Operational continuity
Operational resilience
Last updated: 12 May 2026
NewBridge Pathway is a small research-led advisory firm. Operational resilience means knowing which services matter, what they depend on, which interruptions would create commercial or client harm, and how the firm would recover from them.
Reference model
The FCA's PS21/3 Operational Resilience policy framework applies to banks, building societies, insurers, enhanced-scope SM&CR firms, and other specified regulated entities. NewBridge Pathway is not directly subject to PS21/3.
The framework is used as a reference model for the firm's own operational posture, because the same conceptual approach – identify important services, map dependencies, define impact tolerances, plan for continuity – applies usefully to firms operating outside the regime. The diagnostic methodology offered to regulated mortgage servicing clients via the Evidence Readiness Assessment draws on similar evidence-reconstruction discipline. NewBridge applies the same discipline to its own operations.
Important services
NewBridge identifies the following as important services. Interruptions to any of these would create client or commercial harm above a tolerable threshold:
- Public website and research distribution.
- Inquiry capture.
- Evidence Posture Snapshot delivery.
- Controlled evidence handling and client communications.
Dependencies
The main dependencies are hosting and DNS, form handling, email, source control, credential management, backups, endpoint devices, counsel, and insurance. Detailed dependency mapping is maintained internally.
Impact tolerances
For each important service, NewBridge maintains an internal estimate of the maximum tolerable interruption before client or commercial harm becomes material. The tolerances are reviewed when the operating environment changes – for example, when a dependency is replaced, when the operating scale changes, or when a new engagement profile creates a different harm threshold.
Internal tolerances are not published. They are made available to commercial engagement counterparts where reasonably required, and they inform the continuity plans below.
Continuity plans
- Founder and key-person cover. A documented succession contact and operational handover plan exists for the founder. Backup access to operational systems is held with a named alternate.
- Backup access. Critical credentials are held in named-user vaults with documented recovery paths.
- Incident response. Written protocol covering detection, containment, evidence preservation, notification to affected parties, and post-incident review.
- Evidence preservation. Engagement materials and incident artifacts are preserved per retention discipline. A documented hold process exists for engagement-period preservation.
- Client notification. Notification windows for engagement counterparts are defined in engagement contracts. For research correspondents – methodology-note request or inquiry submitters – reasonable notification is made via the contact pathway used.
How this connects to the services we provide
The Evidence Readiness Assessment asks whether firms can reconstruct what happened across policy trigger, composition, routing, delivery, archive, customer interaction, and outcome evidence. The same question applies to NewBridge's own operations: can the firm reconstruct what happened, demonstrate it to a counterpart, and recover from operational disruption without depending on any single item in the dependency list above?
The discipline that supports the diagnostic methodology supports the firm.
Related
- Security and compliance approach – current posture, what is not in place yet, and trigger-based commitments.
- Risk management approach – operational and engagement-specific risk discipline.