Organizational Resilience:   Compliance risk strategy for 2023


, , , , , ,

Photo by Anca Dorneanu on

One of the two key areas of research focus for me this year is organizational resilience.  In 2023, a number of regulations have been updated, creating new requirements for businesses to follow, new areas of risk, and more money and time spent adjusting to these changes.

Compliance strategies help cement trust in professional partnerships and vendor relationships.  If your firm is trying to qualify for cyber insurance, or simply looking to obey the law and avoid fines, your business is up against increasingly tough compliance measures. It is no longer sufficient to be compliant only once per year, scramble in the two weeks before the audit, and then forget about it for the rest of the year.

What compliance tech trends should IT management adopt as they build and refine their technology roadmaps?  

Let’s start with some of the regulatory drivers for these trends.

Regulatory Issues to watch

European Union Digital Operational Resilience Act (DORA)

The EU is applying regulatory pressure in the financial sector with its Digital Operational Resilience Act (DORA)DORA is a “game changer” that will push Financial Services (FS) firms to fully understand how their ICT, operational resilience, cyber and TPRM practices affect the resilience of their most critical functions as well as develop entirely new operational resilience capabilities.

One key element here is that DORA introduces a Critical Third Party (CTP) oversight framework, expanding the scope of the FS regulatory perimeter and granting the European Supervisory Authorities (ESAs) substantial new powers to supervise CTPs and address resilience risks they might pose to the FS sector.

German Supply Chain Due Diligence Act (SCDDA)

On January 1, 2023, the German Supply Chain Due Diligence Act took effect. It requires all companies with head office, principal place of business, or administrative headquarter in Germany – with more than 3,000 employees in Germany – to comply with core human rights and certain environmental provisions in their supply chains. SCDDA is far-reaching and impacts multiple facets of the supply chain, from human rights to sustainability, and legal accountability throughout the third-party ecosystem. It will addressing foundational supply chain issues like anti-bribery and corruption diligence.

From 2024, the number of employees will be lowered from 3,000 to 1,000. And Switzerland, The Netherlands, and the European Union also have drafts of this type of regulation in the books.


Payment Card Industry Data Security Standard (PCI DSS) is the core component of any credit card company’s security protocol.  In an increasingly cashless world, card fraud is a growing concern. Any company that accepts, transmits or stores a cardholder’s private information must be compliant.  PCI compliance standards help avoid fraudulent activity and mitigate data breaches by keeping the cardholder’s sensitive financial information secure.

PCI compliance standards require merchants to consistently adhere to the PCI Standards Council’s guidelines which include 78 base requirements, more than 400 test procedures and 12 key requirements.

When looking at the changes in how PCI has evolved over the years up to PCI 4.0, there is a departure from specific technical requirements and toward the general concept of overall security.  PCI 4.0 requirements were released in March 2022 and will become mandatory in March 2024 for all organizations that process or store cardholder data.

The costs of maintaining compliance controls and security measures are only part of what businesses should budget for PCI certification. Businesses should also account for audit costs, yearly fees, remediation expenses, and employee training costs in their budgets alongside technical upgrades to meet compliance standards.

Tech Trend changes

Zero Trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data and assets. Zero Trust as a model assumes all requests are from an open network and verifies each request this way. PCI 4.0 does not mention zero trust architecture specifically, but it is evident that the Security Standards Council is going that way as a future consideration.

Passwordless authentication gained a lot of attention and traction this year. Major companies, such as Google, Apple, and Microsoft, are introducing passwordless authentication based on passkeys. This is a clear sign that the game is about to change.  As the PCI DSS focuses on avoiding fraudulent activity, so does newer authentication protocol approaches to verify and confirm identity.

Third-party risk management is quickly evolving into third-party trust management (TPTM), with the SCDDA creating a clear line in the sand for global organizations. TPTM is a critical consideration when standing up an enterprise trust strategy. Enterprise trust is a driver of business development that depends on cross-domain collaboration.  It goes beyond cybersecurity and focuses on building trusted and lasting third-party relationships across the core critical risk domains: security, privacy, ethics & compliance, and ESG.

Final thought – Cyber Insurance in 2023

If some of these compliance drivers lead to a desire for financial protection,  cyber insurance is one mitigation element for strategy to address C-level concerns.   But wait – this is not as easy as it used to be.

Five years ago, a firm could fill out a one-page cyber insurance application and answer a handful of questions. Fast forward to ransomware and other cyber threats and now getting insurance with favourable terms, conditions, pricing coverage and low retention is tough.

Insurance companies prefer enterprises that are instituting robust security controls and incident response plans — especially those prepared to deep dive into their cybersecurity architectures and planned roadmaps. In terms of compliance strategy development,  there needs to be a risk-based led approach to cybersecurity to allow an insurer to offer a favourable insurance option.


Is 2023 the year of maximalism?


, , ,

And why can’t workplaces be as sleek as hotels?

(Source: Andrew Martin)

In my morning reading, I was just going through a report that talked about the trend towards maximalism. And I got an eyeful of bright colors and clashing elements in photos from hotel chains.

Social media giant TikTok recently worked with Airbnb to create a design trends report highlighting the emergence of a “maximalist” aesthetic. The report noted that interior design trends have notably shifted in emphasis from minimalism, which had been hip for more than a decade, to maximalist styles, which have drawn 693 million views on TikTok to date.

From there, I went to look at the Accor Brands page to see some of the examples mentioned in the articles I have read.

My POV on this is that after several years of feeling trapped in our locations, we want to splash out for an over-sensory experience versus a feeling of scarcity.

However I have noted most of my colleagues have taken the last two weeks of holiday break in natural settings (oceans, mountains, long walks in nature) vs. rushing for over stimulus.

If we require both stimulus and excitement, as well as calm and peace, what then does this tell us about our daily work environment? Why can’t workplaces be destination locations with different characteristics that reflects that location? Or even different themes in different parts of the location that suit different generations?

Two key trends for 2023


, , , , , ,

Organizational resilience and workplace analytics

Photo by SevenStorm JUHASZIMRUS on

In our annual quest to find and resonate on the topics that mean the most in the new year going forward, I want to talk about my two research areas for this Spring.


Organizational resilience for me is top of mind. This combines a number of factors — cyber resilience, employee motivation and commitment, resource allocation and supplier relationships, core competencies and agility to go to market. In a time when economic factors, levels of demand uncertainty and regulatory risk all put the organization on edge, how resources are allocated, supported and made agile will allow organizations to pivot more flexibly.

Technologically, we have been focusing on productivity and collaborative work this last year. My concerns are echoed by a recent paper in the MIT Sloan Management Review. The authors, Jonathan Trevor and Matthias Holweg, both at Oxford, stated that collaborative technologies do help bond hybrid and remote workplaces, but these tools and platforms still haven’t made the grade as far as replicating in-person settings. This is where I am putting my own efforts this Spring in looking at work as an experience (WaaE) and the worlplace as an experiential location.

In their paper, they claim that organizations and the technology they employ have done a good job of keeping everyone connected and in tune with what’s going on, but still can’t fully replicate the innovation seen in face-to-face workplaces. Perhaps their most significant observations are how organizations face challenges getting people together in one place at the right time, and the fact that employees in the survey “complained that work had become more transactional and operational in the hybrid environment. They missed feeling engaged and noticed a decline in the infusion of new ideas.

Being resilient as an organization is about harnessing the resources in a timely and effective manner. The ability to be innovative will hinge on how agile and supple an organization can be.

Having the right place to work to be agile and innovative will be critical. A part of this MIT survey looked at real estate usage. According to their study, ” The top planned changes cited by our sample are additional social areas (80%), creativity spaces (75%), meeting rooms (74%), shared offices (74%), and hot-desking (71%). Corner offices are on their way out.”


Which leads me to the second critical area I am examining this Spring.

Workplace analytics combines occupancy analytics, visitor management systems and more traditional facilities management tools in examining usage. This is normally used by facilities managers, corporate real estate teams and the C suite to understand spending and costs.

But what we really want to examine is utility, in other words, how the workplace served its function in supporting work.

Key question I will be asking: How does the infrastructure support the work activity? Can we take a pulse on a regular basis to see what contribution technology in the workplace makes in making work happen productively and with purpose?

As an example, I bring up the latest survey recently from Relogix, a workplace analytics firm, on global workspace usage.

This report suggests that the last six months or so have been relatively static regarding those coming in and those remaining remote. But what is interesting is the shift between individual offices and the collaboration spaces that were once connected to them, both of which declined, whereas general meeting spaces and casual social spaces doubled and quadrupled.

People are looking to engage with other people if they make the commute into the office. Where does technology play a role here and can we make the workplace a destination and an experience?

Assuming you are not commuting during the holiday period, I wish you a wonderful season and a happy new year. May 2023 be productive, full of good health and wonderful innovation!


Innovation in reuse of existing built spaces


, , , , ,

Photo by Demian Smit on

 Innovation in space usage is driven not only by use case demands, but availability.  And we can see that availability is increasing.  The general increase in space offered for sublease amid the pandemic is to be expected as companies needed less room with workers being home-based. So we are talking about the reuse of existing built spaces.

Reuse of vacant office space could also give a new lease on life to the neighourhood while supporting the local economy, and enable people to stay close to their choice of living space—all the while helping preserve the social and cultural heritage of a region. We are seeing a mix of health, education, entertainment, leisure, arts and crafts and green spaces. Some old shops could become housing in a mixed use environment.

One of the more interesting leisure examples I have seen recently is an active entertainment area, including an indoor go karting centre, in a former South West London shopping centre in Wandsworth.

Startups that repurpose unused space have seen a surge in usership. Innovative startup companies look to make use of empty offices while employees continue to work elsewhere, including working from home during the ongoing pandemic. The pandemic-oriented trend, driven by businesses downsizing and relocating, is expected to push vacancy rates up in cities, and with incentives also on the rise, this will ultimately put pressure on values. 

Some high street retailers are trying to divest some of the retail space as online shopping causes less footfall. Up to 45 percent of of John Lewis’s flagship store on London’s Oxford Street had gotten permisssion in October 2020 from the local council for reuse as office space as the company tries to stem its coronavirus losses and return to profit. Timing on that might not have been so terrific….  But according to a recent BBC article,  the UK has lost 83% of its main department stores in the five years since the collapse of the BHS chain. The figure highlights the extent of the upheaval in the High Street as the Covid pandemic sped up changes in shopping habits.

So how can this value be realized in an alternative way?  After all, The Refinery, a luxury hotel in NYC, used to be a Garment District millinery and the Tate Modern in London was once the Bankside Power Station…  This is not a new concept, but new use cases.

So let’s focus on new use cases.  Some new innovation examples come out of our need to exercise and to store, all limitations of our home spaces:

  • Silofit was stared two years ago to repurpose small office spaces by turning them into “micro-gyms” that can be rented by the hour. 
  • US  peer-to-peer storage marketplace Neighbor lets individuals and businesses rent out their unused space for storage purposes—something like the “Airbnb for storage.”

Pandemic oriented use cases come from a need to get closer to the customer for fulfillment.  Ghost kitchens and other food companies using unused commercial space as distribution centers, so produce can be closer to its final destination.

We are also seeing folks creating communities and cohorts to get closer to each other (within social distancing and reason) when larger resources are not available.  For example, New York-based edtech startup SchoolHouse uses commercial space for some of its “microschools.”

Community building as a use case is also on the rise.  Beside education, health care and wellness have led some interesting use cases. This is a good article on reuse and healthcare, albeit from a US perspective.

So what CAN’T we do at home that requires a physical location that can absorb the available office spaces?   Creative labs and maker studios come to mind, especially combined with distance learning.

What is the commonality of these new use cases?   And how will this concept grow?

Creating workplace process orchestration


, , , , , , ,

Photo by gdtography on

As we go back to the office, the process of not only being there but being productive there needs to change.  In order to engage the employee, the supplier or the customer to come into the corporate or region office, they have to be able to successfully do their business when and how they are comfortable with doing it.

Taking a holistic approach to building the tech stack, smart orchestration should be a core component of the digital infrastructure that underpins the built environment, as a means to utilise a richer data set around space and building usage that allows us to work smarter and more comfortably.

Some already call a portion of this workplace experience management.   But in order to manage the experience, there has to be an orchestration of workflows that go with that experience set. How the different experience management tools harmonise together to create the necessary processes for productive work.

When we come to an office, we want to know:

  • Availability of people and resources.  This involves open scheduling, collaborative tools and change management resources.
  • Status of physical areas and their hygiene.  This includes digital signage, capacity data being communicated, and personal preferences to heat, light and air quality.
  • Capacity of environments in terms of usage.  Can I come in?  Can others still join?
  • Procedures and protocols for visitors, suppliers, procurement of goods and services, etc.
  • Changing regulations about how we engage with the environment, including cyber security protocols.

Role of sensors and edge computing in orchestration

The underlying aspect of knowledge is data, and we have to be able to gather the necessary data to create the knowledge and communicate it to the right stakeholders in a timely fashion. The tech stack on which decision making sits is made of both internet of things (IoT) and operational (enterprise quality) technology.

Both for IoT and operational technology (OT), the common characteristics of these technologies is that they are based on decentralized architectures and they use edge computing. There is an explosion of sensors, devices and compute at the edge, and that is bringing in new types of artificial intelligence (AI) usages at the edge for real-time analytics that enable decision making.


Orchestration is harmonized with other key factors in workplace design as visibility, light penetration and communication potential; we should examine workplace tools, data analytics, sensor technology, and smart algorithms will impact how we design and what we design, to help shape the workplaces of tomorrow.

Shining a light on Industry 4.0 – Looking for a Lighthouse


, , , ,

Photo by Gantas Vaiu010diulu0117nas on

In 2018, the World Economic Forum (WEF), in collaboration with McKinsey, initiated the Global Lighthouse Network project. This network continues to aim to identify companies across sectors and geographies that have been able to scale up Industry 4.0 solutions to achieve both financial and operational performance growth, as well as environmental sustainability.  From the nine initial members in 2018, there are now 69 members of the Global Lighthouse Network.

Why is the Global Lighthouse Network an important concept?

These manufacturers are showing others how they have made traction and progress scaling Industry 4.0 technologies within the manufacturing plant environment.  Earlier research before 2018 by the WEF found over 70% of businesses investing in technologies such as big data analytics, artificial intelligence or 3D printing were not able to take the projects beyond pilot phase.

Out of the 69 lighthouses identified, 64 percent have been able to drive growth by adopting Industry 4.0 solutions. For example, while all Lighthouses have successfully transformed at the site level, a select number of  organizations have extended their Industry 4.0 journeys through the end-to-end (E2E) value chain, using technology to drive value for the enterprise connecting the organization from suppliers to customers.

Why this is valuable – it’s about people transforming with tech

McKinsey reports that a common thread across all the different lighthouses is that they put people at the centre of the transformation. And that is what helps unlock the full potential of the technology that has been deployed. This community can shine a light on ways using people to the best effect can transform factories, value chains and business models for compelling financial and operational returns.  Creating organisational maturity beyond the pilot phase has been a real block for many organizations.

What can others learn from Lighthouses?

This community of manufacturers is a built community ; in other words they have been brought together with commonalities to show leadership in using Industry 4.0 technologies.  In coming together under the project, it allows them to benefit in a joint learning journey, partnering on collaborative projects, developing insights and incubating new potential partnerships.   How others can benefit from their activities here is by seeing the possibilities that exist and applying it to their own situation.

Can other industries do the same?

Certainly, and that is the point of this blog post.  Building communities and sharing best practices has been driven traditionally from the supply side – e.g. the user communities of software vendors or the industry forums of major industry sectors like automotive, linked together by suppliers.   It is time that the users themselves drove the conversation and brought the best practices together from the demand side of the equation.   

Networking with networks – our virtual organisations and ambiguity


, , , , , ,

Photo by Pixabay on

Navigating virtual organisations – building a virtual network roadmap

I have worked for three organisations that were mainly remote with a small HQ.  And one of the first things you have to do remotely is get the lay of the land.   Who is the glue that keeps the place moving?   Who knows the internal mapping of who gets what done?    What person becomes a dead-end in your quest to get something published?  I really feel for someone who started a new job in the last year who does not have that organisational capital investment behind them in making their way through an organisational network.

I have seen the same in graduate school groupwork, both successes and failures in communication and reaching common goals.

Networks are relationships, based on equity and mutual trust, that enable dialogues to prosper and bear fruit.  These are the links within teams or departments that are built on patterns of interaction. One of the challenges in the last year is using previously built organisational capital to get things done.   So how do we do that?

Creating white space for creativity

Organisations actually create ambiguity on how things are done so that members of the team can create their own pathway by experimenting and improvising.   The kinds of characteristics that can be found in a networked organisation that allows this kind of creative white space are:

Common goals and objectives:   There is a common pull in the team towards an acknowledged activity.  When you see this being not as clear (like in a pandemic), then some of that white space for creativity disappears as well.

Shared knowledge:  Synergies are created where team thinking can be applied by several members of the group together.   Ideas are seen as complementary and challenging for the organisation to achieve.  That shared knowledge can rejuvenate the organisation when things get stagnate.

Shared work and building of trust:  As I saw personally yesterday, a networked organisation encourages shared work.  And giving that white space for growth between participants in the network allows a building of trust and cooperation.   And that grows the opportunities for even more creative expression.

Shared decision making:  If culturally the organisation allows its members to have a say in decisions, then the networked organisation knows who to call on when a shared decision needs to be made.  That networked trust between virtual participants means that there is an understanding of intellectual wealth in the network and how to leverage that wealth in the decision making process.

Dealing with ambiguity

When ambiguity is excessively high, people are confused and anxious, because they lack a frame of reference to interpret their work and actions within the organisational network. However when ambiguity is suppressed, people become complacent and unwilling to experience or change as they are shielded from the need to have to adapt.

One way to deal with ambiguity is not through explicit instructions, but shared rewards.  If a virtual team is pulling to the same finish line with the same shared priorities and shared timing, then a structure is formed that enables the virtual team to have those necessary reference frames to reduce anxiety and conflict.


Dynamic relationships are key to networked organisations, and our new normal in organisational development is how to enable those networks to be built and supported within a framework that is neither physical or experiential.

Role of technology in hybrid work forms


, , , , ,

Photo by Serpstat on

What is work?

Work as a concept has changed.  It is no longer about the physical space.  Nor is it about the choice of platform, as a varied of tools are used for connectivity.   So how do you create an organisational culture without physical or platform reference points?

A company at this point has three components: an organisational memory, a shared reference language and a set of communication channels (both tools and platforms).  Defining the company parameters will involve access to what data and what portion of a particular stream of revenues goes to what competencies are being shown.

So in a competency-based company, dialogue is the new unit of work. How do space planners and employers enable that kind of work to occur?

Employers, space planners and building owners will look to technology to perfect a hybrid model.   This needs to include the communication channels that the company uses.  Most of us are tired of hopping from platform to platform  (Teams to Zoom to WebEx to Slack to…..). I should not have to coordinate a person with a platform.   It is already hard enough to keep track of which family member uses what app to communicate.

The use of space

The trick in creating these dialogues is to make space management more seamless and accessible. Property management teams need to deliver greater flexibility and improve the in-building experience for their tenants, with an operational focus for facilities management on cost controls and workflow processes.

Making space manageable enables employees to schedule communication exchanges with the ability to reserve space, to interact and to engage in these dialogues. Property and facility managers will want to create a hygiene friendly touchless experience in this space, applying touchless technology to doors, lockers, desks, meeting rooms and access to employee resources such as changing rooms and communal spaces.

Tech enabling space

More advanced and empowered technology can enhance not only occupancy planning but also the overall work experience. We all gain in hybrid working models with reduced costs, improved  employee performance, staff retention and the environmental benefits of reduced travel. Employees get shorter commuting times and scheduled collaboration time.

Traditional models will no longer accommodate the workplace and workers of the future. The new standard of hybrid work promotes efficiency and connectivity, and technology is a big part of that.

Age is more than a number

We can see that different age groups have different ways of working and collaborating.  Besides gathering data on usage, if that data can be cross tabulated against age group and working role and style, then we can create work environments that allow the individual to create at their level of working comfort.

Data as the fuel for dialogue – how can AI help?

We need to recognise that data is the fuel for these dialogues that are creating organisational and personal value.  People want to work with each other when they can create value, and data supports that activity.  Value is what attracts employees to a work environment, value are magnetic and brings people together for collaboration and creation.

Can AI help us here?   What about better understanding HOW we use spaces to help us make better decisions where (and when) to meet?   In digitising existing manual physical processes, this allows for gathering usage data and using artificial intelligence to optimize data and space and to ensure connectivity.  For example, GoSpace’s platform is designed to help occupancy planners oversee the hybrid workplace.  In a recent collaboration between property management firm JLL and GoSpace, using GoSpace’s AI engine, JLL collects data to manage space consistently based on usage patterns, while ensuring connectivity and driving collaboration.


Building and maintaining working premises used to be about a complex Design/Build project (core & shell, interiors and relocation).  Now both property managers and facilities management need to think about data use, human dialogue and value creation for employee engagement as part of the metrics of space management.

Trust and Privacy: Return to the office environment

Many opinions exist on how automation and machine learning will help our return to the office environment. Removing physical touchpoints and leveraging machine learning on tracing employee behaviour can help with the transition back into the workplace.  But will people trust the office’s automated suggestions on where to work in the building, or help themselves to alternative workspaces?  

Trust, Good Faith and the Engagement Process

Disney and Amazon both understand what kinds of processes and trust it takes to engage people. These organizations took their time to create a vision of the contactless trusted experience before developing an implementation plan.  The RFID wristbands at Disney that open hotel doors and get you on to rides involves many elements of trust and privacy.  The automated order and delivery tracking of Amazon, along with suggestions and buying patterns, require the person to opt-in and share information to make happen.

So for your own company, once I re-enter the workplace, how does our company create those processes, that level of trust and faith, that would allow my movements and my health status to be tracked by office automation?    For example, how often should I be overtly be aware of my temperature being scanned?

Abilities of buildings to manage

Facilities management is trending towards intelligent building management systems (iBMS) which know about room occupancy, room hygiene and tracking who has been where and with whom. Elevators will limit occupancy and direct users to the correct lift going to the correct location.  I have already seen this in our city hospital as it will direct you to the correct lift once you have entered information on your destination.  This combines user interface devices such as touchless pads, system hardware, and access control management software.

The building can also possibly direct you via a building app to request a place to work. You could swipe your personnel card and then be shown several options based on your personal profile and job role, including private quiet rooms, communal areas, and outside meeting tables.  Previous occupants can be noted to share hygiene tracing if necessary.

Intelligent buildings already offer direct support to the employees who interact with them for HVAC, lighting control and occupation sensor.  They have the ability to reduce user friction, while raising workplace experience metrics to create a measured environment.

Users’ trust and participation

Users should be willing to participate to get access.  To create that trust that is required for the willingness to be given, companies need to share policies and demonstrate stewardship of the data accessed.  Who is holding my locational data, for how long and for what purpose?

Trust facilitates successful data sharing, which in turn reinforces trust. Trust is built when the purpose of data sharing is made clear, and when those involved in the process know each other, understand each other’s expectations, and carry out their commitments as agreed. Trust increases the likelihood of further collaboration and improves core surveillance capacity  by supporting surveillance networks.


Will we put our trust in buildings and facilities management on our return to the office? If communication and clear policy is articulated, then building can play a role to engage users to return to some standards of in-office participation.  But if communication is muddy and policy not made clear, people will make their own way to safety – potentially impacting the environment of others.

Christmas Eve and Dreaming Big

The end of this not so lovely year of 2020 is next week, and not soon enough for most of us. Life in the “Now Normal” has seemed like an endless array of March days, except each day is different, yet the same.

So many people are pinning hopes on 2021, and if you understand that the pandemic of 1918 was followed by the roaring ’20s, you can also see that many people are overestimating what comes next.

We have a tendency to dream when we look at a new year, or a new decade. We overestimate how quickly changes will occur. So much of our lives are already reminiscent of the Jetsons cartoon, with voice and motion controlled rooms, personal transport pods, and robotics. Me, I was just looking at the prices of private islands and personal media studios. 😉

What will 2021 look like? You can see some of my tech predictions here on the Ecosystm website where I work as a Principal Analyst on a contact to cover Infrastructure and Cloud Enablement. On a personal level, I plan to scale up and out from my current situation. This means downsizing a reliance on physical stuff and rightsizing me.

I know for certain that this next year will bring great change, but much of that will be internal in how I view and live in my world. And the same for many people I know who are recreating what they read, listen to, find factual and want to engage with. I wish you a peaceful holiday season and a value-driven new year.