Vehicle Cyber Security RFC

National Highway Traffic Safety Administration Request for Comment on Cybersecurity Best Practices for Modern Vehicles AGENCY: National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT). ACTION: Request for public comment. SUMMARY: NHTSA invites public comment on its Cybersecurity Best Practices for Modern Vehicles. The document is available for a 30 day comment period here.

DATES: You should submit your comments early enough to ensure that Docket Management receives them no later than November 28, 2016. ADDRESSES: Comments should refer to the docket number above and be submitted by one of the following methods: •Federal Rulemaking Portal: http://www.regulations.gov. Follow the online instructions for submitting comments.

Mail: Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001. •Hand Delivery: 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal Holidays.

Instructions: For detailed instructions on submitting comments and additional information on the rulemaking process, see the Public Participation heading of the SUPPLEMENTARY INFORMATION section of this document. Note that all comments received will be posted without change to http://www.regulations.gov, including any personal information provided.

Privacy Act: Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78). For access to the docket to read background documents or comments received, go to http://www.regulations.gov or the street address listed above. Follow the online instructions for accessing the dockets.

FOR FURTHER INFORMATION CONTACT: For technical issues: Mr. Arthur Carter of NHTSA’s Office of Vehicle Crash Avoidance & Electronic Controls Research at (202) 366–5669 or by email at arthur.carter@dot.gov. For legal issues: Mr. Steve Wood of NHTSA’s Office of Chief Counsel at (202) 366– 5240 or by email at steve.wood@dot.gov. SUPPLEMENTARY INFORMATION: A top NHTSA priority is enhancing vehicle cybersecurity to mitigate cyber threats that could present unreasonable safety risks to the public or compromise sensitive data such as personally identifiable information. And, the agency is actively engaged in approaches to improve the cybersecurity of modern vehicles. The agency has been conducting research and actively engaging stakeholders to identify effective methods to address the vehicle cybersecurity challenges. For example, in January 2016, NHTSA convened a public vehicle cybersecurity roundtable meeting in Washington, DC to facilitate diverse stakeholder discussion on key vehicle cybersecurity topics. Over 300 individuals attended this meeting. These attendees represented over 200 unique organizations that included 17 Original Equipment Manufacturers (OEMs), 25 government entities, and 13 industry associations. During the roundtable meeting, the stakeholder groups identified actionable steps for he vehicle manufacturing industry to effectively and expeditiously address vehicle cybersecurity challenges. As a follow up, NHTSA held a meeting with other government agencies in February 2016 to discuss possibilities for collaboration among Federal partners to help the industry improve vehicle cybersecurity. As a result of the extensive public and private stakeholder engagement, NHTSA has developed a set of best practices for the automotive industry that the agency believes will further automotive cybersecurity. The agency notes that the Alliance of Automobile Manufacturers and the Association of Global Automakers, through the Auto Information Sharing and Analysis Center (Auto ISAC), released a ‘‘Framework for Automotive Cybersecurity Best Practices’’ on July 22, 2016.1The primary goal of the NHTSA best practices, therefore, is to not supplant the industry-led efforts, but, rather, to support this effort and provide the agency’s views on how the broader automotive industry (including those who are not members of the Auto ISAC) can develop and apply sound risk-based cybersecurity management practices to their product development processes. The document will also help the automotive sector organizations effectively demonstrate and communicate their cybersecurity risk management approach to both the public and internal and external stakeholders. NHTSA intends for the document to be updated with some frequency as new information, research, and practices become available. NHTSA invites public comments on all aspects of these best practices, including how to make the best practices more robust, what gaps remain and whether there is sufficient research and/or practices to address those gaps. Public Participation How do I prepare and submit comments? Your comments must be written and in English. To ensure that your comments are filed correctly in the docket, please include the docket number of this document in your comments. Your comments must not be more than 15 pages long (49 CFR 553.21). NHTSA established this limit to encourage you to write your primary comments in a concise fashion. However, you may attach necessary additional documents to your comments. There is no limit on the length of the attachments. Please submit one copy (two copies if submitting by mail or hand delivery) of your comments, including the attachments, to the docket following the instructions given above under ADDRESSES. Please note, if you are submitting comments electronically as a PDF (Adobe) file, we ask that the documents submitted be scanned using an Optical Character Recognition (OCR) process, thus allowing the agency to search and copy certain portions of your submissions. How do I submit confidential business information? If you wish to submit any information under a claim of confidentiality, you should submit three copies of your complete submission, including the information you claim to be confidential business information, to the Office of the Chief Counsel, NHTSA, at the address given above under FOR FURTHER INFORMATION CONTACT. In addition, you may submit a copy (two copies if submitting by mail or hand delivery), from which you have deleted the claimed confidential business information, to the docket by one of the methods given above under ADDRESSES. When you send a comment containing information claimed to be confidential business information, you should include a cover letter setting forth the information specified in NHTSA’s confidential business information regulation (49 CFR part 512). Will the agency consider late comments? NHTSA will consider all comments received before the close of business on the comment closing date indicated above under DATES. To the extent possible, the agency will also consider comments received after that date. How can I read the comments submitted by other people? You may read the comments received at the address given above under Comments. The hours of the docket are indicated above in the same location. You may also see the comments on the Internet, identified by the docket number at the heading of this notice, at http://www.regulations.gov. Please note that, even after the comment closing date, NHTSA will continue to file relevant information in the docket as it becomes available. Further, some people may submit late comments. Accordingly, the agency recommends that you periodically check the docket for new material. Anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78) or you may visit http://www.dot.gov/privacy.html. Authority: Sec. 31402, Pub. L. 112–141. Issued in Washington, DC on October 24, 2016 under authority delegated in 49 CFR part 1.95. Nathaniel Beuse, Associate Administrator for Vehicle Safety Research.

Baldrige Cybersecurity Excellence Builder

Please find a Draft copy of the Baldrige Cybersecurity Excellence Builder here.
We are very interested in this as a topic for collaboration associated with the use of the Cyber Security Framework.

We would like your input and participation in soon to be announced events.

Please Contact us via e-mail or call us at 202 839-5563.

Competitiveness and Collaboration

Competitiveness. The vision to be globally competitive in software is accomplished by setting the enterprise direction, providing the fuel, and controlling the business environment, including suppliers, customers, competitors, and event threats. Software competitiveness revolves around how the software workforce is used to achieve customer satisfaction, how innovation is essential to delivering customer value, and how strategic software management guards against event threats and even exploits change.    Don O’Neil

Malcom Baldrige Criteria

This commentary taken from the NIST web site provides brief summaries of the Baldrige Criteria for Performance Excellence categories and items. It also includes examples and guidance to supplement the notes that follow each Criteria item in the Baldrige Excellence Framework booklet. For additional free content, and to purchase the booklet.

Baldrige Criteria for Performance Excellence Categories and Items

The “why” behind the Criteria, as well as examples and guidance to supplement the notes that follow each Criteria item in the Baldrige Excellence Framework booklet. Purchase the Framework pdf

Organizational Profile

Your Organizational Profile provides a framework for understanding your organization. It also helps you guide and prioritize the information you present in response to the Criteria items in categories 1–7.

The Organizational Profile gives you critical insight into the key internal and external factors that shape your operating environment. These factors, such as your organization’s vision, values, mission, core competencies, competitive environment, and strategic challenges and advantages, impact the way your organization is run and the decisions you make. As such, the Organizational Profile helps you better understand the context in which you operate; the key requirements for current and future business success; and the needs, opportunities, and constraints placed on your management systems

P.1 Organizational Description

Purpose

This item addresses the key characteristics and relationships that shape your organizational environment. The aim is to set the context for your organization.

Commentary

Understand your organization. The use of such terms as vision, values, mission, and core competencies varies depending on the organization, and you may not use one or more of these terms. Nevertheless, you should have a clear understanding of the essence of your organization, why it exists, and where your senior leaders want to take it in the future. This clarity enables you to make and implement strategic decisions affecting your organization’s future.

Understand your core competencies. A clear identification and thorough understanding of your organization’s core competencies are central to success now and in the future and to competitive performance. Executing your core competencies well is frequently a marketplace differentiator. Keeping your core competencies current with your strategic directions can provide a strategic advantage, and protecting intellectual property contained in your core competencies can support your organization’s future success.

Understand your regulatory environment. The regulatory environment in which you operate places requirements on your organization and affects how you run it. Understanding this environment is key to making effective operational and strategic decisions. Furthermore, it allows you to identify whether you are merely complying with the minimum requirements of applicable laws, regulations, and standards of practice or exceeding them, a hallmark of leading organizations and a potential source of competitive advantage.

Identify governance roles and relationships. Leading organizations have well‐defined governance systems with clear reporting relationships. It is important to clearly identify which functions are performed by your senior leaders and, as applicable, by your governance board and parent organization. Board independence and accountability are frequently key considerations in the governance structure.

Understand the role of suppliers. In most organizations, suppliers play critical roles in processes that are important to running the business and to maintaining or achieving a sustainable competitive advantage. Supply‐chain requirements might include on‐time or just‐in‐time delivery, flexibility, variable staffing, research and design capability, process and product innovation, and customized manufacturing or services.

P.2 Organizational Situation

Purpose

This item asks about the competitive environment in which your organization operates, including your key strategic challenges and advantages. It also asks how you approach performance improvement and learning. The aim is to help you understand your key organizational challenges and your system for establishing and preserving your competitive advantage.

Commentary

Know your competitors. Understanding who your competitors are, how many you have, and their key characteristics is essential for determining your competitive advantage in your industry and marketplace. Leading organizations have an in‐depth understanding of their current competitive environment, including key changes taking place.

Sources of comparative and competitive data might include industry publications, benchmarking activities, annual reports for publicly traded companies and public organizations, conferences, local networks, and industry associations.

Know your strategic challenges. Operating in today’s highly competitive marketplace means facing strategic challenges that can affect your ability to sustain performance and maintain your competitive position. These challenges might include the following:

  • Your operational costs (e.g., materials, labor, or geographic location)
  • Expanding or decreasing markets
  • Mergers or acquisitions by your organization and your competitors
  • Economic conditions, including fluctuating demand and local and global economic downturns
  • The cyclical nature of your industry
  • The introduction of new or substitute products
  • Rapid technological changes
  • New competitors entering the market
  • The availability of skilled labor
  • The retirement of an aging workforce

Know your strategic advantages. Understanding your strategic advantages is as important as understanding your strategic challenges. They are the sources of competitive advantage to capitalize on and grow while you continue to address key challenges. These advantages might include the following:

  • Industry innovation leadership
  • Customer service recognition
  • Brand recognition
  • Agility
  • Supply-chain integration
  • Price leadership
  • Reputation for quality and reliability
  • Environmental (“green”) stewardship
  • Social responsibility and community involvement

Prepare for disruptive technologies. A particularly significant challenge, if it occurs to your organization, is being unprepared for a disruptive technology that threatens your competitive position or your marketplace. In the past, such technologies have included personal computers replacing typewriters; cell phones challenging traditional and pay phones; fax machines capturing business from overnight delivery services; and e‐mail, social media, and smart phones challenging all other means of communication. Today, organizations need to be scanning the environment inside and outside their immediate industry to detect such challenges at the earliest possible point in time.
go to top of page

Leadership (Category 1)

This category asks how senior leaders’ personal actions and your governance system guide and sustain your organization.

1.1 Senior Leadership

Purpose

This item asks about the key aspects of your senior leaders’ responsibilities, with the aim of creating an organization that is successful now and in the future.

Commentary

The role of senior leaders. Senior leaders play a central role in setting values and directions, communicating, creating and balancing value for all stakeholders, and creating an organizational focus on action, including transformational change in the organization’s structure and culture, when needed. Success requires a strong orientation to the future and a commitment to improvement, innovation and intelligent risk taking, and organizational sustainability. Increasingly, this requires creating an environment for empowerment, agility, change, and learning.

Role‐model senior leaders. In highly respected organizations, senior leaders are committed to establishing a culture of customer engagement, developing the organization’s future leaders, and recognizing and rewarding contributions by workforce members. They personally engage with key customers. Senior leaders enhance their personal leadership skills. They participate in organizational learning, the development of future leaders, succession planning, and recognition opportunities and events that celebrate the workforce. Development of future leaders might include personal mentoring or participation in leadership development courses. Role-model leaders recognize the need for transformational change when warranted and then lead the effort through to full fruition.

1.2 Governance and Societal Responsibilities

Purpose

This item asks about key aspects of your governance system, including the improvement of leaders and the leadership system. It also asks how the organization ensures that everyone in the organization behaves legally and ethically, how it fulfills its societal responsibilities, and how it supports its key communities.

Commentary

Organizational governance. This item addresses the need for a responsible, informed, transparent, and accountable governance or advisory body that can protect the interests of key stakeholders (including stockholders) in publicly traded, private, and nonprofit organizations. This body should have independence in review and audit functions, as well as a function that monitors organizational and CEOs’ or chief administrators’ performance.

Legal compliance, ethics, and risks. An integral part of performance management and improvement is proactively addressing (1) the need for ethical behavior, (2) all legal and regulatory requirements, and (3) risk factors. Ensuring high performance in these areas requires establishing appropriate measures or indicators that senior leaders track. You should be sensitive to issues of public concern, whether or not these issues are currently embodied in laws and regulations. Role‐model organizations look for opportunities to excel in areas of legal and ethical behavior.

Public concerns. Public concerns that charitable and government organizations should anticipate might include the cost of programs and operations, timely and equitable access to their offerings, and perceptions about their stewardship of resources.

Conservation of natural resources. Conservation might be achieved through the use of “green” technologies, reduction of your carbon footprint, replacement of hazardous chemicals with water‐based chemicals, energy conservation, use of cleaner energy sources, or recycling of by‐products or wastes.

Societal responsibility. Societal responsibility implies going beyond a compliance orientation. Opportunities to contribute to the well-­being of environmental, social, and economic systems and opportunities to support key communities are available to organizations of all sizes. The level and breadth of these contributions will depend on the size of your organization and your ability to contribute. Increasingly, decisions to engage with an organization include consideration of its social responsibility.

Community support. Your organization should consider areas of community involvement that are related to its core competencies. Examples of organizational community involvement include

  • partnering with schools and school boards to improve education;
  • partnering with health care providers to improve health in the local community by providing education and volunteer services to address public health issues; and
  • partnering to influence trade, business, and professional associations to engage in beneficial, cooperative activities, such as voluntary standards activities or sharing best practices to improve overall U.S. global competitiveness and ethical and societal well‐being.

Examples specifically for nonprofit organizations include partnering with other nonprofit organizations or businesses to improve the overall performance and stewardship of public and charitable resources.
go to top of page

Strategy (Category 2)

This category asks how you develop strategic objectives and action plans, implement them, change them if circumstances require, and measure progress.

The category stresses that your organization’s long‐term organizational success and competitive environment are key strategic issues that need to be integral parts of your overall planning. Making decisions about your organization’s core competencies and work systems is an integral part of ensuring your organization’s success now and in the future, and these decisions are therefore key strategic decisions.

While many organizations are increasingly adept at strategic planning, executing plans is still a significant challenge. This is especially true given market demands to be agile and be prepared for unexpected change, such as volatile economic conditions or disruptive technologies that can upset an otherwise fast‐paced but more predictable marketplace. This category highlights the need to focus not only on developing your plans, but also on your capability to execute them.

The Baldrige framework emphasizes three key aspects of organizational excellence that are important to strategic planning:

  • Customer‐focused excellence is a strategic view of excellence. The focus is on the drivers of customer engagement, new markets, and market share—key factors in competitiveness, profitability, and long-term organizational success.
  • Operational performance improvement and innovation contribute to short‐ and longer‐term productivity growth and cost/price competitiveness. Building operational capability—including speed, responsiveness, and flexibility—is an investment in strengthening your organizational fitness.
  • Organizational learning and learning by workforce members are necessary strategic considerations in today’s fast‐paced environment. The Criteria emphasize that improvement and learning need to be embedded in work processes. The special role of strategic planning is to align work systems and learning initiatives with your organization’s strategic directions, thereby ensuring that improvement and learning prepare you for and reinforce organizational priorities.

This category asks how you

  • consider key elements of a strategic planning process, including strategic opportunities, challenges, and advantages, and the potential need for transformational change in organizational structure or culture;
  • optimize the use of resources, ensure the availability of a skilled workforce, and bridge short‐ and longer‐term requirements that may entail capital expenditures, technology development or acquisition, supplier development, and new partnerships or collaborations; and
  • ensure that implementation will be effective—that there are mechanisms to communicate requirements and achieve alignment on three levels: (1) the organization and executive level, (2) the key work system and work process level, and (3) the work unit and individual job level.

The requirements in this category encourage strategic thinking and acting in order to develop a basis for a distinct competitive position in the marketplace. These requirements do not imply the need for formal planning departments, specific planning cycles, or a specified way of visualizing the future. They do not imply that all your improvements could or should be planned in advance. An effective improvement system combines improvements of many types and degrees of involvement. This requires clear strategic guidance, particularly when improvement alternatives, including major change or innovation, compete for limited resources. In most cases, setting priorities depends heavily on a cost, opportunity, and threat rationale. However, you might also have critical requirements, such as societal responsibilities, that are not driven by cost considerations alone.

2.1 Strategy Development

Purpose

This item asks how you establish a strategy to address your organization’s challenges and leverage its advantages and how you make decisions about key work systems and core competencies. It also asks about your key strategic objectives and their related goals. The aim is to strengthen your overall performance, competitiveness, and future success.

Commentary

A context for strategy development. This item calls for basic information on the planning process and for information on all key influences, risks, challenges, and other requirements that might affect your organization’s future opportunities and directions—taking as long term a view as appropriate and possible from the perspectives of your organization and your industry or marketplace. This approach is intended to provide a thorough and realistic context for developing a customer‐ and market‐focused strategy to guide ongoing decision making, resource allocation, and overall management.

A future‐oriented basis for action. This item is intended to cover all types of businesses, for‐profit and nonprofit organizations, competitive situations, strategic issues, planning approaches, and plans. The requirements explicitly call for a future‐oriented basis for action. Even if your organization is seeking to create an entirely new business, you still need to set and test the objectives that define and guide critical actions and performance.

Competitive leadership. This item emphasizes competitive leadership, which usually depends on revenue growth and operational effectiveness. Competitive leadership requires a view of the future that includes not only the markets or segments in which you compete but also how you compete. How to compete presents many options. Deciding how to compete requires that you understand your and your competitors’ strengths and weaknesses and also involves decisions on taking intelligent risks in order to gain or retain market leadership. Although no specific time horizons are included, the thrust of this item is sustained competitive leadership.

Work systems. Efficient and effective work systems require

  • effective design;
  • a prevention orientation;
  • linkage to customers, suppliers, partners, and collaborators;
  • a focus on value creation for all key stakeholders; operational performance improvement; cycle time reduction; and evaluation, continuous improvement, innovation, and organizational learning; and
  • regular review to evaluate the need for fundamental changes in the way work is accomplished.

Work systems must also be designed in a way that allows your organization to be agile and protect intellectual property. In the simplest terms, agility is the ability to adapt quickly, flexibly, and effectively to changing requirements. Depending on the nature of your strategy and markets, agility might mean the ability to change rapidly from one product to another, respond rapidly to changing demands or market conditions, or produce a wide range of customized services. Agility and protection of intellectual property also increasingly involve decisions to outsource, agreements with key suppliers, and novel partnering arrangements.

2.2 Strategy Implementation

Purpose

This item asks how you convert your strategic objectives into action plans to accomplish the objectives and how you assess progress relative to these action plans. The aim is to ensure that you deploy your strategies successfully and achieve your goals.

Commentary

Developing and deploying action plans. Accomplishing action plans requires resources and performance measures, as well as alignment among the plans of your work units, suppliers, and partners. Of central importance is how you achieve alignment and consistency—for example, via work systems, work processes, and key measurements. Also, alignment and consistency provide a basis for setting and communicating priorities for ongoing improvement activities—part of the daily work of all work units. In addition, performance measures are critical for tracking performance.

Performing analyses to support resource allocation. You can perform many types of analyses to ensure that financial resources are available to support the accomplishment of your action plans while you meet current obligations. For current operations, these efforts might include the analysis of cash flows, net income statements, and current liabilities versus current assets. For investments to accomplish action plans, the efforts might include analysis of discounted cash flows, return on investment, or return on invested capital.

Analyses also should evaluate the availability of people and other resources to accomplish your action plans while continuing to meet current obligations. Financial resources must be supplemented by capable people and the necessary facilities and support.

The specific types of analyses performed will vary from organization to organization. These analyses should help you assess the financial viability of your current operations and the potential viability of and risks associated with your action plan initiatives.

Creating workforce plans. Action plans should include human resource or workforce plans that are aligned with and support your overall strategy. Examples of possible plan elements are

  • a redesign of your work organization and jobs to increase workforce empowerment and decision making;
  • initiatives to promote greater labor‐management cooperation, such as union partnerships;
  • consideration of the impacts of outsourcing on your current workforce and initiatives;
  • initiatives to prepare for future workforce capability and capacity needs;
  • initiatives to foster knowledge sharing and organizational learning;
  • modification of your compensation and recognition systems to recognize team, organizational, stock market, customer, or other performance attributes; and
  • education and training initiatives, such as developmental programs for future leaders, partnerships with universities to help ensure the availability of an educated and skilled workforce, and training programs on new technologies important to the future success of your workforce and organization.

Projecting your future environment. An increasingly important part of strategic planning is projecting the future competitive and collaborative environment. This includes the ability to project your own future performance, as well as that of your competitors. Such projections help you detect and reduce competitive threats, shorten reaction time, and identify opportunities. Depending on your organization’s size and type, the potential need for new core competencies, the maturity of markets, the pace of change, and competitive parameters (e.g., price, costs, or the innovation rate), you might use a variety of modeling, scenarios, or other techniques and judgments to anticipate the competitive and collaborative environment.

Projecting and comparing your performance. Projections and comparisons in this item are intended to improve your organization’s ability to understand and track dynamic, competitive performance factors. Projected performance might include changes resulting from new business ventures, entry into new markets, the introduction of new technologies, product innovations, or other strategic thrusts that might involve a degree of intelligent risk.

Through this tracking, you should be better prepared to take into account your organization’s rate of improvement and change relative to that of competitors or comparable organizations and relative to your own targets or stretch goals. Such tracking serves as a key diagnostic tool for you to use in deciding to start, accelerate, or discontinue initiatives and to implement needed organizational change.

go to top of page

Customers (Category 3)

This category asks how you engage customers for long‐term marketplace success, including how you listen to the voice of the customer, build customer relationships, and use customer information to improve and to identify opportunities for innovation.

The category stresses customer engagement as an important outcome of an overall learning and performance excellence strategy. Your customer satisfaction and dissatisfaction results provide vital information for understanding your customers and the marketplace. In many cases, the voice of the customer provides meaningful information not only on your customers’ views but also on their marketplace behaviors and on how these views and behaviors may contribute to your organization’s current and future success in the marketplace.

3.1 Voice of the Customer

Purpose

This item asks about your processes for listening to your customers and determining their satisfaction and dissatisfaction. The aim is to capture meaningful information in order to exceed your customers’ expectations.

Commentary

Customer listening. Selection of voice‐of‐the‐customer strategies depends on your organization’s key business factors.  Most organizations listen to the voice of the customer via multiple modes. Some frequently used modes include focus groups with key customers, close integration with key customers, interviews with lost and potential customers about their purchasing or relationship decisions, customer comments posted on social media, win/loss analysis relative to competitors and other organizations providing similar products, and survey or feedback information.

Actionable information. This item emphasizes how you obtain actionable information from customers. Information is actionable if you can tie it to key product offerings and business processes and use it to determine the cost and revenue implications of setting particular improvement goals and priorities for change.

Listening/learning and business strategy. In a rapidly changing technological, competitive, economic, and social environment, many factors may affect customer expectations and loyalty and your interface with customers in the marketplace. This makes it necessary to continually listen and learn. To be effective, listening and learning need to be closely linked with your overall business strategy.

Social media. Customers are increasingly turning to social media to voice their impressions of your products and customer support. They may provide this information through social interactions you mediate or through independent or customer‐initiated means. All of these can be valuable sources of information for your organization. Organizations need to become familiar with vehicles for monitoring and tracking this information.

Customer and market knowledge. Knowledge of customers, customer groups, market segments, former customers, and potential customers allows you to tailor product offerings, support and tailor your marketing strategies, develop a more customer‐focused workforce culture, develop new business, evolve your brand image, and ensure long-term organizational success.

Customers’ satisfaction with competitors. A key aspect of determining customers’ satisfaction and dissatisfaction is determining their comparative satisfaction with competitors, competing or alternative offerings, and/or organizations providing similar products. Such information might be derived from win/loss analyses, your own comparative studies, or independent studies. The factors that lead to customer preference are critically important in understanding factors that drive markets and potentially affect your organization’s longer‐term competitiveness and success.

3.2 Customer Engagement

Purpose

This item asks about your processes for determining and customizing product offerings that serve your customers and markets; for enabling customers to seek information and support; and for identifying customer groups and market segments. The item also asks how you build relationships with your customers and manage complaints. The aim of these efforts is to improve marketing, build a more customer‐focused culture, and enhance customer loyalty.

Commentary

Engagement as a strategic action. Customer engagement is a strategic action aimed at achieving such a degree of loyalty that the customer will advocate for your brand and product offerings. Achieving such loyalty requires a customer‐focused culture in your workforce based on a thorough understanding of your business strategy and your customers’ behaviors and preferences.

Customer relationship strategies. A relationship strategy may be possible with some customers but not with others. The relationship strategies you do have may need to be distinctly different for each customer, customer group, and market segment. They may also need to be distinctly different during various stages of the customer life cycle.

Brand management. Brand management is aimed at positioning your product offerings in the marketplace. Effective brand management leads to improved brand recognition and customer loyalty. Brand management is intended to build the customer’s emotional attachment for the purpose of differentiating yourself from the competition and building loyalty.

Complaint management. Complaint aggregation, analysis, and root‐cause determination should lead to effective elimination of the causes of complaints and to the setting of priorities for process and product improvements. Successful outcomes require effective deployment of information throughout your organization.

go to top of page

Measurement, Analysis, and Knowledge Management (Category 4)

In the simplest terms, category 4 is the “brain center” for the alignment of your operations with your strategic objectives. It is the main point within the Criteria for all key information on effectively measuring, analyzing, and improving performance and managing organizational knowledge to drive improvement, innovation, and organizational competitiveness. Central to this use of data and information are their quality, security, and availability, as well as the reliability and security of your information system hardware and software. Furthermore, since information, analysis, and knowledge management might themselves be primary sources of competitive advantage and productivity growth, this category also includes such strategic considerations.

4.1 Measurement, Analysis, and Improvement of Organizational Performance

Purpose

This item asks how you select and use data and information for performance measurement, analysis, and review in support of organizational planning and performance improvement. The item serves as a central collection and analysis point in an integrated performance measurement and management system that relies on financial and nonfinancial data and information. The aim of performance measurement, analysis, review, and improvement is to guide your process management toward the achievement of key organizational results and strategic objectives, anticipate and respond to rapid or unexpected organizational or external changes, and identify best practices to share.

Commentary

Aligning and integrating your performance management system. Alignment and integration are key concepts for successfully implementing and using your performance measurement system. The Criteria view alignment and integration in terms of how widely and how effectively you use that system to meet your needs for organizational performance assessment and improvement and to develop and execute your strategy.

Alignment and integration include how measures are aligned throughout your organization and how they are integrated to yield organization‐wide data and information. Organization-wide data and information are key inputs to organizational performance reviews and strategic decision making. Alignment and integration also include how your senior leaders deploy performance measurement requirements to track work group and process‐level performance on key measures that are targeted for their organization‐wide significance or for improvement.

Using comparative data. The use of comparative data and information is important to all organizations. The major premises for their use are the following:

  • Your organization needs to know where it stands relative to competitors and to best practices.
  • Comparative information and information obtained from benchmarking often provide the impetus for significant (“breakthrough”) improvement or transformational change.
  • Comparing performance information frequently leads to a better understanding of your processes and their performance.
  • Comparative performance projections and competitors’ performance may reveal organizational advantages as well as challenge areas where innovation is needed.

Comparative information may also support business analysis and decisions relating to core competencies, partnering, and outsourcing.

Selecting and using comparative data. Effective selection and use of comparative data and information require you to determine needs and priorities and establish criteria for seeking appropriate sources for comparisons—from within and outside your industry and markets.

Effective use of comparative data and information allows you to set stretch goals and to promote major nonincremental (“breakthrough”) improvements in areas most critical to your competitive strategy.

Reviewing performance. The organizational review called for in this item is intended to cover all areas of performance. This includes not only current performance but also projections of your future performance. The expectation is that the review findings will provide a reliable means to guide both improvements and opportunities for innovation that are tied to your key objectives, core competencies, and measures of success. Review findings may also alert you to the need for transformational change in your organization’s structure and work systems. Therefore, an important component of your organizational review is the translation of the review findings into actions that are deployed throughout your organization and to appropriate suppliers, partners, collaborators, and key customers.

Analyzing performance. Analyses that you conduct to gain an understanding of performance and needed actions may vary widely depending on your organization’s type, size, competitive environment, and other factors. Here are some examples of possible analyses:

  • How product improvements or new products correlate with key customer indicators, such as satisfaction, loyalty, and market share
  • Return on investment for intelligent risks that you pursue
  • Cost and revenue implications of customer‐related problems and effective problem resolution
  • Interpretation of market share changes in terms of customer gains and losses and changes in customer engagement
  • Trends in key operational performance indicators, such as productivity, cycle time, defect levels, waste reduction, carbon footprint, and new product introduction
  • Relationships among learning by workforce members, organizational learning, and the value added per employee
  • Financial benefits derived from improvements in workforce capacity, safety, absenteeism, and turnover
  • Benefits and costs associated with education and training
  • Benefits and costs associated with improved organizational knowledge management and sharing
  • The relationship between knowledge management and innovation
  • How the ability to identify and meet workforce capability and capacity needs correlates with retention, motivation, and productivity
  • Cost and revenue implications of workforce‐related problems and effective problem resolution
  • Individual or aggregate measures of productivity and quality relative to competitors’ performance
  • Cost trends relative to competitors’ trends
  • Relationships among product quality, operational performance indicators, and overall financial performance trends as reflected in indicators such as operating costs, revenues, asset utilization, and value added per employee
  • Allocation of resources among alternative improvement projects based on cost/benefit implications or environmental and societal impact
  • Net earnings or savings derived from improvements in quality, operational, and workforce performance
  • Comparisons among business units showing how quality and operational performance affect financial performance
  • Contributions of improvement activities to cash flow, working capital use, and shareholder value
  • Impacts of customer loyalty on profit
  • Cost and revenue implications of new market entry, including product-line and geographic expansion
  • Market share versus profits
  • Trends in economic, market, and stakeholder indicators of value and the impact of these trends on long-term organizational success

Aligning analysis, performance review, and planning. Individual facts and data do not usually provide an effective basis for setting organizational priorities. This item emphasizes the need for close alignment between your analysis and your organizational performance review and between your performance review and your organizational planning. This ensures that analysis and review are relevant to decision making and that decisions are based on relevant data and information. In addition, your historical performance, combined with assumptions about future internal and external changes, allows you to develop performance projections. These projections may serve as a key planning tool.

Understanding causality. Action depends on understanding causality among processes and between processes and results. Process actions and their results may have many resource implications. Organizations have a critical need to provide an effective analytical basis for decisions because resources for innovation and improvement are limited.

4.2 Knowledge Management, Information, and Information Technology

Purpose

This item asks how you build and manage your organization’s knowledge assets and ensure the quality, security, and availability of data, information, software, and hardware, normally and in the event of an emergency. The aim of this item is to improve organizational efficiency and effectiveness and stimulate innovation.

Commentary

Knowledge management. The focus of your knowledge management is on the knowledge that your people need to do their work; improve processes, products, and services; and innovate to add value for the customer and your organization.

Organizational learning. One of the many issues facing organizations today is how to manage, use, evaluate, and share their ever‐increasing organizational knowledge. Leading organizations benefit from the knowledge assets of their workforce, customers, suppliers, collaborators, and partners, who together drive organizational learning and innovation.

Information management. Managing information can require a significant commitment of resources as the sources of data and information grow dramatically. The continued growth of information within organizations’ operations—as part of organizational knowledge networks; through the web and social media; and in business‐to‐business, organization‐to‐organization, and business‐to­-consumer communications—challenges organizations’ ability to ensure reliability and availability in a user‐friendly format. The ability to blend and correlate disparate types of data, such as video, text, and numbers, provides opportunities for a competitive advantage.

Data and information availability. Data and information are especially important in business or organizational networks, partnerships, and supply chains. You should take into account this use of data and information and recognize the need for rapid data validation, reliability assurance, and security, given the frequency and magnitude of electronic data transfer and the challenges of cybersecurity.

Emergency availability. You should carefully plan how you will continue to provide an information technology infrastructure, data, and information in the event of either a natural or man‐made disaster. These plans should consider the needs of all your stakeholders, including the workforce, customers, suppliers, partners, and collaborators. The plans also should be coordinated with your overall plan for business continuity (item 6.2) and cybersecurity.

go to top of page

Workforce (Category 5)

This category addresses key workforce practices—those directed toward creating and maintaining a high‐performance environment and toward engaging your workforce to enable it and your organization to adapt to change and succeed.

To reinforce the basic alignment of workforce management with overall strategy, the Criteria also cover workforce planning as part of overall strategic planning in category 2.

5.1 Workforce Environment

Purpose

This item asks about your workforce capability and capacity needs, how you meet those needs to accomplish your organization’s work, and how you ensure a supportive work climate. The aim is to build an effective environment for accomplishing your work and supporting your workforce.

Commentary

Workforce capability and capacity. Many organizations confuse the concepts of capability and capacity by adding more people with incorrect skills to compensate for skill shortages or by assuming that fewer highly skilled workers can meet capacity needs for processes requiring less skill or different skills but more people to accomplish. Having the right number of workforce contributors with the right skill set is critical to success. Looking ahead to predict those needs for the future allows for adequate training, hiring, relocation times, and preparation for work system changes.

Workforce support. Most organizations, regardless of size, have many opportunities to support their workforce. Some examples of services, facilities, activities, and other opportunities are personal and career counseling; career development and employability services; recreational or cultural activities; on‐site health care and other assistance; formal and informal recognition; non‐work‐related education; child and elder care; special leave for family responsibilities and community service; flexible work hours and benefits packages; outplacement services; and retiree benefits, including ongoing access to services.

5.2 Workforce Engagement

Purpose

This item asks about your systems for managing workforce performance and developing your workforce members to enable and encourage all of them to contribute effectively and to the best of their ability. These systems are intended to foster high performance, to address your core competencies, and to help accomplish your action plans and ensure your organization’s success now and in the future.

Commentary

High performance. The focus of this item is on a workforce capable of achieving high performance. High performance is characterized by flexibility, innovation, empowerment and personal accountability, knowledge and skill sharing, good communication and information flow, alignment with organizational objectives, customer focus, and rapid response to changing business needs and marketplace requirements.

Workforce engagement and performance. Many studies have shown that high levels of workforce engagement have a significant, positive impact on organizational performance. Research has indicated that engagement is characterized by performing meaningful work; having clear organizational direction and accountability for performance; and having a safe, trusting, effective, and cooperative work environment. In many organizations, employees and volunteers are drawn to and derive meaning from their work because it is aligned with their personal values.

Drivers of workforce engagement. Although satisfaction with pay and pay increases are important, these two factors generally are not sufficient to ensure workforce engagement and high performance. Some examples of other factors to consider are effective problem and grievance resolution; development and career opportunities; the work environment and management support; workplace safety and security; the workload; effective communication, cooperation, and teamwork; the degree of empowerment; job security; appreciation of the differing needs of diverse workforce groups; and organizational support for serving customers.

Factors inhibiting engagement. It is equally important to understand and address factors inhibiting engagement. You could develop an understanding of these factors through workforce surveys, focus groups, blogs, or exit interviews with departing workforce members.

Compensation and recognition. Compensation and recognition systems should be matched to your work systems. To be effective, compensation and recognition might be tied to demonstrated skills. Approaches might also include profit sharing; mechanisms for expressing simple “thank yous”; rewards for exemplary team or unit performance; and linkage to customer engagement measures, achievement of organizational strategic objectives, or other key organizational objectives.

Other indicators of workforce engagement. In addition to direct measures of workforce engagement through formal or informal surveys, other indicators include absenteeism, turnover, grievances, and strikes.

Workforce development needs. Depending on the nature of your organization’s work, workforce responsibilities, and stage of organizational and personal development, workforce development needs might vary greatly. These needs might include gaining skills for knowledge sharing, communication, teamwork, and problem solving; interpreting and using data; exceeding customer requirements; analyzing and simplifying processes; reducing waste and cycle time; working with and motivating volunteers; and setting priorities based on strategic alignment or cost‐benefit analysis.

Education needs might also include advanced skills in new technologies or basic skills, such as reading, writing, language, arithmetic, and computer skills.

Learning and development locations and formats. Learning and development opportunities might occur inside or outside your organization and could involve on‐the‐job, classroom, e‐learning, or distance learning, as well as developmental assignments, coaching, or mentoring.

Individual learning and development needs. To help people realize their full potential, many organizations prepare an individual development plan with each person that addresses his or her career and learning objectives.

Customer contact training. Although this item does not specifically ask you about training for customer contact employees, such training is important and common. It frequently includes gaining critical skills and knowledge about your products and customers, how to listen to customers, how to recover from problems or failures, and how to effectively manage and exceed customer expectations.

Knowledge transfer. Your organization’s knowledge management system should provide the mechanism for sharing your people’s and your organization’s knowledge to ensure that high performance is maintained through transitions. You should determine what knowledge is critical for your operations and then implement systematic processes for sharing this information. This is particularly important for implicit knowledge (i.e., knowledge personally retained by workforce members).

Learning and development effectiveness. Measures to evaluate the effectiveness and efficiency of your workforce and leader development and learning systems might address the impact on individual, unit, and organizational performance; the impact on customer‐related performance; and costs versus benefits.

go to top of page

Operations (Category 6)

This category asks how you focus on your organization’s work, product design and delivery, innovation, and operational effectiveness to achieve organizational success now and in the future.

6.1 Work Processes

Purpose

This item asks about the management of your key products, your key work processes, and innovation, with the aim of creating value for your customers and achieving current and future organizational success.

Commentary

Work process requirements. Your design approaches could differ appreciably depending on the nature of your product or service offerings—whether the products and services are entirely new, are variants, are customized, or involve major or minor work process changes. Your design approaches should consider the key requirements for your products and services. Factors that you might need to consider in work process design include safety, long‐term performance, environmental impact, your carbon footprint and “green” manufacturing, measurement capability, process capability, manufacturability, maintainability, variability in customer expectations requiring product or support options, supplier capability, and documentation.

Effective design must also consider the cycle time and productivity of production and delivery processes. This might involve detailed mapping of manufacturing or service processes and the redesign (“reengineering”) of those processes to achieve efficiency, as well as to meet changing customer requirements.

Work process design. Many organizations need to consider requirements for suppliers, partners, and collaborators at the work process design stage. Overall, effective design must take into account all stakeholders in the value chain. If many design projects are carried out in parallel or if your products utilize parts or supplies, equipment, personnel, and facilities that are used for other products or processes, coordination of resources might be a major concern, but it might also offer a means to significantly reduce unit costs and time to market.

Key product‐related and business processes. Your key work processes include your product- and service‐related processes and those nonproduct business processes that your senior leaders consider important to organizational success and growth. These processes frequently relate to your organization’s core competencies, strategic objectives, and critical success factors. Key business processes might include technology acquisition, information and knowledge management, mergers and acquisitions, global expansion, project management, and sales and marketing. For some nonprofit organizations, key business processes might include fundraising, media relations, and public policy advocacy. Given the diverse nature of these processes, the requirements and performance characteristics might vary significantly for different processes.

In‐process measures. This item refers specifically to in‐process measurements. These measurements require you to identify critical points in processes for measurement and observation. These points should occur as early as possible in processes to minimize problems and costs that may result from deviations from expected performance.

Key support processes. Your key work processes include those processes that support your daily operations and your product and service delivery but are not usually designed in detail with the products. Support process requirements do not usually depend significantly on product characteristics. Such requirements usually depend significantly on internal requirements, and they must be coordinated and integrated to ensure efficient and effective linkage and performance. Support processes might include processes for finance and accounting, facilities management, legal services, human resource services, public relations, and other administrative services.

Process performance. Achieving expected process performance frequently requires setting in‐process performance levels or standards to guide decision making. When deviations occur, corrective action is required to restore the performance of the process to its design specifications. Depending on the nature of the process, the corrective action could involve technology, people, or both. Proper corrective action involves changes at the source (root cause) of the deviation and should minimize the likelihood of this type of variation occurring again or elsewhere in your organization.

When customer interactions are involved, evaluation of how well the process is performing must consider differences among customers. This is especially true of professional and personal services. In some organizations, cycle times for key processes may be a year or longer, which may create special challenges in measuring day‐to‐day progress and identifying opportunities for reducing cycle times, when appropriate.

Process improvement. This item calls for information on how you improve processes to achieve better performance. Better performance means not only better quality from your customers’ perspectives, but also better financial and operational performance—such as productivity—from your other stakeholders’ perspectives. A variety of process improvement approaches are commonly used. Examples include

  • using the results of organizational performance reviews;
  • sharing successful strategies across your organization to drive learning and innovation;
  • performing process analysis and research (e.g., process mapping, optimization experiments, error proofing);
  • conducting technical and business research and development;
  • using quality improvement tools like Lean, Six Sigma, and Plan‐Do‐Check‐Act (PDCA);
  • benchmarking;
  • using alternative technology; and
  • using information from customers of the processes—within and outside your organization.

Process improvement approaches might use financial data to evaluate alternatives and set priorities. Together, these approaches offer a wide range of possibilities, including a complete redesign (“reengineering”) of processes.

Innovation management. In an organization that has a supportive environment for innovation, there are likely to be many more ideas than the organization has resources to pursue. This leads to two critical decision points in the innovation cycle: (1) commensurate with resources, prioritizing opportunities to pursue those opportunities with the highest likelihood of a return on investment (intelligent risks) and (2) knowing when to discontinue projects and reallocate the resources either to further development of successful projects or to new projects.

6.2 Operational Effectiveness

Purpose

This item asks how you ensure effective operations in order to have a safe workplace environment and deliver customer value. Effective operations frequently depend on managing your supply chain effectively and controlling the overall costs of your operations.

Commentary

Cost control. Cost and cycle-time reduction may be achieved through Lean process management strategies. Defect reduction and improved product yield may involve Six Sigma projects. It is crucial to utilize key measures for tracking all aspects of your operations management.

Supply‐chain management. For many organizations, supply‐chain management has become a key factor in achieving productivity and profitability goals and overall organizational success. Suppliers, partners, and collaborators are receiving increasing strategic attention as organizations reevaluate their core competencies. Supplier processes should fulfill two purposes: to help improve the performance of suppliers and partners and to help them contribute to improving your overall operations. Supply‐chain management might include processes for selecting suppliers, with the aim of reducing the total number of suppliers and increasing preferred supplier and partner agreements.

Workplace safety. All organizations, regardless of size, are required to meet minimum regulatory standards for workplace and workforce safety; however, high‐performing organizations have processes in place to ensure that they not only meet these minimum standards but also go beyond a compliance orientation to a safety-first commitment. This includes designing proactive processes, with input from people directly involved in the work, to ensure a safe working environment.

Emergency preparedness. Efforts to ensure the continuity of operations in an emergency should consider all facets of your operations that are needed to provide your products and services to customers, including supply-chain availability. The specific level of operations that you will need to provide will be guided by your mission and your customers’ needs and requirements. For example, a public utility is likely to have a higher need for services than organizations that do not provide an essential function. Nonprofit organizations whose mission is to respond to emergencies will have a high need for service readiness. You should also coordinate your continuity‐of-­operations efforts with your efforts to ensure the availability of data and information (item 4.2).

go to top of page>

Results (Category 7)

This category provides a systems focus that encompasses all results necessary to sustaining an enterprise: your key process and product results, your customer‐focused results, your workforce results, your leadership and governance system results, and your overall financial and market performance.

This systems focus maintains the purposes of the Baldrige Excellence Framework—superior value of offerings as viewed by your customers and the marketplace, superior organizational performance as reflected in your operational indicators, organizational learning, and learning by workforce members. Category 7 thus provides “real‐time” information (measures of progress) for evaluating, improving, and innovating processes and products, in alignment with your overall organizational strategy. While category 7 asks about results broadly, you should place a premium on monitoring outcomes that are the consequence of your operational performance and serve as predictors of future performance.

7.1 Product and Process Results

Purpose

This item asks about your key product and operational performance results, which demonstrate product and service quality and value that lead to customer satisfaction and engagement.

Commentary

Measures of product performance. This item emphasizes measures of product performance that serve as indicators of customers’ views and decisions relative to future purchases, interactions and relationships. These measures of product performance are derived from customer‐related information gathered in category 3.

Examples of product measures. Product and service measures appropriate for inclusion might be based on the following: internal quality measurements, field performance of products, defect levels, service errors, response times, and data collected from your customers by other organizations on ease of use or other attributes, as well as customer surveys on product and service performance.

Product performance and customer indicators. The correlation between product and service performance and customer indicators is a critical management tool with multiple uses:

(1) defining and focusing on key quality and customer requirements,
(2) identifying product and service differentiators in the marketplace, and (3) determining cause‐effect relationships between your product or service attributes and evidence of customer satisfaction and engagement. The correlation might reveal emerging or changing market segments, the changing importance of requirements, or even the potential obsolescence of offerings.

Process effectiveness and efficiency measures. Measures and indicators of process effectiveness and efficiency might include the following:

  • Work system performance that demonstrates improved cost savings or higher productivity by using internal and/or external resources
  • Reduced emission levels, carbon footprint, or energy consumption
  • Waste-stream reductions, by‐product use, and recycling
  • Internal responsiveness indicators, such as cycle times, production flexibility, lead times, setup times, and time to market
  • Improved performance of administrative and other support functions
  • Business‐specific indicators, such as innovation rates and increased product and process yields, Six Sigma initiative results, and acceptable product performance at the time of delivery
  • Supply‐chain indicators, such as reductions in inventory and incoming inspections, increases in quality and productivity, improvements in electronic data exchange, and reductions in supply‐chain management costs
  • Third‐party assessment results, such as ISO 9001 audits

Measures of organizational and operational performance. This item encourages you to develop and include unique and innovative measures to track key processes and operational improvement. Unique measures should consider cause‐effect relationships between operational performance and product quality or performance. All key areas of organizational and operational performance, including your organization’s readiness for emergencies, should be evaluated by measures that are relevant and important to your organization.

7.2 Customer-Focused Results

Purpose

This item asks about your customer‐focused performance results, which demonstrate how well you have been satisfying your customers and engaging them in loyalty‐building relationships.

Commentary

Your performance as viewed by your customers. This item focuses on all relevant data to determine and help predict your performance as viewed by your customers. Relevant data and information include the following:

  • Customer satisfaction and dissatisfaction
  • Retention, gains, and losses of customers and customer accounts
  • Customer complaints, complaint management, effective complaint resolution, and warranty claims
  • Customer‐perceived value based on quality and price
  • Customer assessment of access and ease of use (including courtesy in service interactions)
  • Customer advocacy for your brand and product offerings
  • Awards, ratings, and recognition from customers and independent rating organizations

Results that go beyond satisfaction. This item places an emphasis on customer‐focused results that go beyond satisfaction measurements, because customer engagement and relationships are better indicators and measures of future success in the marketplace and of organizational sustainability.

7.3 Workforce-Focused Results

Purpose

This item asks about your workforce‐focused performance results, which demonstrate how well you have been creating and maintaining a productive, caring, engaging, and learning environment for all members of your workforce.

Commentary

Workforce results factors. Results reported might include generic or organization‐specific factors. Generic factors might include safety, absenteeism, turnover, satisfaction, and complaints (grievances). For some measures, such as absenteeism and turnover, local or regional comparisons might be appropriate. Organization‐specific factors are those you assess to determine workforce climate and engagement. These factors might include the extent of training, retraining, or cross‐training to meet capability and capacity needs; the extent and success of workforce empowerment; the extent of union‐management partnering; or the extent of volunteer involvement in process and program activities.

Workforce capacity and capability. Results reported for indicators of workforce capacity and capability might include staffing levels across organizational units and certifications to meet skill needs. Additional factors may include organizational restructuring, as well as job rotations designed to meet strategic directions or customer requirements. Backlogs or reductions in backlogs could be indicators of capacity or capability challenges or improvements, respectively.

Workforce engagement. Results measures reported for indicators of workforce engagement and satisfaction might include improvement in local decision making, organizational culture, and workforce knowledge sharing. Input data, such as the number of cash awards, might be included, but the main emphasis should be on data that show effectiveness or outcomes. For example, an outcome measure might be increased workforce retention resulting from establishing a peer recognition program or the number of promotions into leadership positions that have resulted from the organization’s leadership development program.

7.4 Leadership and Governance Results

Purpose

This item asks about your key results in the areas of senior leadership and governance, which demonstrate the extent to which your organization is fiscally sound, ethical, and socially responsible.

Commentary

Importance of high ethical standards. Independent of an increased national focus on issues of governance and fiscal accountability, ethics, and leadership accountability, it is important for organizations to practice and demonstrate high standards of overall conduct. Governance bodies and senior leaders should track relevant performance measures regularly and emphasize this performance in stakeholder communications.

Results to report. Your results should include environmental, legal, and regulatory compliance; results of oversight audits by government or funding agencies; noteworthy achievements in these areas, as appropriate; and organizational contributions to societal well‐being and support for key communities.

Sanctions or adverse actions. If your organization has received sanctions or adverse actions under law, regulation, or contract during the past five years, you should summarize the incidents, their current status, and actions to prevent re-occurrence.

Measures of strategy implementation. Because many organizations have difficulty determining appropriate measures, measuring progress in accomplishing their strategy is a key challenge. Frequently, organizations can discern these progress measures by first defining the results that would indicate end‐goal success in achieving a strategic objective and then using that end‐goal to define intermediate measures.

7.5 Financial and Market Results

Purpose

This item asks about your key financial and market results, which demonstrate your financial sustainability and your marketplace achievements.

Commentary

Senior leaders’ role. Measures reported in this item are those usually tracked by senior leaders on an ongoing basis to assess your organization’s financial performance and viability.

Appropriate measures to report. In addition to the measures included in the note to 7.5a(1), appropriate financial measures and indicators might include revenues, budgets, profits or losses, cash position, net assets, debt leverage, cash‐to‐cash cycle time, earnings per share, financial operations efficiency (collections, billing, receivables), and financial returns. Marketplace performance measures might include measures of business growth, new products and markets entered, or the percentage of revenues derived from new products.

Cyber Resilience Internship Available

We have a wide variety of opportunities for individuals interested in participating in a cyber resilience internship available now, from basic office work associated with cyber resilience to extensive research that could be used for you as a masters or doctoral candidate. You will also be expected to perform office tasks related to cyber resilience.

You will have the opportunity to attend important meetings with both the public and private sector relating to IT service management and project management focused on the business value of cyber security, cyber resilience.  These meetings tend to be with high level people in both the private and public sector.

The Forum will provide training for internships on topics related to our mission. This training will be provided by our many training partners and will make you eligible to sit for certificate exams.

This is not a technical approach to cyber security, we focus on providing a collaborative environment to share lessons learned, best practices, and frameworks useful in the development of cyber resilient mission driven services in both the private and public sector.

Hours are flexible.

cyber resilience internship

Cyber Resilience Internship Opportunities Available:

Web Site support (WordPress)

Include URL’s for any sites you have developed or support

General Office Work related to Cyber Resilience

Must have command of Microsoft Word, Excel, PowerPoint. Must have organization skills.  Have great grammar skills?  We need you to help proof documents.

Cyber Resilience Research

Tell us about a topic you have researched.

Express Internship Interest

Please review our web site and contact us if you are interested in the following way.

Provide contact information, your education, and your interests.

You must have good communication skills.

Applicants will need to have office skills:  Microsoft word, Excel, PowerPoint.

Location: There will be an advantage to you if you are in the Northern VA or Greater Washington DC area but this is not necessary.  Much of the work can be done from any location with internet and phone available.

e-mail your interest in an internship here

Current Interns:

Jonathan Braley

Bachelors of Science in Information Technology
Major: Data Networking and Security
Harrisonburg, VA

 

CRSMAP – DESMF Focus Group

Utilizing the DESMF

CRSMAP DESMF focus group collaborating
An international public and private break out groups at American University.

 

 

 

 

 

 

 

 

This focus group has been meeting weekly since November 2016 and collaborates on utilizing the IT Service Management as a foundation for Mission Driven IT Services enabled by Cyber Resilience. The Department of Defense Enterprise Service Management Framework (DESMF) is an example utilizing a basic lexicon.

The photo taken of one of the break out session groups at the inaugural event. The group is creating a Cyber Resilience Service Management Action Plan which contains a common lexicon of terms for cyber resilience, service management, risk management, and project management.  In the near future this will include considerations for DevOps and Agile.

To participate in this group please email-us.