Documentation of the lectures, which were held on the occasion of the 10th anniversary of the Verismo GmbH in the Centrum Obermühle
Published by Dr. Klaus Bockslaf
Download documentation as PDF document (German only)
Publications
For the September issue of GIT Sicherheit, Verismo Managing Director Dr Klaus Bockslaff was asked to take a seat on the VIP couch. In the interview he talks about the current events of the flood situation and gives insights into his personal life. Read the whole interview in the PDF. Download the PDF (German only)
To put it simply, a crisis is when nothing is the way it was or, rather, the way it should be. This applies both to exceptional events such as the current COVID-19 crisis and especially to “smaller” and more time-limited events. These are highly escalated, exceptional situations that cannot be handled by the normal organization and for which even the operationally oriented business continuity management (BCM) does not offer a complete solution. This is because a crisis is not exclusively about restoring normal operations, but much more about limiting the overall business damage, in a situation where a solution is initially unknown. And it is precisely this aspect that is often overlooked in the initial reactive and “noisy” phase of an incident response. In the current COVID-19 crisis, the crisis staffs of many companies and organizations have been meeting for months, responding to the ever-changing state and coming up with solutions in what is largely an unknown situation. The basic lessons learned1 range from insufficient pandemic plans, the challenges of staff work from home, the simultaneous occurrence of ransomware attacks, the challenge of decision-making, to the demands of international coordination and a massive push for digitization with the introduction of MS Teams, SharePoint, Office 365 and similar tools. During the ongoing Corona crisis, there was very little willingness among many companies to make fundamental changes in their crisis management. With the hope that the current situation will soon come to an end, there is a growing willingness to learn the right lessons from the experience of the past months. An unbiased assessment should now lay the foundation for a sustainable improvement in preparation for future challenges in the field of continuity and crisis management. Numerous weak points must be identified, assessed and eliminated with the appropriate measures. For the insuring industry, this initially means optimizing existing insurance contracts. In the companies, a holistic view is required that encompasses issues of insurance management, supply chain management, corporate security, continuity and crisis management. Change processes are required, which do not even stop at classic departmental thinking. The buzzword “resilience management”, which has been discussed for some time, is experiencing a new blossoming. Demands for a reorientation of corporate security are being heard. A comprehensive understanding of risk management is stimulating internal discussion. What impact does this discussion have on the area of crisis management that is focus here? The fundamental requirement for crisis management is to create a situation in which strategic decisions can be made in a structured process, taking advantage of the challenges and opportunities of digitization in the future. One of the biggest challenges in staff work is the decision-making process. The challenges of decision-making are often underestimated. Poor decision-making makes an already difficult situation even worse. At its very core, crisis management involves responding well to a highly escalated situation based on the best available information and using it to implement decisions, thereby controlling the organizations response to the event and minimizing the impact of the event2. This decision-making process represents the flowing organization of the crisis management teams work and is reflected in the so-called “leadership rhythm”. But do these measures derived from classical doctrine meet the requirements for successful crisis management? Aren’t the acting employees and their interaction decisive for successful management? What are the challenges for “leadership” in a highly dynamic situation? What special demands are placed on the members of a crisis team? These aspects have received little attention in the past<sup>3</sup> but are critical to the success of crisis team operations. These aspects will be addressed in depth based on the preliminary work in the British Crisis Management Standard and in the future ISO CD 22361. System integration as a success factor – DEMiOS complements and leverages existing systems What are the manifestations that characterize a crisis? Chaos typically reigns, especially in the early days. Usually without warning, the crisis occurs and abruptly changes the conditions for the affected companies. Previous rules and processes no longer apply. The key executives must first come together to work in a coordinated and structured manner in one direction. All this happens under immense pressure, because the time factor is crucial for success. If you wait too long, you minimize your room for maneuverability and your chances of getting out of the situation in one piece. But defining rapid and, above all, correct measures for globally networked systems is easier said than done. Because we all know excessive stress paralyzes the ability to think and analyze. Under pressure, spontaneous reactions often occur that are rather counterproductive or even turn a budding crisis into a major one. In addition, the numerous organizational measures require a high level of human resources. At this point, the combination of methodology and technology can provide serious support. The consistent methodical approach of strategic decision-making, applied as a “leadership rhythm” in numerous staffs in the field of civil defense or the military, provides the necessary orientation in the structured sequence. If this leadership process as a structural element in crisis management is embedded in a program tailored to it, a support tool is created that provides decisive relief for the crisis staff and situation center. The leadership rhythm of crisis management – proven in Swiss civil defense and adapted for use in commercial enterprises The problem points in classic crisis management often include the accompanying administrative processes, such as placing assignments, controlling assignments, writing minutes and gathering information. They are often very time-consuming and tie up disproportionate resources. This also includes the visualization of the situation, which is often not designed in such a way that all members of the staff really have a “common picture of the situation”, despite the great effort involved. And the loss of time until the staff is ready to act before its first meeting is often a serious problem point as well. A modern crisis management application supports the crisis team in its work, i.e., it addresses these typical weak points of the classic crisis management Read more
Fundamental experiences of the crisis team’s work over the past twelve months, in S+S Report 01/2021
The past months have left massive traces in all our lives. These traces are particularly pronounced among three groups: young people and young families, the many self-employed and tradespeople, and the elderly in care and old people’s homes. They have all done and continue to do very special things and deserve all our respect and appreciation. The listing of these three groups is in no way meant to exclude the many others affected. The pandemic has brought large sections of the population to fundamental limits, both humanly and economically. In the “time after Corona” we will ask ourselves what lessons we will all learn from these months of “special settings in our lives”. Article by Dr Klaus Bockslaff We experience other aspects of the Corona crisis in the many institutions and companies affected. Not long ago, we all could not have imagined that, apart from a “relaxation break” in the summer and early autumn, many companies have been in “crisis mode” almost continuously since March 2020 until now. It is not uncommon for the number of crisis team meetingsto have reached or exceeded 140 by now. The experiences of the crisis team’s work [1] over the past twelve months described below are based on an intensive exchange with representatives of well-known companies. In 90-minute meetings every two to three weeks, the respective developments were presented in a short paper and then critical topics and questions were also exchanged very openly. These meetings were mainly attended by representatives of business enterprises from a wide range of sectors. Certainly very important experiences from the area of the public crisis teams involved at the municipal or regional level could only be observed in passing. However, it can be seen that the challenges faced by crisis teams at the municipal or regional level were very similar to the issues in the business sector. In view of the wealth of topics that have been of great importance in the work of these bodies in recent months, we will only mention the points that are particularly important from our point of view. The following points from the discussions may be mentioned, for example: [1] The term “crisis team” is used here to refer to the decision-making body that managed this situation, regardless of what the internal designation was in the companies or institutions. Pandemic plans often fell short Many companies have had pandemic plans in place since the times of swine or bird flu. These plans were often based on the classic scenarios of BCM contingency planning “staff, building, IT and service provider failure”. In many cases, they were also aligned with the pandemic levels originally envisaged by the WHO. However, these have not proved to be realistic. Fortunately, only a few companies have suffered critical staff losses due to the pandemic. And yet staff are at the centre of prevention and emergency response. Buildings and office space are still available, but can only be used to a limited extent due to distance measures. T must provide external access with mobile end devices for a large number of employees at short notice, while still ensuring data protection and information security. It is important to stay in close contact with service providers in order to be able to react quickly to restrictions in the ability to deliver. The task nowwas to adapt the existing pandemic plans to the situation given with COVID19. For this purpose, new regulations had to be made in a large number of areas and incorporated into the corresponding planning. Home office will change our society. Setting up home offices as a form of work in Corona time has proven to be a very effective way of reducing social contact. Whereas employees used to have to go to great lengths to get a day’s home office, this has now become a widespread practice. There are a number of challenges associated with setting up the home office option. In many cases, the home environment was and is not geared towards this. While the technical requirements and equipment could be clarified quite quickly in part only by using private devices, the associated difficulties in the private sphere became apparent, especially for young families. Then, when the day-care centres and schools closed, home office had to be combined with home schooling. From the operational point of view, questions about ensuring data protection and information security have not yet been clarified. How are confidential documents handled in the domestic sphere? It is too early to judge how much working from a home office has pushed IT security into the background. In any case, it is necessary that the safety awareness of the employees is considerably strengthened. The possible consequences are shown in the next point. Ransomware attacks The simultaneous occurrence of COVID 19 and a ransomware attack puts companies under particular stress. In recent months, ransomware attacks on companies have increased massively. In this “crisis within the crisis”, it has proven its worth that the “normal” crisis team and the IT crisis team worked very closely together according to common rules and procedures. The previous separation was abolished and a newjoint structure was created. In the process, something was created in this situation that would have required a lot of persuasion in “normal” times. A necessary prerequisite for the success of this newly created joint crisis team was that possibilities were created for the “core team” to work together in one large room in compliance with all hygiene rules. The available personnel could be optimally deployed by immediately dividing the crisis team into two independently acting crisis teams. The increase in ransomware attacks on businesses in recent months may be partly due to working from the home office. IT security has often taken a back seat. What is required is that the safety awareness of the employees is considerably strengthened. A good tool is the offer of tools and e-learning possibilities, which, for example, offer the possibility to simulate the risk of a possible phishing attack. With Read more