Organisational Resilience - New and improved BS 65000

Organisational Resilience – New and improved BS 65000 – with added resilience!

BS 65000 is still being developed, but the draft document has reached a point in the development process where there are some clear indications about the direction of travel for the standard and its contents.

The standard has evolved from “guidance” to a “Code of Practice”.

This is a particularly important evolution point …

Guidance standards are usually less prescriptive in nature and supply high level instructions, while a code of practice recommends sound, good practices, which are currently being used by competent practitioners. A code of practice is also designed to supply flexibility in application and indicative benchmarks or outcomes. The evolution in the standard documents reflects the evolution of the application of organisational resilience from theory to reality.

BS 65000 supplies the clear direction that organisational resilience is a strategic capability, and the potential benefits of developing the capability for an organisation are clearly set out and expressed.

The first notable change is that the proposed definition of organisational resilience has evolved:

FROM: “the ability of an organisation to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper”.

TO: the “capability of an organisation to be prepared for disruption and to adapt and thrive in a changing environment”.

The new standard sets out the specific elements needed to develop the resilience capability as a set of clearly defined principles or goals.

BS 65000 highlights the need to integrate all the relevant activities in an organization, such as crisis management, risk management, change and project management, governance, business continuity, security management, etc. to develop organisational resilience.

The resilience maturity assessment method has been carried forward from the 2014 version, but it has been updated to better align with the principles-based approach for a programme’s implementation.

In conclusion, the updated version of BS 65000 is a clear progression from the earlier iteration of the standard and reflects the developments made in industry and academia. It will be interesting to see how organisations implement the updated ideas from the standard and what developments that will drive in the next review for 2027.

Read our previous update in the organisational resilience series:

Organizational Resilience – an update on developments >>

If you would like to know more and how we are assisting our clients in adjusting to the new standard, please contact us at

We’d love to hear from you

Kev is a risk and resilience professional with proven expertise in the areas of risk management, cyber and information risk, business continuity and IT disaster recovery, crisis management and resilience. Kev has delivered strategic and operational solutions for the protection of organizations, people and assets.

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Kev Brear

Director of Consulting Technology Risk

Speak to me directly by Email, or
Telephone: +44 (020) 3745 7820

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>