The purpose of Organizational Process Definition is to establish and maintain a usable set of organizational process assets and work environment standards for operational resilience.
Organizational process assets enable consistent resilience management process performance across the organization and provide a basis for cumulative, long-term benefits to the organization.
The organization’s process asset library is a collection of items maintained by the organization for use by the people and organizational units of the organization. This collection of items includes descriptions of processes and process elements, descriptions of life-cycle models, process tailoring guidelines, process-related documentation, and data. The organization’s process asset library supports organizational learning and process improvement by allowing the sharing of best practices and lessons learned across the organization.
The organization’s set of standard processes is tailored by organizational units to create their defined processes. The other organizational process assets are used to support tailoring and the implementation of the defined processes. The work environment standards are used to guide creation of organizational unit work environments.
A standard process is composed of other processes (i.e., subprocesses) or process elements. A process element is the fundamental (i.e., atomic) unit of process definition and describes the activities and tasks to consistently perform work. Process architecture provides rules for connecting the process elements of a standard process. The organization’s set of standard processes may include multiple process architectures.
Refer to the Organizational Process Focus process area for more information about organizational-process–related matters.
A set of organizational process assets is established and maintained.
The organization’s set of standard processes is established and maintained.
Standard processes may be defined at multiple levels in an enterprise and they may be related in a hierarchical manner. For example, an enterprise may have a set of standard processes that is tailored by individual organizational units (e.g., a division or site) in the enterprise to establish its set of standard processes. The set of standard processes may also be tailored for each of the organization’s lines of business or product lines. Thus “the organization’s set of standard processes” can refer to the standard processes established at the organization level and standard processes that may be established at lower levels, although some organizations may have only a single level of standard processes.
Multiple standard processes may be required to address the needs of different levels of organizational units or disciplines (for example, security versus business continuity). The organization’s set of standard processes contains process elements that may be interconnected according to one or more process architectures that describe the relationships among these process elements.
The organization’s set of standard processes typically includes technical, management, administrative, and support processes.
The organization’s set of standard processes should collectively cover all processes needed by the organization and its organizational units.
Typical Work Products
Subpractices
Each process element covers a bounded and closely related set of activities. The descriptions of the process elements may be templates to be filled in, fragments to be completed, abstractions to be refined, or complete descriptions to be tailored or used unmodified. These elements are described in sufficient detail such that the process, when fully defined, can be consistently performed by appropriately trained and skilled people.
The rules for describing the relationships among process elements are referred to as “process architecture.” The process architecture provides essential requirements and guidelines. The detailed specifications of these relationships are covered in the descriptions of the defined processes that are tailored from the organization’s set of standard processes.
Adherence to applicable process policies, standards, and models is typically demonstrated by developing a mapping from the organization’s set of standard processes to the relevant process policies, standards, and models. In addition, this mapping will be a useful input to future appraisals.
Refer to the Organizational Process Focus process area for more information about establishing and maintaining the organization’s process needs and objectives.
Tailoring criteria and guidelines for the organization’s set of standard processes are established and maintained.
The tailoring criteria and guidelines describe the following:
• how the organization’s set of standard processes and organizational process assets are used to create the defined processes
• mandatory requirements that must be satisfied by the defined processes (e.g., the subset of the organizational process assets that are essential for any defined process)
• options that can be exercised and criteria for selecting among the options
• procedures that must be followed in performing and documenting process tailoring
Flexibility in tailoring and defining processes is balanced with ensuring appropriate consistency in the processes across the organization. Flexibility is needed to address contextual variables such as the domain, technical difficulty of the work, and experience of the people implementing the process. Consistency across the organization is needed so that organizational standards, objectives, and strategies are appropriately addressed and process data and lessons learned can be shared.
Tailoring criteria and guidelines may allow for using a standard process “as is,” with no tailoring.
Typical work products
Subpractices
The organization’s measurement repository is established and maintained.
The repository contains both product and process measures that are related to the organization’s set of standard processes. It also contains or refers to the information needed to understand and interpret the measures and assess them for reasonableness and applicability. For example, the definitions of the measures are used to compare similar measures from different processes.
Typical work products
Subpractices
The measures in the common set are selected based on the organization’s set of standard processes. They are selected for their ability to provide visibility into process performance to support expected business objectives. The common set of measures may vary for different standard processes.
Operational definitions for the measures specify the procedures for collecting valid data and the point in the process where the data will be collected.
Refer to the Measurement and Analysis process area for more information about defining measures.
Refer to the Measurement and Analysis process area for more information about collecting and analyzing data.
The organization’s process asset library is established and maintained.
Subpractices
The items are selected based primarily on their relationship to the organization’s set of standard processes.
Work environment standards are established and maintained.
Work environment standards allow the organization to benefit from common tools, training, and maintenance, as well as cost savings from volume purchases. Work environment standards address the needs of all stakeholders and consider productivity, cost, availability, security, and workplace health, safety, and ergonomic factors. Work environment standards can include guidelines for tailoring and/or the use of waivers that allow adaptation of the organizational unit’s work environment to meet specific needs.
Typical work products
Subpractices
Organizational rules and guidelines for the structure, formation, and operation of integrated teams are established and maintained.
When executing work that crosses organizational lines, particularly work that represents convergent disciplines such as operational risk management, service continuity, and incident response, integrated teams must be structured, formed, and operated effectively.
Operating rules and guidelines for integrated teams define and control how teams are created and how they interact to accomplish objectives. Members of integrated teams must understand the standards for work and participate according to those standards.
Structuring integrated teams involves defining the number of teams, the type of each team, and how each team relates to the others in the structure. Forming integrated teams involves chartering each team, assigning team members and team leaders, and providing resources to each team to accomplish work.
Typical work products
In a successful teaming environment, clear channels of responsibility and authority must be established. Issues can arise at any level of the organization when integrated teams assume too much or too little authority and when it is unclear who is responsible for making decisions. Documenting and deploying organizational guidelines that clearly define the empowerment of integrated teams can prevent these issues.
A “home organization” is the organizational unit to which team members are assigned when they are not on an integrated team. A home organization may be called a “functional organization,” “home base,” “home office,” or “direct organization.”
Refer to the Generic Goals and Practices document in Appendix A for general guidance that applies to all process areas. This section provides elaborations relative to the application of the Generic Goals and Practices to the Organizational Process Definition process area.
The operational resilience management system supports and enables achievement of the specific goals of the Organizational Process Definition process area by transforming identifiable input work products to produce identifiable output work products.
Perform the specific practices of the Organizational Process Definition process area to develop work products and provide services to achieve the specific goals of the process area.
Elaboration:
Specific practices OPD:SG1.SP1 through OPD:SG1.SP6 are performed to achieve the goals of the organizational process definition process.
Organizational process definition is institutionalized as a managed process.
Establish and maintain governance over the planning and performance of the organizational process definition process.
Refer to the Enterprise Focus process area for more information about providing sponsorship and oversight to the organizational process definition process.
Subpractices
Elaboration:
Elaboration:
Establish and maintain the plan for performing the organizational process definition process.
Elaboration:
The plan for performing the organizational process definition process can be part of (or referenced by) the organization’s process improvement plan.
Subpractices
Elaboration:
Special consideration in the plan may have to be given to how the organization incorporates organizational process definition activities for staff who are not under direct control, including external entities such as contractors, service providers, suppliers, and other business partners.
Provide adequate resources for performing the organizational process definition process, developing the work products, and providing the services of the process.
Subpractices
Elaboration:
A process group typically manages the organizational process definition activities. This group typically is staffed by a core of professionals whose primary responsibility is coordinating organizational process improvement.
Refer to the Human Resource Management process area for information about acquiring staff for resilience roles and responsibilities.
Refer to the Financial Resource Management process area for information about budgeting for, funding, and accounting for organizational process definition activities.
Elaboration:
Assign responsibility and authority for performing the organizational process definition process, developing the work products, and providing the services of the process.
Refer to the Human Resource Management process area for more information about establishing resilience as a job responsibility, developing resilience performance goals and objectives, and measuring and assessing performance against these goals and objectives.
Elaboration:
Responsibility and authority may extend not only to staff inside the organization but to external entities with which the organization has a contractual agreement for using standard process definitions, standard process and product measures, and work environment standards.
Elaboration:
Refer to the External Dependencies Management process area for additional details about managing relationships with external entities.
Train the people performing or supporting the organizational process definition process as needed.
Refer to the Human Resource Management process area for more information about inventorying skill sets, establishing a skill set baseline, identifying required skill sets, and measuring and addressing skill deficiencies.
Subpractices
Elaboration:
Elaboration:
Place designated work products of the organizational process definition process under appropriate levels of control.
Elaboration:
Specific practice OPD SG1.SP1 calls for documenting all standard process definitions. OPD:SG1.SP2 requires the documentation of tailoring guidelines for standard processes. This generic practice covers all organizational process definition work products that are to be placed under control.
Identify and involve the relevant stakeholders of the organizational process definition process as planned.
Subpractices
Monitor and control the organizational process definition process against the plan for performing the process and take appropriate corrective action.
Refer to the Monitoring process area for more information about the collection, organization, and distribution of data that may be useful for monitoring and controlling processes.
Refer to the Measurement and Analysis process area for more information about establishing process metrics and measurement.
Refer to the Enterprise Focus process area for more information about providing process information to managers, identifying issues, and determining appropriate corrective actions.
Subpractices
Elaboration:
Elaboration:
Objectively evaluate adherence of the organizational process definition process against its process description, standards, and procedures, and address non-compliance.
Elaboration:
Review the activities, status, and results of the organizational process definition process with higher-level managers and resolve issues.
Refer to the Enterprise Focus process area for more information about providing sponsorship and oversight to the operational resilience management system.
Organizational process definition is institutionalized as a defined process.
Establish and maintain the description of a defined organizational process definition process.
Elaboration:
Organizational process definition is itself a defined process. The subpractices that normally appear in this practice are not included due to their metalevel and recursive nature (selecting from the organization’s set of standard processes, tailoring standard processes, meeting organizational process objectives, documenting the tailored process, and revising as necessary). (Refer to the Generic Goals and Practices document in Appendix A for further guidance.)
Collect organizational process definition work products, measures, measurement results, and improvement information derived from planning and performing the process to support the future use and improvement of the organization’s processes and process assets.
Elaboration:
Subpractices