To be effective, the principal stages of OR should follow the Deming PDCA model (Plan, Do, Check, Act) which is at the core of many international standards including ISO standards. The following phases should at a minimum be included in each of the stages:
- Plan:
a) Project initiation.
b) Definition of policies and objectives.
c) Risk identification.
d) Business impact analysis.
- Do:
a) Develop organizational resilience strategy.
b) Develop and implement organizational resilience plans.
- Check:
a) Plan testing/exercising.
b) Review and recommendations for improvement.
- Act:
a) Review policies and objectives.
b) Review scope and risks.
c) Review reports, recommendations and observations.
d) Update plans.
Plan
The organization should begin with a commitment from management to support a program for organizational resilience. A senior manager should be assigned overall accountability and responsibility for the completion and testing of the organizational resilience plans. The senior manager should be duly qualified in the subject matter. This expertise can be developed by means of training and certification and/or work proven experience in the subject matter. The senior manager should establish a management structure and team which is competent to manage the full organizational resilience process.
Policies and work objectives should be established which are consistent with - and support - the goals and strategy of the organization. Staffing and budgeting levels should support the continual improvement and ongoing maintenance of the program. Local laws, regulations and industry best practices should be continually evaluated as they are an essential part of the plan.