Lootok

Menu

What's new?

Breaking the Business Continuity Mould

Breaking the Business Continuity Mould

Embrace the process, not the destination

Business continuity and crisis management is moving from its traditional roots and by-the-book implementation, to a much more disruptive—and much more effective—process. Business continuity planning has become more complex, nonlinear and inclusive of multiple third parties, and the growing ecosystem of cloud and as-a-service providers has moved much of the risk outside of the immediate control of the risk manager. This is all complicated by the inherent difficulty in getting buy-in and participation in what is often a project nobody really wants to be a part of.

It becomes even more complex when planners must prepare for a wider group of possibilities, which includes not only natural disasters, labor disputes and equipment failures, but cyber-disasters which are often not as well defined and even more unpredictable, and are based on environments and actors which have no physical boundaries.

Read Post

Lootok Resiliency Summit: The best risk managers don’t do it alone

The best risk managers don’t do it alone

How can I ensure our internal stakeholders are properly trained on risk management? How can I make sure the quality of plans is consistent within a global organization? How do I get people to care when they’re facing limited resources, budget, and time?

This is what every global risk, crisis, and security leader asks—and they’re disappointed when I tell them there aren’t easy answers. There’s no magic pill that transforms someone into a thoughtful continuity planner or an informed risk management advocate. The fact is, it takes time to educate and train stakeholders on important initiatives, and effort to establish the processes and protocol that facilitate consistency. It also may mean giving people dedicated time (especially if they’re strapped for time already) to devote towards proper training and development.

 

Read Post

Lootok: Three must-know lessons from my last business continuity site visit

Three must-know lessons from my last business continuity site visit

I often serve as an extension of our client’s risk management team. Recently, I visited a client site to implement a continuity program focused on manufacturing recovery. Approaching new sites can be a challenge, particularly for recently established programs. I’m always reminded that first impressions—of people and of programs—are lasting, and it’s not easy to spark engagement and support from local teams. In my experience, here’s what works in winning them over…

 

 

 

Read Post

Press Release: ClearView named a leader in Gartner’s 2017 Magic Quadrant

Clearview

 

ClearView is proud to announce that it has once more been positioned in the Leaders Quadrant in Gartner’s July 2017 Magic Quadrant for Business Continuity Management Program Solutions, Worldwide.

CEO Charles Boffin comments, ‘We are delighted that we have once more been recognised as a leader in the market as we continue to focus on our core principles of delivering a sophisticated and functionally-rich platform in a way that makes it easy to use and intuitive for all users, irrespective of role in an organisation. We believe our continued placement in the Leaders quadrant demonstrates our ongoing commitment to remain a key player globally in this field.’

Gartner subscribers may download the full report here.

Read the full press release on clearview-continuity.com

Read Post

ClearView wins Global Best BCM Software Award for a record fifth time!

At the Business Continuity Awards ceremony held at the prestigious London Marriott Hotel, Grosvenor Square on 8th June, ClearView wins the Award for Best Business Continuity Management Software for a record fifth year in succession, against competition from around the world.

The judges praised the software for its role in helping organizations of all sizes in all parts of the world to achieve their BCM objectives; delivered and supported by a team with significant industry knowledge and with excellent customer service.

CIR: Business Continuity Awards 2017

Read Post

Crisis management: fly the plane or fix the problem, don’t do both

Learning to either manage the crisis or run the company, but not do both, is a hard lesson for most executives, as they want to do it all. Executives achieve their position through hard work, overcoming extreme obstacles, success, confidence, and leadership. It becomes difficult to let go of the organizational reigns to focus on the crisis. Likewise, it is just as difficult to let others manage a crisis while they focus on the organization. This post is a reflection of a number of executive crisis management trainings I facilitated where the executive (e.g., CEO, business unit president, segment leader) wanted to ‘fly the plane’ and ‘fix the problem.’

fix the plane

 

Read Post

How to bring crisis management back to the basics

This is a continuation of my Business Continuity Basics article.

Consider the Basics for Crisis Management Program - as with most initiatives and programs, we tend to over think when we design them. The basics reminds me of one of my favorite quotes from Antoine de Saint-Exupéry, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

Let’s keep it simple: crisis management

When it comes to crisis management the majority of crisis teams need seven means to make timely and effective decisions based on applying judgment to available information. We need a command and control framework, critical information requirements (identification of gaps in our knowledge), intelligence, situation awareness, common operating picture, common ground, and intent.

Back to basics Lootok Crisis Management

 

Read Post

The future of resiliency is not resiliency

Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.

Lootok future of resiliency
The future of resiliency is not resiliency.

Read Post

Risky business: the risk matrix

Risky business: the risk matrix

In my previous two posts, I explored better ways of capturing your key assets, threats, and vulnerabilities. Now, we will take these ingredients and plot them on a risk matrix.

First, download Lootok’s risk matrix.

The risk martrix
The risk matrix

The risk matrix provides a way to think about the probability and consequences of risks. Typically, risk is measured using two variables: impact and probability, which make up the axes of matrix.

Both of these variables should be specifically defined before using the risk matrix to plot your risks. The first variable, impact, is a measure of how harmed or disrupted your business would be if the risk occurred. Impacts can occur across different areas, such as finance, regulation, or reputation. Within each impact area, a risk can cause a low or high impact.

Read Post

Risky business: Attackers and Defenders™

Risky business: Attackers and Defenders

Welcome back. In my previous post, I presented the first of three activities that Lootok uses to complete risk assessments.

Our second activity, Attackers and Defenders™, identifies threats and vulnerabilities. Remember: threats, vulnerabilities, and assets are the ingredients for a risk. Without these three ingredients, there is no risk. In this post, I will show you how to use this activity to identify your specific threats and vulnerabilities.

At Lootok we love Attackers and Defenders™ because it engages everyone in the room. It is competitive. It involves role-playing. It forces you to think creatively about your business, and most importantly it is fun, which is not a word often used in the same sentence as risk assessments and business continuity!

The Attackers and Defenders™ activity creates an environment for structured dialogue around your organization’s threats and vulnerabilities. The key objective of this activity is to define the threats and vulnerabilities facing your key assets. The activity helps you determine realistic threats to your assets, and the vulnerabilities that allow those threats to cause a disruption. You will also be asked to reach an agreed upon prioritization of your risks, complete with evidence that can be used for reporting, planning, and investment.

Read Post

Risky business: Value Map™

Risky business: Value map

In my previous posts about risk, I discussed why we need to consider it, why we have difficulty assessing it, and how to be more objective.

Next, I will explore a number of the activities that Lootok developed to help measure risk at your organization. The first activity is Lootok’s Value Map™. The Value Map™ helps you identify and visualize your organization’s assets. If you recall from the first post, an asset is one of the ingredients of risk.

The Value Map™ is exactly what it sounds like: a giant map on the wall depicting the environment for which you wish to do a risk assessment. The map can be a campus, a country, the globe, an IT map, a factory, or blueprints—whatever environment you wish to measure risk.

Lootok Value Map
Lootok Value Map™

Read Post

How to bring business continuity back to the basics

As business continuity practitioners, it would serve us well to take a cue from writer Antoine de Saint-Exupéry, who stated, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

Many risk and resiliency initiatives are more robust and complicated than they need to be. Common signs of an over-engineered program may include: lengthy plans packed with procedures and protocol, a BIA that takes months to complete, lengthy internal audits fixated on industry standards, and just a handful of people who actually know what to do in an incident.

Blessed with “the curse of knowledge,” we as practitioners can easily lose sight of how business continuity is perceived by our stakeholders. We fall prey to assuming that others understand the value of participating in program activities, much less have the expertise to decipher industry jargon (how many times in your career have you had to explain “RTO” and “MTPD”?).

Even Wikipedia’s description of “business continuity planning” is prefaced with the warning: “This article may contain an excessive amount of intricate detail that may only interest a specific audience.”

Put yourself in the shoes of a stakeholder who rarely thinks of contingency planning or has yet to experience an incident, and it’s even more critical that you keep your program simple.

What would happen if we were to boil down business continuity to just the basics? What if we began describing concepts in layman’s terms, and it helped to ease understanding and facilitate program adoption?

Lootok back to basics grey

Read Post

Risky business: Who cares about risk?

Risky business: Who cares about risk?

Welcome back to my series on risk and risk assessments. In my first post I discussed why it is hard to objectively assess risk, and I suggested ways to look at risk more objectively. If you missed it, check out post 1.

This post explores why we need to think about risk in the first place.

Risk is inherent to doing business, and there are only two strategies that organizations can employ when facing risk:

  1. You can accept your risk
  2. You can reduce or eliminate your risk

Read Post

Risky business: What is risk?

Risky business: What is risk?

Risk lurks in all facets of daily life. Luckily, many risks are small: like crossing against the light when there are no cars or trying the new, Ethiopian restaurant down the block. Other risks are high: like quitting your job and doubling down on a new start up. Through our experience working with global organizations, we’ve seen it all. 

In spite of the ubiquity of risks, we rarely analyze them objectively. We are all imperfect, and we rely on past experiences and our emotions to understand the world around us and guide our decision-making. On the one hand, it makes sense that we are wired this way— if we didn’t rely on experience and emotion, we’d have to consciously evaluate every single situation anew, and we’d become paralyzed. On the other hand, there is a downside to the efficiency of this wiring: it makes us awful at objectively estimating risk. For example, bad experiences cloud our ability to accurately measure the impact of risks, as well as their relevance. Other factors, such as media attention, immediacy, control, and choice (Psychologist Paul Slovic) work to further compound that lack of objectivity.

Read Post

Why we picked ClearView as our BCM software of choice

During the past 10 years Lootok has been in business, we’ve stayed vendor agnostic while implementing many different crisis management and business continuity tools for clients. Humbled by our own trials and tribulations with software, we had yet to meet a vendor we felt excited about.

That changed last fall when we decided to partner with Clearview, our technological counterpart we’ve come to know and trust. We’re proud to say we believe ClearView to be the best software solution in the market. Read why.

Lootok is Clearview’s Americas service provider.
Email us at cvamericas@lootok.com or ring us at +1.646.961.3684 to get your demo.

Lootok and Clearview

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Crisis Management, Business Continuity, and Entrepreneurship

This presentation was presented at the D.C. Analyst Roundtable. I was asked to speak on crisis management, business continuity, and how to run a program like a business. You can download the presentation from SlideShare.

yellow house

Read Post

Creative ways to train and drive adoption by leveraging BCM software - Lootok & ClearView

I presented at the BCI World Conference in London. My topic was on using learning, training, and awareness concepts and techniques to implement and maintain a business continuity and crisis management software. The objective is to better leverage software to drive adoption and quality.

BCI World Conference participants should be able to obtain a copy of the presentation from the BCI.

Using concepts and techniques from behavioral science and game theory, I suggested better ways to deliver software implementation and maintenance. Lootok has partnered with ClearView - an awarding winning globally recognized business continuity and crisis management software. We are ClearView’s North America service provider. We selected ClearView as the our software of choice after a lengthy due diligence process. Our partnership brings new capabilities as well has higher quality of service to the marketplace.

ClearView Continuity software can solve a lot of problems. For example:

  • It is a tool to manage workflow and communication
  • It is a destination for your data, information, and reporting
  • It is used to solve problems (e.g., gap analysis) and make decisions (e.g., investment)
  • It is used to get ready for an event (planning, plans, and practice) as well as at time of event to communicate and respond
Lootok & Clearview
Lootok & Clearview

 

Read Post

Getting your ducks in a row: Lootok’s one-of-a-kind project management methods

What is the best way to win?


The “on time, on budget, and as promised” motto that dominates our industry is a cliché. It’s the stock answer when asked how to evaluate a project’s success. You may achieve one or maybe two of these measures, but satisfying all three is no easy feat. While project plans can help, you need much more. At Lootok, we deliver projects through two proprietary means: ODWR® and 5Ds®.

Ducks in a row

Read Post

Inspiring commitment over compliance: the elusive dream of all risk managers

Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?

Lootok Experience Model

This question led us down a path of evaluating the phenomena of experience. What makes an experience good or bad or great? Why do we love some brands and hate others? Why do we join some groups and not others? Why do we love that cash-only, poor-service, overpriced empanada spot in a run-down building on the Lower East Side, but we would be outraged with the same service and accommodations at another restaurant? Unlocking the answers to these questions begins with understanding your target audience.

  1. Who are they?
  2. What do they care about?
  3. What do they struggle with?
  4. Why should they care about your program?

While the Demand Model® evaluates the engagement level of an audience, the Experience Model™ gives us the tools to increase that demand.

Read Post

Lootok presented at Continuity Insights 2016

Last week, Lootok presented with Matt Jarm from Mars Inc. about supply chain resiliency at the New York Continuity Insights Conference.

In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program.  Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.

Learning objectives covered:

  • Common pitfalls (i.e. too fast, too big) of risk and resiliency supply chain rollouts.
  • The necessary methodologies, tools, and roadmaps to be successful in today’s complex, nonlinear, supply-chain environments.

Download full presentation

Supply Chain Resilincy Lootok Continuity Insights 2016
Download full presentation

Read Post

What risk management can learn from XBOX

Lootok’s ABdCa®: The best way to collect and analyse data. 

We were at our wits’ end. Neither we nor our clients could take another dull meeting or frustrated end-user. Risk management, crisis management, and business continuity were simply too hard for too little. We took a deep breath and sat back. Finally, someone said it.

“There HAS to be a better way!”

We knew she was right, but none of us had any idea how to accomplish that. We started by just trying to have a little fun in our meetings: we played a few games. As we played, we discovered that our activities were not only fun, but engaging and memorable as well. We could use them to facilitate training and awareness. Then it got better. We realized we could collect and analyze data at the same time.

It was an incredible discovery for us. Not only did we change the experience of a meeting, it facilitated a better learning environment with higher adoption rates, while completing our deliverables at the same time. Developed and refined over the last decade, Lootok’s Activity-Based Data Collection and Analysis (ABdCa®) Model takes a fraction of the time and cost of traditional methods while facilitating a more effective process and more rewarding experience.

Lootok MOD game
Lootok MOD game

Read Post

What do dog food and risk management have in common? Lootok’s Demand Model®

“Nothing happens until someone sells something to someone.” Thomas J. Watson (1874–1956), Chairman and CEO, IBM

Would a company sell a product or service that no one wanted? It’s an absurd question with a simple answer: absolutely not. You need demand. People have to want what you’re offering. At Lootok, we apply this same basic principle to risk management, business continuity, and crisis management programs.

Of course, most practitioners—people like you and me—see the value and the importance of their role in such services. But if you go outside this tight circle, demand quickly wanes. Rather than march to a linear project plan or industry standard, let demand drive the pace of progress.

Before you rollout, change, or update a global program, begin by assessing demand. Organizations tend to prefer immediate success and tangible artifacts (e.g., risk assessment or business impact analysis), but if you think of your program as a business, assessing demand would be the first thing you would do.

Out of this concept came Lootok’s Demand Model®, developed and refined over the past decade.

Lootok Demand Model

Read Post

Risk Management’s Sweet Spot

Chris de Wolfe, global director of risk management at Mars Inc., shares his challenges of getting the global risk management program at Mars up and running.

“The CRM group had a lot to offer but was severely underutilized, which led to high insurance premiums, a high risk profile, and a significantly reduced resiliency and recovery capability,” Chris said.

Reflecting on how Mars as a business became a major success, de Wolfe decided that he needed to market and promote his own department in the same way. Partnering with Lootok, a risk management consultancy firm, he developed a strategy to engage with the employees in a fun yet educational way. He devised a 5- to 10-year plan, broken into 12- to 18-month strategies and individual project plans by mapping out all of the products and services that risk management offers. He conducted a perception survey and drew up a program based on the ABCs of risk management.

“The ABCs allowed people to understand that risk management not only provides insurance, but it also ensures that the business continues,” said de Wolfe.

Sean Murphy, CEO and founder of Lootok, said of de Wolfe:

“I’ve known Chris for 10 years and what differentiates him is that he treats his program as a business. He had a good program before but he wasn’t satisfied with it so he completely revamped it and is now reaping the benefits.”

Read full article

Read Post

Lootok & ClearView: The next great duo to change history.

History has rewarded partnerships that have revolutionized the way people live, work, and even think for the better.

The next great duo to change history.


In the spirit of these pairings, Lootok is proud to announce that we will be selling ClearView software, as well as ClearView support, implementation, and consultancy services in North America.

Software alone is not a silver bullet; neither is consulting. Used properly, these two can revolutionize a program. That mutuality is the foundation for our partnership with ClearView. Lootok excels at program set up, training, awareness, and adoption. ClearView provides a best-in-class software that can grow with your program, while not overwhelming your users.

Read Post

Lootok courts a BC software: We were smitten, and it scared us (Part III)

The Brit seemed like our perfect partner, and we feared it too good to be true—technical sophistication, strong reporting/metrics, and flexibility? Our self-defense mechanism kicked in, and we couldn’t help but try to dig up some dirt. So, we asked others, “Hey, what’s the Brit really like?”

But despite our best efforts, all we could scrape up were rave reviews from their existing clients. By all accounts, the Brit seemed reliable, stable, and drama-free.

Though it may seem shallow to admit, we also wanted to date someone with a pleasing, modern aesthetic—and the Brit was recognized globally for its good-looking user interface. Having seen so many clunky platforms, we bonded in our mutual love for user-centered design. We spent many a weekend waxing poetic about the need for “simple, unobtrusive, intuitive planning.”

No doubt our attraction had been instant.

Read Post

Lootok courts a BC software: It’s a Match! (Part II)

We’d been hurt before

Its a match

Years ago, we were seduced by software that promised to solve all of our problems. Maybe it was our fault for being too naïve. The software only ended up being way too complicated, and left us feeling so overwhelmed and abandoned that there was no choice but to eventually break up. The whole experience burned us so bad that we swore never to enter into the software market again.

Maybe we’d just been in the BCM scene too long, but we didn’t want anything flashy or something just “good enough.” Perhaps our standards were high, but we vowed to ourselves not to make the same mistake again.

Read Post

Lootok courts a BC software: We were struggling (Part I)

For a long while, Lootok was happy being alone—we were a start up in New York City that was shaking up the industry. We were doing things that many thought were eccentric, even radical, but we beat the odds, changed perceptions, and emerged as an innovative force in the industry.

Throughout our 10-year existence, we remained single. A number of times, we were approached by other vendors, but we were wary of making any partnerships. Deep down, we feared doing so might compromise all the hard work and strides we had accomplished

NYC city skyline

 

Read Post

How do you use Nudge (behavioral science) in risk management?

Interesting presentation by Harvard Law School Professor Cass R. Sunstein on using behavioral science to change behavior:

From Behavioral Economics to Public Policy

He co-authored the book Nudge.

It is becoming increasingly necessary in risk management and business continuity management to be better, faster, and cheaper. We need to better Return on Investment (ROI), better participation, better end-user experience, faster change, greater reach and adoption, and enhanced techniques and concepts. We need people to do more with less and with higher quality and participation.  To accomplish any of this we need behavioral science.

Cass Sustein
Cass Sustein

Read Post

What is the best way to tell stories as means to communicate - Cliff Atkinson on Fresh Perspective

 

Read Post