Now Available: The Bridging the Gap Toolkit

The Bridging the Gap Toolkit provides an actionable approach to leading and applying technology against core business issues of the organization. Technology is not a differentiator… but how we use Technology can be. The most successful organizations use technology to differentiate. But they don’t buy technology to differentiate, they apply technology to differentiate. The secret is in the application, and …

The Power of Business Rules

I’ve been applying a keen eye to Business Rules for a long time now. I find them to be some of the most important places where otherwise intelligent-seeming organizations loose their minds and embed rules so onerous they can literally take down even the largest organizations. Let’s look at a couple of business rules that demonstrate this. 1 – A …

The BPM Toolkit Series

I recently assembled a set of BPM toolkits from all of the process improvement work I have done throughout the world. These tools are derived from my personal experience leading process improvement projects and conducting process improvement training. These toolkits focus on different aspects of process management, from identifying and eliminating causes of work to innovating for market leadership. From …

How to Develop Internal Controls

I’ve been working with the design and implementation of internal compliance controls for ten years. I can’t believe that much time has passed! These thoughts were triggered from a comment dropped by my colleague and author-cohort friend Mr. Karl Perman. We were shooting the breeze, skipping across topics from work to play, just enjoying the chance to catch up on …

COMCAST AND THE CRIME OF THE CENTURY

This is one for the history books folks. In recent dealings with Comcast I had several things occur that I would not have thought possible. These events took to a dark place, one I had THOUGHT corporate America and finally figured out they have to stay away from. What could possibly be that bad? Ever heard of a Moment of …

Risk Management and NERC Compliance

The more I look at NERC Compliance the more I see the need for Risk Management. The rationale for this statement is based on the reality for most utilities – they are compliant but have minimal program oversight and almost no Risk analysis. This is a big problem and right now there is no get-out-of-jail-free-card. Stated another way, the vast …

CIP Low

CIP Low: Compliance Program Guide This book is focused on protecting Low Impact only BES assets, and their associated BES Cyber Systems & Cyber Assets. Based on NERC CIP Standards CIP-002-5.1a and CIP-003-6, with relevant consideration for pending versions CIP-003-7 and CIP-003-TCA, the steps and actions needed to ensure NERC CIP compliance are laid out here in plain English. So …

Protecting Critical Infrastructure

Protecting Critical Infrastructure: A Guide to Critical Infrastructure Protection Based on the North American Electric Reliability Corporation Critical Infrastructure Protection Standards – Now Available! This book presents the approach to critical infrastructure protection taken by the North American Electric Reliability Corporation’s CIP Standards. These standards apply to the electric industry, and serve to protect our bulk electric grid from compromise …

Process Driven Compliance – Protecting the Grid

Recently I have been discussing how process thinking and process technology can be used to produce more effective and proactive compliance controls. In particular, I have been doing a lot of work around NERC compliance – the regulations for the Electric Utility Industry. NERC compliance includes cyber security (CIP – Critical Infrastructure Protection) and operational compliance, often referred to as …

Process Driven Compliance Controls

An interesting take on process is the role it can play in compliance. Internal compliance controls traditionally look to either enforce policies or monitor for compliance issues. While this approach has merits, it has several characteristics that fall short of the goals of the organization. First, the “process” portion of compliance controls often remains disconnected from the work people perform …