UK Government releases its new Organisational Resilience Guidance: but is non-mandatory enough?
On 1 August the UK government published a new set of non-mandatory guidelines entitled Organisational Resilience Guidance for UK Government Departments, Agencies and Arm’s Length Bodies.
The guidelines propose a common approach to increase organizational resilience in government. They draw on established guidance, recognised good practices from both the public and private sectors, and relevant British (BSI) and International (ISO) standards, outlining a framework of guiding principles, practices, and cultural attributes for consideration. Even though they are aimed at UK government departments, these guidelines contain information that can benefit public and private sector BC practitioners worldwide.
However, as is often the case with government guidelines, they are non-mandatory. This is a frequent criticism from resilience practitioners, and BCI research backs this up: the BCI Operational Resilience Report 2024 shows that an absence of laws and regulations are the main reasons for not having a resilience programme in place. In interviews, practitioners discussed how mandatory regulations can drive more buy-in from senior management, thus increasing investment. Optional guidance, whilst valuable in its content, can be ignored by management who have pressing spending priorities elsewhere.
That said, these new guidelines offer a strong framework and a common approach for practitioners keen to implement good practice.
Guiding Principles
The guidelines include recommended guiding principles of overarching considerations which should inform departments’ decision-making. They include principles such as:
“Risk-based – while departments should have a general ability to respond and recover from unexpected events and the common consequences of ‘bundles’ of risks, they should also prepare for specific risks with horizon scanning, contingency planning and the validation of their risk-specific arrangements.”
Other suggested guiding principles include ensuring resilience arrangements reflect departmental objectives, and designing resilience arrangements that reflect the established design principles of redundancy, diversity, modularity and adaptability.
Practices
In addition to the principles, the guidelines also provide practical guidance on embedding practices into an organization’s structure, such as enabling clear oversight and accountability for risk management and resilience capabilities, assessing risk, impacts, and considering relevant ways to reduce risks in line with risk appetite.
Cultural Attributes
A clear set of cultural attributes are recommended too, including leadership promoting and visibility demonstrating their commitment to resilience, psychological safety whereby staff feel enabled to speak up and freely share risk information, and a culture that engages with failure to strengthen its future resilience.
With some practitioners rightly admitting that resilience cannot be a ‘one size fits all’ solution for organizations, it is refreshing to see these guidelines including a caveat explaining they are to be used to refine an organization’s own approach to resilience, underlining the understanding that all organizations are different. The guidelines state that they are:
“A set of handrails for departments to use in defining and refining their own approach to organisational resilience. Resilience is neither static nor absolute, and what works well in one context may have less relevance or impact elsewhere.”
In order to support their organization’s planning, resilience practitioners across the globe could note of the recommendations in these guidelines, add parts to their own ‘resilience toolbox’, and seek to apply them where appropriate to enhance and raise awareness of their resilience programmes. Even though they are non-regulatory and aimed at UK governmental departments, the guidelines contain practical advice, and a common framework, that can be tailored to suit all types of organizations.