Remain proactive regarding evolving threats and legislation

In light of the incessant emergence of new hazards and laws, maintaining agility is essential. Advance and maintain your position with our integrated financial reporting, ESG, and GRC platform. Achieve essential oversight, enhance assurance, and establish efficient governance through integrated controls in a single centralised location.

Enhance coherence with centralised collaboration

All individuals and entities consolidated inside a single platform, unequivocally. Convene all participants, including external auditors, with unrestricted user access and sophisticated role-based permissions. Enhance visibility about audit status, issue resolution, pending tasks, and additional metrics with real-time dashboards.

Optimise efficiency through integrated automation and artificial intelligence

Automate redundant processes, including evidence requests and progress report updates. Efficiently generate original content, enhance drafts, conduct research, and ideate with generative AI integrated within the platform. Workiva’s GRC products enhance productivity, allowing you to reclaim time for your most critical tasks.

Determine the highest priorities

Primarily, telecom providers must ascertain their Critical Business Services (CBS), which represent the essential services a company offers, rather than individual technological applications or systems. This will probably closely correspond to the domains addressed by the TSA. According to the laws, any security-critical function of the network or service that may significantly affect the correct functioning of the entire network or a substantial portion thereof must exhibit resilience. Although not all offerings from a telecommunications provider fall into this category, comprehending the entire value chain allows an organisation to develop a comprehensive, enterprise-wide strategy for resilience, which includes both the essential functions and the activities and services that support them. Understanding priorities enables the Board, Executive, and decision-makers at all levels to pose challenges and guarantee appropriate resilience is effectively positioned.

A conventional Business Impact Analysis (BIA) can enhance an organization’s resilience by identifying activities that, while not directly supporting Critical Business Functions (CBF), remain essential for the organization’s continued sustainability. For telecommunications providers, whose accessibility and security are vital to individuals and enterprises throughout the UK, these operations and the corresponding security protocols safeguard their capacity to meet their commitments under the TSA.

Identify the dependencies

Organisations must comprehend the individuals, procedures, technologies, and external partners upon which their CBS depends to cultivate resilience. Mapping the intricate network of interconnections within an organisation can be a substantial endeavour; yet, it is essential to identify single points of failure and direct resilience investments for maximum effect.

Upon mapping, an organisation must establish, test, and monitor its resilience thresholds. These thresholds differ from current risk appetites and signify the limit beyond which a service or organisation cannot sustain its normal operations or recover efficiently from a negative incident. Consistent, scenario-specific exercise enables an organisation to probe and assess these criteria to confirm their appropriateness.

Disruption is unavoidable; comprehending the acceptable degree of vulnerability when disruptions to a fundamental business service transition from annoying to intolerable is crucial. An business may establish these limits based on several criteria, including financial, customer, or reputational repercussions. Regulatory obligations, such as those imposed by the TSA, and any possible violations of these mandates, are essential for an organisation to incorporate into its resilience planning, with certain instances requiring attention within a few hours.

Foster resiliency and eliminate bottlenecks

Identifying critical business systems and mapping their dependencies alone does not yield resilience. The cornerstone of this approach’s effectiveness is the integration of resilience disciplines. According to our PwC Global Crisis and Resilience Survey 2023, organisations can no longer function in isolation while confronting today’s intricate and interrelated dangers. They must proactively adopt a more integrated strategy, centrally managing and aligning various resilience capabilities with the business’s primary objectives (including compliance with regulatory mandates such as the TSA), and incorporating the program into operations and corporate culture

Decisive executive leadership and accountability for this integration are crucial for establishing a successful strategy. However, this does not imply that each resilience discipline is detached from its current governance framework. Organisations should contemplate the formation of a Resilience Committee, or an equivalent body, to regulate disciplines in a holistic and integrated manner, fostering a culture of communication, coordination, and collaboration that enhances integration across capacities.

Utilising technology is an effective method to facilitate this integration. Platforms like Fusion Risk Management enable businesses to discern their operational interconnections, illustrate the effects of disruptions on intricate value chains, and facilitate the dismantling of these silos. Tools such as Fusion offer businesses a streamlined method to integrate, develop, and oversee their resilience as it evolves throughout the organisation.