Cultural Web for Business Continuity: Security & Risk Management
Cultural Web for Business Continuity: Security & Risk Management. Tony Ridley, MSc CSyP MSyl M.ISRM

Cultural Web for Business Continuity: Security & Risk Management

Business continuity, security and risk management do not operate in a vacuum.

That is, each aspect of business continuity and security risk management, regardless of technology and automation, operate across complex human endeavours, relationships, culture and interactions.

The resulting cultural web for business continuity creates the paradigm for individuals, organisations and organisations, which in turn is inherently unique.

Business continuity, security and risk management practitioners should take heed and caution to map and understand these informal structures and relationships as they remain essential elements for activation of strategy, results and resilience.

"Business continuity management is about maintaining competitiveness, not the physical infrastructure that supports a firm" (Elliot et al., 2010)

The cultural web if influence, empowerment and inhibitors is typified by at least 6 core elements.

No alt text provided for this image

Cultural Web: Business Continuity. Security & Risk Management

Stories

The narratives that define and become normative within a department, organisation or community.

Triggers, success and benchmarking are routinely derived from these stories, fact or otherwise.

Business as usual or non-stop service?

Symbols

Formal and informal artefacts that define and influence culture.

Ranging from systems, titles, qualifications, importance, prominence and resourcing.

Jargon, entitlements, dress and attire, equipment, physical location within a building or work environment.

Power Structures

Where do business continuity, security and risk management report?

Champions, visibility, sponsorship and influence

Hierarchy, flat, informal, rivalry, control and disciplinary?

Organisational Structures

Business continuity, security and risk are neither IT functions nor technology dominant.

Report lines, geographical placement, support, dependencies, communications and prioritisation.

A series of informal and loosely connected tribal and sub-culture groups

Control and Reward Systems

Where does business continuity, security and risk management feature in annual reporting?

Is it substantiated or more likely anecdotal narratives, self-authored by freelance practitioners?

Remunerations, promotions, quality standards, qualifications and alignment with general management functions.

Rituals and Routines

An extension of the above elements.

Who is responsible, accountable, communicated and informed?

Is business continuity and security risk management involved at inception and change or an afterthought?

Safety first? Zero Tolerance. Business as Usual. Customer service. Blockers and inhibitors

A lack of cultural consideration or awareness within business continuity, security and risk management structures limits results, performance and professional standards.

Even more so if it is not documented or analysed.

It is always remarkable how many cultural narratives and evaluations circulate within an organisation, business continuity and security/risk management circles which are more often than not unsubstantiated opinions of accountants and management generalist with no formal or relevant qualifications in complex human, sociological, psychological and cultural studies.

In other words, culture is as much a throwaway buzzword as resilience, robust, evidence-based, empirical, iterative and countless other quasi-scientific catch phrases.

Tony Ridley, MSc CSyP MSyl M.ISRM

Security, Risk & Management Sciences

References:

Elliott, D. (2014) Disaster and Crisis Management, in Gill, M. (ed.) The Handbook of Security (2nd Edition) 2014. Basingstoke: Palgrave Macmillan, pp.813-836.

Elliott, D., Swartz, E. and Herbane, B. (2010) Business Continuity Management (2nd Edition) Abingdon: Routledge, pp.27,157 and 200.

要查看或添加评论,请登录

Ridley Tony的更多文章

社区洞察

其他会员也浏览了