Menu

Operations & Process Improvement

Mandatory Breach Notification – It’s complex, challenging and potentially costly. Are You Ready?

Cybersecurity

Author: Rob Brickman, 2018

What’s MBN and Why Should My Organization Care?

Starting November 1st, 2018, new Federal Mandatory Breach Notification (MBN) regulations require your organization to report on certain privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

You May Not Be Ready

Cyber-security, legal and other risk experts are expressing real concern about how ready Canadian organizations are to comply with MBN.  Without adequate preparation for MBN, your company could face penalties including fines for failing to report, a negative impact on your brand, audit exposures and the potential for class action suits.

How Widespread Are Breaches?

New data tells us that frequency, scope and costs of cybersecurity breaches are huge.  The IBM/Ponemon Institute “Cost of Data Breach” study recently concluded that 90% of Canadian companies experienced a breach in 2017, at an average of 22,000 records per breach.  The average cost per breach was over $6 million.

Despite these sobering figures,  Ernst & Young estimates that less than 10% of IT budgets are targeted to cybersecurity and breach management.  Your company may be focused on the technical security that keeps the organization and your customers safe, but you may not be ready for MBN.

Why Is Breach Reporting So Complex?

We’ve identified several elements that make MBN uniquely challenging:

  • Cybersecurity is a moving target – Ajay Sood at Symantec has noted that in cybersecurity “as the adversary changes its tactics and targets, organizations must alter their defences and countermeasures.”
  • New processes are required: Meeting MBN requirements demands re-designed, replicable processes and playbooks that integrate seamlessly with a patchwork of underlying cyber and breach technologies. Many of these may not be in your control.
  • Reliance on Third Parties – To manage cybersecurity, organizations may rely on a web of third-party Saas, IaaS and Managed Security Service Providers (MSSPs) for security infrastructure and incident management. Sometimes the service provider, networks and data reside outside Canada. Your existing contracts, SLAs and shared processes may not anticipate MBN requirements.
  • Complexity of tools – Effective MBN reporting is driven by data that come from multiple tools and systems which may be both inside and outside your organization’s control.
  • Matrix roles – When incidents and breaches occur, dozens of stakeholders, both internal and external to your organization, are affected by what happens. Your board, leadership, IT and Security, Business Continuity, Customer Support, Compliance, Legal, Regulatory, Risk Management, Business Partners and other functions all have a role to playas do your customers.
  • Funding – IT, Finance and other budgets may not have provided for the true costs of breach management, assessment and notification efforts.
  • Enforcement – the MBN requirements are new and confusing. The enforcement regime has yet to be defined by the Office of the Privacy Commissioner or the Attorney General.

How Can TPG Help?  The TPG “MBN Readiness Assessment”

The Poirier Group is one of Canada’s leading consultancies in focused performance improvement, with particular expertise in process design and change management.  We are uniquely equipped to help you plan and execute your MBN response.

To get started, we’ve developed a rapid MBN Readiness Assessment engagement. This exercise quickly highlights gaps in organizations’ MBN posture and recommends immediate steps to remediate processes and responsibilities, whether incidents and breaches are managed internally or by MSSPs.

Click on our MBN One Pager for more info!

Contact Rob Brickman to discuss this further at rob.brickman@thepoiriergroup.com

 

5 Morning Routines of Highly Successful People

Author: Allison Gage (2018)

As consultants, our work day can be unpredictable to say the least. Many days transform without notice as client needs and priorities change. It is hard to get into a routine, including establishing a morning routine. What we intend to complete rarely matches the plan. This is the case with many industries and professions.  How can we ensure optimal performance and use of time in an ever-changing environment?

Whether you’re a consultant or not, a strong morning routine can be the difference between running the day and letting the day run you.

The most successful leaders throughout time have had morning routines, and with good reason. Creating a morning routine is the best way to:

  1. Set a positive and productive tone for your day
  2. Tackle top tasks before distractions creep in
  3. Focus on your goals and the associated tasks
  4. Boost your happiness
  5. Reduce stress levels

What is also common between great leaders? The elements of said morning routine. Leaders understand that success is not isolated. How you do anything is how you do everything. So, how successful you are in your personal life is a direct correlation to success in your professional life and vice-versa.

If you’re looking to jumpstart the momentum needed for personal and professional success here are a few key elements to include in your morning routine:

1. Gratitude

First thing in the morning, before even getting out of bed, take a few minutes to stretch under the covers and express gratitude – write down or mentally go through a quick list of things you are grateful for this morning. (Bonus! Setting your intention for the day right after your gratitude allows you to set a positive foundation before you even get out of bed.)

2. Affirmations

Writing and speaking affirmations aloud is a great way to get your mindset right to start the day.  Affirmations allow us to re-program limiting thoughts or beliefs to match optimal results in our personal and professional lives.

3. Meditation / Visualization

Both only take a few minutes every day; meditation and visualization are very different but can be used individually or combined.  Mediation allows us to enhance consciousness and self-awareness while visualization allows us to concentrate on achieving goals and dreams.  These techniques can even improve health and assist in resolving issues or problems with seemingly no solution.

4. Exercise

Exercise helps clear the mind, reduce stress and ensure you start the day feeling refreshed and energized. Whether your exercise includes strength training, HIIT, a brisk walk around the neighbourhood or dancing in your living room – get your heart rate and vibration up. Taking care of your health is essential to success since success is a marathon, not a sprint.

5. Read

It can be hard to find time to read amidst the craziness of our daily schedule but we all know how important reading is to our success. Start your day with ideas that expand your mind and focus on subjects that correlate to your goals. Whether it’s 10 mins or an hour a day – focus on learning, reflecting and applying what you’ve read into your daily life.

I challenge you to create your own morning routine and be disciplined to it a habit. Discipline is critical to success as it will carry you through when you don’t “feel” like doing something. It will also bridge the gap until your morning routine becomes a habit and part of your new paradigm.

I leave you with this quote from Hal Elrod (“The Miracle Morning”):

Focused, productive successful mornings generate focused, productive, successful days – which inevitably create a successful life.

Lean Leaders can Overcome the “Three Root Sins”

jump over a cliff


Author: Cody McCullough (2018)

Defining and Recognizing the Three Candidates for Your Faults

Although the three root sins have a spiritual connotation, the intention of this article is to describe how each of the root sins creates underlying behaviors that lead to frequent faults and failings as lean leaders. Gemba Academy’s Ron Pereira discusses in a compelling podcast how the concept of the “Three Root Sins” can be applied to both business and continuous improvement.

All of us have tendencies and manifestations linked to all three of the root sins. By implying that we have a “root sin” simply means that for each of us, one of the three is dominant, and is more significant and employs greater influence on our day-to-day behavior than the others.

pushing a boulder up a hill

The three root sins are: PrideVanity, and Sensuality.

  1. Pride refers to a disordered attachment to our own excellence, and the inordinate opinion of one’s own importance, merit, or superiority.
  2. Vanity refers to a disordered attachment to the approval of other people.
  3. Sensuality refers to a disordered attachment to comfort, ease, and pleasure.

How to Overcome Your Root Sin as a Lean Leader

Once you have identified one (or more) of the three root sin candidates as being most applicable to you as a lean leader, the next step is to execute countermeasures or actions that will reduce or eliminate the problems that manifest themselves from the root sin.

Countermeasures to Pride – Gratitude and Humility

  • Lean implementations often fail because they are led by someone who’s ego prevents their team members from providing a unique perspective. Teamwork and team problem solving is at the heartbeat of lean.  By harnessing each team members unique skillset and appreciating their unique talents, lean leaders will realize that their team members and are more willing to identify problems and “go the extra mile” to fix a problem.

Countermeasures to Vanity – Understand the “WHY” behind your lean improvement program

  • A common trap or downfall for lean leaders is to overact to their team being categorized as overhead (not adding direct value to the product or service their organizations offer). Because of this, lean leaders will feel the need to justify their existence by trying to add value or seek approval from their superiors in any way possible.  Instead of the work being driven by the need to impress others within your organization, the work within a lean program should be driven by doing things the right way and with the right intentions, which is to maximize customer value while minimizing waste.

Countermeasures to Sensuality – Having courage to overcome difficult obstacles, not just the easy ones

  • Lean leaders must understand lean is very rarely easy or comfortable, and that there is no “get rich quick scheme”. Lean is a struggle which requires strength and courage to overcome each obstacle that is found along the way. Often, the most difficult and uncomfortable lean projects are the ones that result in the greatest direct savings and impactful team building experiences.  If you are overcome with wanting things that are easy, you will not succeed in lean.

If you want to get rid of the weeds, you can’t just pull out the stems; you have to get at the roots.

Notice that earlier in the article, we defined each of these root sins as a “disordered” attachment to something. The things in themselves – achievements, relationships, pleasures – are not evil. The problem comes when lean leaders seek meaning and fulfillment from these.

It is important to realize that we each have tendencies that manifest ourselves from pride, vanity, and sensuality. In each of us, one of the three is usually dominant. If we can identify which one, we can better aim our efforts to grow as lean leaders; we can strive to develop the virtues that counteract the cause, the root, of our falls and faults.

 

Interviewing Black Belts – Sifting through Candidates for Gold

interviewing black

 

Having interviewed dozens of black belts for positions in the past, I know that finding legitimately trained and competent Lean Six Sigma black belts is a challenge in the U.S. and Canada.

“I have gone through over 30 interviews to fill one black belt position and still haven’t found one.”

When I heard this statement come from a Lean Six Sigma black belt acquaintance a few weeks ago, I was not surprised. While I admire the quest to find the right corporate fit from a personality perspective, I knew this person was not referring to that, but rather to the challenge of finding a black belt who was truly technically qualified (and therefore capable of helping his business achieve process excellence, cut costs, and bring more money in).

What does it mean to be a qualified Six Sigma black belt?

For those of you unfamiliar with the belt structure and nomenclature, the most common and consistently acknowledged belts are as follows:

  • Green belt – trained with one project completed realizing financial benefits
  • Black belt – trained with two projects completed realizing financial benefits and ability to train green belts

The elusive high caliber black belt – why are they so hard to find?

The problem of finding competent black belts boils down to two issues:

  1. Unfortunately, many programs certify individuals for just going through training or completing a group project (multiple green belts on one project)
  2. There are no internationally recognized standards for training or certification body in the Lean Six Sigma community

I was very fortunate going through my Lean Six Sigma black belt training because my trainer and certifier was extremely rigorous to ensure integrity of his program. His certification rate was just over 50%. You were not automatically certified just going through the training, you had to earn it by also completing the individually managed projects successfully.

Step 1: Ask these two interview questions to sort through the applicant pool clutter

When I interview potential candidates, I always ask two questions:

  • “Can you walk me through one of your projects?”
  • “What sort of statistical analysis methods you have used in the past?”

In order to assess their credibility through their answers, you have to know a little about the project framework for Lean Six Sigma. Most projects will follow the D-M-A-I-C framework (pronounced duh-may-ick) because this method is utilized to repair business process failures causing an undesired state.

Step 2: A real black belt will be able to walk you through their DMAIC framework and how they used it to complete their project

  • Ask them what their “Primary Y” or primary metric was. All Lean Six Sigma projects rely on moving a primary metric from a current state to a desired state
  • As they wrap up their answer, really press for what the primary metric or primary Y moved from and to during the course of their project
  • Ask them what the business benefit was

If their answers do not make sense or they dance around the questions move on to the next candidate.Your cheatsheet: DMAIC stands for Define, Measure, Analyze, Improve, and Control

From a high level, the Define stage is used to identify your project charter and scope, form your subject matter expert team and initial business case, and identify metrics that will assess success of the project.

The Measure stage forms a measurement plan to understand the business process, value stream map it, and quantify the areas that may be causing the undesired outcomes.

The Analyze stage is used to do detective work and perform statistical tests to find your root cause(s) to the undesired state.

The Improve stage is as simple as it sounds: design solutions that eliminate the root cause(s).

The final stage, Control, is forming a control plan to sustain your solutions and success as you transition away from the project.

Step 3: If your candidate does not know common statistical terms, pass on them

Next, move on to questioning them about their statistical knowledge. One of the main factors that turn people away from learning Lean Six Sigma is the application of statistics. However, if you are a black belt, you have to know a series of different statistical tests and applications in projects. Hypothesis testing is almost always used in any project – t-tests, regression (f-tests), z-tests, chi-squared tests, etc.

Ask them if they know how to do Statistical Process Control (SPC) charting, Design of Experiments (DOE’s) and Process Capability Analysis.

Using these three simple steps in interviewing, you can easily sift through candidates to find the right one for your organization. Keep sifting, like my colleague, and you’ll eventually find gold.

What questions do you have about interviewing and identifying knowledgeable black belts? We’ve helped companies like yours find and keep talent. Leave us a comment below, or contact our team of cross-functional performance improvement specialists today for personalized support.

 

Industrial Engineering: The Business of Minimizing Costs

industrial engineering

 

The key goal of industrial engineering is to save businesses time, energy and money by using a toolbox full of principles and methodologies like Lean, Six Sigma, and Operational Excellence.

Industrial engineering optimizes the interaction between people, machines/assets, and their environment to reduce costs, eliminate waste, and minimize defects. It is now starting to become one of the fields in highest demand, and for good reasons.

The unique goal of industrial engineering: Minimize cost

In all other engineering disciplines, the focus is to generate revenue for companies by creating new products or services. For instance, mechanical engineers are prevalent in the auto manufacturing industry to help design cars, which are then sold for a profit.

In contrast, industrial engineering is the only field in engineering that focuses on the other side of the profit equation for companies: Cost.

This is done by eliminating waste through Lean principles, minimizing defects through Six Sigma implementations, and other related strategies.

Save money with these 3 key areas of industrial engineering

There are three primary areas studied in industrial engineering:

  1. Human factors.This focuses in areas such as ergonomics – the scientific approach to optimizing a human’s well-being in their work environment – and cognitive design – the harmony between how humans use products and services in their optimal design
  2. Process and layout design. This is the scientific approach to calculating the optimal steps to perform work with the lowest headcount possible and the highest amount of quality
  3. Operations research. Scientific techniques (including simulation and statistics) are used to arrive at the optimal solution. An example would be someone finding the optimal routing pattern for UPS drivers to ensure they are traveling the shortest distance and using the least amount of gas

The language of industrial engineering in the corporate world

Today, the corporate world is saturated with buzzwords that have trickled in from the field of industrial engineering. The everyday language of industrial engineers is now being spoken by more and more non-manufacturing businesses around the globe. These terms include:

  • Six Sigma
  • Lean
  • Operational Excellence
  • Total Preventative Maintenance (TPM)
  • Continuous Improvement
  • Business Process Management

The list of terms goes on, but the underlying science that links all of these buzzwords is industrial engineering.

The key to growing profits and your business is process excellence. For that, choose the right employees

What this all boils down to is this: If you’re in need of a way to take your organization’s money-saving strategies to the next level, it’s time to start looking to hire an industrial engineer.

Think about it this way: If you were a CFO, would you want an accounting department manager who went to school for history? If you ran a law firm, would you only employ those who majored in economics? It’s simple: Hire people with the right credentials, and watch your processes improve.

If you want a team that’s fit to help your business optimize costs and save valuable company dollars, you probably want a team of industrial engineers. It’s ideal for a reason – it works.

Looking to take your business to the next level by leveraging these tools from the world of industrial engineering? Leave us a comment below, or contact our team of cross-functional performance improvement specialists today to learn more.