What does it taste like?

Pancake-with-Syrup-close-up1

 

 

So where do I put it?  What do I do with it? Will it last me long enough?  Do I need to get more of it?  When do I need to use it?  Does it go well with other things?

 

I’m not talking about maple syrup and whether or not you pour it over your pancakes or waffles directly or just on the side for dipping.  Whether or not you put enough on your plate.  Do you put it on now or wait for the butter to melt in.  And yes, it goes very well with many other things.

I’m talking about your Emergency Response plans.  The same questions apply.

Where do you put it?  Which department is going to manage the process of creating one?  Which individual or team is going to champion it to fruition?  Who will maintain it?  Who will test it?

What do you do with it?  You learn from it.  It becomes an integral part in the growth process of your organization.

Will it last? Only as long as you pay attention to it. Or in some instances only as long as you remain exposed to some risks that you may be able to avoid.

Do you need more of it?  Depends on what your risk tolerance is, what your risk assessments have told you and whether or not you have the internal resources to manage it properly.

Knowing when to use it is key.  Risk assessments and the intimate knowledge of the organization’s risk tolerance is a driver.

Yes, like syrup your emergency response plans go well with other things.  Your Business Continuity Plans.  Your Fire Safety Plans.  Staff training and orientation.  Strategic Plans.  It can touch and influence or be influenced by many of the hands and fingers of the business.

Plan the Work. Work the Plan.

 

 

Impressionable Security Culture Maintenance

impressions-hand-prints

Pretty hefty title to the article.  So what does it mean?  Let first start by tearing it apart.

Impressionable and at the very least the root word Impression.  Impressionable means to be easily influenced.  Impression is often defined as or something like an effect, feeling, or image retained as a consequence or end result of an experience.

Security Culture.  So many of you may work in a corporate environment that has a dominant security culture.  That’s been created either by way of processes that needed to be followed such as your physical access privileges or by way of expectation whereby security violations socially and morally unacceptable in the group.

Maintenance.  The process of preserving something or a certain condition.  So in the context of this article, maintaining a security culture.

 

So does what does this image say to you?  (For those who don’t recognize this device its a panic station.  Push a button, summons security to your location.  Many educational institutions have the deployed across their campuses and quite often integrate them into their video surveillance systems.)

panic stationMy immediate impression is that this is not valued.  This is not needed.  Especially when the refuge container is only five feet away, this device has been given the same value and purpose. This is a very expensive yet convenient drink holder.  A convenient shelf.

So why is that?  The message about…

what this is, what it is to be used for, why it’s there, why it’s needed, it’s value

…is not clearly expressed to the entire environment.

Let me describe the environment a little more.  This particular device is situated at the front door area of a prominent university in Canada (had I posted the original daylight photo you’d probably know where this is, also goes to show you that the garbage was there when I returned many hours later).  Sure the garbage was put there by lazy individuals who were most likely if asked “in a hurry”.  But this is at the front door and the fact that it was at the front door really doesn’t matter.  So when visiting this campus this is my first impression of what the safety and security culture or attitude is.  There isn’t one, at best its not strong.  This may or may not fizz some parents dropping off their kids to go here but may have stuck in the memories of many, including the students, visitors (as I was) and even visiting emergency services personnel.

So why do we accept it?  Listen, there was an agreed need to have such a device placed in dozens and dozens of locations at this particular campus.  I know that similar locations have been tagged with graffiti, notices about parties and so on.  I don’t mean to pick on this particular educational institutions because this sort of behavior happens on corporate campuses also.

My point in this rant…if you’re going to find the need to have these devices or many other safety and security devices, there needs to be a culture of understanding as to why they need to be there, what the devices are to be used for and that the need for everyone to ensure that they are readily available, free from obstruction, and free from unwanted distraction.  It’s not just the safety and security departments job to make this happen, its the faculty’s, the student body, visitors.  Anyone who appreciates the value of what this represents.  If the buy in exists throughout out and is maintained throughout, the impressions will last a lot longer.

Plan the Work. Work the Plan.

Why are there seperate tables?

Silo officeLook familiar?  Is this your office environment?

I’m guessing, unfortunately for many organizations this is still the environment that we work in.

I often go into organizations and all of the stakeholders are around the table.  Well, I’ve requested all of the stakeholders to be at the table, but often I’m missing a few.

Whether by conscience omission, or accident some departments are often not at the table.  Why?  Is there no value for them as an individual or department?  Did we internally forget to invite them?

So how is it when I need to talk about/edit/re-write or even create an overall Emergency Response Plan one or two of the various teams representative Business Continuity, Disaster Recovery, Facilities/Maintenance, Enterprise Risk Management and even Security (once) are not be at the table.  I’m mean they just didn’t miss a meeting or two they’re not there for the whole thing.  They’re not included, consulted, there’s not even a mention that their inclusion is important.

It’s truly time that we get rid of the silos.  Especially when it comes to emergency response, preparedness, overall organizational resiliency.  Many plans out there have too many gaps.  Security will do this whilst Business Continuity wants to execute this and Facilities/Maintenance isn’t prepared for that until this happens.

We all need to be on the same page.  We striving for the same things.  So why aren’t we talking?  Let’s talk.  You’d be surprised how we’re having the same conversation but not communicating.

Plan the Work. Work the Plan.

 

Live on Air

on air

 

Hopefully you already heard this, but for those you haven’t I had the opportunity to sit down with a close colleague of mine RoseAnn Waters The Transformational Entrepreneur and talk shop.

What makes me passionate about what I do, What experiences have I had along the way, what makes me different as a professional, who can I assist and guide and what am I striving for in the future.

I had a fantastic time.  Special thanks once again to RoseAnn Waters and her business partner Anna Hill for an enjoyable experience.

Click on the mic and listen to my interview; The Prepared Entrepreneur.

 

 

 

You know what you just did, right?

You know what you did, right?

So I’m going to do a lot in this post to “protect the innocent” or is the uninformed, but if I get to descriptive, you’re intelligent people you might just figure out where I was.

So I have an appointment at what could be, well it is considered a government infrastructure location.  So this location was pretty centralized within the city.  To add to it, it had nothing on the perimeter that would greatly attract attention to it.  I mean no armed guards patrolling the facility, turrets with with spot lights or a multi-tracking surveillance system with bio-metric analysis for access.

So that you get the picture…pretty plain.

So I have a scheduled appointment.  So as I’m waiting outside of the facility when what I can only assume was an employee of the facility, not my contact, approached me, a brief conversation determining the reason why I was there and boom…I’m in.  No call to verify, no reach out to their colleague, no text, no email not even a yell down the hall.  You get the picture.

So I’m passed the perimeter access, in through a few interior access doors and now I’m meters away from the heart of this building, the reason for it’s existence.  The reason for it’s existence, I’ll leave out.  So I’m placed in what can only be described really as an employee hang out or break area…not even in a monitored waiting area or lobby.

Oh I forgot to add that I was 15 minutes early for my appointment.  Was actually going to take the time to study the outside of the facility a little more but that really didn’t happen.

So there I sit and wait.  Five minutes before the appointment happens I receive an email:

I’m really sorry but something has come up and I won’t be able to make it to our appointment.  I’ve been pulled away to another facility.  I hope you haven’t been waiting outside the building too long.  I apologize.  Can we reschedule?

So a couple things.  Here I was in this building, not being monitored in any way from where I’m sitting only meters away from the belly of the beast.  My contact had not been informed that I was there.  The other employee took my word on face value.  Better yet I was given access without any verification, scrutiny, identification verification…I mean nothing.

So wow.  I don’t let anyone in my house unless I’ve come to some satisfaction I know who they are, why they’re there and what the intent of their visit is…family excluded.  Well most of them.

So where’s the failure.  Pretty obvious.  There is no security culture engrained into this facility.  There’s no belief that security is everyone’s job.  There may not be any access control policies…well l know there is, it’s not that enforced as I learned.

A simple risk assessment on the situation really held no weight.  So if i was on the on side of the team I would have just figured out how to get in again, but even better I was in already.  I might have just been able to go and do enough damage to hurt or even cripple this facility.  And walk away.  As far as my contact was concerned I was still outside or on my way.  The individual who let me in knew who I was to see, and the reason for it but never asked my name.

So lesson.  Make sure everyone knows what the policy is.  If you have appointments and can’t make it, contact someone on your team to make sure that this person is either not in or if they are in they get out.  Oh yeah…I let myself out.

Work on fostering a security culture, it is a  mind shift but it is beneficial and you don’t even need to be an infrastructure site to foster this type of environment.

As I always say, Plan the Work, Work the Plan.

 

Tipping Point

TippingPointSo here’s the thing.  You can preach about having great plans, great training, great response time.  You can do whatever is fiscally responsible, physically and mentally capable in your hands.  But where does it sometimes fall apart?  When the tools or infrastructure you’re given or have to work with are in disrepair, outdated or don’t even exist.

So where is my comment coming from?  As we’ve all witnessed many areas around the globe are getting hammered with extreme weather and other naturally occurring events.  Unfortunate for many local, regional, provincial, state or federal governments they have not done enough pre-planning over the years to recognize certain trends and react accordingly.  Why?  It costs money, it doesn’t win votes, it create deficits, generally people just might not be happy with the decisions.  Well they’re not happy now their home has been washed away, basement flooded, lives lost, life savings and sentimental keepsakes destroyed.

How are you or others expected to respond to an emergency or disaster when the initial tools that you may rely upon don’t work?  You’re behind the proverbial eight ball.  You are playing constant catch up.  The opportunity to go from response to recovery is delayed.  The cost of damages or even loss of life increases as you quite frankly respond to the uphill battle.

So what’s the answer?  The obvious answer is – things need to change.  We need to stop saying that we’re managing the event as best as we can.  Let’s be honest.  Our infrastructure is outdated.  If you don’t want this to happen again we need to invest in upgrading.  That’s going to cost money.  Yes.  Taxes may go up, user fees may be implemented.  Smarter design needs to be initiated, agreed upon and used.

I don’t have all of the answers.  What I do know is that there are so many innovative solutions out there to be implemented, there are thousands and thousands of great ideas wanting to be used.  Some are yes more expensive than others.  We’re at a tipping point.  Is the cost of not  implementing a solution more valuable than the losses that are created from not implementing the solution?

Risk Management – Benefits and Costs

Exposures to accidental loss, both actual and potential, impose costs on particular organizations and can have an effect on the entire economy. These costs fall into three broad categories:

  1. property, income, lives, and other things of value damaged or destroyed in accidents;
  2. the deterrence effects of potential accidental losses (the net benefits that could have been gained from activities no one undertook because they were judged to “risky”), and
  3. the resources devoted to managing accidental losses (resources that could have been put to alternative uses had there been no possibility of any accidental losses, no loss exposures).

For an individual organization and for the entire economy, the third category of costs represents the “cost of risk management“.  The reduction in either of the first two categories of costs makes up the “benefits of risk management.”

For an organization as for an economy, a proper risk management program minimizes the total of all three categories of these costs.  Not only does the individual organization reap the benefits of a Risk Management program, but that benefit reaches out to other organizations.