the event of a disruption, including disaster recovery plans for ICT systems. The purpose of BCM is for organisations to be able to handle disruptions when they occur. The goal of BCM is to enable an organisation to continue operating and providing essential services or products during and after a disruptive event.
Digital operational resilience, on the other hand, focuses on the organisation’s ability to assure operational reliability by having ICT-related capabilities to ensure the security of its networks and information systems. In other words, the goal of digital operation resilience is for organisations to heighten their capacity and possess sufficient internal ICT-capabilities for there to be a trust that ICT-services and networks will continue to be reliable in the face of disruption.
At a glance, these descriptions seem very similar to each other. BCM and digital operational resilience strive for the same goal of ensuring operational stability. What is important is the difference in their approach. BCM focuses on maintaining critical business functions during a disruption, while digital operational resilience focuses on ICT-related capabilities to ensure high operational reliability. Digital operational resilience has a more holistic approach, containing and coordinating activities such as identifying and assessing threats, managing ICT risks, and executing controls for information security. From this perspective, BCM is an integral part of digital operational resilience.
Achieving digital operational resilience
When striving for digital operational resilience, financial institutions will need to integrate their BCM strategies with ICT capabilities to achieve a resilient organisation. You should ask yourself; how do we take our business continuity management and integrate it with our ICT capabilities to achieve digital operational resilience? This will require a coordinated effort between different departments, including IT, information security, risk management, and business continuity management.
For example, financial institutions can leverage technology to enhance their BCM capabilities, including using threat monitoring, data analytics, and automation to identify and prioritize critical business functions, assess the impact of disruptions, and develop recovery plans. Financial institutions can also use cloud computing to ensure the availability and scalability of their IT infrastructure, enabling them to quickly respond to disruptions and maintain operational stability.
In conclusion, achieving digital operational resilience commands a holistic approach, tying together IT capabilities, including BCM. This requires a coordinated effort where several departments of the organisation need to align and integrate their activities. By doing so, financial institutions can achieve a resilient IT infrastructure that enables them to continue operating and delivering value to their customers during threats of disruptions. We have a broad experience in helping financial institutions achieve resilient organisations and implementing measures that are aligned with the organisation’s business goals.
For inquires or further information please reach out to: