Effective Security Awareness. Workshop Report

Size: px
Start display at page:

Download "Effective Security Awareness. Workshop Report"

Transcription

1 Effective Security Awareness Workshop Report April 2002

2 1. Set objective for security awareness 1.1 Identify security awareness problems 1.2 Set high-level programme objective 1.3 Set specific campaign goals 1.4 Define & establish campaign metrics 2. Scope and design security awareness programme 2.1 Perform stakeholder analysis 2.2 Identify driving and resisting forces 2.3 Identify appropriate action steps 3. Develop and deliver security awareness campaigns 3.1 Define security awareness messages 3.2 Unfreeze existing behaviour 3.3 Deliver messages 3.4 Refreeze new behaviour 4. Evaluate effectiveness of campaigns 4.1 Evaluate 4.2 Revise 4.3 Run campaign campaign / further effectiveness programme campaigns Figure 1: Process for effective security awareness

3 Executive Summary Data from the Forum s Information Security Status Survey indicates that most Members believe that the effectiveness of their security awareness initiatives does not rate especially highly, and that more than four out of five feel they do not commit sufficient time and resources to their awareness activities. These concerns combined with comments from many Member organisations that security awareness activities often fail to deliver a lasting behaviour change were addressed during a series of eight workshops run by the Forum on the topic of Effective Security Awareness. At the workshops, Members agreed that awareness initiatives often fail because they: are not managed as a formal programme of work, and lack formal objectives, a business sponsor or the necessary resources for their successful completion are not aimed at specific business problems, but instead from a belief that awareness needs to be raised do not use specialised awareness materials do not incorporate a mechanism for assessing security behaviour: instead looking at security knowledge. In order to address these issues, the workshops examined a process developed by the Forum to deliver lasting behavioural change, based on the concept of effective security awareness. The process shown in Figure 1 opposite is derived from a proven approach that facilitates a positive change in behaviour by examining the forces driving and resisting that change. The key stages of the process are to: set a clear, measurable objective for security awareness activities create a structured programme of awareness work that includes one or more campaigns, where each campaign has a goal to change an aspect of security behaviour develop and deliver the awareness messages, and ensure that the desired security-positive behaviour is maintained measure the effectiveness of the awareness campaigns to confirm the change to securitypositive behaviour, and revise and repeat the awareness campaigns if necessary. The key findings of this project are important for anyone planning or managing information security awareness activities. They provide a unique insight into a new process for planning and implementing security-positive behaviour change.

4 WARNING This document is confidential and purely for the attention of and use by organisations that are Members of the Information Security Forum (ISF). If you are not a Member of the ISF or have received this document in error, please destroy it or contact the ISF on or on +44 (0) Any storage or use of this document by organisations which are not Members of the ISF is not permitted and strictly prohibited. This document has been produced with care and to the best of our ability. However, the Information Security Forum accepts no responsibility for any problems or incidents arising from its use.

5 Part 1 Introduction Table of contents This report Purpose of this report Who should read it Page Part 2 Part 3 Part 4 Part 5 Part 6 Basis for this report Background Validity of the effective security awareness process Security awareness What is security awareness? The importance of security awareness A traditional model for security awareness Key issues Extent of awareness activities Drivers for security awareness Objective of awareness activities Sponsorship of awareness activities Awareness topics Effectiveness of the traditional model Commitment to delivering awareness From awareness to behaviour change The need for a new awareness model Influencing risk perception The impact of organisation culture Reluctance to change Creating security-positive behaviour The importance of equilibrium Maintaining security-positive behaviour Effective security awareness What is effective security awareness? A new approach to security awareness Stage One: Set objective for security awareness Stage Two: Scope and design security awareness programme Stage Three: Develop and deliver security awareness campaigns Stage Four: Evaluate effectiveness of campaigns Summary Conclusions and next steps Conclusions How the process addresses the key issues Next steps: Recommendations for further work

6 Security awareness must be delivered through an ongoing, continuous programme of work, as opposed to a finite set of activities that stop and are not continued. The key messages, tone and approach of the programme must be relevant to the audience and consistent with their values and goals: If security is perceived as a hindrance to their own personal activities, then the t message will carry little meaning. Effective security awareness is achieved through an ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organisation from lasting behavioural change. The benefits of awareness activities must be quantifiable in order to determine value for money and whether the programme itself is successful in achieving its objectives. The awareness programme should not only result in a security-positive change in behaviour, but that change should last longer than the programme itself. Figure 2: Definition of effective security awareness

7 Part1 This report Purpose of this report Introduction Many organisations run security awareness programmes in order to encourage security-positive behaviour in their employees, but which often fail to deliver any lasting benefit. This leads many organisations to query: whether it is possible to create a change in staff attitude to security that has sustainable, quantifiable benefits for the organisation what the success factors are that make for an effective security awareness programme. In order to provide Members with a fresh perspective on this topic, the Forum ran a series of workshops on Effective Security Awareness. The definition for effective security awareness shown in Figure 2 opposite, was validated by Members at all of the workshops. This concept of effective security awareness is explored throughout this report, and the definition is described in greater detail in Part 5, Effective security awareness. The purpose of this report is to assist Members in their goal of making effective, positive and lasting change in security behaviour through awareness. The report does this by: documenting Members experiences of security awareness and the lessons they have learnt: both from material collected from Members before the workshops and from know how shared at the events themselves setting out the principles of an effective security awareness campaign: in particular, by examining closely the issues associated with getting people to change their behaviour providing a process for awareness that Members may wish to consider in order to become agents of positive change within their organisations. Who should read it This report is aimed primarily at information security professionals, but is also intended for any individual within a Member organisation with an interest in or responsibility for the developme nt or delivery of security awareness programmes or materials. The reader should have some familiarity with security awareness techniques prior to reading this report. WARNING This report is not intended to be a full Forum report and has not involved the detailed level of analysis that would be normal for such a document. 1

8 Part 2 Background Previous Forum reports Basis for this report In 1993, the Forum published an Implementation Guide on How to make your organisation aware of IT security. The Implementa tion Guide provides a comprehensive framework for the planning and implementation of an IT security awareness programme. Since the publication of the Implementation Guide, both security technology and the management approach to security have changed signif icantly; for example, the Internet has become an important enterprise resource, and security standards have been developed to manage its threat to enterprise security. These new controls require end users to adopt new security behaviours which in turn require new security awareness initiatives. The Forum therefore decided to run a series of workshops to explore how Members are addressing the subject of security awareness now, and what the critical success factors are for an effective security awareness programme. To prepare for the workshops, the Forum drew upon a range of information sources, including: previous Forum reports, including Information Security Culture: A preliminary investigation and Driving Information Risk Out of the Business results from the Information Security Status Survey research by the project team results from a questionnaire of participating Members presentations by Members at the workshops case studies of Members security awareness experiences. These information sources were used to define and develop the workshop contents, and are described in greater detail below and on the following pages. The Forum has already produced several reports that are relevant to an information security awareness programme. The current workshop report complements the existing materials, details of which are shown in Table 1 opposite: 2

9 Table 1: Previous security awareness reports Document It Could Happen to You: A Profile of Major Incidents (2000) Information Security Culture: A preliminary investigation (2000) Driving Information Risk Out of the Business (1999) The Impact of Security Management (1999) How to make your organisation aware of IT security (1993) Summary This report contains details of 13 information incidents that had a major impact on Member organisations. The incidents provide valuable examples for use within a security awareness programme by providing: a realistic view of the range of events that can compromise business information insights into their causes and their business impact practical suggestions for action to prevent recurrence of the incidents. This report presents the results of a preliminary investigation into the nature of an organisation s culture and its importance in determining the level of information security in that organisation. This report presents quantified information about the business risks of breakdowns in information security. It is based on the results of the Information Security Status Survey and other quantitative research. It also presents a framework for action, designed to help Members strengthen their information security arrangements and bring risks down to an acceptable level. This is one of a series of publications arising from the results of the Forum s 1998/99 Information Security Status Survey. The report focuses on the arrangements made to promote good information security practices (eg security organisation, programmes and resources). It identifies what organisational arrangements and resources are required, measures the impact of individual programmes and outlines what indiv idual Members can do to strengthen their existing arrangements, thereby maximising the contribution they make to business success. This report is aimed at all organisations that wish to start or improve their security awareness programmes. It sets out a method for developing and delivering security awareness campaigns, and provides tips on how to ensure the success of those campaigns. This list does not cover all of the Forum s awareness documentation; in particular, valuable material is available in The Forum s Standard of Good Practice. The Forum s Information Security Status Survey The Forum s Information Security Status Survey ( the Survey ) allows Members to complete a detailed questionnaire at intervals of their choosing and obtain a thorough analysis of their information security status, giving a clear picture of performance across all aspects of information security. Security awareness is one of the sets of controls probed by the Survey. The Forum drew upon the Survey results database to determine the impact of security awareness on the overall level of security. These results are presented at relevant points within Part 5, Effective security awareness. 3

10 Research The questionnaire Member presentations The project team calle d upon the resources of vendors, service providers and media reports in order to research the workshop contents. To ensure that this research was valid and provided a fresh perspective on the subject, the team was joined by Dr John Maule, Director of the Centre of Decision Research and Senior Lecturer in Management Decision Making at Leeds University Business School. Dr Maule has an international reputation in research on human decision making and risk taking, focusing in particular on the mental models that underlie strategic choice, the effects of time pressure and stress, and various aspects of human risk taking, including how to communicate risk. Dr Maule contributed to the research, and presented at five of the eight workshops. Prior to the workshops, participants were asked to complete a questionnaire about their opinions of security awareness and the effectiveness of awareness in their organisations. A total of 80 individuals from 72 Member organisations completed the questionnaire, the results of which are presented at relevant points within this report. The questionnaire, and its consolidated results, are available on the Forum s Member Exchange (MX) System, as are copies of the presentations, workshop packs and workbooks. Eight Effective Security Awareness workshops were held. Participants had the opportunity to share experiences, issues and ideas for effective security awareness. They also worked through the Effective Security Awareness process described later in this report using examples from their own organisations. Each workshop included presentations from Members, as detailed in Table 2 opposite: 4

11 Table 2: Workshop presentations Venue Date Presentation Topic Copenhagen 5 September 2001 Per Verdelin, TDC Services Melle Beverwijk, Infosecure Dublin 6 September 2001 Martina Costelloe, AIB Jim Sheridan, British Airways London 10 September 2001 Steve Pomfret, Nationwide Building Society Amanda Finch, Marks & Spencer Cheshire 25 September 2001 John Wall, Clerical Medical Martin Whitehead, The Co -operative Bank London 26 September 2001 Mark Goddard, Friends Provident Adrian Wright, Reuters Amsterdam 28 September 2001 Saïda Wulteputte, Procter & Gamble Melle Beverwijk, Infosecure/Klaas Bruin, KLM The Elements of an Awareness Project Awareness Programme for Information Security Security Awareness The Chameleon Programme Security Awareness Development of an Awareness CBT Campaign at M&SFS Changing Staff Attitudes Staff Awareness Experiences From The Front Line A CBT System for Security Awareness How We Failed and How We Plan to do Better in the Future Awareness Programme for Information Security Johannesburg 6 November 2001 Geoff Tumber, SCMB Security Awareness Chicago 5 December 2001 Dan Landess, State Farm Insurance Information Security Awareness Case studies During the research and delivery of the workshops, the project team met with Members to discuss their experiences of Information Security Awareness. Since the topic is subjective, and experie nces vary greatly between organisations, the objective was not to provide comparisons between Members, but instead to gather useful information about their awareness activities. This report therefore contains anecdotal case studies that describe the experiences of individual Member organisations and the lessons that they have learnt through their awareness programmes. Validity of the effective security awareness process The effective security awareness process described in this report was revised after each workshop to ensure that it provides a practical, usable method to develop an effective security awareness programme. When the workshops were complete, the project team spent two days with the information security team from a Member organisation working through the process to test its validity in a real environment. 5

12 Part 3 What is security awareness? Security awareness In 1993, the Forum published an Implementation Guide on How to make your organisation aware of IT security. The Guide includes a framework for the planning and implementation of an IT security awareness programme, and provides a definition of security awareness as follows: Information security awareness is the degree or extent to which every member of staff understands: the importance of information security the levels of information security appropriate to the organisation their individual security responsibilities and acts accordingly. The definition was validated by Members at all of the workshops, who agreed that it is still rele vant. The key element of this definition is the final line, since awareness is itself of no value unless it results in a desired change in behaviour. The importance of security awareness The effective management of information security requires a combination of technical and procedural controls to protect information assets. However, these controls can be circumvented or abused by employees who disregard their organisation s policies for security behaviour. Therefore the implementation of effective securit y controls is dependent upon creating a securitypositive environment where employees understand and engage in the behaviour that is expected of them. The use of security awareness to create and maintain security-positive behaviour is a critical element in an effective information security environment. The Information Security Status Survey provides data on the value of promoting information security activities. The results of question SM2401: Is awareness of information security promoted across the enterprise? are shown in Figure 3 opposite: 6

13 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Yes No Did not experience major incident Experienced major incident Figure 3: SM2401: Is awareness of information security promoted across the enterprise? Awareness and other security initiatives A traditional model for security awareness The results suggest that organisations that do not promote information security awareness are more likely to experience a major security incident than those that do promote awareness. A security-positive environment is a pre-requisite for certain other security initiatives. For example, a scheme of information classification whereby staff can assign a label to information that will determine the security controls to be applied to it is dependent upon all staff understanding and respecting the classification mechanism, which in turn requires staff to understand and respect information security. The Implementation Guide How to make your organisation aware of IT security proposes a four-step model for delivering a security awareness programme. The model allows for multiple awareness campaigns, where: a security awareness programme is a continuous undertaking aimed at building and sustaining a security-positive environment a security awareness campaign is one of a number of defined activities aimed at a special audience and/or at a specific security problem: for example, informing users about the threat from viruses, and teaching them how to control that risk. The security awareness programme is used to determine the scope of work and to define the multiple security awareness campaigns, as shown at a high level in Figure 4 overleaf: 7

14 Campaigns Determine programme scope Design campaign 1 Design campaign 2 Design campaign 3 Programme Develop campaign 1 Develop campaign 2 Develop campaign 3 Deliver campaign 1 Deliver campaign 2 Deliver campaign 3 Figure 4: Traditional model for security awareness The model comprises multiple campaigns forming an overall programme of work. The programme commences with a scope phase, which defines the security awareness campaigns, each of which will then have separate design, development and delivery phases. These may run sequentially or in parallel (as shown in Figure 4). Key issues The traditional model for security awareness described in How to make your organisation aware of IT security is widely used by Members. However, organisations represented at the workshops complained that security awareness activities fail to deliver a lasting behaviour change: that is, staff adopt the desired securitypositive behaviour for a short period of time, but often revert to their previous behaviour when the awareness activities have finished. To better understand the effectiveness of the traditional approach to security awareness, 80 participants from 72 Member organisations completed a questionnaire about their activities. The following sections explore the key issues associated with the traditional approach to security awareness. These are derived from statistical evidence from the questionnaire and the Information Security Status Survey, and anecdotal feedback from workshop attendees. The key issues, and their consequences for security awareness, are listed in Table 3 opposite: 8

15 Table 3: Key issues for security awareness Item Key Issue The majority of security awareness activities are not managed as a formal programme of work. The belief that awareness needs to be raised is the most common reason for commencing a security awareness programme. Very few awareness programmes have a formal, documented objective. The security management team sponsors the majority of awareness programmes. Many security awareness campaigns do not use specialised awareness materials. The majority of awareness campaigns do not incorporate a mechanism for assessing their own effectiveness, but instead measure the level of security knowledge of staff. Most organisations fail to commit sufficient resources to their awareness programme. Consequences Awareness programmes may not be correctly prioritised against other security activities The pace of delivery is not maintained due to a lack of formal deadlines and commitments The business case for security awareness is hard to justify because the need has not been clearly identified Value from an awareness activity cannot easily be quantified when the problem it is intended to address is not defined The purpose of the awareness programme may be unclear It may be hard to evaluate success since the desired outcome is unknown It may be difficult to determine the financial value of security awareness to the organisation The relationship between various security campaigns is uncertain, and their relationship with other security activities is unknown. This may cause conflict or confusion between security activities Business management are reluctant to release staff for awareness training because they have not committed to the activities Recipients of awareness training do not appreciate the importance of security or its relevance to their roles since their line managers have not communicated the need The programme fails to achieve a culture change because staff do not see senior management who may themselves have security-negative attitudes leading that change Staff do not understand what is expected of them since the awareness message does not specify who should do what and are therefore less likely to adopt the desired behaviour Campaigns fail because staff have heard similar messages before and are no longer interested Measurement of awareness proves little except that the individual has received the awareness messages: measure ment of effectiveness proves whether the message has actually changed behaviour Without firm evidence of effectiveness, it is difficult to justify or measure the success of awareness, and hence this can become a major obstacle to commencing an awareness programme A security function which does not receive adequate resources for security awareness is likely to focus instead on other activities that are perceived to be more important 9

16 Extent of awareness activities Members were asked to describe their current security awareness activities in order to understand whether they are formal campaigns or intermittent activities. The results are shown in Figure 5 below: Percentage of responses 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% A formal Unstructured, A single No security programme of intermittent campaign awareness work activities activities Activity Figure 5: Please describe your organisation s security awareness activities Findings Whilst half of the respondents describe their awareness activities as a formal programme of work, it is clear that the remainder have less or no structure for security awareness as: over a third of awareness projects are run as unstructured, intermittent activities one in six organisations have only a single campaign or no awareness activities at all. Thus in the absence of a formal programme of work, it is likely that most security awareness activities will suffer from a lack of formal deadlines and commitments. These findings are reinforced by data taken from the Information Security Status Survey. Figure 6 opposite shows the result of question SM2403a: Is awareness promoted using a formal awareness programme? 10

17 In no case 37% Exception 1% In all cases 14% In most cases 26% In a few cases 14% In about half the cases 8% Figure 6: SM2403a: Is awareness promoted using a formal awareness programme? Consequences It can be seen that for those cases where all, most or about half of awareness activities are managed using a formal awareness programme, 48% of all survey participating organisations promote security awareness issues through the use of formal awareness programmes. Over one half of Survey participants have little or no formal structure for their awareness activities. If security awareness activities are not managed as a formal programme of work, then: awareness programmes may not be correctly prioritised against other security activities the pace of delivery is not maintained due to a lack of formal deadlines and commitments. Key Issue: The majority of security awareness activities are not managed as a formal programme of work. 11

18 Drivers for security awareness Members were asked to comment on what they saw as the drivers for commencing their security awareness activities. The results are shown in Figure 7 below: Knowledge that security awareness can contribute to overall level of security Compliance with external standards/best practice Compliance with regulatory requirements Management concern about overall levels of information Drivers Audit or security review Result of risk analysis Many minor incidents in this organisation Major incident in this organisation Major incident in another organisation Very Low Low Medium High Very High Scale Figure 7: To what extent did the following events prompt the initiation of your security awareness activities? Findings The results suggest that Members security awareness activities are most commonly influenced by soft drivers: eg knowledge that awareness needs to be raised, either to comply with a standard, or because awareness is known to be a good thing. The hard drivers eg risk assessments or incidents appear to have less influence on the need to run security awareness campaigns. Consequences Commencing a security awareness campaign because of a belief that awareness needs to be raised means that: the business case for security awareness is hard to justify because the need has not been clearly identified value from an awareness activity cannot easily be quantified when the problem it is intended to address is not defined. Key Issue: The belief that awareness needs to be raised is the most common reason for commencing a security awareness programme. 12

19 Objective of awareness activities Members were asked to comment on the importance of their objective for security awareness activities. The results are shown in Figure 8 below: To reduce the number of security incidents To comply with external standards/best practice To address management concern about overall levels of information security Objective To comply with regulatory requirements To satisfy the recommendations of a review Other Very Low Low Medium High Very High Scale Figure 8: In your opinion, how important are the following objectives of your security awareness activities? Findings The results show a broad spread of objectives, with many Members reporting several different objectives for security awareness. The objectives appear to be more tangible than the drivers for commencing awareness activities described in the previous section. However, in the workshop sessions Members were asked whether they have a formal written objective for their awareness activities. The response suggests that only a small proportion typically fewer than 10% have a documented objective for their security awareness activities. Consequences In those cases where security awareness activities do not have a formal, documented objective: the purpose of the awareness programme may be unclear it may be hard to evaluate success since the desired outcome is unknown it may be difficult to determine the financial value of security awareness to the organisation the relationship between various security campaigns is uncertain, and their relationship with other security activities is unknown. This may cause conflict or confusion between security activities. Key Issue: Very few awareness programmes have a formal, documented objective. 13

20 Sponsorship of awareness activities In order to understand where the responsibility for awareness is perceived to rest, Members were asked who sponsors their awareness activities. The results are shown in Figure 9 below: No sponsor 16% Other Senior business 9% management 33% Human resources department 2% Information security management 40% Figure 9: Who sponsors your awareness activities? Findings The results show that: only one third of awareness activities are sponsored by the business management one project in six had no sponsor at all. Consequences SM24: Security Awareness of The Forum s Standard of Good Practice ( The Standard ) states that Formal awareness programmes should be supported by top management. Anecdotal evidence from workshop attendees suggests that successful awareness programmes often have a business sponsor or significant involvement from senior business management, and that nearly all successful programmes have some sponsor. Without a sponsor, awareness activities are likely to suffer problems that include: business management are reluctant to release staff for awareness training because they have not committed to the activities recipients of awareness training do not appreciate the importance of security or its relevance to their roles since their line managers have not communicated the need the programme fails to achieve a culture change because staff do not see senior management who may themselves have security-negative attitudes leading that change. Key Issue: The security management team sponsors the majority of awareness programmes. 14

Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture

Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture 3 29 Safety Matters! A Guide to Health & Safety at Work Chapter outline Leadership and Organisational Safety

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

Maximising the Effectiveness of Information Security Awareness

Maximising the Effectiveness of Information Security Awareness Maximising the Effectiveness of Information Security Awareness This thesis offers a fresh look at information security awareness using research from marketing and psychology. By Geordie Stewart and John

More information

Written evidence for the Department of Business, Innovation and Skills: a small business commissioner

Written evidence for the Department of Business, Innovation and Skills: a small business commissioner Written evidence for the Department of Business, Innovation and Skills: a small business commissioner About ACCA ACCA is the global body for professional accountants. We aim to offer business-relevant,

More information

Key Performance Indicator (KPI) Guide

Key Performance Indicator (KPI) Guide Key Performance Indicator (KPI) Guide Measuring performance against the NSW Disability Services Standards Version 1.0 Key Performance Indicator (KPI) Guide, Measuring performance against the NSW Disability

More information

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) Risk should be defined as An uncertain event that, should it occur, would have an effect (positive or negative) on the project or business objectives.

More information

Beyond Security Awareness Achieving culture and avoiding fatigue

Beyond Security Awareness Achieving culture and avoiding fatigue Beyond Security Awareness Achieving culture and avoiding fatigue Prof. Steven Furnell Centre for Security, Communications & Network Research University of Plymouth United Kingdom Session Content Introduction

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Afro Ant Conversation. Change Management Return on Investment 3 April 2014

Afro Ant Conversation. Change Management Return on Investment 3 April 2014 Afro Ant Conversation Change Management Return on Investment 3 April 2014 Overview This report documents the information gathered at the Afro Ant Conversation held on the 3 rd of April 2014 on the topic

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

DESCRIBING OUR COMPETENCIES. new thinking at work

DESCRIBING OUR COMPETENCIES. new thinking at work DESCRIBING OUR COMPETENCIES new thinking at work OUR COMPETENCIES - AT A GLANCE 2 PERSONAL EFFECTIVENESS Influencing Communicating Self-development Decision-making PROVIDING EXCELLENT CUSTOMER SERVICE

More information

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL DRAFT TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL An initial draft proposal to determine the scale, scope and requirements of a team productivity development improvement program for a potential client Team

More information

How To: Implement Change Successfully

How To: Implement Change Successfully How To: Implement Change Successfully INTRODUCTION The most important part of the audit cycle is making change Baker et al (1999) The aim of this How To guide is to provide advice on how to implement change

More information

Performance Management Is performance management really necessary? What techniques are best to use?

Performance Management Is performance management really necessary? What techniques are best to use? Performance Management Is performance management really necessary? What techniques are best to use? This e-book is a guide for employers to help them discover tips and methods of performance management,

More information

Comparison of Change Theories

Comparison of Change Theories VOLUME 8 NUMBER 1 2004-2005 Comparison of Change Theories Alicia Kritsonis MBA Graduate Student California State University, Dominquez Hills ABSTRACT The purpose of this article is to summarize several

More information

Applies from 1 April 2007 Revised April 2008. Core Competence Framework Guidance booklet

Applies from 1 April 2007 Revised April 2008. Core Competence Framework Guidance booklet Applies from 1 April 2007 Revised April 2008 Core Competence Framework Guidance booklet - Core Competence Framework - Core Competence Framework Core Competence Framework Foreword Introduction to competences

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

River Clyde Homes: Officer Service Desk Analyst

River Clyde Homes: Officer Service Desk Analyst Job Role: Officer Service Desk Analyst Directorate: Business Support Role reports to: ICT Manager Roles Reporting to this role: N/A Total number of team members within team: 5 Grade: River Clyde Homes

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

Achieve. Performance objectives

Achieve. Performance objectives Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Assessing your management system and the approach that you take

Assessing your management system and the approach that you take Management system management by matrix Assessing your management system and the approach that you take raising standards worldwide About the author John Osborne is Product Manager for BSI Training. The

More information

THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS

THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS INTRODUCTION This note discusses some basic principals of the data-led design of publicity campaigns, the main issues that need to be considered

More information

CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE

CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE TABLE OF CONTENTS STEP 1 IDENTIFY THE CHANGE... 5 1.1 TYPE OF CHANGE... 5 1.2 REASON FOR THE CHANGE... 5 1.3 SCOPE THE CHANGE... 6 1.4 WHERE ARE YOU NOW?...

More information

Benefits realisation. Gate

Benefits realisation. Gate Benefits realisation Gate 5 The State of Queensland (Queensland Treasury and Trade) 2013. First published by the Queensland Government, Department of Infrastructure and Planning, January 2010. The Queensland

More information

Data Quality Assurance: Quality Gates Framework for Statistical Risk Management

Data Quality Assurance: Quality Gates Framework for Statistical Risk Management Data Quality Assurance: Quality Gates Framework for Statistical Risk Management Narrisa Gilbert Australian Bureau of Statistics, 45 Benjamin Way, Belconnen, ACT, Australia 2615 Abstract Statistical collections

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned Document management concerns the whole board Implementing document management - recommended practices and lessons learned Contents Introduction 03 Introducing a document management solution 04 where one

More information

Performance Measurement

Performance Measurement Brief 21 August 2011 Public Procurement Performance Measurement C O N T E N T S What is the rationale for measuring performance in public procurement? What are the benefits of effective performance management?

More information

BT Contact Centre Efficiency Quick Start Service

BT Contact Centre Efficiency Quick Start Service BT Contact Centre Efficiency Quick Start Service The BT Contact Centre Efficiency (CCE) Quick Start service enables organisations to understand how efficiently their contact centres are performing. It

More information

Competency Frameworks as a foundation for successful Talent Management. part of our We think series

Competency Frameworks as a foundation for successful Talent Management. part of our We think series Competency Frameworks as a foundation for successful part of our We think series Contents Contents 2 Introduction 3 If only they solved all of our problems 3 What tools and techniques can we use to help

More information

WHO GLOBAL COMPETENCY MODEL

WHO GLOBAL COMPETENCY MODEL 1. Core Competencies WHO GLOBAL COMPETENCY MODEL 1) COMMUNICATING IN A CREDIBLE AND EFFECTIVE WAY Definition: Expresses oneself clearly in conversations and interactions with others; listens actively.

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

WHITE PAPER. PCI Compliance: Are UK Businesses Ready? WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

CPD an emotional rollercoaster

CPD an emotional rollercoaster CPD an emotional rollercoaster Aims: To raise awareness of the emotional aspects of change management (which are often ignored) and to introduce Fisher s transition curve to describe how mandatory CPD

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Factsheet: Market research

Factsheet: Market research Factsheet: Market research A close understanding of the local childcare market and your customers needs is essential in order for your childcare business to succeed. Performing market research on potential

More information

The Business Benefits of Logging

The Business Benefits of Logging WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as

More information

Principles of Good Complaint Handling

Principles of Good Complaint Handling Principles of Good Complaint Handling Principles of Good Complaint Handling Good complaint handling means: 1 Getting it right 2 Being customer focused 3 Being open and accountable 4 Acting fairly and proportionately

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Organisational Change Management

Organisational Change Management Organisational Change Management The only thing that is constant is change in your business, your market, your competitors, and your technology. Remaining competitive and responsive to your customers and

More information

APES 320 Quality Control for Firms

APES 320 Quality Control for Firms APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,

More information

DBC 999 Incident Reporting Procedure

DBC 999 Incident Reporting Procedure DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible

More information

Guide to Penetration Testing

Guide to Penetration Testing What to consider when testing your network HALKYN CONSULTING 06 May 11 T Wake CEH CISSP CISM CEH CISSP CISM Introduction Security breaches are frequently in the news. Rarely does a week go by without a

More information

Role Activity Grade 5 PAS Professional Officer

Role Activity Grade 5 PAS Professional Officer Role Activity Grade 5 PAS Generic Post Job Title: Market Insight Officer Title: Reporting to: Head of Market Insight School/ External & Community Relations Department: Job Family: Professional and Administrative

More information

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT July 2014 Contents Page Introduction 3 What is continuous improvement? 4 Why do we

More information

Making a positive difference for energy consumers. Competency Framework Band C

Making a positive difference for energy consumers. Competency Framework Band C Making a positive difference for energy consumers Competency Framework 2 Competency framework Indicators of behaviours Strategic Cluster Setting Direction 1. Seeing the Big Picture Seeing the big picture

More information

Effective from 1 January 2009. Code of Ethics for insolvency practitioners.

Effective from 1 January 2009. Code of Ethics for insolvency practitioners. INSOLVENCY PRACTITIONERS (PART D) Effective from 1 January 2009. Code of Ethics for insolvency practitioners. On 1 January 2014 a minor change was made to paragraph 400.3 of the code. The change clarifies

More information

Level: 3 Credit value: 5 GLH: 28 Relationship to NOS:

Level: 3 Credit value: 5 GLH: 28 Relationship to NOS: Unit 341 Implement UAN: Level: 3 Credit value: 5 GLH: 28 Relationship to NOS: Assessment requirements specified by a sector or regulatory body: Aim: T/506/1929 Management & Leadership (2012) National Occupational

More information

APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS

APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS Topic Finding Action taken/planned Awareness of the GDC Unprompted awareness

More information

Change Management in Project Work Survey Results

Change Management in Project Work Survey Results Change Management in Project Work Survey Results Contents 1. Introduction 1 2. Survey and Participants 2 3. Change Management 6 4. Impact of Change Management on Project Effectiveness 12 5. Communications

More information

Research report. Understanding small businesses experience of the tax system

Research report. Understanding small businesses experience of the tax system Research report Understanding small businesses experience of the tax system February 2012 This research was commissioned by the HM Revenue & Customs (HMRC) Behavioural Evidence and Insight Team and Business

More information

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement Complying with the Records Management Code: Evaluation Workbook and Methodology Module 8: Performance measurement Module 8: Performance measurement General 10.1 Many of the questions in the earlier modules

More information

Human factors is the term used to describe the interaction

Human factors is the term used to describe the interaction Human factors defined Human factors is the term used to describe the interaction of individuals with each other, with facilities and equipment, and with management systems. This interaction is influenced

More information

INSOLVENCY CODE OF ETHICS

INSOLVENCY CODE OF ETHICS LIST OF CONTENTS INSOLVENCY CODE OF ETHICS Paragraphs Page No. Definitions 2 PART 1 GENERAL APPLICATION OF THE CODE 1-3 Introduction 3 4 Fundamental Principles 3 5-6 Framework Approach 3 7-16 Identification

More information

Even their body language is retail! They re head and shoulders above other training companies

Even their body language is retail! They re head and shoulders above other training companies Negotiation skills First Friday is a leading provider of training & development and change management services with a portfolio of 100+ clients across the UK, Europe and South Africa. Our team is unique;

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

User research for information architecture projects

User research for information architecture projects Donna Maurer Maadmob Interaction Design http://maadmob.com.au/ Unpublished article User research provides a vital input to information architecture projects. It helps us to understand what information

More information

What to look for when recruiting a good project manager

What to look for when recruiting a good project manager What to look for when recruiting a good project manager Although it isn t possible to provide one single definition of what a good project manager is, certain traits, skills and attributes seem to be advantageous

More information

Experience Report: Using Internal CMMI Appraisals to Institutionalize Software Development Performance Improvement

Experience Report: Using Internal CMMI Appraisals to Institutionalize Software Development Performance Improvement Experience Report: Using Internal MMI Appraisals to Institutionalize Software Development Performance Improvement Dr. Fredrik Ekdahl A, orporate Research, Västerås, Sweden fredrik.p.ekdahl@se.abb.com Stig

More information

Guide to marketing. www.glasgow.ac.uk/corporatecommunications. University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ

Guide to marketing. www.glasgow.ac.uk/corporatecommunications. University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ Guide to marketing www.glasgow.ac.uk/corporatecommunications University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ 0141 330 4919 2 Introduction One of the easiest mistakes to make

More information

How to Write a Marketing Plan

How to Write a Marketing Plan How to Write a Marketing Plan This article highlights what we believe to be many of the key points that we need to consider when developing a marketing plan. It combines marketing theory, practical tools

More information

4 Keys to Driving Results from Project Governance

4 Keys to Driving Results from Project Governance THOUGHT LEADERSHIP WHITE PAPER In partnership with Agile or Waterfall? 4 Keys to Driving Results from Project Governance You can t swing a project manager these days without hitting the debate of Agile

More information

Ronan Emmett Global Human Resources Learning Solutions

Ronan Emmett Global Human Resources Learning Solutions A Business Impact Study detailing the Return on Investment (ROI) gained from a Negotiation Skills training programme in Ireland delivered by the EMEAS Learning Solutions Team. There is a definite trend

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

Chapter One PROJECT MANAGEMENT OVERVIEW

Chapter One PROJECT MANAGEMENT OVERVIEW Chapter One PROJECT MANAGEMENT OVERVIEW Project management is not a new concept. It has been practiced for hundreds, even thousands of years. Any undertaking, large or small, requires a goal, a set of

More information

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs 1. Introduction Background The National e-procurement Project (NePP) and Centre for Procurement Performance (CPP) are working to support and enable schools to meet their e- Government targets and to gain

More information

Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report

Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report 1. Introduction Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report 1.1 The London School of Hygiene & Tropical Medicine is a postgraduate

More information

Budget 300-360 per day negotiable for the right candidate 6 month contract 5 days per week for 1 st month - negotiable 3 days per week for 5 months

Budget 300-360 per day negotiable for the right candidate 6 month contract 5 days per week for 1 st month - negotiable 3 days per week for 5 months Job Title Pay Band Hours Contract Type Base Employing organisation Directorate Responsible to Accountable to Benefits Manager Budget 300-360 per day negotiable for the right candidate 6 month contract

More information

MEASURES FOR EXCELLENCE. Software Process Improvement: Management. Commitment, Measures. And Motivation

MEASURES FOR EXCELLENCE. Software Process Improvement: Management. Commitment, Measures. And Motivation MEASURES FOR EXCELLENCE Software Process Improvement: Management Commitment, Measures And Motivation J.W.E. Greene QUANTITATIVE SOFTWARE MANAGEMENT LTD 7 rue Fenoux 93 Blythe Road, Paris 75015 London W14

More information

The Cambridge Executive MBA - Seeking Employer Support

The Cambridge Executive MBA - Seeking Employer Support - Seeking Employer Support An Executive MBA is a programme designed for people who have excelled in their career to date and have proved their ambition and drive to succeed and wish to invest in their

More information

Corporate Staff Survey Action Plan 2008. DRAFT v2.0

Corporate Staff Survey Action Plan 2008. DRAFT v2.0 Corporate Staff Survey Action Plan 2008 1 DRAFT v2.0 1 1. Working Conditions 1.1 Issue Possible Impacts Actions Owners Timescale Success Measures Identify key areas where dissatisfaction is dissatisfaction

More information

Personal Learning and Thinking Skills

Personal Learning and Thinking Skills Personal Learning and Thinking Skills Guidance on delivering Personal Learning and Thinking Skills within Pan Sector Apprenticeship Frameworks Independent enquirers Creative thinkers Reflective learners

More information

Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC. 22 MARCH 2012 www.pmtoday.co.uk

Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC. 22 MARCH 2012 www.pmtoday.co.uk Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC 22 MARCH 2012 www.pmtoday.co.uk Projects need to be managed to be successful Change is a ubiquitous feature

More information

Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS

Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS Published by the British Institute of Facilities Management BIFM November 2014 1 Why measure performance? Jonah Lomu

More information

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User

More information

Module 4. Risk assessment for your AML/CTF program

Module 4. Risk assessment for your AML/CTF program Module 4 Risk assessment for your AML/CTF program AML/CTF Programs Risk assessment for your AML/CTF program Page 1 of 27 Module 4 Risk assessment for your AML/CTF program Risk assessment for your AML/CTF

More information

PCI Compliance Top 10 Questions and Answers

PCI Compliance Top 10 Questions and Answers Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs

More information

A blueprint for an Enterprise Information Security Assurance System. Acuity Risk Management LLP

A blueprint for an Enterprise Information Security Assurance System. Acuity Risk Management LLP A blueprint for an Enterprise Information Security Assurance System Acuity Risk Management LLP Introduction The value of information as a business asset continues to grow and with it the need for effective

More information

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy. Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,

More information

Six Steps for Successful Surveys

Six Steps for Successful Surveys Six Steps for Successful Surveys Overview Since the first Web-based survey was conducted in 1994, the use of online surveys has steadily increased as a means of collecting valuable information from important

More information

The Six Deadly ERP Sins

The Six Deadly ERP Sins The Six Deadly ERP Sins Summary: This white paper is a collection of observations by Manoeuvre based on our experience in the field of Enterprise Resource Planning (ERP) system implementations. The target

More information

MRS Regulations for Administering Incentives and Free Prize Draws. February 2012

MRS Regulations for Administering Incentives and Free Prize Draws. February 2012 MRS Regulations for Administering Incentives and Free Prize Draws February 2012 MRS is the world s largest association for people and organisations that provide or use market, social and opinion research,

More information

COLUMN. Metrics for knowledge management and content management. How can you know if your project has succeeded without using metrics?

COLUMN. Metrics for knowledge management and content management. How can you know if your project has succeeded without using metrics? KM COLUMN FEBRUARY 2003 Metrics for knowledge management and content management Metrics are a concrete way of defining what a knowledge management or content management project will achieve, and whether

More information

4. The creation of a Teaching Excellence Framework will not be straightforward and requires an iterative process of development.

4. The creation of a Teaching Excellence Framework will not be straightforward and requires an iterative process of development. Business, Innovation and Skills Committee Inquiry: Assessing quality in Higher Education Written evidence submitted by the Office of the Independent Adjudicator for Higher Education (OIA). Summary 1. The

More information

Health & Safety for Businesses and the Voluntary Sector. Key Principles

Health & Safety for Businesses and the Voluntary Sector. Key Principles Health & Safety for Businesses and the Voluntary Sector Key Principles KEY PRINCIPLES 1 Key Principles Introduction The importance of managing health and safety effectively cannot be over-emphasised. Ensuring

More information

Financial services mis-selling: regulation and redress

Financial services mis-selling: regulation and redress Report by the Comptroller and Auditor General Financial Conduct Authority and Financial Ombudsman Service Financial services mis-selling: regulation and redress HC 851 SESSION 2015-16 24 FEBRUARY 2016

More information

Civil Service. Competency Framework Level 3 HEO and SEO or equivalent. Level 3

Civil Service. Competency Framework Level 3 HEO and SEO or equivalent. Level 3 Civil Service 2012-2017 Level 3 HEO and SEO or equivalent Level 3 I n s p i r i n g E m p o w e r i n g C o n fi d e n t About this framework The Civil Service competency framework supports the Civil Service

More information

The Value of Consulting

The Value of Consulting The Value of Consulting An analysis of the tangible benefits of using management consultancy Management Consultancies Association 2010 March 2010 2 The Value of Consulting CONTENTS Foreword 3 Executive

More information

National Occupational Standards. National Occupational Standards for Youth Work

National Occupational Standards. National Occupational Standards for Youth Work National Occupational Standards National Occupational Standards for Youth Work Contents Introduction 5 Section 1 S1.1.1 Enable young people to use their learning to enhance their future development 6 S1.1.2

More information

Health, safety and environment policy and management arrangements

Health, safety and environment policy and management arrangements Health, safety and environment policy and management arrangements An overview of how Rolls-Royce Group plc delivers its policy commitments on health, safety and environment Issue 6 October 2006 Contents

More information

SMALL BUSINESS PERSPECTIVE. Scott Hannan Hannan Partners Pty Ltd

SMALL BUSINESS PERSPECTIVE. Scott Hannan Hannan Partners Pty Ltd SMALL BUSINESS PERSPECTIVE Scott Hannan Hannan Partners Pty Ltd Paper presented at the conference Crime Against Business, convened by the Australian Institute of Criminology, held in Melbourne 18 19 June

More information

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take

More information

Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University

Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University Dual diagnosis has become a critical issue for both drug and mental health services. The complexity of problems

More information

Paradigm Housing Group Equality, Diversity and Inclusion Policy

Paradigm Housing Group Equality, Diversity and Inclusion Policy Paradigm Housing Group Equality, Diversity and Inclusion Policy March 2016 March 2016 Paradigm Housing Group Equality, Diversity and Inclusion Policy Paradigm s vision and commitment Paradigm is a business

More information

Article on Change Management vs. Behavioural Change Management By Jonathan Gardner. Where change management fails and what to do about it?

Article on Change Management vs. Behavioural Change Management By Jonathan Gardner. Where change management fails and what to do about it? Article on Change Management vs. Behavioural Change Management By Jonathan Gardner Where change management fails and what to do about it? Change Management : one of the buzzwords of our time. But what

More information

(Effective as of December 15, 2009) CONTENTS

(Effective as of December 15, 2009) CONTENTS INTERNATIONAL STANDARD ON QUALITY CONTROL 1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS (Effective as of December

More information