Evaluate your organization's ability to absorb and adapt to disruptions.
Our Operational Resilience assessment evaluates your organization's capacity to anticipate, prepare for, respond to, and adapt to incremental change and sudden disruptions. Aligned with ISO 22316 and regulatory expectations, this assessment helps identify vulnerabilities in critical business services and ensures your organization can continue to operate within impact tolerances during adverse conditions.
Evaluates the governance framework, board oversight, and strategic alignment of operational resilience. Assesses accountability structures, policy frameworks, risk appetite integration, and regulatory compliance across UK PRA/FCA, EU DORA, and regional requirements.
Assesses the identification and documentation of important business services that, if disrupted, could cause harm to consumers, market integrity, or the organization's safety and soundness. Evaluates service definition, ownership, and prioritization processes.
Evaluates the establishment of impact tolerances representing the maximum tolerable level of disruption to important business services. Assesses tolerance definition, quantification, and board approval processes.
Assesses the identification and mapping of people, processes, technology, facilities, and information required to deliver important business services. Evaluates end-to-end mapping completeness and vulnerability identification.
Evaluates the design and execution of scenario testing to validate the ability to remain within impact tolerances during severe but plausible disruptions. Assesses test design, execution, and outcome utilization.
Assesses the organization's approach to self-assessment of operational resilience capabilities, identification of vulnerabilities, and implementation of remediation plans. Evaluates assessment rigor and improvement tracking.
Evaluates the integration of third-party risk management with operational resilience requirements. Assesses provider resilience assessment, contractual requirements, and ongoing monitoring of third parties supporting important business services.
Assesses the integration of incident management capabilities with operational resilience requirements. Evaluates incident detection, escalation, communication, and learning processes in the context of important business service disruptions.
Evaluates the integration of technology risk management with operational resilience requirements. Assesses technology architecture resilience, change management controls, and continuous technology capability to support important business services.