Artefact example: A business impact analysis you completed for a real business unit, with the working shown.
Essay alternative accepted where the artefact cannot be shared.
ARO is a professional credential, awarded on demonstrated capability. There is no taught course component and no examination that, on its own, confers the credential. To earn ARO, a candidate submits a portfolio of workplace evidence and completes a competency-based assessment against the PRI seven-domain framework at execution level. The PRI Operational Resilience Course is recommended preparation for candidates new to the field, but it is a separate offering with its own Certificate of Course Completion — not a route to certification.
PRI credentials are professional designations. They are awarded on evidence of capability, experience and professional judgement, assessed against the PRI competency framework. Completing a PRI programme, or sitting a PRI examination, prepares a candidate for this assessment but does not, on its own, confer the credential.
ARO assessment focuses on execution: applying the seven domains at task and process level inside a defined scope of work.
Identifying important services, modelling impact and quantifying tolerance for disruption.
Mapping people, processes, technology and third parties supporting each important service.
Designing controls, redundancy and recovery to operate within tolerance under stress.
Detecting, triaging and managing live disruption with disciplined logging and communications.
Operating resilience inside a board-accountable governance model with clear escalation.
Leading teams through ambiguity, regulatory engagement and post-incident learning.
Operating across the regulatory, cross-border and infrastructure realities of Asia-Pacific.
A structured, scenario-based competency assessment conducted live by PRI assessors over Microsoft Teams. Candidates are asked to execute defined resilience tasks — running a BIA, logging an incident, producing a factual post-incident summary — against the seven competency domains at execution level.
A portfolio of seven items — one per competency domain — drawn from the candidate's own work. Where commercial sensitivity prevents sharing a workplace artefact (for example a completed BIA), candidates submit a structured essay of roughly 800–1,200 words showing how they have applied that domain in practice, with anonymised examples.
PRI assessors review the live assessment and the seven-item portfolio against the seven competency domains. The credential is awarded only when both meet the foundation standard.
ARO is for practitioners early in the discipline who can already evidence applied resilience work — not for absolute beginners looking for a syllabus to follow. Candidates new to the field who need structured learning typically complete the PRI Operational Resilience Course first, then return to apply for the ARO credential when they have evidence to submit.
Analysts and coordinators already working in resilience, business continuity or operational risk who can evidence applied work.
Internal audit, ORM and compliance staff who have picked up resilience responsibilities inside their role.
People moving in from IT disaster recovery, corporate physical security, or military and law-enforcement backgrounds with applied evidence to submit.
Practitioners returning to the field who want their current capability recognised against a regional standard.
One capability per competency domain. Every ARO is assessed against all seven at execution level before the credential is awarded.
Gather operational data, document recovery timelines and produce defensible RTO and MTPD numbers — not red/amber/green.
Document the people, systems and vendors a critical activity depends on, at a level another practitioner can audit.
Run a desktop walkthrough or application failover at single-component level, capture the results and feed them back into the plan.
Maintain a master log and produce a factual post-incident report that holds up to internal audit, legal review and regulator scrutiny.
Use ISO 22301, APRA, MAS, HKMA and DORA terminology accurately inside your own organisation's policies, papers and discussions.
Lead a cross-functional walkthrough or debrief and communicate findings up to management without losing the technical detail.
Demonstrate working understanding of the Asia-Pacific operating environment — the regulatory landscape (own jurisdiction and the wider region), the threat picture, and the cultural and organisational dynamics — submitted as a required ~1,500-word thought-leadership piece. Multi-jurisdiction candidates show how they avoid duplicating effort across regimes; single-jurisdiction candidates show depth in their own; candidates in contexts without a specific resilience regime anchor to recognised standards (ISO 22301, BCI GPG).
One item per competency domain — seven in total. Each item is drawn from the candidate's own work and aligned directly to the capability assessed for that domain.
For domains 1–6, where commercial sensitivity prevents sharing a workplace artefact (for example a completed BIA, an incident log or a vendor map), the candidate may submit a structured essay of roughly 800–1,200 words in its place — describing how they have applied that domain in practice, with anonymised examples and the working shown. Domain 7 (APAC landscape) is always a required ~1,500-word thought-leadership piece — there is no artefact alternative for that domain.
Artefact example: A business impact analysis you completed for a real business unit, with the working shown.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A dependency or resource map for a critical activity, signed off inside your organisation.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A write-up of a component test you coordinated — a desktop walkthrough, application failover or recovery rehearsal — with the results captured.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A defensible incident log or post-incident report you authored or substantially contributed to.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A policy, standard or governance document you drafted, owned or reviewed inside your organisation.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A stakeholder briefing, exercise debrief or training material you led or delivered to a defined audience.
Essay alternative accepted where the artefact cannot be shared.
Artefact example: A ~1,500-word thought-leadership piece on the Asia-Pacific operating environment for resilience — the regulatory landscape (your own jurisdiction(s) and the wider region), the threat picture, and the cultural and organisational dynamics that shape how resilience actually gets done. Required of every candidate. There is no artefact alternative for this domain.
Required submission. No artefact alternative — every candidate writes this piece.
ARO holders log 20 hours of CPD each year, weighted toward formal learning. The split: up to 10 hours of professional practice, and at least 10 hours of formal learning or industry events.
Annual recertification fee from $49 AUD (Tier 3) to $99 AUD (Tier 1).
One standard, three regional pricing bands. Set in AUD by country of residence.
| Fee | Tier 1 | Tier 2 −30% | Tier 3 −50% |
|---|---|---|---|
| ARO credential assessment (one-off) | $1,499 | $1,049 | $749 |
| ARO recertification (annual) | $99 | $69 | $49 |
| Operational Resilience Course (optional preparation) | $999 | $699 | $499 |
AU · NZ · SG · JP · HK · KR · TW
MY · TH · CN · FJ
IN · PH · ID · VN
No payment is taken at application. The assessment fee is invoiced when the candidate submits the completed evidence portfolio.
On award, you are entitled to append ARO after your name on business cards, LinkedIn, professional correspondence, and any internal or external publication while your certification remains in good standing.