This report reflects the work carried out in Task 5.1 of IMPROVER, i.e. the development of a framework for implementation or operationalisation of resilience management to Critical Infrastructure (CI). Referring to previous work and previous discussions with the project’s living labs and associated partners, the work is based on the argument that it is necessary to incorporate resilience management into the existing security activities of an organisation. This leads the project consortium to propose a mapping of the terminology used for risk management to resilience management to aid in the alignment of these two fields.
The report summarises the state of the art and recent history with regards to governance of resilience for Critical Infrastructure. This serves as an introduction to the framework being developed and to the proposed formalised definitions for stages in a resilience assessment and management process which are fully compatible with those in ISO 31000 and which enable the incorporation of resilience into the existing security activities of a CI and to the national risk assessments undertaken by the member states.
The report first of all introduces the framework for resilience management, in analogy to the framework for risk management of ISO 31000, and then combines these to illustrate the integration of the two. The result of this is the IMPROVER Critical Infrastructure REsilience Framework, the ICI-REF, for the integrated process of risk and resilience management. This is then discussed in detail, by reference to previous IMPROVER project deliverables, outlining the macro-processes involved through discussion of their objectives, required inputs, expected outputs and the process proposed to be followed at each stage.
Finally, the report describes an additional framework, the IMPROVER Societal REsilience Framework, the IS-REF. This incorporates the individual CI resilience assessments in a societal resilience analysis, and is proposed as a means of incorporating societal resilience into the national risk assessments which are currently undertaken by the Member States.