A Focus on UK Operational Resilience 

Introduction

On Tuesday, 21 January, we were delighted to host a Focus on UK Operational Resilience workshop at the Clayton Hotel Belfast. This informative session, led by Ben Roy, Compliance & Data Protection Officer at Wellington IT, brought together industry insights, best practices, and real-world examples to strengthen Credit Unions’ resilience. Mark Ryan from Core Credit Union also shared valuable experiences from Ireland’s implementation of the Operational Resilience (OR) framework. 

• Mapping and Testing Critical Services: Attendees explored the importance of identifying critical services, mapping their dependencies, and testing infrastructure. This ensures vulnerabilities are addressed, and organisations are prepared for disruptions. Practical steps included setting recovery time objectives, defining maximum tolerable disruption thresholds, and leveraging multiple connectivity providers to avoid single points of failure. 

• Regulatory Context and Collaboration: The evolving regulatory landscape, including guidance from the FCA and the Central Bank of Ireland, was a key theme. The session referenced the Digital Operational Resilience Act (D.O.R.A) and the importance of proportionality in meeting compliance expectations. Although D.O.R.A is RoI specific, there is plenty of overlapping context. Collaboration among credit unions was highlighted as essential for shared learning and framework refinement. 

• Wellington IT’s OR Support Infrastructure: Wellington IT’s commitment to supporting Credit Unions was evident, with a focus on developing flexible frameworks tailored to individual needs. There was an emphasis on the importance of continuous improvement, investments in technology, and fostering a proactive approach to risk awareness. 

• Participant Insights: Mark Ryan shared Core Credit Union’s robust approach, including maintaining a risk register, conducting quarterly reviews, and implementing comprehensive IT business continuity plans. His insights underscored the importance of ongoing evolution and assigning staff specific areas of focus within operational resilience. 

Action Points for Credit Unions

The session concluded with actionable steps for Credit Unions to enhance their operational resilience: 

• Review Existing Plans: Align risk management and business continuity plans with operational resilience best practices. 
• Identify and Map Critical Services: Understand key dependencies and address vulnerabilities proactively. 
• Set Clear Objectives: Define recovery time objectives and maximum tolerable disruption thresholds, ensuring alignment with service level agreements (SLAs). 
• Test and Evolve: Regularly test incident management processes and infrastructure, incorporating learnings to improve resilience frameworks. 
• Enhance Connectivity: Explore options to reduce single points of failure, such as alternative service providers or redundant systems.