Skip to content
Pacific Resilience Institute
Foundation credential

Associate
Resilience Officer.

ARO is a professional credential, awarded on demonstrated capability. There is no taught course component and no examination that, on its own, confers the credential. To earn ARO, a candidate submits a portfolio of workplace evidence and completes a competency-based assessment against the PRI seven-domain framework at execution level. The PRI Operational Resilience Course is recommended preparation for candidates new to the field, but it is a separate offering with its own Certificate of Course Completion — not a route to certification.

CERTIFIEDASSOCIATE RESILIENCEOFFICER
How this credential is awarded

On demonstrated capability — not attendance or examination alone.

PRI credentials are professional designations. They are awarded on evidence of capability, experience and professional judgement, assessed against the PRI competency framework. Completing a PRI programme, or sitting a PRI examination, prepares a candidate for this assessment but does not, on its own, confer the credential.

Competency framework

Assessed across seven domains.

ARO assessment focuses on execution: applying the seven domains at task and process level inside a defined scope of work.

Domain 01
Risk & impact

Identifying important services, modelling impact and quantifying tolerance for disruption.

Domain 02
Service mapping

Mapping people, processes, technology and third parties supporting each important service.

Domain 03
Resilience design

Designing controls, redundancy and recovery to operate within tolerance under stress.

Domain 04
Incident response

Detecting, triaging and managing live disruption with disciplined logging and communications.

Domain 05
Governance

Operating resilience inside a board-accountable governance model with clear escalation.

Domain 06
Leadership

Leading teams through ambiguity, regulatory engagement and post-incident learning.

Domain 07
APAC environment

Operating across the regulatory, cross-border and infrastructure realities of Asia-Pacific.

Assessment model

How the credential is assessed.

01

Scenario-based assessment

A structured, scenario-based competency assessment conducted live by PRI assessors over Microsoft Teams. Candidates are asked to execute defined resilience tasks — running a BIA, logging an incident, producing a factual post-incident summary — against the seven competency domains at execution level.

02

Evidence submission

A portfolio of seven items — one per competency domain — drawn from the candidate's own work. Where commercial sensitivity prevents sharing a workplace artefact (for example a completed BIA), candidates submit a structured essay of roughly 800–1,200 words showing how they have applied that domain in practice, with anonymised examples.

03

Assessor review

PRI assessors review the live assessment and the seven-item portfolio against the seven competency domains. The credential is awarded only when both meet the foundation standard.

Tier
Foundation
Route
Competency assessment + evidence portfolio
CPD
20 hrs / year
Who it's for

The defined entry point to the profession.

ARO is for practitioners early in the discipline who can already evidence applied resilience work — not for absolute beginners looking for a syllabus to follow. Candidates new to the field who need structured learning typically complete the PRI Operational Resilience Course first, then return to apply for the ARO credential when they have evidence to submit.

Early-career practitioners

Analysts and coordinators already working in resilience, business continuity or operational risk who can evidence applied work.

Adjacent risk professionals

Internal audit, ORM and compliance staff who have picked up resilience responsibilities inside their role.

Career transitioners

People moving in from IT disaster recovery, corporate physical security, or military and law-enforcement backgrounds with applied evidence to submit.

Returning practitioners

Practitioners returning to the field who want their current capability recognised against a regional standard.

What an ARO holder can do

Seven demonstrated capabilities.

One capability per competency domain. Every ARO is assessed against all seven at execution level before the credential is awarded.

  • Domain 01 · Risk & impact

    Run a structured BIA

    Gather operational data, document recovery timelines and produce defensible RTO and MTPD numbers — not red/amber/green.

  • Domain 02 · Service mapping

    Map a critical activity

    Document the people, systems and vendors a critical activity depends on, at a level another practitioner can audit.

  • Domain 03 · Resilience design

    Coordinate a component test

    Run a desktop walkthrough or application failover at single-component level, capture the results and feed them back into the plan.

  • Domain 04 · Incident response

    Keep a defensible incident log

    Maintain a master log and produce a factual post-incident report that holds up to internal audit, legal review and regulator scrutiny.

  • Domain 05 · Governance

    Apply the standard terminology

    Use ISO 22301, APRA, MAS, HKMA and DORA terminology accurately inside your own organisation's policies, papers and discussions.

  • Domain 06 · Leadership

    Brief and coordinate stakeholders

    Lead a cross-functional walkthrough or debrief and communicate findings up to management without losing the technical detail.

  • Domain 07 · APAC landscape

    Read the APAC landscape

    Demonstrate working understanding of the Asia-Pacific operating environment — the regulatory landscape (own jurisdiction and the wider region), the threat picture, and the cultural and organisational dynamics — submitted as a required ~1,500-word thought-leadership piece. Multi-jurisdiction candidates show how they avoid duplicating effort across regimes; single-jurisdiction candidates show depth in their own; candidates in contexts without a specific resilience regime anchor to recognised standards (ISO 22301, BCI GPG).

Evidence portfolio

What candidates submit.

One item per competency domain — seven in total. Each item is drawn from the candidate's own work and aligned directly to the capability assessed for that domain.

For domains 1–6, where commercial sensitivity prevents sharing a workplace artefact (for example a completed BIA, an incident log or a vendor map), the candidate may submit a structured essay of roughly 800–1,200 words in its place — describing how they have applied that domain in practice, with anonymised examples and the working shown. Domain 7 (APAC landscape) is always a required ~1,500-word thought-leadership piece — there is no artefact alternative for that domain.

Domain 01 · Risk & impact

Artefact example: A business impact analysis you completed for a real business unit, with the working shown.

Essay alternative accepted where the artefact cannot be shared.

Domain 02 · Service mapping

Artefact example: A dependency or resource map for a critical activity, signed off inside your organisation.

Essay alternative accepted where the artefact cannot be shared.

Domain 03 · Resilience design

Artefact example: A write-up of a component test you coordinated — a desktop walkthrough, application failover or recovery rehearsal — with the results captured.

Essay alternative accepted where the artefact cannot be shared.

Domain 04 · Incident response

Artefact example: A defensible incident log or post-incident report you authored or substantially contributed to.

Essay alternative accepted where the artefact cannot be shared.

Domain 05 · Governance

Artefact example: A policy, standard or governance document you drafted, owned or reviewed inside your organisation.

Essay alternative accepted where the artefact cannot be shared.

Domain 06 · Leadership

Artefact example: A stakeholder briefing, exercise debrief or training material you led or delivered to a defined audience.

Essay alternative accepted where the artefact cannot be shared.

Domain 07 · APAC landscape

Artefact example: A ~1,500-word thought-leadership piece on the Asia-Pacific operating environment for resilience — the regulatory landscape (your own jurisdiction(s) and the wider region), the threat picture, and the cultural and organisational dynamics that shape how resilience actually gets done. Required of every candidate. There is no artefact alternative for this domain.

Required submission. No artefact alternative — every candidate writes this piece.

Continuing professional development

20 CPD hours a year to stay current.

ARO holders log 20 hours of CPD each year, weighted toward formal learning. The split: up to 10 hours of professional practice, and at least 10 hours of formal learning or industry events.

Professional practice · max 10 hrs
  • ·Maintaining internal business continuity plans.
  • ·Acting as log-keeper during live corporate disruptions.
  • ·Drafting internal BIA data sheets and refresh cycles.
Formal learning & events · min 10 hrs
  • ·Attending regional resilience webinars and PRI events.
  • ·Completing the PRI Operational Resilience Course or specialised IT disaster recovery training.
  • ·Participating in PRI chapter networking and study groups.

Annual recertification fee from $49 AUD (Tier 3) to $99 AUD (Tier 1).

Regional fees · AUD

ARO fees by region.

One standard, three regional pricing bands. Set in AUD by country of residence.

Download fees & tiers (PDF)
FeeTier 1Tier 2 −30%Tier 3 −50%
ARO credential assessment (one-off)$1,499$1,049$749
ARO recertification (annual)$99$69$49
Operational Resilience Course (optional preparation)$999$699$499
Tier 1 · High income

AU · NZ · SG · JP · HK · KR · TW

Tier 2 · Upper-middle

MY · TH · CN · FJ

Tier 3 · Lower-middle

IN · PH · ID · VN

No payment is taken at application. The assessment fee is invoiced when the candidate submits the completed evidence portfolio.

Programme details

What to expect, end to end.

Route to credential
Competency-based assessment against the PRI seven-domain framework, plus a portfolio of workplace evidence. No taught course component is required and there is no examination route.
Preparation
The PRI Operational Resilience Course is recommended for candidates new to the field. The course is a separate offering — it awards a Certificate of Course Completion, not the ARO credential.
Assessment format
A scenario-based competency assessment conducted live with a PRI assessor over Microsoft Teams. Candidates demonstrate applied judgement against execution-level tasks across the seven competency domains.
Evidence portfolio
Seven items — one per competency domain. Each item is either a workplace artefact (e.g. BIA, dependency map, incident log, PIR, governance document) or, where commercial sensitivity prevents sharing the artefact, an 800–1,200 word essay describing how the candidate has applied that domain.
Verification
PRI assessors corroborate evidence with the candidate's employer or an independent referee. Redactions of names, figures and counterparty detail are accepted.
Turnaround
From a complete application to written outcome is typically 8–10 weeks: intake and evidence review, scheduling and the live assessment, then independent assessor review and moderation. No fixed cohort dates — assessments are scheduled as evidence packs are ready.
Prerequisites
Applied resilience experience inside the candidate's role. No taught prerequisite and no prior qualifications required.
Language
Assessed in English. Glossary translations are available for key APAC regulatory terms.
Reassessment
Candidates who do not meet the standard receive written feedback and may strengthen and resubmit the specific items identified within 6 months. One free reassessment within that window.
Fees & payment
No payment is taken at application. The assessment fee is invoiced in AUD when the candidate submits the completed evidence portfolio (including the ~1,500-word APAC thought-leadership piece). The competency assessment is scheduled on receipt of payment.
Withdrawal
Application carries no charge and can be withdrawn at any time before evidence is submitted. After the assessment fee is paid, fees are refundable up to 21 days before the scheduled assessment.
Using the designation

Post-nominal letters you can use.

On award, you are entitled to append ARO after your name on business cards, LinkedIn, professional correspondence, and any internal or external publication while your certification remains in good standing.

Example signature
Priya Anand, ARO
Usage rules · ARO
  • Use the letters ARO directly after your name in professional contexts while your certification is current.
  • The ARO digital badge may be displayed on LinkedIn, email signatures, and your organisation's website.
  • Do not use the designation to imply specialist regulatory authority or chartered status — ARO is the foundation credential.
  • If your certification lapses, remove the post-nominal until you have completed reinstatement.
  • The PRI wordmark and ARO logo must not be altered, recoloured, or used in a way that suggests PRI endorses a product or service.
FAQ

Frequently asked questions.

No. ARO is a credential awarded on demonstrated capability, not on attendance. Candidates new to the field often complete the PRI Operational Resilience Course as preparation, but the course is a separate offering with its own Certificate of Course Completion. It is not a route to the ARO credential.

Apply for the ARO credential

Tell us a little about you and your role. The registrar will reply within 24 hours with the assessment intake schedule and the fee for your tier.