When news of a war breaks out anywhere in the world, the first concerns are naturally humanitarian. Loss of lives. Loss of livelihoods. Supply chains collapsing. Essential resources running out. Energy supplies tightening. These fears are real. Yet interestingly, in many recent conflicts, the situation has not unfolded in the catastrophic way many initially feared. Perhaps this is what some analysts call “precision warfare” — targeted strikes, controlled escalation, and limit

Journey to Resilience There is a popular message doing the rounds: Stop watching. Stop reading. Stop planning. Start doing. It is a powerful call to action. In a world overflowing with content—webinars, articles, frameworks, certifications—it’s easy to fall into the trap of consumption without execution. We feel productive. We feel informed. But nothing really changes. And that message is absolutely right. You do not learn to swim by watching videos. You do not become a good

RTO Reimagined as Reporting Time Objective In Business Continuity Management, we are deeply familiar with Recovery Time Objective (RTO). It answers a critical question: How quickly can we recover after a disruption? Or How quickly do we need to recover after a disruption? We design systems, strategies, and controls around this. We test recovery plans. We measure downtime. We optimise response. But there is a fundamental blind spot. Because in many real-world risks—especiall

It was just on the 11th of this month that we were on a day excursion to GarhMukteshwar with friends, and someone shared a clip about this (TCS) case. As a Resilience Culture Architect, my first response was, ‘I do not believe what is said and circulated in the media/ social media’. Two weeks gone, I still do not know it from the horse’s mouth (could not locate any press release from TCS/ TaTas), but I guess there is enough in the air to believe the incident. Why, What, How –

India’s Global Capability Center (GCC) ecosystem is undergoing one of the most significant transformations in global business operations. Current and Future State of GCCs in India (information readily available on the internet) What began two decades ago as cost-efficient back-office support has evolved into something far more strategic. Today, India hosts more than 1,700 Global Capability Centers employing nearly two million professionals, contributing over $60 billion to

Carefully. Responsibly. — During BAU and in Crises Communicate, Consume, Cascade - Carefully and Responsibly Across the world today, many societies are experiencing anxiety around resources — energy, food, logistics capacity, technology components, financial stability, and even public trust. Supply chain disruptions, geopolitical tensions, climate events, and economic pressures are creating genuine stress on systems . Yet in many cases, the crisis is amplified not only by sh

A structured approach to assessing, granting, governing, and improving trust. The Trust Meter Trust Engineering is the disciplined process of converting trust from belief into a governed decision. It is the deliberate design, assessment, authorization, monitoring, recalibration, and continual improvement of trust within defined boundaries. It treats trust not as emotion — but as a structured governance construct. Trust Engineering Framework: Defines parameters of trustworth

Every few months, a new incident (or expectation) surfaces in which someone uploads sensitive data to a public AI tool — contracts, internal reports, sometimes even regulated information. The reaction is predictable: panic, blanket bans, and renewed calls to “block AI tools by default”. But beneath the noise lies a deeper issue. This is not really a technology problem. It is a governance, risk, and decision-making problem. And no amount of technical control can fully compensa

BRAKES! A dear friend, Mark Carroll , reminded me of this recently in a LinkedIn discussion. And, I thought of exploding it into a full length blog for you all! Also, a few words have been taken from the original post initiated by Christopher Carvalho • There is a persistent myth in organizations that risk management, security, and management systems exist to slow things down . That they are necessary evils — tolerated for compliance, endured for audits, and bypassed when

This blog originates from a case presented by a fellow professional on LinkedIn - “If an organization holds ISO 22301:2019 certification but keeps employees who have resigned for a long time (and seem critical), does it really deserve that certification? Shouldn’t the organization have backup or contingency plans instead?” I responded in short to that post, but thought of expanding for my readership. The scenario alone does not invalidate the organization’s ISO 22301 certi

A message from a Resilience Consultant to Leaders As consultants, we are often invited into organisations at moments of discomfort — implementations that are new or complex, audits that feel threatening, regulations that feel heavy, crises that feel personal, or boards that want reassurance. That is understandable. But let me say this clearly, upfront, and without softening the edges: Consultants are not crutches. Consultants Are Not Crutches If you treat us as one, resilienc

**“Yes, It Exists.” But Does It Work? — An Auditor’s Reality Check** In audits, there is a moment most professionals recognise instantly. You confidently say, “Yes, that exists.” And silently pray the auditor doesn’t ask to see it. (Thanks to Mihir Gosalia for sparking this thought with a simple yet powerful observation.) This blog explores why that moment exists, and why—if we are serious about resilience, governance, and assurance—it should not. The Auditor’s Lens: In

Why "Polished" BCM is a Dangerous Myth? A Wrinkled Plan Is Better! In my decades of experience across global resilience landscapes—from the classroom as a Professor of Practice to the boardroom as a BCM leader—I have noticed a recurring obsession with "polished" documentation. We often see BCM plans that are pristine, perfectly formatted, and look magnificent in an author’s folder. But in the world of true resilience, a plan that looks too good is usually a plan that has neve

Why Business Continuity Demands Cultural Transformation, Not Just Implementation Every year, organisations proudly announce the implementation of yet another management system — Quality, Information Security, Environment, Safety, Energy, Risk. Frameworks are selected, consultants are onboarded, documents are created, audits are cleared, certificates are framed. And then comes BCMS . Suddenly, progress slows. Fatigue sets in. Resistance appears — subtle, silent, but persiste

A Resilience Culture Architect’s Reflection When the pigeon saw the cat, it closed its eyes — believing that if it could not see the cat, the cat could not see it either. It is a comforting logic: if I do not see the threat, maybe it does not exist. But that comfort did not save the pigeon. And that is exactly what worries me about the 50% of CEOs who believe their business models — and by extension their risk frameworks — are fit for today’s emerging risks . ( https://www.w

Every Thanksgiving, families face a familiar ritual: preparing the turkey. Everyone knows what is being cooked, who is cooking it, when it will be served, and who will eat it. The turkey is visible, the responsibility is clear, and the outcome — good or bad — is shared within a known circle. A recent post by Elina Moshkovich ( https://www.linkedin.com/in/elina-moshkovich-41397115/ ) brilliantly likened risk management failures to Thanksgiving dinner gone wrong: everyone assum

How Your Unfiltered Digital Life Can Haunt Families, Systems, and the Planet My scariest article yet! Digital Ghosts! Every now and then, a casual statement hits so hard that it forces you to rethink everything you assume you understand about risk. Recently on LinkedIn, I read this: “Today, 4 billion people own digital assets — and 4 billion people will pass away.” At first, it almost sounds like trivia. But pause for a moment. Let the weight of that sink in. Four billion dig

A Resilience Culture Architect’s Perspective 3 LoDs Kill Risk Management 1. A Model Everyone Uses — But Nobody Questions The Three Lines of Defence (3LoD) model is one of the most widely accepted frameworks in governance, risk, and compliance. It appears in every policy document, every risk training deck, every consulting engagement, and every audit report. But when you examine the players in each line — the people actually occupying these roles — a striking pattern emerges:

Introduction The pharmaceutical sector has always stood at the intersection of science, healthcare, and human survival. It develops the medicines that keep societies functioning, the vaccines that protect populations, and the therapies that extend lives. In that sense, pharma is not just another industry — it is a lifeline. But that lifeline is increasingly under attack. Cybercriminals, ransomware gangs, and even state-backed actors see pharma as both highly lucrative and str

Get your Resilience Program Back Into Shape! An unmaintained Resilience Program is similar to an unmaintained car Every resilience professional knows this: Processes that once started with passion slowly slide into routine. Policies become static documents. Risk registers stop evolving. TPRM questionnaires become copy-paste formalities. Audit responses start sounding familiar — because they are reused. Drills become predictable. Stakeholders provide “expected answers.” Suppli