Resilience Ninja

Coaching and ideas to help build agile and resilient practices.

You are here: Home / Resilience Research / … another framework for resilience (Part 2)

… another framework for resilience (Part 2)

This is the second part of my review of “An Operational Framework for Resilience”. The citation is at the end of Part 1.

The model outlined in this paper included 3 objectives, or end-states, that support resilience. The next element in their framework is the 8 principles of resilience. Some of these principles relate to a single objective, while others span all three objectives.

  • Threat & Hazard Limitation is linked to the objective of Resistance – it is fairly self-explanatory and simply states that you have to think about this and act ahead of time.
  • Robustness is linked to the Absorption end-state.
    • Robustness in this model includes “the capacity to degrade gracefully”.
  • Consequence Mitigation is linked to the restoration objective.
    • This is a fairly common thread in other literature, just using different (and a little confusing labels).
    • What this means is that we cannot avoid all impacts – so this principle asserts that we have the capability and capacity to not be overwhelmed by events.
  • The remaining principles span all three objectives;
    • Adaptability – similar to sense/respond model, adjust to the unexpected – deal with the impacts/incidents that we did not plan for.
    • Risk-Informed Planning – ensure that these principles are embedded in threat, vulnerability and consequence analysis
    • Risk-Informed Investments – there can be no resilience without appropriate levels of investment.
    • Harmonization of Purpose – to be fully effective all need to be aligned – and this model is very strong on the mutually reinforcing aspects.
    • Comprehensiveness of Scope – this is perhaps one of the key principles to take away.
      • If you want to claim to be resilient then recognize that the scope is wide and interdependence makes it complex.

The model includes an interesting tool called a “resilience profile” that is proposed to be established for key functions within critical systems (remember these are socio-technical systems, not IT). The profile is made up 3 dimensions and 3 parameters.

The dimensions are;

  • Performance
    • Level of capacity and quality that element/system must perform at.
  • Time
    • This relates to the potential life-cycle of the adverse event, and needs to make allowance for both escalating and immediate events.
  • Gravity
    • This dimension indicates if the the function being assessed plays a key role within a bigger system.
    • Critical National Infrastructure would have a high Gravity rating
    • High Gravity ratings can only tolerate low levels of performance degradation.

The parameters;

  • Function
    • In many respects another label for a process
    • Most common elements of a function are key inputs, central operations and principal outputs
  • Latency Limit
    • “the maximum amount of time allowable for a function to remain in a degraded … state before is msut begin to be recovered.”
    • Perhaps this would be the MTPOD – RTO
  • Minimum Performance Boundary
    • the lowest acceptable level of performance
    • in Heritage BC practice this is almost always allowed to be Zero, this aspect forces us to consider that some things cannot be allowed to drop to zero performance.

Not surprisingly the output of the resilience profile looks like the picture at right – a similar model that I have used for many years (and I am sure most of you use similar tools) .

This model is fairly complex and starts fromt he premise of national security, so is perhaps too complex for many organizational needs. But I find that it has some value and should be critically considered by those wanting to better understand this quest for resilience.

Why?

  • There is a great quote in the paper, attributed to Adam Rose, Uni of Southern California,
    • “resilience is in danger of becoming a vacuous buzzword from overuse and ambiguity”
    • anything that seeks to put more meaning – and especially operational meaning around this concept is helping the overall debate
  • It highlights that this is a complex and wide-ranging field of endeavor
    • Like the High Reliability Management I have posted on previously we cannot me afraid of complexity
    • Keep it Simple and you remain Stupid –
  • This operational framework has strong elements of traditional elements of BC and Emergency Management
    • The missions can be seen to relate to common phase approaches (Prevent, Prepare or Reduction , Readiness,  etc)
    • There are similar elements of RTO, MTPOD etc.

What do you think? Can we only cope with models that promote simplicity?

What other frameworks have you found that attempt to provide operational guidance in resilience?

Leave a Reply

Your email address will not be published. Required fields are marked *