Qualcomm’s 2023 Corporate Responsibility Report: Operational Resilience
Maintaining and safeguarding our operations
Originally published in Qualcomm's 2023 Corporate Responsibility Report
Our Operational Resilience function orchestrates the Company’s emergency operations, business resilience, IT incident response and IT service resilience disciplines. The proper adoption of these resilience disciplines enhances our capability to mitigate, prepare for, respond to and recover from operational disruptions.
We have established a vision and holistic approach to operational resilience based on leading industry standards. Our program is designed to provide agile decision-making in the face of potential threats, disasters and during an event. Disasters include local incidents such as building fires, regional physical incidents such as earthquakes or hurricanes/typhoons, technology disruptions and national incidents such as pandemic illnesses and events that occur due to climate change. Our approach is driven by Enterprise Risk Management (ERM) assessments, Company strategy, and regulatory and stakeholder requirements.
Our ERM program is integral to executing our strategic objectives. The program is driven by the ERM Operating Committee, which includes approximately 20 members in senior leadership positions across various functional areas, including Engineering, Finance, HR, IT, Legal, Marketing and Supply Chain. On an annual basis, this committee compiles, evaluates and tiers enterprise risks, including climate change-related risks, before developing associated mitigation plans. Oversight is provided by both the ERM Executive Committee and the Board, and mitigation plans are reviewed by the executive leadership bi-annually for continued relevance.
Our Operational Resilience team utilizes a threat risk assessment process to identify and evaluate risks on a regional basis that may affect the Company’s resilience. The threat risk assessment process ranks more than 30 environmental, operational and man-made risks based on the likelihood and impact of an occurrence. We consult with resilience leads based on the potential size and scope of specific impacts. This process is completed annually, with the results presented to executive sponsors. A roadmap is then developed by the operational resilience team and presented to the Governance Committee of the Board of Directors.
Operational Resilience leverages this data when determining the potential impacts from operational disruptions and documents recovery requirements, and devises strategies to enable the Company to continue critical business operations in the event of disaster. Operational Resilience evaluates the effectiveness of plans, assessments and risks identified with training and simulations. The overall program is aligned with ISO 22301, an international standard for business continuity management systems.