Platt Perspective on Business and Technology

Building a business for resilience 13 – open systems, closed systems and selectively porous ones 5

Posted in strategy and planning by Timothy Platt on June 10, 2016

This is my thirteenth installment to a series on building flexibility and resiliency into a business in its routine day-to-day decisions and follow-through, so it can more adaptively anticipate and respond to an ongoing low-level but with time, significant flow of change and its cumulative consequences, that every business faces in its normal course of operation (see Business Strategy and Operations – 3 and its Page 4 continuation, postings 542 and loosely following for Parts 1-12.)

I began a more detailed discussion of information sharing between businesses, in supply chain and other collaborations, as that transpires in the context of this series in Part 12. And my focus there was on issues that can and do arise when businesses that function as members of these collaborative systems share customer information with partner businesses as a part of their ongoing business activities. I turn here to consider the sharing of wider ranges of competitively valuable business intelligence, including but not limited to insight into partner business processes and priorities in place, and into the strategic and operational planning that are carried out by those partner businesses.

To start that, I offer the following point of observation as just a rough rule of thumb, but as a conceptual starting point for more detailed and case-specific analyses, that I have found useful. It can be at least tacitly assumed as a starting point when working with a new client business, or with an established client that is undergoing change, that:

• Supply chain and related business-to-business collaborations create opportunity for loss of proprietary information confidentiality that is proportional to the level of value that is being sought from those collaborations,
• And certainly where that level of sought-for value is in any way proportional to the level and depth of collaborative action entered into that would achieve it, and the level of information that would have to be shared in doing so.

What does this rule of thumb offer operationally that might at the very least lead to actionable insight and more focused business remediation?

• Poorly considered business-to-business collaborative processes that collectively form the backbone of a supply chain or similar system in place,
• Skew the relationships expressed in the rule of thumb guideline as stated above, in the direction of proportionally increasing risk and vulnerability, relative to the level of potential value that this collaboration could bring to its participating member businesses.
• And good practices and policies that are due diligence and risk management based can
• Lower this proportional risk exposure too, while holding steady the overall level of possible return on investment value achievable, or even increasing it.

And when the business processes and systems of them that are under consideration here are the shared processes that in fact constitute the working parts of these collaborations themselves, that due diligence and risk management effort has to be collaboratively designed, executed, enforced and managed too, and with ongoing relevant conversation between partner businesses included there in order to limit risk of loss of information access and usage control – and with a goal in place of catching and stopping any leaks that do occur, and as quickly and actively as possible too.

• So to take this at least somewhat out of the abstract, when a business A collaboratively shares sensitive information with a business B in such a system, their risk management offices have to be at least as closely, collaboratively connected between those businesses, as are their transaction processing areas that seek to more directly create profitable business transactions together, through these business-to-business systems.

I will discuss this point in more detail later in this series when I turn to consider ways to put these prescriptive recommendations into practice. But for now and for purposes of this phase of this overall discussion, I will simply note this point of observation in passing as representing a key part of the operational framework that should be in place.

For the balance of this series installment, let’s at least begin to consider at least categorically, some of the more specific types of information that might be shared between partner businesses here,

• And either intentionally and as an explicit part of the process of conducting planned for business transactions,
• Or more coincidentally and even accidentally.

To clarify the later of those possibilities, consider situations where employees and representatives of a supply chain partner have to physically go to the offices or factory floors or other workplace areas of another business, in order to perform their half of some collaborative business transaction (e.g. where a shipping and logistics oriented business, sends one of their people to collect packages for shipping and delivery for one of their supply chain partners, or to deliver parts or supplies to them for their business systems.)

These supply chain partner employees obviously see and intentionally receive all of the information that they would need from this partner business in order to complete their side to these transactions. And if some necessary information for one of these transactions is left out or offered but in garbled form by mistake, they will check back with the people they work with at that business to fill in those information gaps so they can complete their work there. But it is inevitable that they will see and learn more too, and probably a great deal more. And with time, an observant and thoughtful person can learn a great deal about the businesses that they work with through these supply chain collaborations that they regularly visit in this way. And this includes types of information that do not in any way enter into their supply chain collaborative activities there, per se. (As a working example there, consider the perhaps sharp drop in employee morale that would most likely be visible, if a partner business is facing a probable downsizing or other stress-creating event, and one that this business is attempting to keep secret within their organization.)

• An observant and thoughtful consultant who is working in one constrained and limited functional area in a client business can come to learn a great deal about that business as a whole.
• And the same applies to people from supply chain partner businesses who come to your business and its work areas, and on a regular basis and who observe and think about what they see and hear – and who share this information with their colleagues and supervisors where they see that as offering significance to their own employer too. You have to assume that knowledge and insight so gained is going to be shared into these partner businesses too, and in this way. Here, people who see something really do tend to say something.

But let’s step back at least for now from the issues or intentional versus coincidental information sharing, and intentional versus coincidental and unintended information gathering too, to consider some of the types of information that might be included there, and both for what is intentionally shared and for what is more collaterally shared too. Prudence would dictate that this can at least in principle include essentially any type of information that is in place and that is being used or shared in an involved business. And this is true, if for no other reason, than because people who are intent on their work at hand are not always as alert to who is there around them when they talk with colleagues, use their computers with their screens visible, leave paperwork lying around and more. Seeing and hearing and learning the unexpected and the unintended do not necessarily require snooping there. That only calls for active awareness and the attentiveness that just performing a job effectively calls for, and certainly when working directly with important customers, or staff members of a supply chain partner business who in fact are such customers too.

What information is at least significantly likely to at least occasionally be available there? What information has to be managed and yes – safeguarded there? I am going to delve into some of the details and issues there, in my next series installment. And as noted at the end of Part 12, after doing so:

• I will switch my orientation here from a consideration of problems and potential problems, to one of solutions to them. In anticipation of that, I add that this means I will discuss intentionally controlling information access and the overall conversation in a business, and how that has to be seen as a dynamic process, to express that in terms of this posting’s discussion. And I will at least briefly look into information technology options and how they can be used to facilitate all of this. In anticipation of that, I will be discussing rules-based automated access control systems and how they can be developed as artificial intelligence systems. But I will also discuss human behavior and the development and enforcement of best business practices and behavior that is needed in order to support them.

And as a part of that, I will return to and expand upon some of the issues that I only noted in passing, here in Part 13 and that I identified here as topics for fuller consideration later. Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: