Organisational Resilience: Understanding and identifying the essential concepts

Document Type

Book Chapter


WIT Press


M. Guarascio, G. Reniers, C.A. Brebbia, F. Garzia


Faculty of Computing, Health and Science


School of Computer and Security Science / Security Research Centre (secAU)




This chapter was originally published as: Braes, B. M., & Brooks, D. J. (2011). Organisational Resilience: Understanding and identifying the essential concepts. In M. Guarascio, G. Reniers, C.A. Brebbia, F. Garzia (Eds.). Safety and Security Engineering IV (pp. 117-128). Location: WIT Press. Original book available here


Increasing political turmoil across many regions has increased concerns amongst business, social and governmental circles over the ability of organisations to anticipate and respond positively to disruptions. Organisations are spending increased sums of money to raise levels of governance and security protocols, under the term resilience. Nevertheless, term organisational resilience is vague, and the term itself implies multi-disciplined and diverse strategies and tactics, requiring a diversity of skills and knowledge that reaches beyond security and governance alone. The resilience domain is still developing; however, early embodiments of organisational resilience, originating in the United Kingdom and the United States, appear to be rebranding of business continuity management strategies, put together as a ‘resilience processes’ or ‘resilience systems’. More recently ‘resilience management systems’, claiming to deliver benefits akin to those that the International Standards Organisation 9001 gave the Quality Assurance discipline have begun to appear. Nevertheless, there is a constant absence of a clearly defined and researched set of essential concepts that make up the theoretical structure of Organisational Resilience. It is argued that Organisational Resilience is both a top-down culture (value, leadership) and bottom-up, delivered by a number of functional processes such as risk management, governance, interdependencies, security management, situational awareness and business continuity. However, validation of these elements is required and is currently underway.



Access Rights



Link to publisher version (DOI)