Operational Resilience Framework v1.0 Released for Use in Strengthening Business Continuity
The Global Resilience Federation's (GRF) Business Resilience Council (BRC) has published the Operational Resilience Framework (ORF) after more than a year of development by a cross-sector team of security leaders. Traditional disaster recovery and business continuity efforts have focused on data recovery with little regard for providing services during an impaired state. The framework working group sought to help solve that challenge.
The goal of the Operational Resilience Framework is to reduce operational risk, minimize service disruptions and limit systemic impacts from destructive attacks and adverse events. The framework's rules and implementation aids, aligned to existing standards including NIST and ISO, help ensure services critical to customers and partners continue to operate through a crisis - even if impaired.
"In the event of something like a systemic cyber-attack or major hurricane, data backups are not enough to offer true resilience for an organization," said Mark Orsi, CEO of GRF. "The team that designed the ORF went a step further to determine how to maintain a minimum required level of service needed by customers."
The ORF rules define the "Path to Operational Resilience" with seven steps:
Aspects of the ORF that distinguish it from other efforts include (i) planning for delivery of critical services in an impaired state until services can be fully restored; (ii) implementing immutable backup and restoration systems for data, systems, applications, networks, and configurations; and (iii) requiring executive-level sponsorship and support from the business to build a culture that achieves resilient business services.
The ORF has already received acclaim from resilience experts, winning most Effective/Impactful in the FDIC Tech Sprint competition "From Hurricanes to Ransomware: Measuring Resilience in the Banking World."
Visit the ORF website to download the rules version 1.0, a mapping of the rules to NIST and ISO controls, and other resources developed by the working group.
Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs). GRF's mission is to help assure the resilience of critical and essential infrastructure against threats that could significantly impact the orderly functioning of the global economy and general safety of the public. Learn about the GRF's Business Resilience Council that is developing the Operational Resilience Framework: https://www.grf.org/brc. You can also visit @GRFederation on Twitter or Global Resilience Federation on LinkedIn.