The latest resilience news from around the world

The Global Resilience Federation (GRF) has released its Operational Resilience Framework for public comment. The framework is aligned with various NIST and ISO standards.

Aimed at organizational cyber resilience leaders, the Operational Resilience Framework has been designed to help strengthen resilience and operational continuity in the face of destructive attacks or events.

The GRF’s Business Resilience Council (BRC), a group focused on mitigating systemic threats to business operations, developed the Operational Resilience Framework with a multi-sector group of security practitioners working in collaboration to develop rules and implementation aids to ensure the immutable and recoverable nature of data, systems, networks, applications, and configurations.

The Operational Resilience Framework is structured around a ‘Path to Operational Resilience’, which include seven steps:

  1. Implement an industry-recognized IT and cybersecurity control framework
  2. Understand your organization’s role in its ecosystem
  3. Define the minimum viable service levels for each operations and business critical service
  4. Establish service delivery objectives for those services
  5. Preserve data sets necessary to support the services
  6. Implement processes to enable recovery and restoration services to meet delivery objectives
  7. Independently evaluate design and periodically test.

Key aspects of the Operational Resilience Framework include:

  • Planning for delivery of critical services in an impaired state until services can be fully restored;
  • Implementing immutable backup and restoration systems for data, systems, applications, networks, and configurations; and
  • Requiring executive-level sponsorship and support from the business to build a culture that achieves resilient business services.

The deadline for comments is June 30, 2022.

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.