There are four key resilience activities 28 :
1 . Anticipate – An organization must anticipate the future , understand potential losses and hazards and scenarios that can lead to them , establish requirements and an implementation , both technical and non-technical , to avoid those losses . This might be done with an STPA analysis 29 (“ System-Theoretic Process Analysis ”), for example . An organization can also put measures in place to manage response and recovery .
2 . Monitoring – An organization must know what to look for in the environment and itself , to monitor change to detect possible additional hazards .
3 . Response / Recovery - An organization must know what to do when an unanticipated loss scenario occurs and be able to recover .
4 . Learn – An organization must learn , remember , and modify its behavior based on events . This can be done with an analysis of a loss , by using a CAST analysis 30 (“ Causal Analysis based on System Theory ”), for example .
The governance process for these activities forms a cycle 31 ( Figure 4-2 ):
Figure 4-2 : Governance lifecycle .
28
Hollnagel , “ Resilience Engineering and the Future of Safety Management .”
29
30
Leveson , “ CAST Handbook .”
31
Ivo Häring et al ., “ Towards a Generic Resilience Management , Quantification and Development Process : General Definitions , Requirements , Methods , Techniques and Measures , and Case Studies ,” in Resilience and Risk : Methods and Application in Environment , Cyber and Social Domains , ed . Igor Linkov and José Manuel Palma-Oliveira , 1st ed . 2017 , NATO Science for Peace and Security Series C : Environmental Security ( Dordrecht : Springer Netherlands : Imprint : Springer , 2017 ),
https :// doi . org / 10.1007 / 978-94- 024-1123-2 .
28 July 2022