Resilience FAQs
Resilience in Practice: Frequently Asked Questions
Resilience defines how organisations lead through uncertainty and sustain performance over time. At Needhams 1834, our directors bring decades of real-world experience to help leadership teams anticipate disruption, protect continuity and adapt with confidence. The answers below address the questions most often asked by senior decision-makers — offering practical insight into business continuity, crisis management and organisational resilience, grounded in the proven frameworks we deliver across every sector.
Resilience – Proven. Trusted. Explained.
What is the difference between Operational Resilience and Business Continuity?
Operational resilience is a broader concept that focuses on maintaining critical operations through disruption and encompasses the capability to prevent, respond to, adapt to, and recover from adverse events.
Business Continuity has a narrower focus on the organisation’s capability to continue delivering products and services within acceptable timeframes and predefined capacity during a disruption.
This is a useful distinction where operational resilience provides an overarching concept through which organisations can holistically integrate their upstream risk identification and prevention with incident and crisis response structures and business recovery activities. In this way Business Continuity is an essential discipline that contributes to Operational Resilience.
Why do organisations implement Business Continuity?
Others implement Business Continuity measures to meet the expectations of key strategic customers, particularly those seeking assurance across their supply chains and others do so to achieve competitive advantage in their market.
What does ‘BCP’ mean?
BCP can be a confusing term and is most often used to describe the Business Continuity Plan i.e., the document used during disruption and the transition from business-as-usual to incident response or crisis management — ‘we are in BCP mode.’
It can also mean Business Continuity Planning – the process that creates that plan or a Business Continuity Programme which provides the governance framework that delivers continuity capability.
What is a Business Continuity Risk Assessment (BCRA)?
A BCRA identifies the potential threats that could disrupt the critical activities identified in the BIA and assesses the likelihood of occurrence and the potential impact should it occur to arrive at an overall risk score. It captures the in-place mitigations and proposes further mitigations to reduce the likelihood of occurrence and the impact and/or duration of the disruption.
The BCRA uses similar methodology to an operational risk assessment and should be compatible with the organisation’s Enterprise Risk Management framework.
What risks should my organisation be considering?
The contemporary business environment has been characterised as Volatile, Uncertain, Complex and Ambiguous (VUCA). Geopolitical tensions, conflict, cyber-threats, civil unrest & labour disputes and economic instability such as inflation and tariffs top companies’ list of concerns. In addition, climate change and extreme weather continues to impact organisations and disrupt supply chains and the threat of a global pandemic remains.
Surely, we all just work from home during a disruption?
While working from home can be an appropriate and effective business continuity strategy, it does not necessarily suit all organisations or departments, and key infrastructure may still require onsite working to remain functional. Appropriate strategies based on a proper analysis of critical activities and the required timeframes for recovery have the greatest chance of successfully mitigating a disruption, particularly when they have been practiced and rehearsed by all staff beforehand.
How much will it cost?
All Needhams work is tailored to the client’s specific context and requirements. All our proposals are set out by the number of days needed to achieve the task and detailed in a clearly set out proposed schedule of work.
If you would like to discuss your requirements and receive a non-binding quotation, please contact us and chat to one of our team.
Does Needhams 1834 run cyber exercises?
Yes Needhams 1834 is very experienced at running cyber scenario exercises for a range of clients.
Our emphasis is to address the management response to the consequences of a cyber-attack, particularly the immediate decisions needed to prevent the situation becoming worse and quantifying the organisation’s dependencies on particular applications, which are often not fully understood.
From this point we design our exercises to help clients identify which critical systems are unavailable, any workarounds needed to continue the delivery of the organisation’s products and services and determine the process and planning timescale needed to recover and restore the impacted systems.
What is the difference between Incident Response and Crisis Management?
Crisis Management is the organisation’s management response to the disruption that defines the end-state to be achieved, and provides the planning, coordination and direction needed to recover from the disruption. This is most often the responsibility of the Strategic and Tactical Teams.
What types of organisations should have a Business Continuity Plan?
Every business can be affected by an unexpected event or incident, and therefore every business should have a business continuity plan. Simply assuming that a business is large or resilient enough to weather a critical incident can be a mistaken assumption and, as recent high profile cyber incidents have demonstrated, damage the organisation’s reputation and expose executive leadership to accusations of complacency and negligence.
What is a Business Impact Analysis (BIA)?
A BIA is an information gathering activity that identifies the critical processes and activities that contribute to the delivery of the organisation’s products and services. It records inputs and dependencies and determines the sensitivity over time of these critical processes and activities to a disruption. This allows the organisation to set prioritized timeframes and levels for recovery and forms the basis for further planning.
What is a Business Continuity Plan?
A Business Continuity Plan should be the reference document that guides a response team during an incident or crisis. This should provide a handrail to bring the right people together and to act as a framework and aide memoire to promote adaptive problem solving.
The plan should contain the roles and responsibilities of the response team, threshold criteria and process for activating the response, immediate actions to preserve life and stabilise the situation and procedures to recover prioritized activities. The plan should detail communications and notification requirements with internal and external stakeholders and the process for returning to business as usual.
We did well during Covid-19 so why do we need to review our crisis response and business continuity preparedness?
In many ways Covid-19 was unusual, in that it was a slow onset crisis that affected all organisations in the market. Covid-19 also came with a large amount of national government guidance and regulation, which organisations had to figure out how to implement to continue operating. In many countries, government financial support packages mitigated the worst impacts and preserved the core of the business capability allowing for rapid recovery.
Rapid onset crises often only affect individual organisations rather than the whole sector meaning competitors can take advantage of a protracted outage or loss of reputation to grab market share from the impacted organisation. During rapid onset crises, there is often no external guidance or advice available unless it is identified as part of the pre-planned response. In cases like this, response teams have to work out the solution from themselves, whilst still trying to meet customer expectations.
Business continuity planning and regular crisis management training and scenario exercise simulations can allow response teams to work through problem sets in advance and build the institutional muscle memory to respond effectively.
Why choose Needhams 1834?
Needhams consultants are all highly qualified, skilled and experienced. Our philosophy is that no one size fits all, and that all our work must be designed in collaboration with our clients, who are the true subject matter experts in their field
Our aim is always to develop a detailed understanding of your organisation and resilience concerns which allows us to focus on your most important issues.
We also practice what we preach, and we have been certified to ISO 22301 since 2012, having been the first organisation in the UK to achieve certification.
It is this approach which has enhanced our reputation for excellence within the industry since 1996, and resulted in our outstanding client retention, repeat business and referrals.
Do we need business continuity software?
Business Continuity software can include risk management, emergency communication and documentation management. Business continuity software can enhance accuracy, consistency and repeatability of maintaining business continuity documentation, automate functions, aid workflow management and incident notification across dispersed organisations. Business continuity software also allows businesses to access up to date versions of plans and ensures a single reference point.
However, Business Continuity software can be expensive to implement and requires a resource overhead to manage and maintain it. As such is not necessarily suitable for all organisations as an effective business continuity programme can be implemented in Word and Excel as long as it is well maintained, periodically reviewed and validated.
To discuss your Business Continuity software requirements please contact us to speak to one of our consultants.
How can I make sure my Business Continuity Programme will be effective?
In our experience, the greatest determinant of the success of a Business Continuity Programme is senior leadership commitment and buy-in. The most successful programmes will have a sponsor on the executive management team and have a robust governance structure that actively pursues continual improvement and a review process that holds the organisation to account, ensuring that appropriate resources and budget are allocated and that the programme is achieving the objectives set.
Contact Us
Still Have a Question? We are here to help
Every organisation faces unique challenges. If you would like to discuss your continuity or resilience goals, our directors can provide clear, practical advice — shaped by decades of real-world experience.