Focusing your Business Continuity Management (BCM) (Continuity of Operations (COOP))

The arrival of Covid-19 two years ago posed a serious and more difficult threat to most enterprises’ existence. The importance of business continuity management (BCM) in reducing possible hazards, speeding recovery, and meeting customer expectations has become critical for every firm, regardless of size, business vertical, government, or private entity. BCM is a methodology for determining an organization’s risk of being exposed to both internal and external threats. The purpose of BCM is to give the organization the capacity to respond effectively to risks such as pandemics, natural disasters, and data breaches while also protecting the organization’s commercial interests. Disaster recovery, business recovery, crisis management, incident management, emergency management, and contingency planning are all included in BCM.

When done correctly, BCM may provide any organization a competitive advantage. This is especially true if a disruption affects an entire group segment and you are able to respond or recover faster than your competition, reducing consumer inconvenience. When it becomes evident that you excel at dealing with operational disturbances, your brand will gain trust and certainty, allowing you to position your organization as a preferred alternative for your clients and even bolstering confidence and increasing shareholder value. This is no different in being a trusted government entity, department, or agency.

Understanding continuity and preparedness requirements, establishing business continuity management policies and objectives, implementing and operating controls and measures for managing an organization’s overall continuity risks, and continual improvement based on objective measurements are all covered by one internationally recognized standard, that being ISO 22301. The standard highlights the need of meeting and exceeding customer expectations in order to secure business longevity and revenue development.

It is critical that the thought leadership and every level of the organization understand the importance of readiness and continuity.

The most crucial part of developing a BCM is clearly articulating stakeholder demands; consequently, consumers must receive special attention because they are critical to the organization’s success. Focusing on customer needs will also allow the BCM to be fit for its purpose and provide the organisation with a clear picture of process criticality. As a result, you can expect positive results if you design and implement the business continuity plan from a customer’s perspective to drive the business impact analysis. Understanding your customers’ demands is critical to determining where you add value to them, as it allows you to prioritise and determine how much downtime is tolerable in various areas before affecting your bottom line.

Be S.M.A.R.T. about creating strategies and objectives for business continuity management.

Doing this guarantees that objectives are defined and matched with customer-oriented criteria. Internal and external dependencies that may have the greatest impact on an organization’s consumers are identified when policies and objectives are developed. Customer objectives should attempt to surpass consumers’ expectations rather than merely satisfying their requirements. As a result, any organization should make sure to provide top-notch quality consumer objectives. The goal of this setup is to ensure client retention, brand image, and eventually revenue growth.

There exists the importance of putting in place operational controls and procedures to manage an organization’s overall continuity risks.

Following the identification of customer demands and the establishment of essential policies and objectives for the organization, the next stage will be to implement controls that address and mitigate the identified risks. Because risks and changes are unavoidable in the environment in which your organization operates, a systematic approach to putting in place controls to reduce hazards is required. Setting up disaster recovery sites, business continuity strategies, and business continuity procedures are examples of these controls. Lack of these will eventually cause an organization to fail, leaving clients with little choice but to shift to competitors who will provide better choices, or at minimum a choice.

It’s a cycle of continuous development and improvement.

Continuous improvement is a continuous, cyclical endeavour to enhance goods, services, or processes. Processes are assessed and adjusted on a regular basis based on their efficiency, effectiveness, and adaptability to changing consumer requirements and business circumstances. Organizations employ a variety of approaches to structure the process of recognising and acting on opportunities for improvement. Six Sigma, Kaizen, Lean, and the Toyota Production System are examples of prevalent approaches. Although these approaches differ, they all share a common foundation in the continuous improvement paradigm and principles.

Small tweaks, rather than significant paradigm leaps or new breakthroughs, lead to improvements. One percent improvement a month leads to a 12% improvement annually. Employee suggestions are quite helpful. When Employees take ownership and are involved in incremental changes, which are often affordable to execute, improvement occurs.

And finally…one more thought.

Customers are the lifeblood of every organization, and this is something that every organization understands, or should understand. As a result, their pleasure is critical to the organization’s success, which may be secured by providing exceptional customer service. Customer happiness, brand image, and revenue growth have all been shown to improve when BCM is implemented. BCM is critical in this age of unpredictability, and enterprises are encouraged to use it to provide corporate stability and sufficiency for ever-changing client demands.

The Michael White Group International is an approved PECB ISO Standard(s) training provider. It all starts with a conversation.

Plan the Work. Work the Plan.

Reach out. We can help.

Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

Share

Are you practicing SITUATION AWARENESS?

Situation Awareness is a skillset that should be practiced daily and is a valuable tool for staff.

Increasing situation awareness, through constant development and use increases security, protection of staff, protection of assets and overall resiliency of staff and the organization.

Training Situation Awareness benefits every department across the organization.

This training can take many forms. The focus however should always be the same. Elevate the staff member’s capability of being aware of their surroundings and the different influences, factors, items, and people that make up the environment they’re in. Situation Awareness is a mental image of what is happening all around you. Hearing, seeing, feeling for information and the various cues and clues that those influences, factors, items, and people are making in that environment and piecing them together so that they can have a good idea of what is happening and then using that information to predict what happens next.

There are many reasons why we need to be situationally aware.

  • Personal Safety & Security
  • Crime
  • Workplace Safety

 

Personal Safety & Security

Situation Awareness training can greatly improve an individual’s personal safety and security, regardless of if they’re at work, home or at play. Being aware of the environment you’re in reduces the risk of placing yourself in harms way or removing yourself from harms way. Being aware of the individual that wants to or is about to cause you harm or steal some of your personal belongings, unfortunately in some locals, environments and situations is much needed. Unfortunately for most, we traverse through many different environments on a daily basis that vary in degrees of safety.

 

Crime

Levels of crime or criminal activity vary geographically and from environment to environment. Unfortunately, criminal activity affects many of us, especially crimes against a person, theft, verbal abuse, physical abuse all the way to the far end of the spectrum of terrorist events. In efforts to be continuously aware, individuals should keep themselves abreast of local news and events and equally important when travelling, their destinations local news and events.

Workplace Safety & Security

It is everyone’s collective and individual responsibility to make and improve workplace safety and security. Law enforcement organizations, Crime Stoppers chapter always encourage us to “See something. Say something”. This very same message applies equally from our personal lives to our working environment. “That’s not my job” just doesn’t cut it anymore. Situation Awareness training assists organizations in bettering the safety, security and overall resiliency of their employees resulting in a more safe, secure and resilient organization.

 

Situational Awareness Training Delivery

There are options for organizations when seeking out Situation Awareness training.

  •          In Person
  •          Virtual Classroom

 

In Person Training

It has been said that In Person training is the best delivery method and most beneficial for the participants. It can create an environment of interactivity between the instructor, the participant and with the other participants also. Our delivery of this training will only take up to half a day.

 

Virtual Training

The recent and ongoing pandemic also allowed us to pivot the training and provide it in the virtual world in the varying platforms of virtual meeting spaces. Virtual training offers benefits also in that, we can bring together staff from geographically challenging locals where costs to bring them together is prohibitive making an even larger training group more feasible.

Benefits

The benefits of Situation Awareness training are many for al individuals. Increased personal safety and security, increased security culture in the workplace and increasing the individual’s knowledge of the environment around them. Whether it is a high or low risk environment, situation awareness belongs there.

The value of the training, the value of the results shouldn’t be overlooked or underestimated.

Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

Share

UCaaS is critical for any authority service improvement

what is UCaaS?

Unified Communications as a Service (UCaaS)  is a network of cloud-based telephone system that controls the flow of calls coming in and out of your organization. We replace your on-premises PBXs, as well as your SIP, PRIs, and POTS lines. UCaaS enables you to use a variety of hosted programs and services (including instant messaging, video conferencing, file sharing, and email) over the Internet from any location and at any time.  In addition, UCaaS provides security, allows flexibility, and integrates well with your other software applications including MS Teams. UCaaS systems are updated frequently by the provider ensuring that your communication methods will always be up-to-date in our ever-evolving world.

Why UCaaS is critical for all customer-guided corporations?

 
GUARANTEES YOUR BUSINESS CONINUITY & SECURITY

Experteers can easily answer this for all municipalities and companies who care about their customers.

First of all we have to emphasize about the importance of continuity in all circumstances, UCaaS provides the best option to avoid your business any hiccups along the road because of any reasons. UCaaS is available on any communication device, laptop, or PC anywhere at anytime to be able to efficiently communicate with your customers.

Security is another crucial requirement for all connected networks, voice calls, video conferencing, and instant messaging are parts of all departments communications to enable them to work properly and deliver services. Experteers, as part of security provider, enable first layer of security by having all our servers in Canada, maintaining 100% availability by having four communication centers in main four cities in Canada in Montreal, Calgary, Vancouver, and Toronto, and to maintain the second layer of security by having all SOC certified centers.

INCORPORATES THE LATEST FEATURES

When you have UCaaS, you’ll be able to use all the latest functions and features without any additional cost. You’ll also have the assurance that your information is kept safe and secure in a reliable data center. Having the ability to keep your communications up-to-date allows you to remain competitive and helps to increase your overall performance.

 

OFFERS FLEXIBILITY AND SCALABILITY

UCaaS allows organizations to add and remove users (for example, temporary employees) without any significant infrastructure changes or capital investments. UCaaS also provides seamless work experiences for your employees since they are cloud-based and accessible from any location – great for those working remotely.

 

PROMOTES PRODUCTIVITY

By using a UCaaS system, your productivity increases. All of your employees have unified communications support that is sharable amongst all departments, and UCaaS integrates well with your other software applications (like CRM). UCaaS keeps communication lines open and provides ways for your employees to log into various devices to access their information (such as voicemails).

 

LAST BUT NOT LEAST

SAVES YOU MONEY

When switching to UCaaS, there are minimal upfront hardware costs – you only need phones. You will also have the ability to choose the services you need (and not waste money on the ones you do not). UCaaS allows you to concentrate on growing your business by decreasing your dependence on capital investments.

 

UCaaS

 

We at EXPERTEERS are helping municipalities, utility companies, and medical centers increase employee productivity by adding a state of the art Unified Communications Solution, enhancing collaboration and increasing employee efficiency.

  • Enable your team to work remotely (hybrid)
  • Train employees more efficiently with sentiment analysis
  • Monitor key performance metrics with automated reports
  • Boost company performance through detailed analytics & collaboration
  • .. and more

Let us help you improve your client experience, call us at EXPERTEERS to learn how we can help enable your business for success in 2022.

 

Experteers is a system integrator SI and managed service provider MSP for the following services:

– SASE / SD-WAN: to secure all ur networking between all branches.

– NGFW: Next Generation Fire Wall centralized to keep all networks secured in almost real-time updated system.

– NMS: Network Managed System to keep your visibility on all network elements and servers to improve your systems availability.

– Cyber-Security on all endpoints and servers

EXPERTEERS CORPORATION

WWW.EXPERTEERS.COM

Share

2022 Security Risk Budget Outlook

Moving on up

At the onset of the pandemic, Security Risk budgets decreased as organizations shuttered their doors and employees left the office, and organizations under duress looked for places to cut costs. Many found their savings in the Security budget. But now, the potential to double or triple budgets in 2022 maybe a reality.

Our research shows approximately two-thirds of security budgets increased in 2021 from 2020, but still have yet to reach or return to 2019 levels. 2022 has the potential to change that.

As organizations are set to come back to life in 2022 security risk events have not gone away. In fact, the COVID-19 pandemic created new security challenges. The new challenges have yet to be solved, and as schools and businesses reopen / remain open during potential future surges, the security risks of the past return as well. In order to protect themselves from past, current, and future threats, organizations need to reinvest in physical security.

Really watch

Real camera surveillance and real-time monitoring integrated with a uniformed security guard force that is properly trained may be for some organizations the order of the day. High-caliber uniforms security guards and training necessary to protect against threats to an organization cost more than $15-20 an hour. Challenges will emerge to protect your organization, your information, your IP, your personnel. All of this may lead to an explosion of security requirements, and the budget.

Another factor contributing to budget increases in 2022 is executive protection. According to the Ontic 2021 Mid-Year Outlook: State of Protective Intelligence Report, 58% of CEOs and senior leaders who expressed a stance on political issues received physical threats. Senior Public Officials and local health department leadership who encouraged health measures like vaccination or mask-wearing have also become targets of physical threats. Against the backdrop of this increased threat landscape, executive protection has grown in importance among physical security professionals.

An inner look

These aforementioned types of threats could also come from inside an organization. Leadership will either take a stand, or not take a stand. The personnel of an organization expect their leaders to take a stand, whatever that might be, for or against a particular issue or concern. Unfortunately, pent up frustration surrounding decisions may not even be pandemic related, and at times still result in leaders being threatened. In many areas of the country, threats against “leadership” is foreign territory for many organizations.

Integration

The threat landscape has always been uncertain and rapidly changing. With many advancements in approach, strategy, and technology, organizations can protect themselves with integrated security risk strategies.

As both physical and cyber threats compound, organizations are tasked with protecting themselves on all sides. With increased and realized threats there is one unfortunate downside. Higher security costs as risks to supply chains, cyber and physical security risks increase. During this pandemic many organizations have unfortunately learned that their security profile may not be or has been at a level they had hoped it to be. New gaps have been found, existing weaknesses have become even weaker and due to other impacts of the pandemic, organizations may have struggled to get the necessary supplies, purchases and even personnel in a manner to which they were once accustomed.

Plug it

Identify your shortfalls, your gaps and plug the holes. A comprehensive risk assessment will assist in that process. If organizations fail to plug those holes, and as they begin to re-open even more, they unfortunately will remain or fall back into a vulnerable position.

Proactive hard work

Technology enhancements, uniformed security, executive protection, education, and plain old attentiveness and proactive behaviour towards security risks to quickly address existing and newfound challenges brought forth because of the pandemic will require increases in security budgets in 2022.

Now more than ever we need to move beyond reactive, and proactively secure our organizations.

It all simply starts with a plan.

We can Help.

Plan the Work. Work the Plan.

 

Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

 

Share

Being aware – situationally aware

Our world has always been in a state of perpetual change. Now more than ever, it is perceived to be doing that at an ever-rapid pace.

Positive changes such as economic growth, and technology advancements to note a couple. Unfortunately, with the positive, comes the negative. A continuous cycle of persons who wish to do harm.

Safety and Security experts inform us that violent events will continue to happen. The violent extremist motivated and driven by an ideology, to the targeting of individuals, place of business, worship, acts of violence that permeate into every vertical, sector of business and government.

Active safety and security programs are continuous reviewed, modified to face existing and the new challenges of tomorrow.

To make your safety and security programs more effective, the program needs ambassadors, staff.

Ambassadors need to be aware. Situationally aware.

Situational awareness training provides your staff with valuable intelligence & time when facing safety and security situations of potential harm or danger.

Being situation aware is truly a change in mindset.

It is a way of thinking that will focus a person’s behaviour, their outlook, and their mental attitude. People that are aware are no longer vulnerable but capable.

Capable individuals are always prepared. Capable individuals are not complacent, they use technology to enhance their preparedness and response and their planning always includes a contingency plan.

Situationally aware staff improve the effectiveness of your safety and security program.

Situationally aware individuals enhance the workplace and enhance their personal safety and security.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance in Situation Awareness training, contact Michael White Group International today, and we will be happy to answer your questions.

Michael White Group International is Arcuri Group LLC approved Situation Awareness Specialist Certification Training provider.

 

Share

How have the pandemic adaptations affected your Physical Security?

Well into the COVID19 pandemic, organizations, governments big and small have had to take measures and make changes to their environments to adapt to the needs of their staff, customers, their service delivery model, requirements of health science, government agency regulations and perhaps “new” industry best practices and of course the ever-changing virus.

These measures have evolved into many different things. We’re going to specifically focus on physical security devices.

Two of the pervasive items that have been introduced in many environments are plexiglass and signage.

Organizations have installed plexiglass barriers at intersection points of personnel as they have the potential to interact with other personnel, customers, vendors, etc.

Informative signage itemizing physical distancing rules, self assessment health protocols have been placed all around in both strategic and random locations within the environment to ensure every opportunity for personnel and visitors to be informed.

Funny thing about all of this plexiglass barriers and signage.

In some cases, not all, we have inadvertently defeated some or many of the installed security devices functionality and purpose. That is, their ability to monitor, detect and alert (alarm).

  • Motion detectors blocked, unable to provide proper coverage
  • Cameras experiencing sun flare reflection off plexiglass
  • Nuisance alarms due to swinging signage on the increase
  • And other unforeseen affects

There are incidents where this is enough of this added material, that areas, although devices are active and functioning as per specifications, are unable to detect properly – leaving areas with no security detection or proper monitoring.

We have the answers.

Let’s go for a (physically distanced) walk and have a conversation.

Your security risk plans are more than just a motion detector or even a strategic camera placement.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Physical Security Risk: know how to assess it

 

Many small to medium sized business (and even large enterprise businesses)  and government, have limited budgets, let alone spending a lot on risk and security.

Before you do go and spend a lot of capital on risk and security mitigation measures (aka security cameras, access control, bars and locks, lighting, training, fencing, etc.), you need to know what you’re buying for.

That is, you need to know what risks you are addressing.

Risk dial

Having a Risk Assessment completed on your municipality narrows the focus of your spending and aligns your purchasing with the specific types of risk and security mitigation measures you need.

To get a little technical…Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It involves the process of identifying internal and external threats and vulnerabilities, identifying the probability and impact of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization’s operations, defining the controls in place necessary to reduce exposure and evaluating the cost of such controls.

That is a mouthful. Let us break this down a bit.

If you have a threat, but there is no vulnerability, then there is no risk.

If you have a vulnerability but no threat, no risk.

Perhaps something many can relate to, you went online and purchased some products, and they are set to be delivered to your home. And no, we are not going to discuss online security…a topic for another day perhaps.

The packages are delivered to your home. But because of your daily routine, errands, off to the office, or shop, you are not always home. The shiny object is the packages just delivered. The vulnerability or sometimes referred to as a gap, is you are not home, and the packages now sit on your front step unattended. The threat, someone will take those packages right from your front step.

So, going back to the assessment. The key is once you know what your largest threats are (and yes you need to be able to determine that), it is important that you take action (implement risk and security mitigation measures) to lower your vulnerability.

Why not eliminate the vulnerability?

Great question, thanks for asking.

Eliminating the vulnerability may not always be possible.

Some business sectors and industries simply have built-in threats. But, if we focus on lowering the vulnerability, we lower the risk of a loss.

The assessment is complete, and we have identified risks. The next important step is finding the risk and security measures that are going to be the most effective in mitigating the identified risk. These measures come in all different shapes and sizes, video surveillance, locks and safes, lighting, security focused training, etc.

Where in doubt, reach out to us or find your trusted Independent Risk and Security consultant.

Yes, we highlighted Independent. That is definitely a topic for another day.

It all starts with a conversation.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

 

Share

Do you know what you want or need?

It is important that you know what you are asking for…so that it’s not risky.

You have asked for an Assessment. Stakeholders are concerned about security. Is the goal to look to identify your Security Risks, Threats, Consequences or Vulnerabilities? Or all of them? Collectively, there is a formula for that.

Risk = Threats + Consequences + Vulnerability

Do not be taken in by someone who says all assessments are the same.  A risk assessment, threat assessment, vulnerability assessment, security audit or even a business impact analysis are not the same as each other.

Square peg, round hole.

A Threat assessment looks to understand what entities may have an interest in creating a security concern or problem for your organization.

A Security Audit is a validation or verification that security measures that are currently in place are actually in place and doing what they intended to do. This audit focuses specifically on the effectiveness of security and determines if a known vulnerability is being addressed. It does not measure risk.

Vulnerability Assessments look to understand both consequences and vulnerabilities. Threats however within a vulnerability assessment are assumed to be at a high level. At the end of a Vulnerability assessment organizations quite often implement increased security measures to address the vulnerabilities and lower the consequences. This happens because the level of threat and the probability of an occurrence from happening is not actually analyzed.

The Consequence focused Business Impact Analysis identifies the most critical of assets to an organization and sets out to build resiliency around these identified assets, most commonly as a business continuity plan.  Business Impact Analyses do not address threats or vulnerability.

The Risk Assessment is the most effective means of determining security adequacy as it considers all three elements of risk – threat, vulnerability, and consequence.  A Risk assessment should be the methodology of choice if you are seeking to determine your security adequacy and avoid the potential pitfalls of not having all of the information.

But all is not lost. It is okay if your organization needs to only conduct one or several of the assessments mentioned above. There may be cause for you to do one assessment over another, resulting in a more intimate understanding of that particular assessments output.

We can assist your organization in determining which of these assessments is best for you given your organization’s current security risk landscape.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

An Artist’s Eye to Risk & Security Program Success

 

 

Michelangelo famously created the sculpture David and JK Rowling famously revealed characters that already existed. Two completely different types of artists and art.

But how did Michelangelo actually approach this masterpiece? Did he take a stone and begin to carve, and David was eventually the result, or did he know that David was already in the stone and he had to carve away the waste to reveal him? JK Rowling did the latter.

Which approach applies to your organization?

Do you work to reveal the security practices that are already intuitively imbedded by hard working staff doing the right thing and expand on these, or realize that you need to start fresh and create something new?

Let us take a look. Your organization is well established. Many operational and strategic programs and processes are in place. But your now are faced with ramping up your security program. Create policies, procedures, establish the

With both approaches your personnel, all personnel, security or otherwise play the most significant part in the immediate and continued success of your Risk & Security program.

At a high level view, your Risk & Security program has 3 major components;

  1. Plans/Procedures: you need purpose, direction, and accountability
  2. Hard/Soft tools: software, hardware, technical systems…such as cameras, card access, etc.
  3. And the third piece that actually holds it all together and makes it work, people (personnel).

Of course, while the various plans/procedure, technical systems and devices assist in the assurance of security – it all ultimately boils down to personnel.

But they don’t just get there on their own.

There needs to be a commitment within your program to educate, cooperate, and involve personnel to be successful.

Not sure where to begin? We can help.

It all starts with a conversation.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Check please!

Is your security risk management, business continuity and any other resilience program you have simply to prove you have one? Check the box, so to speak? It’s perhaps stable, reliable, unchanging?

Then you have a problem. You’re doing it wrong.

You’re doing it wrong.

You’re programs should be designed to generate improvements. There should be a built-in restart, of the assessment process. The cycle should ensure improvements re-align to the overall business objectives. Your improvements should replace those areas of the program that don’t work, are unnecessary, and need revitalization.

We can help. We can help get your program from simply sustaining itself to regenerating, restarting, re-aligning, replacing, and revitalizing itself so that it works when needed; so that it works for you. We can help get your program working for you.

It starts with a conversation.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share