John Gargett is a TRUSYS Principal. He recently authored a paper about the R-SEC methodology for ASIS Organizational Resilience Maturity Model (ORMM) Standard Comittee chaired by Dr. Marc H. Siegel.
Q: You recently delivered a TRUSYS Institute white paper on Organizational Resilience presenting the R-SEC methodology as a method to achieve Organizational resilience. What prompted this research?
Gargett: Over the last 30 years that I have been working in Security, Emergency and Crisis Management, I believe we as a community have to admit that many initiatives have failed, or at very least we have not achieved the goal of disaster resistant communities, organizations or companies. Over this same time period a number of lessons were learned, which can be simply summarized as not viewing security, emergency and crisis management as an ecosystem. When this is ecosystem approach is undertaken, a different approach is taken, and I define this as R-SEC.
R-SEC recognizes that the traditional safety & security, emergency and crisis management planning is not sufficient for the changing world in which we now live. The underlying premise of R-SEC is that silos of safety & security, emergency and crisis management, as well as these silos of organizational response do not ensure business continuity or organizational resilience. R-SEC cuts across silos and views risks, threats and the potential for harm across the enterprise with every person in the enterprise having a role, a responsibility and commitment to achieving Organizational Resilience.
The ANSI/ASIS Organizational Resilience Standard is the only preparedness standard that takes an enterprise-wide view of risk management, enabling an organization to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to, and recover from a disruptive incident. This allows seamless integration with the new ISO 31000 Risk Management standard for a comprehensive risk management program and is 100% compatible with existing ISO management system standards (such as ISO 9001, ISO 14001, ISO 27001 and ISO 28000), thus enabling a cost-saving integrated application. By implementing the ASIS Standard, organizations can satisfy both ISO 28000 and BS 25999 requirements.
Q: How do you define Organizational resilience?
Gargett: Organizational Resilience is defined as the adaptive capacity of an organization to respond to chaotic events.
Q: What are the key elements of the R-SEC methodology?
Gargett: R-SEC brings together all departments and stakeholders, both internal and external, to develop a strong, resilient, and sustainable organization able to continue forward in the face of any risk, threat and potential for harm. R-SEC is implemented using T4 NetCentric Operational Excellence that is simply defined:
Four T’s: Teams, Techniques; Technology; and Training;
NetCentric: Technical, Social and Human Networks; and;
Operational Excellence: Leadership, teamwork and problem solving resulting in continuous improvement.
The underlying strength of T4 NetCentric Operational Excellence is the role of the individual. The individual forms the cornerstone of responding to the impacts of events. Everyone has a role. Every organization needs to recognize that its ability to remain resilient and sustainable is based on the collective strength of the individuals that comprise it.
Q: How is R-SEC different from past approaches to Organizational Resilience?
Gargett: R-SEC is different from other approaches principally because it is cross-silo, cross-risk, threat and vulnerability and has specific steps to achieve resilience through T4 NetCentric Operational Excellence.
Q: You have worked into and observed our industry for over 30 years, and you are known for your passion. What prompted your interest in Organizational Resilience?
Gargett: Simple. Organizational Resilience is the first approach since the days of Civil Defence that takes a holistic ecological view of Security, Emergency and Crisis Management.
Q: What keeps you passion for Organizational resilience alive in 2011?
Gargett: Chaos happens, it will continue to happen, and organizations continue to find they are not resilient. Resiliency means that there are fewer human losses, property damage and that a state of normality can be achieved in less time and at less cost.