Attempting to improve a business process can often mean months of analysis and a long-term gap assessment. But what if you could find a solution in a day? Security process improvement is a top research area for the Security for Business Innovation Council (SBIC). One of our member organizations, TELUS, a leading Canadian telco with $10 billion in annual revenue, has developed a tactical approach to process improvement. Their secret sauce is holding intensive one-day meetings called “own.its,” where front-line staff from different areas of the company get together to tackle a process that needs improving.
Own.its are applied where there’s a process inefficiency, a legacy practice that no longer makes sense, or something is just plain broken. Instead of drawing up a multi-year roadmap that could take years to implement, the goal of own.its is to engineer around the bureaucracy and rethink the nuts and bolts of certain processes – and do it quickly.
Here’s how it works. Front-line stakeholders, led by a moderator, get together for one day to look at the problem. The people involved in ironing out the process are the actual people who do the work and understand the problem intimately. No senior management or consultants are allowed. The only rule is that they must come up with something that can be implemented within 90 days – with checkpoints at 30 and 60 days. The VPs from each area represented are invited into the room at the end of the day and give an immediate thumbs-up or thumbs-down to the ideas that were generated.
Reducing time for approval processes is an ideal scenario for the own.its approach. Firewall changes is an example of where approvals can take too long, since many different departments need to sign off on changes. Own.its enabled TELUS to involve front-line workers in IT, network operations, and security, to tackle the problem head on and find a solution. In another example, the need for background checks was slowing down the onboarding process. Frontline staff from access and HR met and came up with an efficient solution to reengineer this step – shaving off days from the process.
Adopting own.its brings decisiveness, accountability, buy-in, and the ability to adapt quickly. It empowers the people responsible for the work. Especially in a virtual company, workers are dependent on others to do their jobs, yet they often haven’t had the opportunity to interact with each other. Own.its gives employees a chance to walk a mile in each other’s shoes and forge constructive partnerships.
Tactics such as Own.its are the sort of practicable information you’ll find in the SBIC’s upcoming report, “Transforming Information Security: Future-Proofing Processes”. It’s the second installment of a three-part series on what a forward-leaning information security program looks like. It urges organizations to optimize their processes today to better prepare for what’s on the cyber risk horizon.
“It’s amazing to see what happens when front-line people from different areas get together. Own.its give them the chance to just have a conversation. And right then and there, the solutions they come up with can be brought to bear.” Kenneth Haertling, Vice President and Chief Security Officer, TELUS