RiskUKAugust2017

More documents

Recommendations

Info

Resilience Revisited: Turning Our Attentions To Successes and Failures Despite widespread acknowledgement of the importance of ‘resilience’ to today’s organisations, in practice a number of questions remain unanswered. Allison Wylde suggests that, despite the emergence of standards and research, there’s still deliberation on an agreed definition for the term, while methods for understanding and applying resilience are somewhat unclear Dr Allison Wylde BSc (Hons) MA FRGS FHEA DIC (Imperial): Faculty Member with Cardiff University’s Business School and a Research Fellow at Cardiff University’s Crime and Security Research Institute 50 www.risk-uk.com Arguably, the prevailing position around the definition of resilience and its understanding and application appears to arise partly as a result of its trans-disciplinary nature. As a consequence, a number of different schools of thought, theories and approaches have developed over the years, in turn giving rise to so-called ‘gurus’ on the discipline aside from those practitioners operating in this specialist realm. Findings from a recent UK survey which asked what resilience means within private sector organisations found that more than 80% of respondents named IT disaster recovery as the most important element of resilience. 55% suggested that it was security and 45% favoured Health and Safety. There’s an important gap in our knowledge and understanding of resilience. Further research might assist our comprehension of the different ways in which resilience may be understood and applied and its performance assessed. Clearly, further work must be undertaken in discussion with practitioners and those companies responsible for resilience plans being implemented. In addition, the specific requirements for each company, setting and industry need to be accounted for. In the here and now, we can focus on recent empirical studies and discussions concerning the topic of a resilience ‘success and failure’-style approach. The overarching aim for all of us is to make sense of resilience as a discipline. In the field, practitioners typically concentrate their focus on a particular stage or phase of resilience. For example, the business continuity sector has been concerned with the stages of recovery from – and to – a ‘business as usual’ mode of operation. As is the case with the emergency sectors, security practitioners have tended to focus on a broader scope for resilience from the perspectives of anticipation and preparation as well incident and/or crisis management and recovery, together with issues of quality (eg ISO 9000:2005) as well as the key drivers of risk (ISO Guide 73:2009 and ISO 31000:2009) and the supply chain (ISO 28002:2011). Engineers were arguably the first to adopt a reliability (ie repeatability) lifetime-focused approach. For their part, some researchers have more recently suggested that strengthening the anticipation element of resilience through concentrating on understanding ‘successes’, as well as failure, may provide benefits. Resilient system According to Hollnagel 1 , a resilient system will exhibit several different traits or ‘abilities’. First, there’s the ability to respond. It’s all about knowing what to do or being able to respond to regular and irregular changes, disturbances and opportunities by activating prepared actions or adjusting the current mode of functioning within the host organisation. Then there’s the ability to monitor. Knowing what to look for, or being able to monitor that which is or could seriously affect the system’s performance in the near term (either in a positive or negative way). The monitoring must cover the system’s own performance as well as what happens in the environment. Next on Hollnagel’s list is the ability to learn. Knowing what has happened or otherwise being able to learn from experience, and in particular learning the right lessons from the right experiences. Last, but by no means least, there’s the ability to anticipate. Here, the focus is squarely on knowing what to expect or being able to anticipate developments – such as potential disruptions, novel demands or constraints, new opportunities or changing operating conditions – further into the future. It’s interesting to note that, from a policymaker’s perspective, concerns regarding resilience have largely resulted in the creation of new standards and guidelines, as well as additional requirements for governance and/or safety regulations across organisations and civil society and during disaster recovery. As a direct consequence, the requirements for reporting near misses, due diligence and audit have increased. Yet, as the fire at Grenfell Tower in West London illustrated with such tragic effect back in June, even in advanced economies disastrous events and fatalities still occur. Tensions between the goals of resources versus efficiencies might have meant that standards were simply applied as minimum standards, while collaborations and partnerships may have fostered confusion and gaps in responsibility.
In the Spotlight: ASIS International UK Chapter One area that shows promise concerns apparent differences in the methodology of risk assessment and, in particular, risk ‘acceptance’ as practised in different industries, sectors and countries. An example centres on industries operating in Scandinavian countries when compared with those in EU nations and, indeed, the US. Different approaches in the specification of controls and factors associated with risk aversion can be identified according to the country under examination. Different disciplines A further promising avenue has been identified among the differing views of resilience that, to date, have been viewed as separate (for example the engineering and built environment disciplines and between healthcare management and patient care). In the discipline of engineering, following an external shock the focus will be turned towards the ability of a system to return to equilibrium. The scope of interest will be resistance to shocks that occur near equilibrium. In ecology, the main characteristics are the scale of shock that a system’s capable of absorbing before it changes to a new and stable state. The scope of interest is far from equilibrium behaviour. When it comes to complex adaptive systems, attentions are drawn towards the ability for anticipatory or reactionary re-organisation in order to minimise the impact of the shock. In terms of the scope of interest, the adaptive capability of systems might result in a new form which may – or may not – be desirable. The scope of each interest varies in context and scale from near-normal to irreversible change. Returning to the case of engineering, the suggestion is that the entity exerts resistance to prevent and resist any change. If change occurs, the entity will be able to return to its original condition. This condition appears similar to the horizon scanning-style ‘anticipate and prepare’ stages outlined within BS 11200: 2014 Crisis Management Guidance and Good Practice. The examples of ecology and complex adaptive systems are more related to the events involved in crisis management, where a return to the initial condition may not be possible since change (ie ‘adaptation’) has already occurred. Furthermore, if the ‘change’ had been preceded by unsafe, insecure or illegal practices then, as mentioned, a return to the original state may not be desirable. One example here concerns the BP-operated Macondo oil and gas prospect oil spill in the Gulf of Mexico which began on 20 April 2010. Killing eleven people, it’s considered to be the largest marine oil spill in the history of the petroleum industry. The US Government estimated the total discharge to be 4.9 million barrels of oil (that’s 210 million US gallons or 780,000 m 3 ). After several failed efforts to contain the oil flow, the well was declared sealed on 19 September 2010, although reports in early 2012 indicated that the well site was still leaking. The subsequent US Presidential report on this episode highlights at least four preventative barriers that failed. Further, a similar event to Macondo had occurred six months earlier, but warnings had apparently not been heeded and, despite the establishment of a dedicated Commission, lessons from the earlier incident were not implemented. In July 2015, BP agreed to pay a massive sum of $18.7 billion in fines. Academic scholarship in and beyond the sphere of security management appears to have been constrained by a view of the ‘inevitability’ of the failure of resilience. Here, then, managing resilience for some scholars has been about managing the effects and impacts of an inevitable failure of resilience. The argument presented for focusing on successes and failures opens many promising avenues to help us develop further questions and research that will hopefully bridge some of the remaining gaps in our understanding. Reference 1 Hollnagel E (2016): ‘Resilience Analysis Graphs’ and ‘Resilience Assessment Grid’ “One area that shows promise concerns apparent differences in the methodology of risk assessment and, in particular, risk ‘acceptance’ as practised in different industries, sectors and countries” 51 www.risk-uk.com
Page 1 and 2: August 2017 www.risk-uk.com Securit
Page 3 and 4: August 2017 Contents 44 Meet The Se
Page 5 and 6: Editorial Comment Many applications
Page 7 and 8: News Update “Clarification on reg
Page 9 and 10: News Analysis: Counter-Terrorism Pr
Page 11 and 12: News Special: BSIA Security Personn
Page 14 and 15: ISO 22316: Preparing for Brexit The
Page 16 and 17: All Things Being Equal recommends t
Page 18 and 19: Institute of Risk Management Are yo
Page 20 and 21: BSIA Briefing References 1 https://
Page 22 and 23: Physical and IT Security Convergenc
Page 24 and 25: State of Mind: Developing ‘Risk C
Page 26 and 27: On The Mark: Safeguarding Your Comp
Page 28 and 29: Touched By A Physical Presence Phys
Page 30 and 31: Net2 Entry Touch Smart, Simple Door
Page 32 and 33: FIRE SAFETY New Qualifications for
Page 34 and 35: FIRE SAFETY False Fire Alarm Manage
Page 36 and 37: FIRE SAFETY Fire Alarms and Detecti
Page 38 and 39: FIRE SAFETY Audible and Visual Prot
Page 40 and 41: FIRE SAFETY Following the Grenfell
Page 42 and 43: FIRE SAFETY Emergency Lighting Stan
Page 44 and 45: Meet The Security Company This is t
Page 46 and 47: Advertisement Feature Reaping the B
Page 48 and 49: The Security Institute’s View rel
Page 53 and 54: FIA Technical Briefing Fire Prevent
Page 55 and 56: FRONTIER PITTS Protecting Your Worl
Page 57 and 58: Security Services: Best Practice Ca
Page 59 and 60: A New Model for Guarding Cardinal's
Page 61 and 62: Cyber Security: Risk Management for
Page 63 and 64: Training and Career Development equ
Page 65 and 66: Risk in Action St George in the Eas
Page 67 and 68: Technology in Focus Vista unveils V
Page 69 and 70: Appointments Helen Ball Helen Ball
Page 71 and 72: BENCHMARK Smart Solutions BENCHMARK
Page 73 and 74: CCTV CCTV Rapid Deployment Digital
Page 75: SECURITY ANTI-CLIMB SOLUTIONS & SEC

RiskUKAugust2017

Create successful ePaper yourself

Delete template?

Save as template?