Featured Product
This Week in Quality Digest Live
Management Features
Constance Noonan Hadley
The time has come to check whether the benefits of teamwork still outweigh the costs
Naresh Pandit
Enter the custom recovery plan
Anton Ovchinnikov
In competitive environments, operational innovation could well be the answer to inventory risk
Julie Winkle Giulioni
The old playbook probably won't work
Sarah Schiffling
But supply chains will get worse before they get better

More Features

Management News
Program inspires leaders to consider systems perspective for continuous improvement and innovation
Recent research finds organizations unprepared to manage more complex workforce
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
MIT Sloan study shows that target-independent compensation systems can be superior
Steps that will help you improve and enhance your employee recruitment, retention, and engagement
300 Talent acquisition leaders and HR executives from companies gather in Kansas City
FedEx demonstrates commitment to customer-focused continuous improvement

More News

Robert Fangmeyer

Management

Organizational Excellence in the Cyber-Risky Age

The Baldrige Framework tackles another business challenge

Published: Thursday, July 28, 2016 - 15:01

In August 1987, Congress created the Baldrige Performance Excellence Program, a public-private partnership that spawned a global movement. This small program was given a great big purpose: to improve the quality and performance of U.S. businesses so as to improve our national competitiveness. As a nation, we struggled at that time to produce high-quality, low-cost products and services, and we were losing market share and jobs to global competition.

The Baldrige Program was established to help turn that around, and for the past 29 years, we have been extremely successful, establishing a globally recognized standard of excellence used to facilitate and enable a systems approach to organizational excellence and improved outcomes in businesses, nonprofits, educational institutions, and healthcare providers of all kinds.

Today, there is another threat to the long-term success and sustainability of nearly every organization in the United States: ensuring appropriate cybersecurity. In our increasingly connected data-driven world, protecting information and systems has become a basic necessity for organizations of all kinds, and a critical national priority.

In response to President Obama’s Executive Order (EO) 13636 and in partnership with industry, the National Institute of Standards and Technology (NIST) developed the Framework for Improving Critical Infrastructure Cybersecurity. NIST’s Cybersecurity Framework helps organizations understand what should be included in a robust cybersecurity risk management program, and it has now been deployed across critical infrastructure sectors and more broadly throughout the United States. Since then, numerous implementations have been developed, tailoring the Cybersecurity Framework to industries, associations, and even specific organizations.

So what does this have to do with the Baldrige Program and the Baldrige Excellence Framework?

Those familiar with the Baldrige Framework know that ensuring the security of data, information, and systems is not new to the Baldrige Criteria, and in fact it first showed up in the Information and Analysis section (Category 4) of the 2001 version.

However, during the past 15 years, the prevalence, importance, and unfortunately, the misuse of electronic data and information have increased exponentially. In keeping with our mission and in response to an expressed need across multiple industries, we are now partnering with NIST’s Applied Cybersecurity Division to develop a Baldrige-based assessment tool aligned to the Cybersecurity Framework. This tool will enable an evaluation of not only the robustness, but also the effectiveness and “maturity” of the cybersecurity risk management programs of organizations of all kinds.

U.S. Chief Information Officer Tony Scott, who is helping to lead the President’s Cybersecurity National Action Plan, is a strong advocate of the potential benefit to be derived from a Baldrige-based cybersecurity assessment process:

“We are making strides in raising the level of cybersecurity across the nation. Baldrige-based approaches have helped organizations to improve their performance over several decades,” says Scott. “Voluntary cybersecurity assessments using a Baldrige approach will stimulate improvement, begin to pool talent, and share solutions to the security challenges and problems organizations face today.”

During the past six months, the Baldrige Program has been part of a working group, including the Applied Cybersecurity Division (Mr. Scott’s office), and a diverse cross section of more than 20 industry participants representing hundreds of organizations, to explore the need for, the potential of, and the pitfalls to avoid in regard to a Baldrige-based cybersecurity initiative. Industry organizations taking part in these discussions have included Baldrige Award recipients PricewaterhouseCoopers Public Sector Practice, Advocate Good Samaritan Hospital, and Boeing. Working with industry to determine the path forward is one of NIST’s core competencies and is certainly key to this effort.

“NIST’s efforts to couple the proven processes and value of the Baldrige Program with the increasingly popular Cybersecurity Framework will be voluntary and private sector-driven. We will measure this initiative’s success by its usefulness to companies and other organizations in strengthening their cybersecurity risk management,” says Willie E. May, Under Secretary of Commerce for Standards and Technology and Director of NIST. “The goal is to help organizations get even greater value from the Cybersecurity Framework by providing a way to assess and guide their cybersecurity risk management.”

The first step in this effort will be the development of a self-assessment tool—the Baldrige Cybersecurity Excellence Builder. The tool will enable organizations to better understand the effectiveness of their cybersecurity risk management efforts and identify opportunities for improvement based on their cybersecurity needs and objectives as well as their larger organizational needs, objectives, and outcomes.

We are very excited about the opportunity to partner with industry to help address this critical national need. For nearly 30 years, we have been fostering organizationwide excellence, and in 2015 we embarked on two strategic initiatives that will bring the Baldrige concepts to a much wider audience: cybersecurity and Communities of Excellence 2026 (COE2026). The cybersecurity initiative drills down into a critical component of organizational performance and sustainability, while COE2026 adapts Baldrige’s systems approach to achieving excellence to entire communities.

We estimate that a draft of the Baldrige Cybersecurity Excellence Builder will be available for broad public input in fall 2016. If you would like the opportunity to review this draft, just send an email to baldrige@nist.gov.

The Baldrige Foundation is also supporting our cybersecurity and Communities of Excellence efforts through advocacy and fundraising. You may visit their website for more information.

First published July 12, 2016, on the Blogrige blog.

Discuss

About The Author

Robert Fangmeyer’s picture

Robert Fangmeyer

Robert Fangmeyer is the director of the Baldrige Performance Excellence Program (BPEP) at the National Institute of Standards and Technology (NIST).