information governance

SARS-CoV-2 or 2019-ncov coronavirus

In 2019, the Global Health Index evaluated the epidemic preparedness and response capabilities of 195 countries and ranked the United States as number one.  Yet as of today, with nearly four million confirmed Covid cases and over 143 thousand deaths, the United States leads the world in a very different way.

We assessed the risks, both the likelihood and potential severity of a pandemic.  We did extensive planning for the structures, direction, and resources needed for preparedness.  And we repeatedly tested the plans, confirming strengths and identifying weaknesses.

What was missing?  Commitment.  And that’s worth exploring, not as a political blame-game, but as an object lesson for the nuances of how what appears to be carefully planned and solidly on track can go off the rails for lack of commitment, with disastrous results.
Continue Reading Pandemic Lesson 4 for Information Governance – Commitment matters

SARS-CoV-2 or 2019-ncov coronavirusIn early 2018, outbreaks of a novel parainfluenza virus erupted in Frankfurt, Germany and Caracas, Venezuela.  United States soldiers serving abroad contracted the virus, and an exchange student returning to a small New England college campus triggered the initial cases in our country.  The virus spread by coughing and caused severe symptoms in about half of those infected, killing 20% of severely ill patients.  With no vaccination available, the novel virus spread rapidly across the globe.  Within a year, the virus – Clade X – killed 15 million Americans and 150 million people world-wide.

This actually happened two years ago … in a tabletop exercise hosted by Johns Hopkins Center for Health Security in Washington D.C.  Like its predecessors Dark Winter (2001) and Atlantic Storm (2005), the Clade X tabletop exercise featured subject matter experts in the unscripted roles of senior U.S. government officials reacting to a dense, unfolding fact pattern, based upon extensive scientific data and modelling, that realistically captured the likely variables and decision points in response to a national security crisis.  This time the crisis was a global pandemic, and Clade X revealed significant gaps in our pandemic response preparedness.

Clade X was not our most recent pandemic test event.  From January to August, 2019, the U.S. Department of Health and Human Services ran the Crimson Contagion planning exercise, with officials from a dozen states, various federal agencies, and non-governmental organizations working through response to a simulated viral pandemic originating in China.  Crimson Contagion’s findings were specific, blunt, and bleak, revealing widespread confusion between federal agencies and also between federal and state actors in coordinating response actions, such as in defining which workers were “essential,” handling school closures, and procuring sufficient personal protective equipment, ventilators, and medications.

Beyond “pre-mortem” exercises, post-mortem reviews identified our strengths and weaknesses in handling actual outbreaks, such as the July 11, 2016 NSC report capturing extensive lessons learned from our response to the 2015 Ebola outbreak.

The Lesson for Information Governance?
Continue Reading Pandemic Lesson 3 for Information Governance: Testing the plan matters

SARS-CoV-2 or 2019-ncov coronavirusEisenhower famously quipped “plans are worthless, but planning is everything.”  His point was that though a plan may not anticipate every contingency, the rigors of the planning process are essential for preparedness.  That’s true for everything from WWII to pandemic response and to managing information risks and opportunities.

So, did the United States have a plan for pandemic response, and what were its key elements?

Yes indeed, the Bush administration developed plans and recommendations for U.S. infectious disease response, and these were built upon by the Obama administration.  Key elements included the following:


Continue Reading Pandemic Lesson 2 for Information Governance: Planning Matters

SARS-CoV-2 or 2019-ncov coronavirus“If anything kills over 10 million people in the next few decades, it’s most likely to be a highly infectious virus, rather than a war.  Not missiles, but microbes.”  That’s from Bill Gates’ 2015 TED Talk, in the midst of the Western African Ebola outbreak.  Gates added “W]e’re not ready for the next epidemic….  With Ebola, the problem was not that we had a system that didn’t work well enough.  The problem was that we didn’t have a system at all.”

Let’s fast-forward to a couple years ago, the 100th anniversary of the 1918 flu pandemic.  What should have been understood in 2018 as the risk, in the near-term, of an epidemic or pandemic with major impact in the United States?

Understanding risk is how we address uncertainty.  Whether you prefer the common definition of risk (the possibility of loss or injury) or the more technical concept under ISO 31000 or COSO’s ERM Integrated Framework (the effect of uncertainty on objectives), understanding risk requires us to evaluate the likelihood and severity of potential outcomes.  Understanding risk also requires us to evaluate our current readiness to mitigate or control the risk, in light of our risk tolerance.

So, in 2018, what did we know about the likelihood and potential severity in the United States of epidemics and pandemics, and what did we know about our readiness to respond?
Continue Reading Pandemic Lesson 1 for Information Governance: Understanding risk matters

People on peak mountain climbing helping team work , travel trekking success Management support is crucial for successful Information Governance initiatives. This is not merely a question of initial project and budget approvals. Most Information Governance initiatives involve behavioral changes in how data is handled, and in many instances, aspects of organizational culture may be impacted. No matter the ultimate benefits, any initiative involving behavioral change will

People on peak mountain climbing helping team work , travel trekking success

Selecting the right initial project(s), determining outcomes and measures, and preparing the business case are important groundwork for your Information Governance initiative, as discussed in Part 1.  But to secure resilient management support for an ongoing initiative, you’ll also want to tie the individual projects to strategic objectives for Information Governance at your organization.

money blowing awayI’m here at RabbitHole, Inc., talking with the company’s Manager of Money in his office, which is buried in the Facilities Department, down in the building’s basement. I’m interviewing him to get a better sense of how RabbitHole manages money as a corporate asset.

Pardon my asking, but how much money does RabbitHole have?

“Frankly, no one knows – we don’t really keep track of that. We have boxes of paper currency stored off-site, but as for ‘active’ money, our employees keep that pretty much wherever they choose – in the network money systems, in their individual offices, in mobile wallets, and probably some stashed at home.”

But isn’t that your job? I mean, you’re the “Manager of Money,” right? 

“Nope – that’s indeed my title, but I don’t have the authority to manage all of RabbitHole’s money. My focus is just on the paper money, not electronic accounts and transfers. And I only keep track of the paper currency that is boxed up and kept off-site – what employees do with money day-to-day is up to them, their business units, and the company’s Money Policy.”

What does the Money Policy say?
Continue Reading What if companies treated their money like their information?