This action might not be possible to undo. Are you sure you want to continue?
affected area. Accidents, an inevitable part of some envi ronments, do not affect all your people or totally devalue all your assets. Terr orist do not consider everyone a viable target nor are their actions likely to i mpact everyone over the course of their lives. The facts remain that only a smal l percentage of events or incidents resulting in loss of value or productivity w ill affect your business but conversely a smaller part of your overall assets ar e likely to succumb to these events; possibly even repeatedly. If this is the re ality, why are there so many singular strategies for organizations, one-size-fit s-all policy, uniformity in the approach when greater economy could be achieved by focusing on the priority areas? Most of the threats (80%) will only likely pl ace at risk a smaller percentage (20%) of your assets. Do you know which ones? Too much time and deliberation is spent perfecting the process of identifying an d qualifying the threat. While it remains a valid and useful phase the process b ecomes unexplainably weaker or less popular once value and measurable impact are introduced. This is in part possibly due to the skill and experience of those c onducting the analysis/assessment who typical originate from a weak financial ba ckground. Even for those with little resources, training or even time, a qualify ing exercise to determine what the impact of service failure, disruption or othe r stressors will provide you with a workable project plan for applying solutions , counter measures or treatment options. This should have financial implications , tangible and intangible. The higher the number, the greater the priority and e asier to be presented to business leaders or collaborators. The easier you make the measurement or driver, in a format most commonly used, the greater adherence and buy-in you will get. Abstract terms, ratings, scientific pontification or j ust made up data will only erode the objective and almost all will loose interes t. No single person ever saved an entire organization, it takes systems and team work that follows a plan. Many conventions are derived from habit or transferred from what others believe to be comparable models. Take fire sprinklers and suppression systems for exampl e. A worthwhile investment and certainly mandated in some jurisdictions to preve nt loss of life, undue stress on public services or even making local authoritie s look bad. Whatever the driver they are common place. However, not every square meter of a building is at risk of having a fire originate in that locale. Much of the planning and installation works on the assumption it could start anywhere , spread anywhere so lets just cover the entire structure. Not necessarily an ef ficient or effective process but wide spread practice none-the-less. Transferrin g this methodology to all/any other part of the business would have questionable benefits or make financial sense. These kind of general applications of similar strategies discredit the validity of risk management and force undue cost onto organizations that quite reasonably at times will forego the entire solution bec ause the bulk of the concept is unnecessary, leaving the critical minority (20%) unprotected. Vision and direction begins with policy. However, this policy is a guiding princ iple with brevity and clarity not a standalone document. It should include the p riority of care or concern such as people, brand, buildings, etc. Priority of re sponse along with the objective of the efforts should be made clear to all. Any and all measures, outlined in subsequent procedural documents and training, shou ld be measurable (financially, operationally and even brand integrity) and const antly reviewed. While policy is unlikely to change for longer periods of time, t he process and even certain objectives may as the business changes in both cultu re and nature. The most effective policies are a single paragraph that encompass es all the aforementioned elements and does not dictate tactics for execution bu t ensures everyone at least moves forward in the same direction. Data is a great tool for creating foundation analysis but it should originate fr om both objective and subjective sources. Single minded collection, measurement
and review lead to much bigger falls. No company knows everything about itself o r everything else around it, no matter what some may think. Comparative informat ion, data, review and even assessments ensure greater transparency in the final outcome. Care needs to be applied to ensure it is not a popularity contest or ma nagement by consensus, a final impartial decision maker is still required. Compa nies of all sizes can apply this approach cost effectively and expediently while enjoying maximum return on investment not just plain old return on investment ( ROI). The clock is ticking, the world moves on and the business you had an hour ago is not the one you operate now. The process needs to be renewable, adaptive but ab ove all constantly applied by monitoring and surveillance. Monitoring is require d of the business, its actions, its impact, resources, threats, disruption impac t potential and relevance to the overall business concerns. Many events that arr ive on the doorsteps of your business first visited your neighbor or the busines s down the street. Just because you werenâ t watching will not get you a leave pass o n the impact your lack of preparation may bring to your organization. Larger com panies have internal resources for this purpose, but the smartest have both inte rnal and external for the reasons of effectiveness previously mentioned. Smaller companies, increasingly thanks to technology and a global market, can enjoy all the benefits of outsourced support that the larger companies do without the cos t of ownership or inefficiency but with all the benefits. Only a fraction of your workforce are at risk; a percentage of your travelers to o. Not all your fixed assets are of equal value nor will they be exposed to the same single loss expectancy (SLE) or annual loss expectancy (ALE). Only some mar kets need heightened levels of support and protection as much as only some marke ts are the most valuable to your overall financial health. Every single email pi ece of information your company possesses shares the same value. A single piece of code could be worth thousands but a warehouse of files could be nothing more than an administrative cost and operational burden. The problem with this all is that most companies simply donâ t know which end is which. The one-size-fits-all app roach is cheap, easily understood and been around for years. Secretly the more p rofitable, efficient and even safer companies have dispensed with the rule-of-th umb and focus their 80% resourcing on the most valuable 20% assets. Do you know your most valuable assets and are they better preserved than the lesser value as sets? Or are you just applying the same approach for everyone, thing, process or bit because that is the way it has always been done?