In October 2004 Continuity Central published an article, posing the question “Is Six Sigma a useful business continuity aid?”. Jack Freson, a Certified Black Belt in Six Sigma, answers the question with an unequivocal “Yes, why not?”
In this article Mr Freson explains his response:
The first thing we must understand is that Six Sigma does nothing until the organisation wanting to use it makes a commitment to the methodology. Once this happens, the process is simply one of using the methodology to achieve improvement. The one part often overlooked is that Six Sigma is focused on continuous improvement, so the process is never ending. It is the constant striving to take what you are doing today and improve it. Can Six Sigma be used for improving business continuity, security and emergency management? Yes it can. One must start with the DMAIC process taught within Six Sigma as a disciplined approach to project management. DMAIC stands for, Define, Measure, Analyse, Improve, and Control.
Six Sigma combined with a proven vulnerability assessment method
In the area of business continuity, we don’t just employ the Six Sigma DMAIC process, it needs to link into a proven vulnerability assessment method, but such linking brings definite advantages. Since Six Sigma looks to include all knowledge, the result is a well disciplined project incorporating the latest knowledge in the business continuity area which together is designed to give you a well-rounded business continuity plan. The plan will include how to improve security, how to keep the business operating in an emergency, and a method to achieve continuous improvement.
The quest for data
It has been mentioned in other articles that Six Sigma is customer focused and uses the DMAIC project management process. Both of these are an essential part of the Six Sigma methodology. Also, important are management commitment to the process, team work, and statistical analysis of information. The last will be the most important part of a good business continuity plan, a plan that is in constant flux as it pushes towards improvement and the elimination of defects. The use of statistics has one important role and that is to allow us to get more and better information about our data. It will be the driver to guide us towards our improvement goals.
The chart below shows the merging of the DMAIC process with a proven security vulnerability assessment format. The assessment format seeks to know who the adversary is and what scenarios may be used to interrupt the business or harm the people. It bases improvement on achieving a balanced and layered security plan. Most importantly, it uses internal and external data. The initial assessment and plan development will use both sources of data. After the initial assessment and development of the security plan, the “continuous improvement loop” provides for analysis of how we are doing and gives us the basis for making changes to improve. However, we are only improving based on the external data used in the initial assessment. External factors may, and will change. Maybe some new adversaries, maybe new information from Homeland Security. Whatever the change, we must bring that information, the data, into our improvement loop. The new information is combined with existing data and an assessment is made as to the impact on our plan.
While Six Sigma will enhance the vulnerability assessment to provide a state of the art business continuity plan, one must always realise that the plan cannot be a fixed document. It must not be allowed to become obsolete and any emergency response must be practiced. How often it must change is hard to say, but, if you continuously bring in new information, continuously analyse how your plan is performing, and update it, you will be improving the security and business continuity of your organisation. While most Six Sigma work has been towards physical security, the process is easily applied to the world of business continuity. In fact, a smart company would see the advantages of creating one system; one plan to handle both physical and IT security and contingency planning.
Jack Freson, Certified Black Belt, Sigma Team Solutions, LLC, Associate of Six Sigma Security, Inc Contact: 513-315-4440
•Date: 29th July 2005 •Region: US/World •Type:
Article •Topic: BC general
this article or make a comment - click