ISMS – information security guideline of our organisation
Certified in accordance with ISO 27001:2013
We, think tank Business Solutions AG, Messerschmittstraße 7, 80992 Munich (hereinafter: think tank) have implemented an Information Security Management System (ISMS) according to ISO 27001:2013. The ISMS is intended to form the basis for systematically identifying and managing existing risks. The ISMS also has the function of ensuring the continuous improvement of the protection goals for information security – confidentiality, integrity, availability. The think tank’s ISMS applies to all organisational units. It therefore includes all procedures, processes and activities of the company. If third parties are commissioned with the provision of services, contractual agreements must ensure that the information security guideline is taken into account in the service relationships.
Scope of the ISMS according to ISO27001:2013
The Board of Directors is responsible for the information security of think tank. As part of this responsibility, the Executive Board issues this information security guideline. According to this guideline, each area of think tank is responsible for the security and appropriate protection of information. These measures are not only required by law, but are also part of our obligations towards our customers. Every employee must therefore adhere to this guideline and the standards derived from it.
Target group
These guidelines are binding for all employees of think tank. All employees are requested by the Executive Board to actively implement information security on the basis of this guideline and in accordance with ISO 27001, data protection in accordance with the BDSG and EU-DSGVO and material security to the best of their ability in their respective areas of activity.
Responsibilities
In addition to the Executive Board as the overall responsible party, all those involved in the business processes are also responsible for information security. The Executive Board actively supports the measures and strategies of information security and promotes the implementation of security measures in the company. Each person responsible has to pay particular attention to the following in his or her area:
- Assessing and determining the business relevance of the information and data for which he or she is responsible,
- determining and approving the scope of security and controls to adequately ensure the availability, confidentiality and integrity of the information and data for which he or she is responsible,
- ensuring that responsibilities are explicitly defined and security and control measures are implemented to manage and protect the information and data for which he or she is responsible,
- ensuring that the systems used to process the information and data for which he/she is responsible are regularly audited for compliance with the Information Security Policy.
All employees are required to comply with the guideline and any derived guidelines when creating, using and managing information and data. Employees are responsible for all actions they take when using information and related systems. Employees must understand that information security is central to the company’s philosophy and develop appropriate security awareness. Employees who suspect or become aware of a breach of information security and related information security standards, or who suspect that information is not appropriately protected, must report it immediately to their supervisor and/or the Information Security Officer. Non-compliance or deliberate violation of company requirements may result in disciplinary action, dismissal and criminal and/or civil proceedings, depending on their extent.
Security awareness
Due to the importance of information security, every employee is expected to maintain a high level of security awareness. Their compliance will be monitored. Security awareness is characterised by the following behaviour:
Recognising that information security is a critical and essential element of the company’s philosophy and success,
constant security awareness in all daily activities,
personal accountability for proactive as well as effective reactive measures in relation to all risks, vulnerabilities, incidents to employees, information, assets and the continuation of business in the event of an emergency,
the Information Security Officer is informed immediately of any irregularities.
Goals
As the importance of information security is central to the execution of business processes, the following key, strategic information security objectives emerge:
Protection of confidential data of both customers and the company and its employees,
Availability of all services and thus the availability of the data involved,
Integrity of all services and thus the integrity of the data involved,
– Preservation of the value invested in technology, information, work processes and knowledge,
Compliance with the requirements resulting from legal, contractual and regulatory obligations,
Ensuring the continuity of work processes within the company,
Establishing and maintaining a good reputation of the company with regard to information security in the public awareness,
Reducing the costs incurred in the event of a loss.
Minimum or need-to-know principle: Access to security-critical systems, applications and information must be restricted to a minimum number of people. In principle, what is not explicitly permitted is prohibited (prohibition with reservation of permission).
Introduction and ongoing maintenance of the ISMS based on the idea of continuous improvement in the sense of the PDCA model (Plan-Do-Check-Act).
Provision of sufficient resources to achieve the set goals.
Risk management
Risk management is the basis of the ISMS according to ISO 27001. The risk analysis within the framework of the ISMS serves to systematically consider potential risks, followed by their evaluation and, if necessary, the initiation of countermeasures. The risks existing for information technology and security are recorded and evaluated according to a given scheme. The application of appropriate, economic measures, the shifting of business risks and the lowering or conscious acceptance of risks below a defined, acceptable level are described in the risk analysis and countersigned by the Executive Board.
Continuous improvement process
The ISMS based on the PDCA model is implemented to maintain and continuously improve information security. Improvement measures from various sources flow into the PDCA cycle, and their implementation is continuously documented.
Content:
Scaling frameworks Nexus, LeSS and SAFe
Tabular comparison
Megatrends such as digitalisation, globalisation and flexibilisation are rapidly changing our working world today. The expectations and demands of customers are adapting to digital possibilities at ever shorter intervals. New demands are also constantly being placed on products. Teams can be scattered all over the world and still work together excellently. Everything is becoming faster, more interactive and more agile – accordingly, product development cycles are also becoming shorter and shorter.
One method that meets these requirements – today on everyone’s lips – is Scrum. However! What do you do when the product is so large and comprehensive that many teams, different departments or even the whole organisation has to work together on it? The right scaling for efficient and satisfying collaboration provides orientation and support for the teams. But: how do you decide which scalable framework is best? Which framework can be used when the processes of Scrum for 3, 4, 5, … teams are too small? The search for the most optimal approach is a big challenge for many.
To give you a rough overview of the common scalable frameworks, I have summarised an overview that highlights the differences of each framework: Nexus (Framework for Scaling Scrum), LeSS (Large-Scaled Scrum) and SAFe (Scaled Agile Framework).
Nexus
The father of the Nexus framework, Ken Schwaber, describes it as an exoskeleton that connects three to nine Scrum teams to develop a product. It is a process framework based on the agile manifesto and Scrum.
Nexus captivates through its simplicity. Scrum is scaled in its roles, events and artefacts. It focuses on cross-team dependencies and integration issues that arise when scaling across multiple teams and emphasises transparency.
LeSS
LeSS aims to impress with its simplicity (more with less) and relies on clear principles. The teams under a product owner are responsible for the complete product development and bear a great responsibility, which also includes communication towards customers and the environment. If there are more than eight teams, the system is expanded to LeSS Huge in an additional scaling phase.
SAFe
SAFe is economically oriented and has the continuous improvement of value streams in mind. With its hierarchical structure, it looks beyond the team to the programme, solution and portfolio levels as well as the overall embedding in the organisation. Roles, methods and artefacts are clearly described and support the introduction to scaled agile working.
Agile scaling frameworks Nexus, LeSS and SAFe × This comparison is intended to provide you with an orientation to make it easier for you to take the first steps regarding the decision in which direction you want to go – Nexus, LeSS or SAFe. The advantages, disadvantages and limitations of these frameworks have deliberately not been discussed here.
However, before you can choose one of the scaling frameworks, you need to think carefully about which one fits your company culture and values. Check what your goal is, what do you want to achieve? What is the environment like and which agile methods are already used in your company?
My recommendation is to take the elements that best fit your organisation from the known frameworks and adapt an agile scaling framework.
Sources:
SAFe – https://www.scaledagileframework.com
LeSS – https://less.works/de
THE NEXUS™ GUIDE – https://www.scrum.org/resources/nexus-guide
Agile Skalierungsframeworks: Safe, Less und Nexus im Vergleich – https://t3n.de/news/agile-skalierungsframeworks-safe-less-nexus-1150190/
Das beste agile Framework – 5 Large-Scale Ansätze im Überblick – https://www.mosaiic.com/agile_framework/
Error culture - a clarification
What is an error?
An error is a deviation (actual value) from a state (target value) that has been defined as correct in advance. The process of organising, however, turns the possibility of voluntarily choosing either alternative A or alternative B into an “only-A!”. Organising is therefore the destruction of alternatives. There are good reasons for this: Sometimes it is about avoiding dangers, sometimes about making processes more efficient, sometimes about simplifying steps. Those who act according to alternative B then make a mistake. …
So the individual has to make an appropriate decision in a concrete situation (this is called responsibility), but this is narrowed down to a duty of care by too tight an organisation. It is then no longer a question of doing the right things in the situation. It is only about doing the right things – in order to be able to justify oneself afterwards. Before any action is taken, the guideline, the precedent, the manual is always asked for. That is the price that has to be paid for the alternative destruction.” It remains the case that if the rules are clear, they must be adhered to and every effort must be made to avoid mistakes, but if they do happen, they must be analysed.
When do we speak of an experiment?
If an attempt to do something new fails, or if the desired result is not achieved, one should not speak of a mistake, but of an experiment. “In experiments, the result is always open. You can’t know in advance whether it will work or not. There has been no decision beforehand between the actual and the target value, because neither one nor the other is known. You only have a vague idea of something that could work. But what and how exactly, you can’t know by definition.” An experiment that fails is not a failure. It just didn’t produce the desired result.
Everything innovative is also bound to failure, to failure – but not to failure. It may take a few failures to be truly successful in the end. If agile transitions don’t work right away, management is quick to claim it was a mistake, I say no, because in order to survive in the market, innovation and speed are required. There is no right or wrong here, but to be at the forefront, it is not enough to avoid mistakes, you also have to risk something, it would be a mistake not to try it.
Sources: Sprengers Spitzen: The myth of the error culture – WirtschaftsWoche 02 July 2017
Emotional intelligence
Why EQ is so important in the business environment
Everyone has an emotional intelligence or emotional quotient (EQ), but its expression varies from person to person. For example, a high intelligence quotient (IQ) does not automatically mean a high EQ. In practice, it has been shown that people whose emotional intelligence is more pronounced than their IQ are nevertheless more successful in the workplace. A well-developed emotional intelligence is therefore a decisive advantage in the working world and is an important component for professional success. For example, it strengthens one’s own leadership skills, has a positive effect on working with the team or stakeholders and thus improves everyday work.
Due to the increased social skills, everyday work can also be made more pleasant and goal-oriented. If a manager or project leader lacks emotional intelligence, this can have a negative impact on teamwork. Productivity can decrease or even lead to resignations. Therefore, it is particularly important not only to focus on pure workflows and processes, but also to include the social component. Often, incipient conflicts can already be avoided if at the same time the feelings and needs of the counterpart are also recognised and understood. People with a high EQ are better able to grasp their own and other people’s feelings and thus better assess the other person. The associated problem-solving competence on a social level also increases their potential to solve conflicts optimally or to prevent them from arising in the first place.
An excursion into our brain - where emotional intelligence is located
The brain is divided into an emotional (limbic system) and a rational area. In the so-called limbic system, emotions are located in this subdivision. Other factors, such as rational action and logical thinking, are located relatively far away from this area. Scientifically, the relatively large distance between the two areas explains why emotions such as anger, sadness or joy and rational action act differently from each other. Whether in private life or in everyday work, many people find it difficult to react objectively instead of emotionally. This sometimes leads to rash and emotionally driven actions or statements that may be regretted in retrospect.
The four skills of emotional intelligence
Die vier Fähigkeiten der emotionalen Intelligenz sind als Selbstwahrnehmung, Selbstmanagement, Soziales Bewusstsein und Beziehungsmanagement definiert. Diese Fähigkeiten werden wiederum in persönliche und soziale Kompetenz unterteilt. Selbstwahrnehmung und Selbstmanagement sind dabei die zwei Fähigkeiten der persönlichen Kompetenz. Sie betreffen die eigene Persönlichkeit und helfen dabei, sich den eigenen Emotionen bewusst zu werden und das eigene Verhalten zu steuern.
Self-awareness means being able to perceive, understand and interpret one’s own emotions. This applies to one-time events as well as recurring situations. Dealing with negative feelings also plays a role. Since emotions are a reaction to our environment and thus always have a cause, it is particularly important to be able to classify them correctly and to understand one’s own emotional reactions. People with good self-awareness simply find it easier to see through the potential of a situation and to take advantage of it. In a sense, these people do not let their emotional world stand in the way. They also do not shy away from unpleasant situations, but use them to develop themselves further. The better one knows oneself and one’s own emotions, the easier this is.
Self-management is about the ability to consciously and positively control one’s own emotions. This is not easy for some people because emotions outweigh rational thinking. With good self-management, you are less likely to react rashly or too emotionally. The biggest hurdle is getting behaviours under control in the long run and applying the brain’s learned skills in different situations. People with good self-management can successfully put their own needs aside and keep their behaviour under control accordingly.
Social awareness and relationship management are the two skills of social competence and relate to dealing with other people. It describes the ability to recognise and understand other people’s emotional states, behaviour and emotions. Social awareness describes the basic human ability to accurately understand the feelings and thoughts of others, even if one’s own emotional state is different. Close observation and listening are among the most important factors. Ideally, you concentrate 100 per cent on your counterpart and focus only on their behaviour. Conscious listening creates an overall picture that enables the interpretation of the other person’s emotional world.
Relationship management is the knowledge of using one’s own and others’ emotions for successful and clear communication. People with highly developed relationship management find it easier to network with different people and to derive possible advantages from it. Sympathy plays a minor role. In general, social relationships must be cultivated and valued in order to build an adequate network. The better the connection, the more positive feedback you get. If the relationship is less developed, it is much more difficult to make your point of view heard. In stressful (work) times, the biggest challenge is to maintain these social relationships. Especially in the workplace, conflicts often arise because very different characters clash. Most people do not find it easy to still have constructive conversations in emotionally charged situations. Good relationship management helps to avoid such conflictual situations in the workplace and to turn them into positive relationships.
Exercise to improve emotional intelligence
Emotions are a reaction to our environment, which can create some emotional hurdles in the work environment. This is where emotional intelligence becomes important. To improve it, everyone can work on themselves. The most important points for a positive impact on conflict are active listening, open communication and respectful interaction. Likewise, time should be taken to reflect on the situation and the emotions that have arisen. In the best case, before acting impulsively. Journaling, for example, is a good exercise to improve self-awareness. All you need to prepare is a pen and paper. You can, for example, take 30 minutes in the evening after work and reflect on the day or certain situations. Like writing in a diary, you write down how you felt and how others and you reacted.
Positive affirmations can also help to positively influence future behaviour. It is also possible to take only 3 minutes to continue writing a sentence with an open end, or to respond to a question. This way you learn to reflect and classify your feelings. Example sentences are “How I feel now is…”, “What motivates me is…”, “How could you have made your day even better?”. The answers should be written down spontaneously and from the gut, you should not think about it for a long time, do not allow pauses for writing. Whether you take 30 minutes or 3 minutes is irrelevant. It is only about writing to yourself and thus getting more clarity about your own emotions.
If you use these or other exercises regularly, you will soon see a learning effect. Everyone can actively work on and improve their emotional intelligence. In this way, you can not only master your everyday working life more successfully, but also deal better with conflicts in your private life.
Emotional intelligence at think tank
Methods such as design thinking as a people-oriented approach work specifically with the skills of emotional intelligence. The first phase of the design thinking process is about understanding people and developing the ability to empathise with them, which in turn is in line with a well-developed emotional intelligence. The aim is to find out what people’s needs, views, fears and emotions are, e.g. through active listening in the context of qualitative interviews. In this way, latent human (user) needs are to be identified, which serve as inspiration for new innovative approaches, products and services.
Sources: Bradberry, Travis; Greaves, Jean (2018): Emotionale Intelligenz 2.0 – Erhöhen Sie Ihre Sozialkompetenz und verbessern Sie Ihre Kommunikation Tan, Chade-Meng (2014): Search Inside Yourself – The unexpected path to achieving success, happiness (and world peace)
Content:
New Work - a definition
The term "New Work"
The term “New Work” was conceived in the late seventies, early eighties, by Dr. Frithjof Bergmann, an Austrian-American philosopher born in 1930 in Saxony. Frithjof emigrated to the USA in his twenties, initially scraping by with part-time jobs, living for a time in self-sufficiency in the countryside and writing plays. He studied at Princeton, received a doctorate on Hegel and held various teaching positions at prestigious American universities.
His term “New Work” captures the zeitgeist that describes how industrialisation is long gone, communism has no future and capitalism does not make people happy. He sees the opportunities that technological innovations can bring and uses them to create not only a concept of “New Work”, but almost the concept of a new society. Bergmann leads the innovative production possibilities to a complete change in manufacturing chains and thus to a transformation of work and society. Thanks to 3D printers and the like, products no longer have to be produced in large factory halls far away, but can be created locally in the smallest of spaces.
This change from globalisation back to local production not only affects companies, producers and consumers, but also the working culture and the way people live together. Formative for his concept of “New Work” is the idea that capitalist work as we know it today, which he describes as mentally and physically debilitating, can be reduced to a large extent and gives way to a model of work that relies on work in community production and makes room for work that suits the individual and that he or she really wants to do.
"New Work" today - disruptive digitalisation & work-life merging
The term “New Work” is now on everyone’s lips. And, as already inherent in the original term, it also picks up on current technological innovations in the present and shapes a new future of work from them. It draws attention to the disruptive changes, forced by digitalisation, globalisation, the increase in knowledge and demographic change, which are leading to a transformation at the social and technological level and are thus also becoming visible and perceptible in the world of work – in companies and organisations.
On the one hand, these revolutionary innovations lead to a hype that writes utopias into the world of work: agile, creative, innovative people follow their needs, create creative marvels on crowded working platforms in shared offices or scattered somewhere in the most colourful corners of the globalised world, because the internet makes it possible. You turn your hobbies into a profession and live a life with a good work-life balance. New Work does not lead to a dissolution of the boundaries of work, which oppresses private life, but to a fluid merging of life and work. Work is no longer a disruptive factor in life that has to be done in order to earn a living, but a beloved part of life that offers the platform to follow one’s inclinations. Work becomes a transformer that serves to transform passion into livelihood.
Auf der einen Seite führen diese umwälzenden Innovationen zu einem Hype, der Utopien in die Arbeitswelt schreibt: agile, kreative, innovative Menschen folgen ihren Bedürfnissen, erschaffen kreative Wunderwerke auf Crowed Working Plattformen in Shared Offices Spaces oder irgendwo verstreut in den buntesten Ecken der globalisierten Welt, denn das Internet machts möglich. Sie machen Ihre Hobbies zum Beruf und leben ein Leben mit ausgeglichener Work-Live-Balance. New Work führt nicht zu einer Entgrenzung der Arbeit, die das Privatleben bedrängt, sondern zu einem fließenden ineinander übergehen von Leben und Arbeit. Arbeit ist kein störender Faktor mehr im Leben, der eben geleistet werden muss, um den Lebenserhalt zu finanzieren, sondern ein geliebter Teil des Lebens, der die Plattform bietet seinen Neigungen zu folgen. Arbeit wird zum Transformator, der dazu dient Leidenschaft in Lebensunterhalt zu wandeln.
The consequences of automation
On the other hand, there is the fear of change and the fear that change will destroy jobs and widen the gap between rich and poor. Osborn and Frey take this as their subject in their study published in 2013. They explore what many are concerned about in the wake of automation: to what extent will work-related job structures be affected by the developments just mentioned in the future and what impact will this have on the design or necessity of future jobs.
The fear of unpredictable consequences of this development leads to much speculation.
“For some time now, labour sciences and occupational psychology research have been pointing to contradictory or paradoxical effects of the introduction and use of digital technologies. They show that advancing automation and the associated increase in the complexity of the systems are often accompanied by only limited controllability of the technologies, thus a high functional and economic potential for disruption and incalculable demands on work behaviour.” (Hirsch-Kreinsen 2015, p. 16)
In their 2015 study “The robots are coming – consequences of automation for the German labour market”, Brzeski and Burk speak of the fact that in Germany, too, activities from the administrative area such as office or secretarial tasks and auxiliary activities such as postal and delivery services as well as activities in warehousing, sales or in the area of catering are increasingly being “robotised”. “Does this necessarily mean that the factory will be devoid of people? No. Industry 4.0 only works through networked communication, which brings new challenges and sets new standards in network communication. This promotes cooperation between humans and machines. This will create many new jobs that adapt to the changed circumstances.” (Brzeski, Burk 2015)
Dr Georg Jochum, who holds the Chair of Sociology of Science at the Technical University of Munich, interprets Brzeski and Burk’s study as the “cybernetisation of work” in his lecture “Sustainable Work and New Work – Is the Socio-Ecological Transformation of the Work Society Possible?” at the Science Days 2018 in Munich. He speaks of increasing external control in the context of simple activities through cybernetic technologies, such as smart glasses or smart gloves used in warehouse work, and declares this trend as “digital Taylorism”. He fears the emergence of a digital precariat through the increasing linking of self-control and cybernetic external control, e.g. in the context of crowdworking.
In addition, he explicitly pleads for a heightened awareness of the concept of sustainability in the context of “work”: digitalisation and new technologies not only mean freedom, flexibility, increasingly simple communication possibilities and the growth of information, but also an increasing need for conflict metals, of which these technologies consist, and a growing energy consumption that is often forgotten. Especially in view of globalisation, not only every individual is affected by change, but is also called upon to take responsibility and actively participate in shaping change.
New Work at think tank
Of course, the future is unpredictable, the truth lies somewhere between the extremes – between flexible, creative crowdworking digital natives, who do their work happily jumping around on a South Sea island, on the one hand, and cyborgs controlled by robots, who stand bleakly in the rain as human slaves of the machines, on the other hand.
We at think tank have found our very own “New Work Way”: we fill our Creative Spaces with stickers with all the colourful, crazy ideas that just bubble out of us and take the time to deal with them and push them forward. We enjoy the freedom of a home office and desk sharing and the opportunity to let off steam on test projects and constantly learn something new.
And if you run into a colleague in the corridor here, it tends to be happily skipping along with a grin on their face – a good sign.
Sources: Brzeski, Carsten; Burk, Inga (2015): Die Roboter kommen – Folgen der Automatisierung für den deutschen Arbeitsmarkt. Studie von ING DIBA. https://www.ing-diba.de/binaries/…/ing-diba-economic-analysis_roboter-2.0.pdf
Frey, Carl Benedikt; Osborn, Michael A. (2013): The future of employment: how susceptible are jobs to computerisatoin? Studie. University of Oxford.
Hirsch-Kreinsen, Hartmut (2015): Digitalisierung von Arbeit: Folgen, Grenzen und Perspektiven. Soziologisches Arbeitspapier. Technische Universität Dortmund, Dortmund. http://www.wiwi.tu-dortmund.de/wiwi/de/forschung/gebiete/fp-hirschkreinsen/forschung/soz_arbeitspapiere/AP-SOZ-43.pdf
