Focusing your Business Continuity Management (BCM) (Continuity of Operations (COOP))

The arrival of Covid-19 two years ago posed a serious and more difficult threat to most enterprises’ existence. The importance of business continuity management (BCM) in reducing possible hazards, speeding recovery, and meeting customer expectations has become critical for every firm, regardless of size, business vertical, government, or private entity. BCM is a methodology for determining an organization’s risk of being exposed to both internal and external threats. The purpose of BCM is to give the organization the capacity to respond effectively to risks such as pandemics, natural disasters, and data breaches while also protecting the organization’s commercial interests. Disaster recovery, business recovery, crisis management, incident management, emergency management, and contingency planning are all included in BCM.

When done correctly, BCM may provide any organization a competitive advantage. This is especially true if a disruption affects an entire group segment and you are able to respond or recover faster than your competition, reducing consumer inconvenience. When it becomes evident that you excel at dealing with operational disturbances, your brand will gain trust and certainty, allowing you to position your organization as a preferred alternative for your clients and even bolstering confidence and increasing shareholder value. This is no different in being a trusted government entity, department, or agency.

Understanding continuity and preparedness requirements, establishing business continuity management policies and objectives, implementing and operating controls and measures for managing an organization’s overall continuity risks, and continual improvement based on objective measurements are all covered by one internationally recognized standard, that being ISO 22301. The standard highlights the need of meeting and exceeding customer expectations in order to secure business longevity and revenue development.

It is critical that the thought leadership and every level of the organization understand the importance of readiness and continuity.

The most crucial part of developing a BCM is clearly articulating stakeholder demands; consequently, consumers must receive special attention because they are critical to the organization’s success. Focusing on customer needs will also allow the BCM to be fit for its purpose and provide the organisation with a clear picture of process criticality. As a result, you can expect positive results if you design and implement the business continuity plan from a customer’s perspective to drive the business impact analysis. Understanding your customers’ demands is critical to determining where you add value to them, as it allows you to prioritise and determine how much downtime is tolerable in various areas before affecting your bottom line.

Be S.M.A.R.T. about creating strategies and objectives for business continuity management.

Doing this guarantees that objectives are defined and matched with customer-oriented criteria. Internal and external dependencies that may have the greatest impact on an organization’s consumers are identified when policies and objectives are developed. Customer objectives should attempt to surpass consumers’ expectations rather than merely satisfying their requirements. As a result, any organization should make sure to provide top-notch quality consumer objectives. The goal of this setup is to ensure client retention, brand image, and eventually revenue growth.

There exists the importance of putting in place operational controls and procedures to manage an organization’s overall continuity risks.

Following the identification of customer demands and the establishment of essential policies and objectives for the organization, the next stage will be to implement controls that address and mitigate the identified risks. Because risks and changes are unavoidable in the environment in which your organization operates, a systematic approach to putting in place controls to reduce hazards is required. Setting up disaster recovery sites, business continuity strategies, and business continuity procedures are examples of these controls. Lack of these will eventually cause an organization to fail, leaving clients with little choice but to shift to competitors who will provide better choices, or at minimum a choice.

It’s a cycle of continuous development and improvement.

Continuous improvement is a continuous, cyclical endeavour to enhance goods, services, or processes. Processes are assessed and adjusted on a regular basis based on their efficiency, effectiveness, and adaptability to changing consumer requirements and business circumstances. Organizations employ a variety of approaches to structure the process of recognising and acting on opportunities for improvement. Six Sigma, Kaizen, Lean, and the Toyota Production System are examples of prevalent approaches. Although these approaches differ, they all share a common foundation in the continuous improvement paradigm and principles.

Small tweaks, rather than significant paradigm leaps or new breakthroughs, lead to improvements. One percent improvement a month leads to a 12% improvement annually. Employee suggestions are quite helpful. When Employees take ownership and are involved in incremental changes, which are often affordable to execute, improvement occurs.

And finally…one more thought.

Customers are the lifeblood of every organization, and this is something that every organization understands, or should understand. As a result, their pleasure is critical to the organization’s success, which may be secured by providing exceptional customer service. Customer happiness, brand image, and revenue growth have all been shown to improve when BCM is implemented. BCM is critical in this age of unpredictability, and enterprises are encouraged to use it to provide corporate stability and sufficiency for ever-changing client demands.

The Michael White Group International is an approved PECB ISO Standard(s) training provider. It all starts with a conversation.

Plan the Work. Work the Plan.

Reach out. We can help.

Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

Share

Are you practicing SITUATION AWARENESS?

Situation Awareness is a skillset that should be practiced daily and is a valuable tool for staff.

Increasing situation awareness, through constant development and use increases security, protection of staff, protection of assets and overall resiliency of staff and the organization.

Training Situation Awareness benefits every department across the organization.

This training can take many forms. The focus however should always be the same. Elevate the staff member’s capability of being aware of their surroundings and the different influences, factors, items, and people that make up the environment they’re in. Situation Awareness is a mental image of what is happening all around you. Hearing, seeing, feeling for information and the various cues and clues that those influences, factors, items, and people are making in that environment and piecing them together so that they can have a good idea of what is happening and then using that information to predict what happens next.

There are many reasons why we need to be situationally aware.

  • Personal Safety & Security
  • Crime
  • Workplace Safety

 

Personal Safety & Security

Situation Awareness training can greatly improve an individual’s personal safety and security, regardless of if they’re at work, home or at play. Being aware of the environment you’re in reduces the risk of placing yourself in harms way or removing yourself from harms way. Being aware of the individual that wants to or is about to cause you harm or steal some of your personal belongings, unfortunately in some locals, environments and situations is much needed. Unfortunately for most, we traverse through many different environments on a daily basis that vary in degrees of safety.

 

Crime

Levels of crime or criminal activity vary geographically and from environment to environment. Unfortunately, criminal activity affects many of us, especially crimes against a person, theft, verbal abuse, physical abuse all the way to the far end of the spectrum of terrorist events. In efforts to be continuously aware, individuals should keep themselves abreast of local news and events and equally important when travelling, their destinations local news and events.

Workplace Safety & Security

It is everyone’s collective and individual responsibility to make and improve workplace safety and security. Law enforcement organizations, Crime Stoppers chapter always encourage us to “See something. Say something”. This very same message applies equally from our personal lives to our working environment. “That’s not my job” just doesn’t cut it anymore. Situation Awareness training assists organizations in bettering the safety, security and overall resiliency of their employees resulting in a more safe, secure and resilient organization.

 

Situational Awareness Training Delivery

There are options for organizations when seeking out Situation Awareness training.

  •          In Person
  •          Virtual Classroom

 

In Person Training

It has been said that In Person training is the best delivery method and most beneficial for the participants. It can create an environment of interactivity between the instructor, the participant and with the other participants also. Our delivery of this training will only take up to half a day.

 

Virtual Training

The recent and ongoing pandemic also allowed us to pivot the training and provide it in the virtual world in the varying platforms of virtual meeting spaces. Virtual training offers benefits also in that, we can bring together staff from geographically challenging locals where costs to bring them together is prohibitive making an even larger training group more feasible.

Benefits

The benefits of Situation Awareness training are many for al individuals. Increased personal safety and security, increased security culture in the workplace and increasing the individual’s knowledge of the environment around them. Whether it is a high or low risk environment, situation awareness belongs there.

The value of the training, the value of the results shouldn’t be overlooked or underestimated.


Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

Share

Are Your People Being Poached? It Might Be Time for a Leadership Check-up.

In the 2016 Ontario Municipal Chief Administrative Officer Survey, CAOs identified “poaching” of their employees as a significant problem. One CAO bluntly summed up the issue,

“It feels like the succession plan of some of my neighbours is just to recruit my best people with higher comp.”1

In 2022, the challenge of keeping good people continues and it is not limited to municipalities. While compensation is certainly a consideration in luring people away from their current employer, there is another variable that plays a significant role in employee retention. If the adage of “people leave managers not companies” is to be believed, it is prudent for an organization to consider current leadership health when addressing the talent retention issue.

In conversations with my clients confronting this challenge, I lead with this question:

In order to avoid the stiff competition of the current talent market, what are you doing to keep your good people?

This question is followed by a probing of their current leadership health.

·      Are your leaders self-aware and willing to set aside their own biases in their daily leadership practice?

·      Do your leaders have an objective understanding of what motivates each member of their team?

·      Do your leaders have the resources to lead effectively?

·      Do you collect data on a regular basis that provides insight into leadership successes and challenges at all levels, and do you create action plans in response to the story of this data?

I. Are your leaders self-aware and willing to set aside their own biases in their daily leadership practice?

There is no shortage of evidence reinforcing the importance of self-awareness in leadership.  Getting to that self-awareness through honest introspection, however, can be a humbling experience but at the same time, self-reflection is a powerful lever in recognizing one’s biases and realizing greater leadership potential. Ensuring that the organization’s leaders are provided with objective, frequent and reliable feedback about leadership behaviour at all levels can be a powerful strategy in retaining great employees.

II. Do your leaders have an objective understanding of what motivates each member of the teams they lead?

 All members of the team are “wired” differently and therefore require a differentiated leadership approach. Understanding what motivates and demotivates team members and applying this knowledge in the leader- team member relationship demonstrates the leader’s willingness to recognize and respect team members as individuals. Respect and understanding of unique qualities are powerful motivators for an employee’s loyalty to their manager and their desire to remain with the team (and the company).

III. Do your leaders have the resources to lead effectively?

There is an entire industry that has grown out of leadership development. In my own professional experience and that of my clients, there are three metrics that separate “one day wonder” leadership development efforts from those that gain traction and become hardwired into company culture.

1.     Simplicity – Leadership training and materials that are overly complex and require significant amounts of time and effort will not get used. Full stop. The measure of success for simplicity is the ability of leaders to immediately understand and apply new knowledge and materials in their daily leadership practice.

2.     Relevance – Leaders must see a direct connection between leadership development initiatives and their current situation. Moreover, they will need to be convinced of the benefit for themselves and their team.

3.     Accountability – Many leadership development initiatives fail because participants know they won’t be held accountable for implementation.  Perhaps the most powerful accountability strategy is for all levels of leadership, from front-line managers to the C-Suite, to embrace, model, and set an expectation for the implementation of a leadership development strategy.

IV. Do you collect data on a regular basis that provides insight into leadership successes and failures in your organization?

In the same way that leader self-awareness affirms areas of strength and challenge so too, does organizational self-awareness. How do employees feel about coming in to work every day? How do they feel about their boss or the people they work with? Do they have a sense of satisfaction in their job?  The answers to these and other important people-related questions will have impact on the success or failure of the organization because every business problem inevitably includes a people problem.

There are important considerations when conducting an organizational self-assessment:

1.     Measure what matters.  Specifically target those people areas that have the greatest impact on the achievement of organizational objectives

2.     Select the tools and strategies that will yield the most useful objective information and provide a macro view of the entire organization as well as a micro view of each department. These dual perspectives shed light on the performance of all leaders in the organization.

3.     Administer the assessment and collect the data in a timely manner.

4.     The process does not end with the assessment! Analyze the data and create an action plan with key performance indicators and timelines. Everyone in the organization needs to feel that their contribution made a difference.

It takes courage for an organization to “hold up a mirror” to itself, but the payoff is understanding current employee sentiment which is a powerful data point in strategizing for employee retention.

The best option for avoiding the current “war on talent” is to keep your good people from leaving. A talent strategy that includes asking the right questions about leadership health, conducting an objective assessment of current leadership practices, and creating an action plan informed by the story of the data, will be instrumental in the engagement and retention of great employees.

 

1Ontario Municipal Chief Administrative Officer Survey 2016,  A Candid Look at the Issues on the Minds of Ontario CAOs, SurveyCorp, Spring, 2016

Mitch LePage, a former public sector leader, is a Managing Principal with Predictive Success Corporation and leadership partner to private and public sector clients including municipalities. To discuss your talent strategy or challenges, you can reach Mitch at [email protected]

 

Share

UCaaS is critical for any authority service improvement

what is UCaaS?

Unified Communications as a Service (UCaaS)  is a network of cloud-based telephone system that controls the flow of calls coming in and out of your organization. We replace your on-premises PBXs, as well as your SIP, PRIs, and POTS lines. UCaaS enables you to use a variety of hosted programs and services (including instant messaging, video conferencing, file sharing, and email) over the Internet from any location and at any time.  In addition, UCaaS provides security, allows flexibility, and integrates well with your other software applications including MS Teams. UCaaS systems are updated frequently by the provider ensuring that your communication methods will always be up-to-date in our ever-evolving world.

Why UCaaS is critical for all customer-guided corporations?

 
GUARANTEES YOUR BUSINESS CONINUITY & SECURITY

Experteers can easily answer this for all municipalities and companies who care about their customers.

First of all we have to emphasize about the importance of continuity in all circumstances, UCaaS provides the best option to avoid your business any hiccups along the road because of any reasons. UCaaS is available on any communication device, laptop, or PC anywhere at anytime to be able to efficiently communicate with your customers.

Security is another crucial requirement for all connected networks, voice calls, video conferencing, and instant messaging are parts of all departments communications to enable them to work properly and deliver services. Experteers, as part of security provider, enable first layer of security by having all our servers in Canada, maintaining 100% availability by having four communication centers in main four cities in Canada in Montreal, Calgary, Vancouver, and Toronto, and to maintain the second layer of security by having all SOC certified centers.

INCORPORATES THE LATEST FEATURES

When you have UCaaS, you’ll be able to use all the latest functions and features without any additional cost. You’ll also have the assurance that your information is kept safe and secure in a reliable data center. Having the ability to keep your communications up-to-date allows you to remain competitive and helps to increase your overall performance.

 

OFFERS FLEXIBILITY AND SCALABILITY

UCaaS allows organizations to add and remove users (for example, temporary employees) without any significant infrastructure changes or capital investments. UCaaS also provides seamless work experiences for your employees since they are cloud-based and accessible from any location – great for those working remotely.

 

PROMOTES PRODUCTIVITY

By using a UCaaS system, your productivity increases. All of your employees have unified communications support that is sharable amongst all departments, and UCaaS integrates well with your other software applications (like CRM). UCaaS keeps communication lines open and provides ways for your employees to log into various devices to access their information (such as voicemails).

 

LAST BUT NOT LEAST

SAVES YOU MONEY

When switching to UCaaS, there are minimal upfront hardware costs – you only need phones. You will also have the ability to choose the services you need (and not waste money on the ones you do not). UCaaS allows you to concentrate on growing your business by decreasing your dependence on capital investments.

 

UCaaS

 

We at EXPERTEERS are helping municipalities, utility companies, and medical centers increase employee productivity by adding a state of the art Unified Communications Solution, enhancing collaboration and increasing employee efficiency.

  • Enable your team to work remotely (hybrid)
  • Train employees more efficiently with sentiment analysis
  • Monitor key performance metrics with automated reports
  • Boost company performance through detailed analytics & collaboration
  • .. and more

Let us help you improve your client experience, call us at EXPERTEERS to learn how we can help enable your business for success in 2022.

 

Experteers is a system integrator SI and managed service provider MSP for the following services:

– SASE / SD-WAN: to secure all ur networking between all branches.

– NGFW: Next Generation Fire Wall centralized to keep all networks secured in almost real-time updated system.

– NMS: Network Managed System to keep your visibility on all network elements and servers to improve your systems availability.

– Cyber-Security on all endpoints and servers

EXPERTEERS CORPORATION

WWW.EXPERTEERS.COM

Share

Great Coaching Begins with a Foundation of Trust

A coaching relationship involves two (or more) people who make up one team. Two people, same team, sounds obvious enough. Sometimes, however, coaching initiatives will bypass this fundamental consideration and drive headlong into the transactional stuff of imparting information. People are all “wired” differently, and it is that mutual understanding of this “wiring”, as well as applying established principles of effective teams, that contributes to the success of a coaching relationship.

The 5E Coaching framework, a five-step coaching methodology first introduced by The Predictive Index, begins with laying the foundation of trust between the two partners based on an objective awareness of each other’s behaviours and drives. In the succeeding steps described below, this awareness is leveraged to:

  • Recognize patterns of gap and fit
  • Formulate coaching objectives, and
  • Establish the “rules of engagement.

Step 1 – Enroll

The objective of Enroll is to build the foundation of trust between the partners in the coaching relationship. This trust naturally flows from the vulnerability that happens when the two individuals share information about their own behavioural drives and needs. An objective behavioural assessment* is helpful in providing these personal perspectives and mitigate the possibility of bias. Understanding a person’s disposition to such workplace realities as leadership style, response to conflict, mode of communication, approach to people interaction, adherence to detail and comfort with change, will be helpful in the subsequent stages of the 5E process, and lead to greater understanding of each other’s behaviours and motivations throughout the relationship.

Step 2 – Envision

In Envision, the mentee’s behavioural information is contrasted with the behaviours required by the role or skills being targeted. From this analysis patterns of gap and fit will emerge that inform the next stage of articulating concrete coaching objectives.

Step 3 – Establish

In Establish the partners develop consensus on the specific areas of gap and fit uncovered in Envision and formulate SMART** goals to build the adaptive capacity necessary to bridge gaps, and leverage areas of natural fit. Success criteria are agreed upon, key performance indicators are identified, specific activities are planned and expectations for the accountability of each partner are clearly established.

Step 4 – Execute

The objective of Execute is to do just that, effectively execute the plan. Awareness of each other’s behaviours and drives as well as the trust created in Enroll will be essential in responding to such potential flashpoints as delivering and receiving critical feedback, getting past one’s personal bias, managing competing priorities, addressing demands on time and sustaining commitment to the project.

Step 5 – Evaluate

Any initiative worth doing is worth reviewing. Included in the formative and summative debrief conversations will necessarily be an honest analysis of each partner’s impact on the process. This very personal perspective will be greatly aided by the foundation of trust that is developed in Enroll and reinforced throughout the 5E coaching process.

Summary

Great coaches recognize that laying a groundwork of trust is the first step in a productive coaching relationship. Taking the time to be more self-aware and partner-aware requires vulnerability but, as Patrick Lencioni points out, individual vulnerability reinforces the trust of an effective team. Coaching initiatives that don’t recognize the “wiring” of the individuals involved and ignore high-yield team strategies, deprive the partners of an essential opportunity to support their relationship, establish meaningful objectives, and ultimately guide the process to a successful conclusion.

—————————–

Notes:

* In my coaching work with clients, the Predictive Index Behaviour Assessment is used to inform the process of sharing information between coaching partners.

**SMART goals – Specific/Measurable/Achievable/Realistic/Time-Bound

Lencioni, Patrick (2002). The Five Dysfunctions of a Team, A Leadership Fable. Jossey-Bass.

Mitch LePage is a former public sector leader and currently serves as a Managing Principal with Toronto-based talent strategy firm Predictive Success Corporation. Mitch supports people strategy for private, public and not-for-profit clients. To learn more about 5E Coaching or to discuss talent strategy issues contact Mitch at [email protected]

Share

How COVID-19 Permanently Digitized Site Selection

Have you ever had a meal, gone on a date, or enjoyed a vacation so good it made you never want to repeat the lower quality experiences you’ve had in the past? Why would you want to eat bad food, date a loser, or suffer scratchy hotel sheets when you knew there was a better way for you to live and you could keep living that way? That ah-ha moment is the same realization that happened with corporate site selection during COVID, and why professionals will not go back to the old way of doing business.

The global pandemic was a disaster for business expansions and relocations, including foreign direct investment (FDI). The data is clear that these projects declined significantly as a result of the COVID pandemic, just like the overall economy. It was natural that businesses were unsettled by the economic upheaval, so they were uncomfortable making multi-million-dollar corporate location decisions without physically and personally “kicking the dirt” as part of their due diligence.

Economic developers couldn’t physically travel to meet with businesses considering a prospective location expansion into their community, especially internationally, due to legal restrictions. Likewise, corporations weren’t travelling to meet with real estate developers or EDOs. The risk was too great; death from a virus or becoming quarantined outside of a home country made even aggressive businesspeople reconsider traditional operating procedures.

When traditional business practices fail, new strategies get implemented to overcome the obstacles; no companies want to be stuck being unable to take action to move their company forward, even in an unprecedented pandemic. And that’s exactly what happened with corporate expansions and site selection projects.

The only way to do site selection analysis leading to corporate location expansions in a non-physical world was to go digital. As a result, business, corporate real estate, and economic development engaged in a test of purely digital site selection out of necessity. But the result of the experiment was that it worked. The outcome of this positive result is that many businesses are discovering there is an alternative and better way to do site selection.

Of course, the transition toward online site selection has been a gradual trend that has been growing for decades. The difference is that COVID was a stress test to see if corporate site selection could be accomplished 100% digitally. Like other industries, this trial-by-fire accelerated trends and is normalizing new practices into standard operating procedures.

Digitization was not an experiment and trial run that was unique to economic development:

 Like these other digital experiments, digital site selection has revealed new advantages and proven theories. Digital site selection:

  • Enables companies to consider more communities faster
  • Communities can be more easily compared with objective and consistent benchmark data
  • Assumptions about the need for in-person were proven incorrect and that they were replaced with web meetings
  • Taking multiple web meetings gets more accomplished and is faster than flying and driving to numerous in-person meetings
  • Economic development GIS site selection software met the challenge to deliver relevant location information and site selection analysis in real-time

Two key reasons that companies will not go back to the old way of doing site selection are 1) they have discovered digital is an acceptable/preferable alternative and 2) their success story is being amplified in awareness to CRE peers and CEOs in other companies through mainstream media.

What does this new digital reality look like for the process of site selection? How are site selectors themselves doing things differently? Join us tomorrow for Part II of How COVID-19 Permanently Digitized Site Selection.

Share

Being aware – situationally aware

Our world has always been in a state of perpetual change. Now more than ever, it is perceived to be doing that at an ever-rapid pace.

Positive changes such as economic growth, and technology advancements to note a couple. Unfortunately, with the positive, comes the negative. A continuous cycle of persons who wish to do harm.

Safety and Security experts inform us that violent events will continue to happen. The violent extremist motivated and driven by an ideology, to the targeting of individuals, place of business, worship, acts of violence that permeate into every vertical, sector of business and government.

Active safety and security programs are continuous reviewed, modified to face existing and the new challenges of tomorrow.

To make your safety and security programs more effective, the program needs ambassadors, staff.

Ambassadors need to be aware. Situationally aware.

Situational awareness training provides your staff with valuable intelligence & time when facing safety and security situations of potential harm or danger.

Being situation aware is truly a change in mindset.

It is a way of thinking that will focus a person’s behaviour, their outlook, and their mental attitude. People that are aware are no longer vulnerable but capable.

Capable individuals are always prepared. Capable individuals are not complacent, they use technology to enhance their preparedness and response and their planning always includes a contingency plan.

Situationally aware staff improve the effectiveness of your safety and security program.

Situationally aware individuals enhance the workplace and enhance their personal safety and security.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance in Situation Awareness training, contact Michael White Group International today, and we will be happy to answer your questions.

Michael White Group International is Arcuri Group LLC approved Situation Awareness Specialist Certification Training provider.

 

Share

How to Find the Budget for a Municipal Project

Have you ever received an RFP that doesn’t have any budget listed?  It makes it hard to truly understand the scope of the work requested, doesn’t it?

Municipalities have their hearts in the right place, but often they throw more “wants” into an RFP than they have the budget for. When the bids come in way over their budget, they have to start the whole RFP process all over again – wasting everyone’s time.  

Worst yet, those who bid the first time may not bother to submit a bid the second time around and the municipality may receive fewer bids and ultimately higher pricing.

In defense of municipalities, however, I’ve been on both sides of the argument on whether or not to include the budget for a project in an RFP.

As a CAO, I didn’t want to put the budget number in the RFP either, because I was afraid bidders would simply submit bids right up to the budget number. This is still a common misconception.

But now, experience has taught me, when bidders know the budget number, the reality is they more often submit bids lower than the budget, to try to win the work.

From the Bidders’ perspective though, it’s incredibly frustrating not knowing the budget number because you can’t accurately price the work without understanding the municipality’s expectations.

So, to connect the dots, here’s a tip for Bidders to find the budget for a municipal project.

 

In most cases you can, through good sleuthing, find the budget a municipality has set aside for a specific project.

  • Provincial Announcements

Often when Provinces announce funding for municipalities, they will have a press release and a link to find out which municipality received what amount for specific project(s). That’s the easiest way to find the budget for a project.  

  • Agendas & Minutes

If the municipality received funding for the project, Council will most likely have recently passed a resolution to approve the project.  By searching the municipality’s Agendas/ Minutes section of their website, you can usually find the resolution about a month or so before the RFP was issued.

Personally, I start by looking at the Agendas and searching keywords, related to whatever the RFP has been issued for.  (i.e. Service Delivery Review, Parks & Rec Roof Repairs, etc.).  The Agenda will help you narrow down the minutes that contain the resolution Council passed – and the resolution will normally have the dollar amount approved for the project.  

  • Budget

If the municipality did not receive funding for the project, you may not find a resolution approving it. So, another way you can sometimes find the budget for a project is by finding the municipality’s annual budget on their website.  

This is a bit harder to do if you’re not familiar with how a municipal budget looks, but look at the proposed expenditures for the current year, in the appropriate department and you may see the project noted separately in the annual budget. 

For example, you would most likely find the budget for “Service Delivery Review” in the General Administration part of the budget, or “Roof Repairs” in the Parks & Recreation part of the budget, etc.  

You can also check out the Special Budget Meetings of Council (again in the Agendas/Minutes section of the municipality’s website), and you may see mention of the project and how much Council wants to budget for it. 

It takes time, and it’s not always easy, but in most cases, it is possible to find the budget the municipality has set aside for a project. 

Happy Sleuthing Sherlock! 

Got questions?

Contact Susan Shannon, Founder & Principal, muniSERV.ca

855.477.5095 or [email protected]

 

Share

What type of testing is right for your website – Understanding the difference in website testing

In the last few weeks there has been a rise in reported malware and malicious attacks on small municipalities. Testing of three small municipality websites in recent weeks by our team has resulted in failures on all sites basic security parameters. We often hear small organizations saying they don’t need to worry about attacks, they aren’t “big enough” but anyone can be a target.

Regular testing your website for known vulnerabilities and emerging threats should become a part of your Cyber Security Road Map. The first step is identifying the type of web testing that is right for your infrastructure. Here are a few key questions to consider;

1) Where is your website hosted – do you host it yourself? Is it hosted by a third-party?
2) Who is responsible for the security of the host system, the operating system?
3) Do you have a web application firewall such as CloudFlare in front of your website?
4) Is your website a static page with content?
5) Do you have a login and if so what type of data is behind the login? Customer, pricing, private personal?
6) Do you have any API interactions with other applications?

When you start down the road of testing your website you want to consider the host operating system and the application. There are two key types of testing available, fully automated scanning and manual testing. Fully automated scanning is used for both host operating systems and web applications. The host operating system scan will scan for all currently known vulnerabilities affecting that operation system. It will report back on the CVE, the risk and usually suggested remediation tips. The same is true for the web application scanning. The fully automated web application scanner will scan your website at a minimum for the OWASP top 10 vulnerabilities and report back on risks and remediation. https://owasp.org/www-project-top-ten/.

Manual testing means that you have an actual person who is using various methods to determine the security of a host or the application and If the rules of the engagement permit, they will attempt to exploit a vulnerability and gain access, modify content or download information. There are varying degrees of manual testing, the simplest is one tester and one day and the more extensive 2 testers and 5 days of testing.

The type of test that is required for your website really depends on two main factors –

 

1. Have the host and application ever been tested before?

2. What is the criticality of the data being processed or stored on this site?

 

For example, if you have a very static page of content that is hosted by a third party, chances are a good OWASP 10 scan of you site will be sufficient to let you know if you have any glaring misconfigurations that could lead to a website defacement or potential attack on your site. If your website has a login and you allow users to sign up for accounts and host dynamic content, you would want to make sure you consider a manual test at least for the first test. Once a thorough baseline has been established for the site, testing can become more routine and automated.

We recommend you develop a plan for testing and make sure to include the above considerations. There might be special notifications you have to give in writing to a third party before you test an application, you might have to have a testing IP whitelisted in a web application firewall, you may need special accounts set up in the application for testing.

If you are unsure what type of test is right for your website, reach out to us and we will be glad to discuss options with you.

http://www.mi613.ca

Share

How have the pandemic adaptations affected your Physical Security?

Well into the COVID19 pandemic, organizations, governments big and small have had to take measures and make changes to their environments to adapt to the needs of their staff, customers, their service delivery model, requirements of health science, government agency regulations and perhaps “new” industry best practices and of course the ever-changing virus.

These measures have evolved into many different things. We’re going to specifically focus on physical security devices.

Two of the pervasive items that have been introduced in many environments are plexiglass and signage.

Organizations have installed plexiglass barriers at intersection points of personnel as they have the potential to interact with other personnel, customers, vendors, etc.

Informative signage itemizing physical distancing rules, self assessment health protocols have been placed all around in both strategic and random locations within the environment to ensure every opportunity for personnel and visitors to be informed.

Funny thing about all of this plexiglass barriers and signage.

In some cases, not all, we have inadvertently defeated some or many of the installed security devices functionality and purpose. That is, their ability to monitor, detect and alert (alarm).

  • Motion detectors blocked, unable to provide proper coverage
  • Cameras experiencing sun flare reflection off plexiglass
  • Nuisance alarms due to swinging signage on the increase
  • And other unforeseen affects

There are incidents where this is enough of this added material, that areas, although devices are active and functioning as per specifications, are unable to detect properly – leaving areas with no security detection or proper monitoring.

We have the answers.

Let’s go for a (physically distanced) walk and have a conversation.

Your security risk plans are more than just a motion detector or even a strategic camera placement.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share