I’ve recently done a couple of presentations, with Adrian Quayle of P&Q Consulting, on the use of the best-practice principles within BS 11000: Collaborative Business Relationships at events focussed on “knowledge management”. The October event focussed on “legal” knowledge and IP, and the November one covered “electronic information management” as it relates to cyber security in the supply chain. Now, neither of these are sectors in which Flintloque has done much work historically, but that is going to change…
The first event that Flintloque was asked to attend was organised by Marks & Clerk LLP and took place at The Innovation Centre, Daresbury. Our focus was the importance of implementing processes to manage the knowledge within your organisation before, during and after you enter into a collaborative project that may produce valuable IP. It was possible to use selected clauses within the BS 11000 Standard to implement systems that would help with answering questions like: How does sharing information with a collaborator affect the ownership of any IP produced? Who has what rights when the collaboration ends? Who’s responsible for upkeep of the patents and prosecution in the event of third party infringement? A very interesting and valuable event.
The second event was organised by Sanitas Data Security at Preston College, this time focussing on implementing processes for controlling the behaviours of all personnel in the supply chain with a view to securing the knowledge held within such. The keynote speakers were from BAE Systems and the importance of cyber security was really brought home to me when they presented examples of breaches that can impact on our national defence. Again, Flintloque and P&Q’s presentation used BS 11000 to answer questions like: What risks have been identified in your supply chain? Who’s in charge of mitigating them? Who has access to what information when the collaboration ends? And so on. One chap demonstrated how he could gain control of infrastructure monitoring equipment (used to control water, electricity, nuclear power stations, etc.) using his mobile phone and some Raspberry Pi software he’d written! Truly fascinating and frightening at the same time.
Together these events serve to demonstrate the plasticity of the BS 11000 Standard, but this is generally applicable to many standardised management systems. They are not straight-jackets; they are frameworks. The implementation of any management system standard requires that you determine which clauses are to be applied “full-on” and which can be “lightly-sprinkled”; it depends on your business. In our two presentations, we were able to select clauses from the BS 11000 Standard and demonstrate how their application could be used to a) help organisations manage their valuable IP information, and b) change and maintain safe, cyber security behaviours.
So, even though you might not think that a management system standard can be any use to you, I think you’d be surprised at the amount of good-old, common sense that you can find within them. The whole Standard might not be appropriate, but selected parts thereof can be a simple and effective way of making your organisation “fly “. The two events we attended demonstrate such and I learned a great deal from both…although I admit being terrified by the latter!