Skip to content
Human Risks Playbook

Bridging the Resilience Gap

Planning, Executing and Reporting a Fit for Purpose Operational Resilience Programme

 

Download the playbook that shows security and resilience leaders how to close the gap between compliance-driven programmes and genuine operational capability.

Playbook – Resilience Gap

What You'll Learn

Most organisations have an operational resilience programme. Far fewer have one that delivers real strategic value. Bridging the Resilience Gap is a practical playbook from Human Risks that addresses the challenge directly: how to plan, execute, and report a fit-for-purpose operational resilience programme that protects operations, informs leadership decisions, and stands up to the demands of today's converging regulatory landscape.

Drawing on ISO 22301, ISO 31000, ISO 22316, and the BCI Good Practice Guidelines, alongside the CER, NIS2, and DORA, this paper provides a clear framework for moving from fragmented, site-level plans to an integrated, adaptive resilience capability.

 

  • Where most programmes stall and why. 

    With 70% of organisations now reporting resilience programme adoption, the gap isn't between those who have a programme and those who don't. It's between programmes that function as strategic capabilities and those that remain compliance exercises. This paper diagnoses the maturity challenge and gives you a four-stage model for having the right conversation with leadership.

 

  • How converging regulations define the standard. 

    CER, NIS2, and DORA are converging around a shared set of principles: from governance accountability to third-party risk management. The paper maps these expectations directly to programme capabilities, turning regulatory pressure into a design blueprint.

     

  • A practical foundation that doesn't stall at the BIA. 

    Business impact analysis doesn't need to be a months-long documentation exercise. Learn an iterative, prioritised approach that produces actionable outputs early and builds progressively without losing rigour.

     

  • Governance that actually drives decisions. 

    Who decides what's critical? Who accepts residual risk? Who allocates budget? The paper tackles the authority problem at the heart of most underperforming programmes and shows how to design governance that resolves these questions, not just acknowledges them.

     

  • Reporting that earns a seat at the table. 

    If answering "Are we resilient enough?" requires a 30-slide briefing, you have a reporting problem. This paper introduces a dual KPI/KRI metrics framework designed to give leadership a one-page summary that drives action.