Organisational risk audits & resilience assessments¶

A natural beehive hanging under a thick branch of an old oak tree, bees entering and leaving the small opening, sun filtering through leaves, some pollen-laden bees returning.

Organisational resilience can feel like tending a beehive: hidden weak cells, overworked drones, and the odd swarm of challenges. How to keep the colony thriving?

Seeing the cracks
Stress-testing resilience
Adaptive organisations
Organisations as an ecosystem
Rapid resilience review
Two paths, NIS2 and ISO 27001

Organisational resilience is treated here as something derived from observed behaviour under realistic conditions rather than demonstrated through documentation alone. Controls encode assumptions about how an organisation will respond when things go wrong: that the incident response chain will work under time pressure, that recovery procedures will execute with current staffing, that dependencies between teams are understood well enough to contain cascading failures. The evidence that counts is not that procedures exist and are documented, but that they produce their intended effect when tested. Stress tests, scenario exercises, red team probes, and structured tabletops are the mechanisms that generate this evidence.

Test before it breaks