The challenge?
Every company/organisation has internal tasks which include organization goals, compliances, governing body requirements etc which need to be accomplished. These could be related to
- Finance
- Human Resource
- Documentation
- Security
- Operation
- Compliance
- Infrastructure
In the mix of so many daunting challenges or issues it’s easy to get lost or push it for the future, when either future budget or resources can help create the perfect solution. But that’s the wrong approach. The perfect solution may never come your way. How does one tackle such a situation?
Kaizen and continuous improvement, small steps towards your goals.
Kaizen is a Japanese term meaning change for the better or continuous improvement. It is a Japanese business philosophy that concerns the processes that continuously improve operations and involve all employees. Kaizen sees improvement in productivity as a gradual and methodical process.
The idea is to change your approach from a virtue of perfectionism without any flaws to one of continuous improvement; of maybe slow but steady solutions which might not be perfect but reduce the risk in a significant way and make the gap towards what we want to achieve smaller. It’s not a one time solution or a patch. It’s continuous. It’s in steps, it’s gradual, but it’s progress nevertheless.
It also acknowledges that even simple small changes over time can have a big impact on the future. One small permanent change per month which improves things means 12 changes over a year which are permanent and forever present. It means next year you have 12 less challenges and you already are a better company than last year.
To summarize
“Continuous improvement is better than delayed perfection.” – Mark Twain
This post deals with our approach and does not necessarily cover all aspects of Kaizen or continuous improvements.
Risk register
To fix issues you first need to know the issues. Best approach is to maintain a risk register, which is a list of issues we consider as risk across these divisions sections. These items come from various sources eg
- Security audit
- Compliance requirements
- General discussions
- Client requirements
- Issues reported by staff
- Being self aware of challenges.
- Financial stats
- Operational challenges
- Company goals
This could be anything from having a hardware firewall for the internal network, to updating the internal CRM system for better visibility of income and expense between various departments.
Scared to have a risk register?
Being aware of your risk and shoving it under the bed away from sight is a no no. It’s good to have visibility of your risk, don’t be ashamed of it. Accept it. Every company will have risks, including the most professional and top of the layer. Having a list and assigning values of likelihood of the issue occurring and consequences if it occurs gives you good visibility of your overall known risk and helps you focus on the more important task. Marking risk items as completed gives a great sense of accomplishment and positivity about the direction of the company. You don’t need to solve all the problems. But whatever risks you reduce will help close another gap in your company.
Responsibility and employee/staff involvement.
The key ingredient you need is human resource. Many companies have a department or a key person for managing risks or are labeled under “continuous improvement” department supported by feedback from other departments. For a smaller company you should assign this role to at least a person.
You don’t need a person to fully commit all their time if you cannot provide that. Any time available to work on this is good. Ideally have a main go to person who then breaks down and assigns other key people responsible for mini tasks. Distributing the challenges across departments or tasks is a great way to reduce stress on a single individual which may slow the approach.
Make every staff member feel free to make suggestions for improvements. And make them part of the solution. They are responsible for maintaining how solutions are handled. They are helping fulfill the goals of the company. This is another key aspect of Kaizen.
At sapnagroup we have used surveys for getting answers to topics for training sessions as an example. We maintain groups to discuss various challenges and give collective solutions and approaches.
Continuous learning towards approach to managing risks/challenges
Once your risk register is ready, discuss the challenges and how to close them. Take items based on the higher risk scores and the ones which require less time for a great value in terms of closing gaps wrt effort. If the perfect solution is not possible, look at what can mitigate the risk and reduce it significantly. Discuss options and even create a task to review the different options before a final call. Taking a decision even if it’s not the best one is more important at times then taking no decisions at all. Create a culture of continuous learning and adaptation.
Standardization, elimination of waste and quality first.
Create a process for the risk or challenge, see if an existing standard exists which you can follow, eg for technical security an example is ISO 27001. Use standardization as a foundation for continuous improvement.
Similarly remove unwanted process or steps to make a process less complicated. A simple example is if you have multiple systems which your staff use, implement SSO, to remove having multiple account management, and having different systems have different rules for account security. It will be difficult managing multiple platforms for this.
While Kaizen encourages small steps, its important these are quality steps. Whatever is implemented even though though simple steps, make it a quality improvement.
Implementation.
Finally once the approach has been agreed go ahead and implement the solution. For this you need to check.
how it’s going to affect the current process. Create a documentation in simple language to explain this
Who will be affected by it. And preparing them for this.
People might still continue using the old approach. So understanding how to break habits. It could be wrt a policy or statement or getting acknowledgements from them.
Be patient, some implementations will take time to adapt but keep pushing for it to be adapted.
It’s also good if possible to see if you can via some stats gather and understand how a specific change has helped. Any kind of stats that can be gathered will help better visibility.
How did we use this as an approach at sapnagroup?
At sapnagroup we are committed to continuous improvement and in the past few months we have made a lot of changes to help mitigate our risks, listed below are a few of them.
- New central password manager for our entire staff with 2 factor. Help share passwords with other members etc.
- Acknowledgement from staff on password policy
- Our staff and our suppliers underwent 2 training sessions using the new training system “Dolphin” setup by us.
- Updated the supplier contract to the latest version
- Updated our SCC documents including UK addendum for SCC
- Conducted audits for physical security, asset management, HR related processes
- Conducted disaster recovery test for our critical systems
- Revised our HR policies and procedure and operations including documentation
- New system for managing agreements including getting them digitally signed.
- Updated our handbook to include new policies and guidelines for our staff and suppliers.
How can sapnagroup help your organisation?
sapnagroup and Sapna security are happy to help you
- Audit and create a risk document.
- Create solutions to mitigate your risk and manage them.
- Create compensating factors to reduce the risk severity
- Overall guide you in your continuous improvement of a more secure and safe organisation and services.
Contact us at [email protected] or visit us at https://www.sapnasecurity.com