Carefully. Responsibly. — During BAU and in Crises Communicate, Consume, Cascade - Carefully and Responsibly Across the world today, many societies are experiencing anxiety around resources — energy, food, logistics capacity, technology components, financial stability, and even public trust. Supply chain disruptions, geopolitical tensions, climate events, and economic pressures are creating genuine stress on systems . Yet in many cases, the crisis is amplified not only by sh

A structured approach to assessing, granting, governing, and improving trust.   The Trust Meter Trust Engineering is the disciplined process of converting trust from belief into a governed decision. It is the deliberate design, assessment, authorization, monitoring, recalibration, and continual improvement of trust within defined boundaries. It treats trust not as emotion — but as a structured governance construct. Trust Engineering Framework: Defines parameters of trustworth

Every few months, a new incident (or expectation) surfaces in which someone uploads sensitive data to a public AI tool — contracts, internal reports, sometimes even regulated information. The reaction is predictable: panic, blanket bans, and renewed calls to “block AI tools by default”. But beneath the noise lies a deeper issue. This is not really a technology problem. It is a governance, risk, and decision-making problem. And no amount of technical control can fully compensa

BRAKES! A dear friend, Mark Carroll , reminded me of this recently in a LinkedIn discussion. And, I thought of exploding it into a full length blog for you all! Also, a few words have been taken from the original post initiated by Christopher Carvalho •    There is a persistent myth in organizations that risk management, security, and management systems exist to slow things down . That they are necessary evils  — tolerated for compliance, endured for audits, and bypassed when

This blog originates from a case presented by a fellow professional on LinkedIn - “If an organization holds ISO 22301:2019 certification  but keeps employees who have resigned for a long time (and seem critical), does it really deserve that certification? Shouldn’t the organization have backup or contingency plans instead?” I responded in short to that post, but thought of expanding for my readership. The scenario alone does not invalidate  the organization’s ISO 22301 certi

A message from a Resilience Consultant to Leaders As consultants, we are often invited into organisations at moments of discomfort — implementations that are new or complex, audits that feel threatening, regulations that feel heavy, crises that feel personal, or boards that want reassurance. That is understandable. But let me say this clearly, upfront, and without softening the edges: Consultants are not crutches. Consultants Are Not Crutches If you treat us as one, resilienc

**“Yes, It Exists.” But Does It Work? — An Auditor’s Reality Check** In audits, there is a moment most professionals recognise instantly.   You confidently say, “Yes, that exists.” And silently pray the auditor doesn’t ask to see it. (Thanks to Mihir Gosalia for sparking this thought with a simple yet powerful observation.)   This blog explores why that moment exists, and why—if we are serious about resilience, governance, and assurance—it should not.   The Auditor’s Lens: In

Why "Polished" BCM is a Dangerous Myth? A Wrinkled Plan Is Better! In my decades of experience across global resilience landscapes—from the classroom as a Professor of Practice to the boardroom as a BCM leader—I have noticed a recurring obsession with "polished" documentation. We often see BCM plans that are pristine, perfectly formatted, and look magnificent in an author’s folder. But in the world of true resilience, a plan that looks too good is usually a plan that has neve

Why Business Continuity Demands Cultural Transformation, Not Just Implementation   Every year, organisations proudly announce the implementation of yet another management system — Quality, Information Security, Environment, Safety, Energy, Risk. Frameworks are selected, consultants are onboarded, documents are created, audits are cleared, certificates are framed. And then comes BCMS . Suddenly, progress slows. Fatigue sets in. Resistance appears — subtle, silent, but persiste

A Resilience Culture Architect’s Reflection When the pigeon saw the cat, it closed its eyes — believing that if it could not see the cat, the cat could not see it either. It is a comforting logic: if I do not see the threat, maybe it does not exist. But that comfort did not save the pigeon. And that is exactly what worries me about the 50% of CEOs  who believe their business models — and by extension their risk frameworks — are fit for today’s emerging risks . ( https://www.w

Every Thanksgiving, families face a familiar ritual: preparing the turkey. Everyone knows what is being cooked, who is cooking it, when it will be served, and who will eat it. The turkey is visible, the responsibility is clear, and the outcome — good or bad — is shared within a known circle. A recent post by Elina Moshkovich ( https://www.linkedin.com/in/elina-moshkovich-41397115/ ) brilliantly likened risk management failures to Thanksgiving dinner gone wrong: everyone assum

How Your Unfiltered Digital Life Can Haunt Families, Systems, and the Planet My scariest article yet! Digital Ghosts! Every now and then, a casual statement hits so hard that it forces you to rethink everything you assume you understand about risk. Recently on LinkedIn, I read this: “Today, 4 billion people own digital assets — and 4 billion people will pass away.” At first, it almost sounds like trivia. But pause for a moment. Let the weight of that sink in. Four billion dig

A Resilience Culture Architect’s Perspective 3 LoDs Kill Risk Management 1. A Model Everyone Uses — But Nobody Questions The Three Lines of Defence (3LoD)  model is one of the most widely accepted frameworks in governance, risk, and compliance. It appears in every policy document, every risk training deck, every consulting engagement, and every audit report. But when you examine the players in each line — the people actually occupying these roles — a striking pattern emerges:

Introduction The pharmaceutical sector has always stood at the intersection of science, healthcare, and human survival. It develops the medicines that keep societies functioning, the vaccines that protect populations, and the therapies that extend lives. In that sense, pharma is not just another industry — it is a lifeline. But that lifeline is increasingly under attack. Cybercriminals, ransomware gangs, and even state-backed actors see pharma as both highly lucrative and str

Get your Resilience Program Back Into Shape! An unmaintained Resilience Program is similar to an unmaintained car Every resilience professional knows this: Processes that once started with passion slowly slide into routine. Policies become static documents. Risk registers stop evolving. TPRM questionnaires become copy-paste formalities. Audit responses start sounding familiar — because they are reused. Drills become predictable. Stakeholders provide “expected answers.” Suppli

Why Every Resilience Story Doesn’t Have to Begin with Brokenness Every time I attend a Business Continuity or Resilience conference (the latest being the BCI World Hybrid Conference 2025 yesterday), I find a familiar rhythm to the keynotes. The lights dim, the hall goes silent, and the speaker begins: “I was going through a bad patch in life...” “I was broke... broken... divorced...” “I was physically or mentally abused…”   And as the story unfolds, the room holds its breath.

Recently, Sanjeev Pendharkar, Managing Director of Vicco Laboratories, shared a brilliant post on LinkedIn ( https://www.linkedin.com/posts/sanjeevpendharkar_values-business-hiring-share-7381394510318260224-pWZf?utm_source=share&utm_medium=member_desktop&rcm=ACoAAALHmckBXAYyhhL_JkZdigTfWbotS_UvoFc ) about how he can spot a great candidate in 30 seconds — without looking at their résumé. His message was clear and powerful: Skills can be trained. Character can not. He highligh

A Resilience Culture Architect’s Take on Silence, Timing, and Learning The Challenges of Staying Quiet We have all been in meetings where some people dominate the discussion, while a few stay quiet. Traditionally, silence in a group has been misunderstood as disengagement, indifference, or even lack of confidence. But silence, when seen through the lens of resilience, tells a deeper story. Sometimes, silence means thoughtfulness. Sometimes, it is self-control. And quite often

We have all heard that “actions speak louder than words.” But in reality, inaction speaks much louder — it silently shapes opinions, perceptions, and priorities. Nowhere is this truer than in Business Continuity Management (BCM). Every management team says it: “Business Continuity is important.” “Business Continuity is on our agenda.” “Business Continuity is a priority”. And they mean it — at least in spirit. They want their organization to continue operations during disrup

Do not get overwhelmed by data and statistics - check the reality For years, the importance of Business Continuity (BC) has been reinforced using dramatic statistics like “80% of organizations never reopen after a major disaster”  or “60% shut down within six months of a disruption.” These numbers are quoted endlessly in presentations, webinars, proposals, and even board meetings. They sound convincing. They make people sit up. But here is the uncomfortable truth — very few o