Resilience Management Model (RMM)

CERT™ Resilience Management Model (CERT-RMM) is the most modern and comprehensive framework for managing operational resilience in a variety of organizations; small or large, simple or complex, public or private.

  • It enables a structured, repeatable, and integrated method for organizations to plan, assess, manage, and sustain not only preparedness planning efforts (e.g., disaster recovery, business continuity, crisis management) but also other key operational risk management activities such as information security and IT operations.
  • It is a process-based and capability-focused methodology grounded in the foundations of risk management and systems engineering. It addresses the protection of all essential operational assets (e.g., information, technology, people, and facilities) across categories of operational risk management practices (e.g., process management, operations management, engineering management).
  • It can be used to (1) assess the current level of preparedness and resilience competencies, (2) guide the organization’s future direction and investments, (3) measure progress towards the desired goal, and (4) ensure plans and processes evolve to maintain the desired level.
  • It is extremely flexible in the sense of the ease by which it can be tailored to the needs and nature of organizations. It can be applied to the enterprise horizontally (e.g., across organizational dividing lines) and/or vertically (e.g., across preparedness planning domains).
  • It provides a mechanism for adaptors to continue utilizing their preferred standards and codes of practice (e.g., ANSI/ASIS SPC.1-2009, BS 25999, ISO/IEC 24762, ISO/IEC 31000, NFPA 1600, etc.) while maturing the management and improvement of preparedness planning  and operational risk management activities in an integrated fashion.
  • For those organizations that are adopting or practicing multiple standards (e.g., because of compliancy requirements put upon them from different internal and external entities), it can serve as a single framework where compliancy to such multi-standard situations can be managed.

IT Cadre personnel have extensive hands-on experience with a wide range of RMM activities and services such as piloting, training, institutionalization, and assessment. IT Cadre is a CMU SEI Partner. Please contact us to learn more about how we might assist you in apply RMM concepts at your enterprise.

IT Cadre is a Veteran Owned Small Business (VOSB)

copyright © 2011 IT Cadre