The Operational Resilience Framework Introduces New Maturity Model

Designed by Security Leaders from Multiple Sectors, the Framework Aids Organizations in Maintaining Service in the Event of Destructive Attacks or Adverse Events

FAIRFAX, Va.--()--In the year since the initial release of the Operational Resilience Framework (ORF) by the Business Resilience Council, the ORF working group has expanded the framework to include a maturity model and several working examples. The maturity model serves as a vital tool for organizations to assess their progress and readiness in implementing operational resilience practices. Additionally, the team has worked to incorporate ORF principles and rules into significant efforts such as the President’s Council of Advisors on Science and Technology (PCAST) project on cyber-physical resilience, and the National Automated Clearing House Association’s white paper, “Enhancing Operational Resilience for ACH Network Participants.”

Grounded in foundational works on operational resilience, such as the 2018 Bank of England paper “Building the UK financial sector’s operational resilience,” and contributions from regulatory bodies, trade associations, and individual institutions, the ORF moves beyond theoretical exploration, offering a suite of practical applications. Through collaborative efforts, the volunteer team of subject matter experts and professionals cultivated a robust framework of rules and tools tailored to bolster the resilience of organizations of all sizes.

The ORF ensures the continuity and swift recovery of critical data, systems and processes, aiming to minimize service disruptions to customers, partners and counterparties. In doing so, it mitigates systemic damage and curtails the risk of cascading disruptions, thereby reinforcing the operational continuity of organizations and entire sectors in the face of adverse events and destructive attacks.

“Thanks to the dedication and extensive efforts of our task force, we have successfully launched and refined a framework that significantly enhances the testing, analysis, and strengthening of business resilience,” said Mark Orsi, CEO of Global Resilience Federation, the parent organization of the Business Resilience Council. "With the ORF Rules and Maturity Model at our disposal, organizations are now empowered to bolster security and resilience, and to encourage vendors and suppliers to also adopt these practices. This collaborative approach is instrumental in cultivating a more resilient business community.”

Start enhancing your organization’s resilience today by visiting the ORF website to access the framework rules, explore the newly introduced maturity model, participate in practical exercises, and discover additional resources tailored to support your journey towards operational resilience.

About Business Resilience Council and the Global Resilience Federation

The Business Resilience Council (BRC) is a collective defense organization that operates across all sectors to build strong collaborative communities and regional efforts that create stability in times of crisis. The BRC is part of the Global Resilience Federation (GRF), a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs). Learn more about the Business Resilience Council at


Media inquiries may be directed to Patrick McGlone at

Social Media Profiles


Media inquiries may be directed to Patrick McGlone at