Thursday, June 27, 2013

ERM-BC-C00P:

SOUND OFF

Knowing who is present and accounted for

Granted, the drop hedcq is bad grammar, but it works for the military and it could – most likely would – work for any organization.

The military is very big on roll calls and knowing who is present and who is absent – in the latter case, also why the person is absent.

The military roll call is done in reverse pyramid fashion.

On the bottom is the squad. This can be maybe 4 to 10 people.

Next is the platoon. A platoon is composed of several squads.

Moving on up there are companies, each having several platoons; then – well, the graphic shows it all.

At the basic, squad level, the squad leader is supposed to personally know where each of the squad’s personnel are at any given time.

In a non-military environment, start with a buddy system of 4 to 10 people who work in physically close proximity (think Squad Level). People who would know if Jack was taking a bathroom break or Jane had to stay home with a sick child – or maybe Jack was staying home and Jane was in the bathroom. Risk management cannot be sexist or make assumptions, and neither should the folks who make up the buddy group.

Picture the scenario: An evacuation alarm sounds and everyone is supposed to leave the building, to assemble in specific protected-from-flying debris areas other than in the parking lot (so emergency vehicles can access the building).

Someone from the buddy group reports to the Functional Unit Manager (Platoon Leader Level). When all the Functional Unit buddy groups have reported, the Functional Unit Manager reports on the unit’s personnel to the next higher level manager (Company Level ).

Eventually the reporting will go up to the highest organizational level and that person will meet with emergency responders when they arrive on the scene. This person needs to provide as much information about the event and in-danger personnel as possible.

The accounting of personnel is not just an exercise to see if someone is hiding under a desk (I’ve seen this); it’s primary purpose is to let emergency personnel know if they need to search the building for trapped or injured people or can they go ahead and fight the fire or close a gas leak or handle whatever else caused the evacuation.

Buddy groups should be supplemented with floor or area wardens who check their assigned areas to assure that the areas are indeed free of personnel – remember the guy hiding under his desk? The wardens must have management’s full support and be able to “take names.” (“Taking names” demands that there policies and procedures in place to penalize those who refuse to follow warden instructions, and these P&Ps must apply to everyone equally.)

The same basic reporting scheme applies to shelter-in-place exercises.

 

Peg board option

For organizations that deal with things that might “go boom in the night” such as Class A explosives, rather than depend solely on “present and accounted for” there is a need to know the location of anyone missing.

One way to know if someone remains in a blast zone is to use a peg board.

Not very sophisticated, but very effective.

As personnel enter a danger zone they hang up an ID tag on the peg board.

The board can be seen from outside of the building via a blast-proof window.

If an explosion occurs, everyone who can evacuate the facility does so and meets at designated locations. The buddy system applies here as it did above.

Rescuers compare the people who escaped the facility with the ID cards on the peg board. If there are more cards than identified people in the assembly area(s), the rescuers must enter a high risk area to search for any remaining victims.

The peg board scheme was used by a company that developed automotive air bags.

Other options can be implemented providing that whatever is used can withstand the threat should it occur. What may be appropriate for an area where high explosives are located might not be appropriate where sudden flooding could happen. Common sense must prevail.

If I wrote it, you may quote it.

Comments to JohnGlennMBCI at gmail dot com

Monday, June 24, 2013

NOT ERM-BC-COOP:


I wandered today
to the hill, Maggie



I have some time on my hands so, armed with my digi-cam, I decided I would revisit my past.

Somewhere along the way, a song I learned probably as a 5th grader at Coconut Grove Elementary edged its way into my conscious. It seemed almost appropriate, “almost” because all of the “Maggies” in my life have disappeared, most I’m sure to the good life.

I remembered where I left my old high school – Miami Senior, the Million Dollar school when it was built in 1928. Marble floor in the entranceway; three stories high.

The marble floor was long gone – when I visited with my kids when they were small and, frankly bored by the whole thing – we saw the marble had been replaced by bricks. Windows then were replaced by boards.

Today the school has, save for the main entrance, lost any charm it might have one had. Back in the day, there was a small park in front of the school. Even then the Powers That Were wanted to put in a parking lot.

Apparently Dade County’s school board bought not gallons but tank trucks filled with a horrible yellowish paint. Miami High’s original building is now this, “not even mustard” yellow, as is Horace Mann, my first junior high.

Back in my time – 50-plus years back – kids went to elementary school for grades 1 through 6, junior high for grades 7, 8 and 9, and then high school for sophomore, junior, and senior years. Now “junior high” is passé and we have “middle schools” for grades 6, 7, and 8, putting the freshman class back into the traditional setting.

The foot bridge I “guarded” as a student crossing guard still exists, but now the wooden footbridge has been replaced with a real, tarred bridge complete with high fencing on both sides, presumably to keep the kids from Little River from tossing each other into the canal on their way to and from school. Safety trumps simplicity, but I suspect the wooden span would have had to be replaced several times over the years so maybe the new bridge is more cost effective.

Miami High’s once boarded windows have been replaced with glass and the original building, save for the paint job, looks about as it did when I struggled up and down the stair wells. All my classes seemed to be 1st floor then 3rd floor, then back to the 1st floor again.

The little chili and burger stand, with pinball machine, has been replaced by a Burger King; the pinball machine long ago falling into the “history” category; not Burger King image. The “Happy Days” hang out, such as it was, is no more.

While Miami High’s windows are back to glass, the windows we looked out during Mrs. DeFonso’s chorus classes at Kinloch Park are now chunks of brown wood. Kinloch Park has, so far at least, mercifully been spared the Dade Country School Board yellow.

For awhile I lived close to Miami International Airport. In “my “ day, MIA was home to Eastern, National, and Pam Am. There even was a CIA operation there, but more about that some other time.

In the late 50s I was in Civil Air Patrol (Miami Composite Squadron 2, if you please). I would ride my 3-speed middle weight bike once-a-week to MIA riding the main streets, including Lejeune Road (42nd Avenue). The airport's perimeter road during the evening always was crowded with teen-driven cars, ostensibly to watch the planes land and take off, but in truth the airport was better than a drive-in theater – so I’m told. I was still on the 3-speed.

You really can’t sit and watch planes come and go on the perimeter road since there’s really no perimeter road any more. You can watch planes come or go for up to 30 minutes at the cell phone lot, but while it’s “better than nut-in’” it still isn’t the same as the old perimeter road.

If you want to watch planes, go to Hollywood-Fort Lauderdale International which is in neither Hollywood or Fort Lauderdale; it’s in Dania Beach. There are places where cars can stop and watch the planes come and go and there are some interesting birds there.

On the way back this afternoon I decided to stay off I-95. Seems fair. When we moved to Florida in 1952 I-95 didn’t exist, probably not even in Gen. Eisenhower’s grandest dream. (The interstate system was a product of the Eisenhower administration. One of the requirements was that each road had to have straight stretches sufficiently long to accommodate a fully loaded B-52 landing and taking off. )

I managed to stay on Lejeune Road out of Miami and into Hialeah with only one misdirection that put me on US 27 – that road also would have been OK, except I wanted to be on Lejeune.

About the only place I wandered today that seemed little changed was Tamiami Trail, SW 8th Street. Not that there were no changes. The corner of SW 8th and SW 27th Avenue was a shock – the Chevy dealer that had been on the corner ever since I could remember is gone, the dealership now an AutoNation. Only the names were changed; were there any innocents?

So, I’m back where I started, wandering today – not to the hills, but to my past. I think I’m looking forward to more journeys into my past. I know much has changed – Orlando AFB went Navy and then civilian; the newspapers I worked may no longer produce a paper product; downtown Orlando is constantly undergoing change while Cocoa has no downtown to change. It will be, if naught else, “interesting.”

Traditional Scottish Songs
- When You and I Were Young, Maggie

A little history about “Maggie” from http://www.rampantscotland.com/songs/blsongs_young.htm

Here is a well known song from yester year, by George Washington Johnson, about growing old. Although it is often found in the repertoire of Scottish singers, George Johnson was a Canadian from Toronto. "Maggie" was Margaret Clark, a pupil of George Johnson who was a schoolteacher. Maggie and George fell in love but although they became engaged, Maggie contracted TB. During one of his fiancée’s more serious bouts of illness, George walked to a nearby hill, overlooking a mill, and composed the verse that provided the lyrics to his song. George and Maggie were married in 1864 but Maggie's health deteriorated and she died on May 12, 1865. George's friend, J.C. Butterfield set the poem to music and it became popular all over the world. George Washington Johnson died in 1917.

I wandered today to the hill, Maggie,
To watch the scene below -
The creek and the creaking old mill, Maggie,
As we used to, long ago.
The green grove is gone from the hill, Maggie,
Where first the daisies sprung;
The creaking old mill is still, Maggie,
Since you and I were young.

Chorus:

And now we are aged and grey, Maggie,
And the trials of life nearly done,
Let us sing of the days that are gone, Maggie,
When you and I were young.

A city so silent and lone, Maggie,
Where the young, and the gay, and the best,
In polished white mansions of stone, Maggie,
Have each found a place of rest,
Is built where the birds used to play, Maggie,
And join in the songs that we sung;
For we sang as lovely as they, Maggie,
When you and I were young.

Chorus

They say that I'm feeble with age, Maggie,
My steps are less sprightly than then,
My face is a well-written page, Maggie,
And time alone was the pen.
They say we are aged and grey, Maggie,
As sprays by the white breakers flung,
But to me you're as fair as you were, Maggie,
When you and I were young.

Chorus


Say goodnight, Gracie.

And good night, Mrs. Calabash, wherever you are.

Thursday, June 20, 2013

ERM-B C-COOP:

Risks within risk

 

For want of a nail

The Atlantic hurricane season arrived June 1. The Pacific typhoon season arrived a little earlier and promptly sent a typhoon across Mexico.

Many organizations have “hurricane” plans. To my mind, that’s foolish. Any “threat specific” plan is, in my opinion, foolish.

The problem with a “hurricane” plan is that it can overlook a risk within a risk.

Consider a hurricane’s main components.

    Wind.

    Rain.

    Storm surge (flood).

Wind is, for the most part, harmless. True, it can blow the roof off a building and that can lead to other damages to a property. And true, it can bring down power lines.

A wind’s main threat potential is carrying missiles – anything it can pick up and hurl along at high velocity.

    Roof shingles.

    Tree limbs.

    Signs.

So, is “wind” a threat? Yes, but if the roof is to Dade County specs, the roof should survive.

Tree limbs and flying signs are a threat, but they often are ignored under the “hurricane” heading.

Rain is just water.

Of course water can damage equipment and walls; it can make a place uninhabitable.

Just like a burst pipe.

Or backed up storm drains.

Storm surge? Unless a facility is near a fairly large body of water – anything from the ocean to an oversized retention pond - there is little chance of damage from a storm surge. But it is a risk.

Now, take these risks on step farther.

Let’s assume - I know that’s foolish, but . . . - that the wind carries a large tree limb through the glass doors at the front of the building.

Let’s continue to assume that wind-driven rain saturates the building’s reception and office area.

Finally, let’s assume the rain backs up the storm sewers and water floods the production room floor.

    I once worked in a newspaper’s back shop. Water all too often backed up, making it “shockingly” dangerous to use an electric saw that was critical to our work. Chalk this up to a “been there/done that” scenario.

Now we’ll add an “inject” to the picture.

Roadways are impassable due to either or both debris or floods. The closed roads can be close to the homes of critical personnel or close to the facility. Either way, no one is coming in to work, and even if they could come to work, the facility is not suitable for office or production work.

By the way, that wind that blew the missile through the doors also blew all the organization’s papers, some sensitive, all over the neighborhood. Was a security breach included in the “hurricane” plan?

How much is it going to cost – in time and money – to clean up the mess? How many customers will find an alternative source? How long will it take to get your insurance company to pay off? All because of a “little” water.

Think in terms “For want of a nail . . . ”

Most of the aforementioned threats are easily enough mitigated, IF the threat is identified and IF management takes the threats seriously enough to spend the money and IF there are policies and procedures in place to lock down sensitive documents.

So far there has been zero discussion of keeping the organization operating until recovery to business as usual is accomplished. Almost 500 words and only now the word “recovery” appears.

How maintaining a minimum level of service while restoring to business as usual is established is your quandary. I know what I would recommend, but this organization is your client.

The point of this treatise is to encourage practitioners to consider the risks within a risk, and – maybe – to convince you that threat-specific plans are less than “best practice.”

One more quickie.

Pandemic.

What are a few of the risks within the risk?

    Financial loss.

    Loss of use of a building.

    Loss of customers.

    Loss of key personnel.

    Loss of local manufacturing capability.

    Loss of vendors.

 

For Want of a Nail

    For want of a nail the shoe was lost.
    For want of a shoe the horse was lost.
    For want of a horse the rider was lost.
    For want of a rider the message was lost.
    For want of a message the battle was lost.
    For want of a battle the kingdom was lost.
    And all for the want of a horseshoe nail.

If I wrote it, you may quote it.

Thursday, June 13, 2013

ERM-BC-COOP:


Vendor security


Email Morphs into Corporate Espionage

 

An email just dropped into my electronic in-box with the subject “Should You Archive Email to the Cloud?

I suppose it’s a good question and I can think of many reasons to keep my emails “closer to home.”

But the query did trigger an off-the-wall thought, my forte’ it seems.

What about vendor security – all vendors, not just in the cloud.

When a person or organization signs up with a vendor, the vendor asks for, usually justifiably, a great deal of information. Granted, most of the information can be acquired from public resources, public records. But maybe not all, and some of the “not all” should be, at a minimum, “confidential.”

On a personal level, it seems almost everyone wants a client’s Social Security number which, as it happens, never was intended for identification beyond the needs of the Social Security Administration and the IRS. (The U.S. government is responsible for much of the abuse; a quick review of the Social Security timeline at http://www.ssa.gov/history/ssn/ssnchron.html bears this out.)

Organizations with smart people at the helm will ask prospective vendors if they have plans in place to assure that the vendor can meet Service Level Agreements (SLAs) “no matter what.”

That’s not enough.

Organizations need to know that information shared with vendors is safe, secure.

Consider the world of corporate espionage. If the competition knows a firm is ordering ZYX parts and ZXY is not used in any current products, the competition can rightly suspect the firm is bringing out a new product.

Perhaps the competition learns that a regular order for 100,000 #22 threaded fasteners has been doubled. Suggestion: A bigger production run that could translate into lowered prices to increase market share.

A reduction in a previously standard order could indicate the organization is winding down production of a certain product.

Corporate espionage, as with all other espionage “disciplines” most often finds success on connecting the dots of generally available, or loosely held, information.

An organization need not be part of what Dwight Eisenhower termed the “military-industrial complex” to have sensitive information a competitor might covet. Coca-Cola still locks up its formula and GM never willingly lets Ford get a look at its bound-for-the-production line drawings. Would Macy’s tell Kmart when it plans a sale of merchandise that sits on both stores shelves?

Checking on a vendor’s security – how it handles client information – may seem “out of scope” for a business continuity planner, but it IS very much “in scope” for an enterprise risk management practitioner, and a lack of vendor information security – both electronic and paper – should concern the vendor’s clients.

Consider it.

If I wrote it, you may quote it.


Tuesday, June 11, 2013

Politics

HEY U.S. POLITICIANS

 

Can you follow Israel’s lead and cut your wages?

 

Tiny Israel has a deficient of some $10 billion or 4.2% of the Gross Domestic Product (GDP). According to Professor Omer Moav, an economist at Hebrew University, each Israeli household is in debt for about $5,000. On top of the over-the-top budget deficit, the State also has a national debt equal to 74% of its GDP, of which 6.5 percent of GDP is targeted for defense (http://tinyurl.com/leeeofq).

By comparison, the Netherlands taxes are zero percent of the county’s GDP, but the individual tax rate is 52% and the sales tax/VAT is 19 percent. 16 countries have a higher sales tax/VAT, while five countries have a higher maximum income tax; three other countries share a 45% tax rate with Israel. Information from World Tax Rates, (http://world.tax-rates.org/).

To counter that debt, the State is raising the Value Added Tax from 16% to 18% (the same as the UK and Turkey). It also is raising the income tax rate . The rate for 2012 was 45% for individuals. The Knesset is proposing a higher rate and the Bank of Israel predicts tax increases will be needed again in 2015 and 2016 (http://tinyurl.com/laz7tud).

While the government, as all governments do, is planning to raise taxes, the Israeli government has voted – 38-15 – to cut the salaries of Members of Knesset (equals to the White House, Senate, and House) by 10 percent. It also voted to cut public sector worker’s pay by one percent.

According to the Times of Israel (http://tinyurl.com/khx75ql), “In addition to many benefits, including leased cars and an allowance for clothing, parliamentarians currently receive an average salary of approximately NIS 38,000 ($10,500) per month.”

Now imagine if the politicians in Washington took a 10% pay cut. For POTUS, that would be a savings of $20,000. Rank-and-file members of the Senate and House receive only $174,000/year making 10% only 17,400 per politician per year. Multiply that by 48* senators and the taxpayer has saved $825,200 in the Senate alone. Add in the 432* voting members of the House for an additional savings of $7,516,800 – more than 7.5 million for a total savings of $8,342,000.

* The Speaker of the House is paid $223,500 ($22,350), while each majority and minority leader in each chamber is paid $193,400 ($19,300 * 4=$77,200).

In addition to their salaries, POTUS gets a $50,000 tax free “allowance” while the vice-president only gets a paltry $10,000 tax free allowance on top of his $230,000/year stipend. (All compensation information from infoplease (http://tinyurl.com/yva4ts).

Granted, that’s just a symbolic drop in the bucket against the nation’s $16 trilling and rising debt. (Watch the debt clock at http://tinyurl.com/p3n6la and http://tinyurl.com/73srjpt.)

Drop in the bucket or not, it WOULD be a welcomed good will gesture, hopefully to go along with a reduction in vacation travel at taxpayer expense – the Obamas have racked up a roughly $20 million tab for annual vacations to Hawaii (http://tinyurl.com/bhgubc6), the most recent a mere $3,629,622 (http://tinyurl.com/d6xonv7).

According to HawaiiNewsNow (http://tinyurl.com/kmptkrh), “A conservative watchdog group has filed suit in Federal court in an effort to obtain records on the costs of President Obama's vacations in Hawaii.

The group Judicial Watch said it filed a Freedom of Information Act lawsuit in U.S. District Court in Washington, D.C., against the U.S. Secret Service. The suit seeks ‘all records concerning use of U.S. Government funds to provide security and/or other services to President Obama and any companions on their January 1 and 2, 2013, trip to Honolulu, Hawaii’." No one is denying POTUS time off with his family, he’s so rarely in the White House as it is; Air Force 1 (at $181,757 per flight hour) seems to be his “home away from the White House.”

    Never mind that in Israel, Prime Minister Benjamin Netanyahu was pilloried for a trip with his wife, Sarah, because they insisted that an El Al jet be outfitted with a private bedroom for a 5-hour flight. (Israel lacks the equivalent of an Air Force 1 and has to buy time on the national airline, almost like any Israeli.) According to the Jewish Telegraph Agency (http://tinyurl.com/l2oqye8), “Netanyahu spent $127,000 on a custom-built bedroom for a 5 hour flight. The bedroom consisted of a bed and partition. The bedroom’s cost was tacked on to the $300,000 bill for flying Netanyahu, his wife, and his entourage to former British Prime Minister Margaret Thatcher’s funeral.” Perhaps the Israeli public was still upset over Netanyahu’s annual office budget that included $2,700 for his favorite whipping cream. The Netanyahu’s’ round-trip to England hardly matched POTUS and family’s trip to Hawaii, but then Israel has a smaller GDP.

The bottom line: Even though the Members of Knesset are taking only a 10 percent pay cut and it is but a drop in the fiscal bucket; at least the MKs are giving up something which is more than most politicians in Washington – and at State capitals – are willing to do.


ERM-BC-COOP:

Y-12 . . . again

 

No performance checks?

Once again the Y-12 Tennessee nuclear arms facility's security has been breached.

This time by a little old lady who apparently was got lost.

According to an article on the KnoxNews Website (http://tinyurl.com/ksj8x6f), The security breach occurred less than a year after three protesters cut through a series of security fences and walked to the innermost sanctum of Y-12, the country’s largest repository of weapons-grade uranium.

“I’m not aware of any circumstances quite like this,” said Steven Wyatt, spokesman for the National Nuclear Security Administration and Y-12. He called Thursday’s incident a “security lapse.”

The woman who got onto the secure property told police she was searching for a new low-cost apartment complex she’d seen advertised. She followed a large throng of morning commuters shortly after 6 a.m. Thursday and was waved through Y-12’s main entrance off Scarboro Road, according to the report.

According to the Energy Department's Y-12 Web presence, "Y-12's core mission is to ensure a safe, secure, and reliable U.S. nuclear deterrent, which is essential to national security.

"Every weapon in the U.S. nuclear stockpile has components manufactured, maintained or ultimately dismantled by Y-12, the nation’s Uranium Center of Excellence. We employ only the most advanced and failsafe technologies to protect the stockpile."

Y-12 claims that "We train nuclear industry professionals, emergency responders and security forces from around the world to safeguard vulnerable materials; and the innovations engineered at Y 12 have applications for allies, other government agencies, and the private sector."

How successful Y-12 is at safeguarding its own "vulnerable materials" has to be questioned in light of a recent "invasion" by three protesters. A New York Times article headlined "The Nun Who Broke Into the Nuclear Sanctum" notes that on July 28, 2012, "Sister Megan Rice, 82, a Roman Catholic nun, and two male accomplices, one 63 and the other 57, carried out what nuclear experts call the biggest security breach in the history of the nation’s atomic complex, making their way to the inner sanctum of the site where the United States keeps crucial nuclear bomb parts and fuel." (http://tinyurl.com/bzdd7n6)

The KnoxNews article reported that "Guards at Y-12’s entrances are supposed to inspect and at least touch an employee’s Y-12 security badge before handing it back."

It would seem that the policy and procedure to prevent the latest excursion into the "secure" facility were in place, but they were never exercised, tested under stress - that is, rush hour at the gates.

While most practitioners don't have similar security concerns, the lesson to be learned from the on-going security fiasco at Y-12 is that resources on which the organization depends also are at risk during a "rush hour." Communications is a primary example.

Actually just getting people into work can be a risk. (Staggered start times can help, but keep in mind the roadway infrastructure leading to the facility; do the neighbors also have the same start times?)

It behooves practitioners to consider "weak links" and to test those links' robustness.

Are there work-arounds in place - off-site hoteling and home office when the roads are jammed, alternate phone options, especially if Internet services are carried over the same fibre as voice calls.

While you are at it, check to see just how secure is the facility.

If I wrote it, you may quote it


Wednesday, June 5, 2013

ERM-BC-COOP:

Practitioner’s Requirements

 

Selecting a candidate to protect the organization

The perennial question is once again causing clutter in the ether. The question:

Must a practitioner be an IT expert?

In a word: No.

Perhaps the practitioner should be an MBA to handle the business side? Is a degree even necessary?

Maybe an SPHR to understand the human relations concerns?

How about a CompTIA Security+ certification for security issues?

Is a PMI or Six Sigma black belt necessary to manage the project or program?

Same answer. No, No, No, and No again.

So what qualifications should a practitioner possess?

Curiosity.

Ability to “think outside the box,” to ask seemingly “off-the-wall” questions.

Documentation skills.

Interview skills.

Open mind.

“People” skills.

Did I mention curiosity?

I practiced enterprise risk management for roughly 15 years.

I am not an IT guru, but I know people who are.

I am not an HR expert, but I know people who are.

I am not a security maven, but I know people who are.

As a former reporter, PR flack, and technical writer, I am a good interviewer and I am a very good writer. In order to be a good reporter, a person MUST be curious.

I also am pretty good at playing the “What if” game – what if this happens or what if that fails to happen.

Although I never stopped to get a degree or even a project manager certification, I am a reasonably decent manager; at one point I managed 47 sites across 17 U.S. states staffed by people I only knew over the phone and via the Internet.

People who write job requirements that are heavy on IT or business or, frankly, any single area of expertise don’t understand risk management.

I don’t expect agencies such as BCManagement to push back to their clients with that statement, even though the folks there know its in the client’s best interest. It is not in BCManagement’s best financial interest to try to educate the client. I understand that.

A risk management practitioner must, first and foremost, know how to work with everyone: from very senior management to the newest intern in the mailroom. The practitioner must know how to relate on the other person’s level without being condescending or putting on airs.

The practitioner needs to be a Subject Matter Expert (SME) in one – and only one – discipline: Enterprise Risk Management or, one step down, Business Continuity.

The practitioner must be able to work with managers and SMEs from all functional units, and the practitioner needs to realize that SMEs don’t always carry a label proclaiming them to be SMEs. That includes people outside of the organization.

Over the years I learned a little about a lot of things, and that little often led me to be ask the right questions of the right people at the right time. That skill has nothing to do with a degree or a specialty certificate; it has everything to do with creating successful plans and programs.

If I wrote it, you may quote it

Monday, June 3, 2013

ERM-BC-COOP:


Cite source


 

I have the privilege to review articles submitted to the Disaster Recovery Journal, DRJ.

It’s not a particularly big deal; I am one of perhaps two dozen reviewers.

I skip all articles that are solely IT; that’s not my area of expertise. For IT I turn to real IT mavens such as Ace Jackson, who also happens to be a reviewer.

This evening I read a really good article about hurricanes.

Well written, informative.

I told Editor Jon Seals to send it back to the author.

Why?

One simple omission: There was no attribution.

Who is the authority?

Unless the author is a meteorologist or climatologist, I want to know where the author got the information.

This was not an “opinion piece” such as I am wont to write; this article presented itself as documented facts.

When I was cub reporter, back before UP married INS to become UPI (before that I was a printer who often set “heds” from a California job case), I was told to “attribute everything.” I was to “report” not “make” the news, and there had to be a source. Back in the day, reporters tried to keep the fingers pointed at someone else – the source of the material.

Same thing as a PR flack – sorry, “practitioner.” At Tel Aviv University, the articles I penned always cited Professor This or Professor That.

I didn’t have to attribute anything in the mil-spec technical manuals I wrote; I was thought to know the subject on my own.

But DRJ is “journalism” in the broad sense of “keeping a journal.” The copy in the magazine – paper and digital – needs attribution unless, as previously noted, the story was “first person” or “opinion,” humble or, always in my case, “not.”

Is writing for the DRJ different than documenting a plan.

Not really.

It behooves the practitioner to cite the sources.

While every statement need not be directly attributed, the document’s sources must be acknowledged.

Acknowledging the sources does at least two things:

  1. It shows which Subject Matter Experts (SMEs) were involved in the decisions reached by the practitioner, and
  2. It acknowledges the sources’ effort; just about everyone likes to see their name in print

I’ll admit that Item 1 also serves as a Cover Your Assets (CYA) tool for the practitioner.

This citing sources is particularly important for the consultant and extremely important if the consultant is less than an SME in a specific discipline.

If I’m documenting an IT process, you can bet I’ll tell the world who provided the information.

Besides citing the source, practitioners are well advised to heed the admonishment to pilots:

When descending

From above

Be like porcupines

Making love

CAREFULLY

and proofread their documents CAREFULLY. Spelling and grammar ARE important; the practitioner’s image is important to the document’s credibility.

Unless the practitioner is the authority, a KNOWN authority, all statements of fact need to be attributed; the reader needs to know who made the statement.

As for the foregoing, I’ve “been there and done that,” so I am my own source. If you doubt me, ask Ace Jackson.