muniBLOG: Training

Physical Security Risk: know how to assess it

 

Many small to medium sized business (and even large enterprise businesses)  and government, have limited budgets, let alone spending a lot on risk and security.

Before you do go and spend a lot of capital on risk and security mitigation measures (aka security cameras, access control, bars and locks, lighting, training, fencing, etc.), you need to know what you’re buying for.

That is, you need to know what risks you are addressing.

Risk dial

Having a Risk Assessment completed on your municipality narrows the focus of your spending and aligns your purchasing with the specific types of risk and security mitigation measures you need.

To get a little technical…Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It involves the process of identifying internal and external threats and vulnerabilities, identifying the probability and impact of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization’s operations, defining the controls in place necessary to reduce exposure and evaluating the cost of such controls.

That is a mouthful. Let us break this down a bit.

If you have a threat, but there is no vulnerability, then there is no risk.

If you have a vulnerability but no threat, no risk.

Perhaps something many can relate to, you went online and purchased some products, and they are set to be delivered to your home. And no, we are not going to discuss online security…a topic for another day perhaps.

The packages are delivered to your home. But because of your daily routine, errands, off to the office, or shop, you are not always home. The shiny object is the packages just delivered. The vulnerability or sometimes referred to as a gap, is you are not home, and the packages now sit on your front step unattended. The threat, someone will take those packages right from your front step.

So, going back to the assessment. The key is once you know what your largest threats are (and yes you need to be able to determine that), it is important that you take action (implement risk and security mitigation measures) to lower your vulnerability.

Why not eliminate the vulnerability?

Great question, thanks for asking.

Eliminating the vulnerability may not always be possible.

Some business sectors and industries simply have built-in threats. But, if we focus on lowering the vulnerability, we lower the risk of a loss.

The assessment is complete, and we have identified risks. The next important step is finding the risk and security measures that are going to be the most effective in mitigating the identified risk. These measures come in all different shapes and sizes, video surveillance, locks and safes, lighting, security focused training, etc.

Where in doubt, reach out to us or find your trusted Independent Risk and Security consultant.

Yes, we highlighted Independent. That is definitely a topic for another day.

It all starts with a conversation.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

 

Share

Oh, you’re in Procurement…so what do you do exactly?

eye glasses sitting on a mouse pad

Have you ever told someone you’re a Procurement Professional, and then spent the next 20 minutes explaining what a Procurement Professional does?

 

Why is it that doctors and lawyers can simply say they’re doctors or lawyers and leave it at that…but as Procurement Professionals we turn ourselves into pretzels trying to justify our reason for existence?

 

One of the reasons is because the procurement industry, and we ourselves as Procurement Professionals, haven’t done a good job of defining our role in an organization

 

Remember, if you don’t define your role then somebody else will do it for you

 

So if your internal clients think your job is to get quotes, cut POs and make sure invoices get paid…those are the only things they’ll want your help with

 

But if you can articulate and, more importantly, demonstrate your understanding of your organizations competitive market positioning

 

And how you’re responsible for aligning the supply chain with the organizations goals and objectives

 

Then getting quotes and cutting POs isn’t who you are, it’s just some of the MANY things you do as a Procurement Professional

 

No here’s the catch…saying and doing are two very different things

 

So before you start telling your colleagues about secondary sourcing strategies to mitigate offshore supply chain risk

 

Or why it’s important to implement formal vendor management and category management programs in your organization

 

You should also have the skillset to do actually these things

 

And to help with that, we just launched new Strategic Sourcing Essentials eLearning course I co-developed with my friend and colleague, Mark Morrissey

 

Mark and I cover 6 modules in the course:

 

  1. Aligning Strategic Sourcing with corporate goals and objective
  2. Competitive Positioning and Supply Chain Risk
  3. Leading Class Practices
  4. Vendor Management
  5. Negotiation Strategies
  6. Case Study – Process Transformation

 

You can go through the course at your own pace, and when you’ve completed it and submitted your responses to the final case study, you’ll receive a digital certificate of completion

 

You’ll also have access to the course for 1 year so you can always go back and review any of the modules or chat with your peers that are also taking the course

 

And if you’re in a team of 3 or more people, you can take advantage of our corporate rates

 

2020’s been a tough year and many people didn’t get a chance for any meaningful professional development

 

Well this is a chance to, not only tick a box on your year-end review, but actually build on your skillset as a procurement professional

 

For more information you can visit our website

 

Thanks and hope to see you in the course,

Mohammed 

 

 

 

 

 

Share

Do you know what you want or need?

It is important that you know what you are asking for…so that it’s not risky.

You have asked for an Assessment. Stakeholders are concerned about security. Is the goal to look to identify your Security Risks, Threats, Consequences or Vulnerabilities? Or all of them? Collectively, there is a formula for that.

Risk = Threats + Consequences + Vulnerability

Do not be taken in by someone who says all assessments are the same.  A risk assessment, threat assessment, vulnerability assessment, security audit or even a business impact analysis are not the same as each other.

Square peg, round hole.

A Threat assessment looks to understand what entities may have an interest in creating a security concern or problem for your organization.

A Security Audit is a validation or verification that security measures that are currently in place are actually in place and doing what they intended to do. This audit focuses specifically on the effectiveness of security and determines if a known vulnerability is being addressed. It does not measure risk.

Vulnerability Assessments look to understand both consequences and vulnerabilities. Threats however within a vulnerability assessment are assumed to be at a high level. At the end of a Vulnerability assessment organizations quite often implement increased security measures to address the vulnerabilities and lower the consequences. This happens because the level of threat and the probability of an occurrence from happening is not actually analyzed.

The Consequence focused Business Impact Analysis identifies the most critical of assets to an organization and sets out to build resiliency around these identified assets, most commonly as a business continuity plan.  Business Impact Analyses do not address threats or vulnerability.

The Risk Assessment is the most effective means of determining security adequacy as it considers all three elements of risk – threat, vulnerability, and consequence.  A Risk assessment should be the methodology of choice if you are seeking to determine your security adequacy and avoid the potential pitfalls of not having all of the information.

But all is not lost. It is okay if your organization needs to only conduct one or several of the assessments mentioned above. There may be cause for you to do one assessment over another, resulting in a more intimate understanding of that particular assessments output.

We can assist your organization in determining which of these assessments is best for you given your organization’s current security risk landscape.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

An Artist’s Eye to Risk & Security Program Success

 

 

Michelangelo famously created the sculpture David and JK Rowling famously revealed characters that already existed. Two completely different types of artists and art.

But how did Michelangelo actually approach this masterpiece? Did he take a stone and begin to carve, and David was eventually the result, or did he know that David was already in the stone and he had to carve away the waste to reveal him? JK Rowling did the latter.

Which approach applies to your organization?

Do you work to reveal the security practices that are already intuitively imbedded by hard working staff doing the right thing and expand on these, or realize that you need to start fresh and create something new?

Let us take a look. Your organization is well established. Many operational and strategic programs and processes are in place. But your now are faced with ramping up your security program. Create policies, procedures, establish the

With both approaches your personnel, all personnel, security or otherwise play the most significant part in the immediate and continued success of your Risk & Security program.

At a high level view, your Risk & Security program has 3 major components;

  1. Plans/Procedures: you need purpose, direction, and accountability
  2. Hard/Soft tools: software, hardware, technical systems…such as cameras, card access, etc.
  3. And the third piece that actually holds it all together and makes it work, people (personnel).

Of course, while the various plans/procedure, technical systems and devices assist in the assurance of security – it all ultimately boils down to personnel.

But they don’t just get there on their own.

There needs to be a commitment within your program to educate, cooperate, and involve personnel to be successful.

Not sure where to begin? We can help.

It all starts with a conversation.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Digital Solutions for Canadian Municipalities

The past few months have been challenging for everyone as we change the way we live, play and work. Many industries have been forced to pivot and find digital solutions to continue serving their customers in the “new normal”. Canadian municipalities are no different. With many municipal offices closed to the public or working at a reduced capacity, there has never been a better time to start introducing digital solutions to work safer and work smarter. Here are some great digital solutions from Canadian muniSERV members to get you started.

Citizen Engagement/Customer Service

 AccessE11 is a Municipal 311, Citizen Issue and Relationship Management platform designed to provide small to mid-sized municipalities with a simple, cost-effective means to manage citizen issues. The platform drives simplicity, reduced administration, stronger decision making and better compliance across specific areas of focus within local government operations. Citizens can report issues and monitor the status of their issue digitally, improving customer service and operational transparency.

Smart City/IoT

 Trilliant has revolutionized how municipalities, cities, energy providers and utilities manage their mission-critical operations. Trilliant connects the world of things (IoT) and incorporates Smart City functionality to new or existing networks. Municipalities can improve the efficiency of their offerings through the implementation of things like advanced metering infrastructure for water, electricity and gas, smart street lighting, smart network sensors and so much more.

Treasury

 Clik2Pay  is a customer billing payments solution that allows citizens to receive and pay their tax bills or other municipal invoices directly from their smartphone. Municipalities benefit from quicker payments and simplified bill collection, all for less than it costs to pay by debit or credit card.

Payroll Efficiency

 Mother Clock  Inc. is a fully integrated time tracking payroll platform that is modernizing payroll technology. This tablet-based time tracking service is the solution for businesses that want to abandon paper-based processes.  Mobile employees can use their smartphones to clock-in/out with GPS time tracking, increasing accountability.

Cyber Security & Training

 RiskAware provides municipalities with an Information and Cyber Security advantage through governance, training, education and risk management. They can help you assess your digital risks before getting started.

Digital Transformation Consulting

 ArchITectAbility provides IT Advisory, Assurance, Architecture and Governance expert services as well as Business Process Re-engineering offerings. If you’re not sure where to start your digital transformation, here you go!

These are just a few of the great Canadian companies that are helping municipalities go digital. 

Search our  Find a  Consultant database by service, business name, province or city, for even more of our members’ innovative digital solutions, to help municipalities simplify processes and find efficiencies! 

Share

Immunity

 

No individual, no organization, no place is completely immune from some form of a disruptive event. Pandemics, epidemics, financial and government unrest, terrorism, on top of the myriad of natural disasters and the consequences of those events that countries, states, provinces, cities, large enterprise, and small/medium business all could experience.

With these disruptive events, all of the aforementioned entities have difficult decisions to make with regards to their investment into response (and to what level of response), what level of security, what level of operational capability do they need during and immediately after these type of events and others.

How do we reduce the impact of disruptive events?

Invest in enhancing resilience. Organizations require the ability to prepare and plan, absorb and recover for and from disruptive events.

Building resilience, maintaining resilience, staying resilient.

Being resilient, allows organizations to be better equipped to anticipate disruptive events with the expectation that losses are reduced.

Disruptive events will continue. A proactive approach to enhancing your organization’s resiliency will reduce the economic, reputational, and operational affects that disruptive events can cause.

It all starts with a conversation.

We can Help. We’ve helped organizations enhance their resiliency, and will continue to do so with a collaborative approach and transparent communication.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Risk Complacency

Why should you have a cyclical strategy to your risk and security?

Risk Complacency. You run the risk of being complacent. The one man-made hazard that is probably the easiest to avoid and the largest threat to any sized business, organization, government, event, institution, and book club. Okay, maybe not the book club.

 

So, what happened?

It was quiet. It was nice, there was a sense of security. Unfortunately, that feeling is usually supplemented with a lack of awareness. A lack of awareness of threats, dangers to your organization, those deficiencies that slowly creep up but yet can quickly hammer down all the previous work.

Plan out the work to get your organization on a cyclical strategy to address, manage and mitigate your risk and security threats.

Once planned out. Execute the plan. Do what you say you are going to do…and don’t stop.

Need help? We can Help.

It starts with a conversation.

As we say…Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Organizational Resiliency – What else is it good for?

What else does organizational resiliency do for the organization aside from being able to carry on during and after a disruptive event?

  • Reduces stress – it reduces stress in those managing and working prior to, during and after an event
  • Increase in trust and confidence – employees believe in the leadership, each other, and the plan to move through an event
  • Reduces absenteeism – people are comfortable and confident in the decision making of their peers and the responsibilities they have
  • Improvement in physical health and wellbeing – with strong mental health comes stronger and maintained physical health
  • Productivity increases – a happy workforce wants to produce
  • An alert workforce – reduction in accident and workplace injuries
  • Learning power – with overall personal health and wellbeing comes the drive, adaptability to learn and the willingness to be flexible in the event of change

There are other benefits to making your organization resilient that are not just about the bottom line.

We can help your organization in building your risk and security management program resiliency.

It starts with a conversation.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Redesigning The Way Your Company Works

COVID-19 has changed the way we work, play, and interact with our world. Whether your company is a single or multiple branch office operation, with industrial facilities or mobile public and field workers — developing a clear, concise program requires careful consideration and detailed risk and resource assessments.

Unique challenges require unique customized solutions.

The COVID-19 pandemic has created unique challenges for businesses and workforces all across Canada. Public health departments, government leaders, and associations provide continual streams of information where business owners and executives must analyze this information to the best of their ability, providing direction in the creation of customized solutions for their business.

Barantas Inc. (Barantas) has remained focused on the core principles of prevention and safety services offering clarity and direction to company programs and operational procedure development.

Barantas can assist in any of the following key areas:

  • Business re-opening plans and implementation strategies
  • Operational redesign of workspace management
  • Worker inter-personal safety prevention programs and methodologies
  • Workforce programs for office, industrial, municipal and education sectors
  • Construction project-specific pandemic enhanced programs and inspections
  • Health and safety manual and policy development
  • Personal protective equipment supply and sourcing (masks, gloves, face shields)

Barantas provides comprehensive, long-term protection strategies and a personalized partnership anchored by our commitment to service excellence.

Redesigning Workplaces in a Post Pandemic Era

Our national reach and multi-disciplinary approach to safety management allow you to access a complete suite of health and safety services for a fraction of what it would cost you to source these services individually.

Barantas interactively works with you in evaluating and developing your new workplace strategies and worker health and safety management. Our goal is to collaboratively provide our expertise and knowledge to your key persons or teams, building a sustainable, internal infrastructure focused on the health and safety of your workforce.

We utilize a FIVE phase process. This process begins with a data acquisition phase, where we learn and understand your business, through to ensuring your teams can execute, monitor and continually adapt your program to meet today’s and future challenges.

Our process is based on the following principles:

  • Risk Reduction: Focused on reducing risk through prevention methodologies using the hierarchy of controls.
  • Individual Health and Safety Protection: Ensuring your company is taking the precautions reasonable for the protection of workers, employees, clients and affected individuals.
  • Maintenance of Applicable Requirements: Continual monitoring of authority directives, legislative requirements, and corporate due diligence best practices combined into a preparedness program able to adapt to changing environments and new directives.
  • Education and Sustainability: As part of working with your team through the five-phase process, our goal is to ensure understanding and application of the principles and methodologies for key team members ensuring an ability to assess, respond and adapt to continual change in both external factors and internal business decisions.

FOR MORE INFORMATION ON OUR 5 STEP PROCESS https://www.barantas.ca/the-five-phase-process/

For a full version PDF of this document https://www.barantas.ca/pandemicmanagement/

 

 

Share

Do Not Lose Focus

Let us not forget about all the other risks & threats that kept us up at night before the threat of the pandemic landed on our doorsteps.

Yes, the response to the pandemic is important.  Unfortunately, there are other risks & threats that still exist.  

Do not lose focus.

Organizations now more than ever need to be able to strike a balance with multiple focal points whist executing their emergency response, risk & security, business continuity plans.

Stay organized.  Stay Sharp.

We can Help.

Plan the Work.  Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share