1. Date 2010-10-20
CONFIDENTIAL
Article to BCI – Continuity Magazine
Page 1 (4)
5G CONTINUITY AB W W W . 5 G C O N T I N U I T Y . E U Telephone: +46 (0)705 498598
Gothenburg, SWEDEN info@5GContinuity.eu Fax: +46 (0)300 62180
Societal Security – Insights from ongoing ISO work
Pierre Wettergren applies BCM principles on the public sector and gives some insights to
the methods and the process that can be used to enhance community resilience.
When I was asked to provide some insights to what we do within ISO regarding Societal Security and
especially to emphasize on community resilience my first thinking was about one of the, in my view,
most interesting standards that we currently develop within ISO Societal Security standards
developments - the Private & Public Partnership (PPP) standard, which was proposed by the Italian
standardisation organisation UNI and around which we now have formed a project team to develop
further.
ISO Societal Security - framework
Before stepping in to the PPP standard I will try to give some overview to
the ISO Societal Security. The picture here frames the scope. As it shows,
there are three segments of stakeholders that all have to become more
resilient, there are three phases – Before – During – After - to consider
for actions/capabilities/procedures, and there are endless of resource
dimensions, critical functions and infrastructure, that have to be made
more robust. Now and in the future, survival of nations and citizens
concerns the security of critical functions of society, rather than
only the classical focus on the security of the territory. This shift
entails the ability of the government and civil society to function,
critical infrastructures to be maintained, the democratic ability to govern,
and to manifest certain basic values. This is all what the ISO Societal Security
standard developments are about. This framework as the picture shows indicates that
Societal Security is taking a total grip on all dimensions thus applicable for all actors in
society.
How is then this framework managed in the ISO Technical Committee (TC)?
The work within the TC is organised in
work groups (WG’s) each with their
own focus. WG1 – Framework &
Roadmap, but also developing the PPP
and Exercise standards. WG2 –
Terminology, WG3 – Command,
Control, Coordination, and
Cooperation, and finally WG4 –
Preparedness & Continuity
Management from which we next year
(most likely) will see the first
normative standard – the Preparedness
& Continuity Management standard.
This standard will then be an option to
national standards such as BS 25999.
WG4 will soon also start parallel work
on an Organizational Resilience standard. So, ISO Societal Security frames a very interesting and
important set of standards and will in the next few years bring these standards to the market.
2. Date 2010-10-20
CONFIDENTIAL
Article to BCI – Continuity Magazine
Page 2 (4)
5G CONTINUITY AB W W W . 5 G C O N T I N U I T Y . E U Telephone: +46 (0)705 498598
Gothenburg, SWEDEN info@5GContinuity.eu Fax: +46 (0)300 62180
Private & Public Cooperation – from idea to practice
As I said initially the standard I find the most interesting is the Private & Public Partnership (PPP).
The name on this standard will most likely change since PPP has a different meaning in some
countries. However, regardless of the naming I will here give my view on what I hope we will find in
this standard when it is finalised. These suggestions are based on experiences from PPP projects, from
my time as Head of BCM at AstraZeneca, and other experiences from interorganisational network
activities. With interorganisational networks I mean relationships formed by organisations in diverse
vertical and/or horizontal settings. The setting we had in a Swedish project, sponsored by the Energy
Agency, engaged 6 municipalities and 14 private companies that provide critical services to the
society, and the project objective was to understand and define vulnerabilities and criticalities and
leverage these facts to strengthening the energy supply in this region and to form an
interorganisational team to manage extraordinary situations. This project and other experiences from
TC members will shape the PPP standard.
The PPP standard will be applicable to all organisations seeking to enhance the operability and
resiliency of the core functions of society’s public and private sectors. Important elements in the PPP
standard are how to establish relationships, the planning activities, mitigations, emergency & recovery
management, lessons learned, and plan and pursue exercises.
Interorganisational networks can be implemented at various levels, such as global, transnational,
national, regional (within countries), locally and operational. Here I only address operational PPP
networks.
How will we then define operational PPP?
PPP can be seen as an organised relationship between private and public organisations which establish
common scope and objectives, defined roles and procedures, and tools to prevent and manage any
incident impacting on societal security with respect to applicable regulations and laws.
How do we then get there, i.e. to an operational PPP?
We know that relationships are based upon a long term orientation and that they develop from certain
processes before interaction is initiated. These processes involve the influence of cooperative motives
to enter interorganisational networks and preferences upon which potential partners are selected. This
is very basic and well known mechanisms’ in network theories.
The objectives interorganisational networks are founded upon motivate network actors to develop
relationships based on cooperative strategies so that shared goals and decisions can be effectively
pursued.
This process, the engagement process, is what we need to understand and master in order to implement
this standard. It requires understanding and usage of group engagement techniques and tools. Creating
pull is far more effective than trying to leverage from push. To establish relationships between actors,
who all have their own agenda within their organisations, and engage and jointly shape common
objectives and common capabilities is essential. This engagement process has to be led and owned by
the public sector and should be supported by domain and facilitator experts.
3. Date 2010-10-20
CONFIDENTIAL
Article to BCI – Continuity Magazine
Page 3 (4)
5G CONTINUITY AB W W W . 5 G C O N T I N U I T Y . E U Telephone: +46 (0)705 498598
Gothenburg, SWEDEN info@5GContinuity.eu Fax: +46 (0)300 62180
The journey – from idea to established operational PPP
Idea & Motives
When a public actor/organisation has an idea, a confirmed need that could increase the community
resilience, they could either handle this themselves or consider to form PPP’s as a collective
mechanism for sharing risk, resources, and investments in situations of uncertainty. It’s a win-win but
there are obstacles that need to be resolved in order to establish an open and constructive cooperation
between private and public actors:
- The management of information is one that quickly becomes an issue. Private companies are
not so keen to speak out about their weaknesses.
- Composition of participating members is another challenge.
The way forward is to do some research about which actors could be interested and then build your
case before contacting them preferably using a small BIA so that you know which societal
service/function that needs to be secured/improved.
Engage & Explore
Invite actors/organisations to an open facilitated discussion where this idea is translated to a defined
common objective. Use experienced group engagement facilitators to lead the process. What we now
start to shape is the relationship model that eventually will define the roles, procedures, the
interoperability functions, and enabling technology that constitutes the modus operandi for this
interorganisational network of actors, i.e. the operational PPP team. Output here is a defined common
objective to move forward with.
Expand & Commit
After selecting actors and organisations to engage with the PPP process moves into a stage where the
relationships are expanded into friendships, interpersonal commitment, trust and reciprocity. The
important activities here are about getting to know each other and understand respective organisations
capabilities and objectives. A key principle here is to ensure that participation in decision making is
democratic and inclusive, enabling people to contribute as equal members of this PPP, i.e. ensured
demoCreative group engagement activities using facilitator techniques.
Activities to do now are e.g. a Societal Impact Analysis (SIA), i.e. using the same thinking and
principles as valid for BIA and apply them on the region and societal services in scope. This gives the
group a joint understanding on the current capabilities and what values are at stake.
Along the line here we also formalize the PPP committing the organisations through written contracts
to become active members of this PPP. Even if there are no jurisdictional bindings and the relationship
is on voluntary basis the contract is important. It is a publically made commitment indicating that this
organisation is investing in the community where it operatives and whose services it is dependent
upon.
That is to me showing true Corporate Social Responsibility (CSR, ISO 26000).
Once the commitments are made the hard work begins. From now knowing where your weak spots
are, knowing the requirements (MTPD’s/RTO’s) you carry on with shaping your strategies that will be
the basis for building your community resilience.
4. Date 2010-10-20
CONFIDENTIAL
Article to BCI – Continuity Magazine
Page 4 (4)
5G CONTINUITY AB W W W . 5 G C O N T I N U I T Y . E U Telephone: +46 (0)705 498598
Gothenburg, SWEDEN info@5GContinuity.eu Fax: +46 (0)300 62180
In order to develop an operational
capability within this PPP you need to
sort out the roles, responsibilities,
procedures to follow, but also activities
required assuring this capability over
time. So, the governance model for the
PPP is crucial, because it has to allow
overstepping the impasse of traditional
management systems / services that
usually generates operational realities
strongly vertically. It has to secure
access to actor resources including staff.
As the picture indicates interoperability, governance, management, monitoring, and assurance are
features you have to consider and implement. Since we also deal with many actors and organisations
at various locations we need to consider also using enabling technologies in all three phases.
To facilitate most of the activities you should make use of group engagement techniques & tools in
order to maintain objectivity, increase efficiency, and reduce travels to a minimum. We have used this
approach successfully in many similar environments. For example: With the Hertfordshire Police
(London) we have supported Cold Case Murder Reviews, using group engagement tools and our
facilitation support. Today they are the only police force in UK that has no unresolved homicide cases.
At local authority level we support social services in the formal learning review (Serious Case
Reviews) following the death of a child. Elsewhere in the UK we have supported multi-agency'
workshops, bringing thought leadership, mitigation strategies and new solutions to existing problems.
In all cases the ability for participants to say what they think and believe unlocks new perspectives,
brings consensus from far reaching debate, cuts across traditional verticals and builds commitment to
new actions and behaviour change, all extremely important components of the PPP. So, make use of
technology – it saves time, money, and the environment.
Stabilise & Mature
To strengthen the relationships and trust validation and verification exercises is a great vehicle. This
will engage the PPP actors and over time the operational PPP capabilities will become a natural
component of the community resilience. But, remember that relationships and trust are long term
investments.
In this context - a PPP is a committed obligation to make your own community resilient.
Pierre Wettergren, M. Sc.
CEO, 5G Continuity AB
Pierre.Wettergren@5GContinuity.eu
WWW.5GCONTINUITY.EU
Pierre was during the years 2004 through
2007/8 heading AstraZeneca R&D’s BCM
Team where he developed and rolled out the
methods and procedures, the BCMS.
Pierre has been an expert within the
TC223/ISO Societal Security since 2007.