Research Standards Continuum of Organizational Resilience Publications/Conferences




Challenging Risk’s researchers performed an exhaustive analysis of the industry’s best practices, guidelines, and official standards, as well as an extensive review of recent and historic academic publications. Their findings led to the development of our Comprehensive Resilience Model©.


Due Diligence and Duty of Care

Organizations have a duty to provide a safe and secure environment to their staff, clients, and stakeholders. Demonstrating due diligence through organizational resilience is therefore a key governance responsibility. As stated in ASIS SPC.1-2009, Organizational Resilience Standard:

Today’s threats require the creation of an on-going, dynamic, and interactive process that serves to assure the continuation of an organization’s core activities before, during, and – most importantly – after a major crisis event.

P 18. A.0 Introduction

Neglecting to demonstrate due diligence may result in litigation and have an impact on life safety, property, finance, insurance, and reputation.

Comprehensive Resilience Model©

The Challenging Risk research and design teams developed a theoretical model that identified the common problems facing organizations as well as the elements that are essential for the creation of a comprehensive emergency management and business continuity software system.

The Comprehensive Resilience Model© provides a standardized approach to all-hazards and all-phases planning for all levels of an organization.

Our research identified the following essential elements of a comprehensive emergency plan. In addition to supporting all applicable standards and best practices, a comprehensive plan should:

  • be risk driven (all hazards)
  • cover all phases of the planning process (prevention, mitigation, preparedness, response, recovery and continuity)
  • be endorsed and supported by executive/senior management
  • create synergy or multi-level collaboration in the planning process
  • be objective rather than event-driven
  • combine “top-down” and “bottom-up” approaches
  • facilitate adaptive responses to critical incidents
  • integrate the emergency planning process into the systems of the organization both vertically and horizontally
  • integrate command and control (ICS) into the organizational structure
  • create an accountability system
  • promote multi-level inter-agency and intra-agency collaboration
  • use experts as guides
  • demonstrate interoperability with external agencies and services
  • facilitate the systematic anticipation of crisis events
  • benefit from operational-level anticipation
  • encourage continuous collaboration
  • provide flexibility in response, recovery and continuity decision-making
  • identify and target areas of convergence
  • identify and address vulnerabilities (such as those with special needs)
  • recognize and facilitate dual responsibilities
  • foster continuous improvement
  • reinforce compliance
  • provide timely and accurate information to responders
  • facilitate the management and prioritization of resources
  • address information requirements
  • be user friendly
  • be tutorial in style