Operational Resilience Consultancy
IBS identification, impact tolerances and scenario testing that regulators recognise.
Operational resilience programmes aligned to FCA SS1/21, PRA SS6/21, DORA ICT resilience and ISO 22301. Important Business Service identification, impact tolerance setting, scenario testing and exercise programmes, designed for the supervisory expectation now in force.
02Typical triggers
When this service is on the desk.
- 01SS1/21 self-assessment deadline
- 02DORA Article 12 testing required
- 03NIS 2 incident exercise programme
- 04Regulator letter on resilience
- 05Post-incident root-cause review
03Typical outputs
Artefacts that earn the audit, the customer or the board.
- ·Important Business Service map with dependencies
- ·Impact tolerance setting with board sign-off
- ·Scenario test programme and post-exercise reports
- ·ISO 22301 business continuity management system
- ·Regulator evidence pack and board attestation
04Engagement shapes
Three ways the engagement is typically scoped.
SHAPE 01
Stand-up
6–12 week resilience programme stand-up.
SHAPE 02
Test programme
Annual retainer running scenario tests and lessons-learned reviews.
SHAPE 03
Targeted
IBS identification only, or impact-tolerance setting only.
DELIVERED BY
Paul Jolliffe
FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner
Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Engagements are senior from day one: no subcontracted juniors, no introduce-and-exit.