Featured Product
This Week in Quality Digest Live
Management Features
Etienne Nichols
How to give yourself a little more space when things happen
Gleb Tsipursky
The future of work is here, and AI is the driving force
William A. Levinson
Quality and manufacturing professionals are in the best position to eradicate inflationary waste
Chandrakant Isi
Experts in design and manufacturing describe the role of augmented and virtual reality
Gleb Tsipursky
These successful practices will help address DEI issues for remote employees

More Features

Management News
Recognition for configuration life cycle management
Streamlines the ISO certification process
Nearly two-thirds of HR managers feel AI is changing the skills needed in today’s workplace
On the importance of data governance in the development of complex products
Base your cloud strategy on reliable information
Forecasts S&A subsector to grow 9.2% in 2023
How to consistently make optimal choices in business and life
Embrace mistakes as valuable opportunities for improvement

More News

Robert Fangmeyer


Organizational Excellence in the Cyber-Risky Age

The Baldrige Framework tackles another business challenge

Published: Thursday, July 28, 2016 - 15:01

In August 1987, Congress created the Baldrige Performance Excellence Program, a public-private partnership that spawned a global movement. This small program was given a great big purpose: to improve the quality and performance of U.S. businesses so as to improve our national competitiveness. As a nation, we struggled at that time to produce high-quality, low-cost products and services, and we were losing market share and jobs to global competition.

The Baldrige Program was established to help turn that around, and for the past 29 years, we have been extremely successful, establishing a globally recognized standard of excellence used to facilitate and enable a systems approach to organizational excellence and improved outcomes in businesses, nonprofits, educational institutions, and healthcare providers of all kinds.

Today, there is another threat to the long-term success and sustainability of nearly every organization in the United States: ensuring appropriate cybersecurity. In our increasingly connected data-driven world, protecting information and systems has become a basic necessity for organizations of all kinds, and a critical national priority.

In response to President Obama’s Executive Order (EO) 13636 and in partnership with industry, the National Institute of Standards and Technology (NIST) developed the Framework for Improving Critical Infrastructure Cybersecurity. NIST’s Cybersecurity Framework helps organizations understand what should be included in a robust cybersecurity risk management program, and it has now been deployed across critical infrastructure sectors and more broadly throughout the United States. Since then, numerous implementations have been developed, tailoring the Cybersecurity Framework to industries, associations, and even specific organizations.

So what does this have to do with the Baldrige Program and the Baldrige Excellence Framework?

Those familiar with the Baldrige Framework know that ensuring the security of data, information, and systems is not new to the Baldrige Criteria, and in fact it first showed up in the Information and Analysis section (Category 4) of the 2001 version.

However, during the past 15 years, the prevalence, importance, and unfortunately, the misuse of electronic data and information have increased exponentially. In keeping with our mission and in response to an expressed need across multiple industries, we are now partnering with NIST’s Applied Cybersecurity Division to develop a Baldrige-based assessment tool aligned to the Cybersecurity Framework. This tool will enable an evaluation of not only the robustness, but also the effectiveness and “maturity” of the cybersecurity risk management programs of organizations of all kinds.

U.S. Chief Information Officer Tony Scott, who is helping to lead the President’s Cybersecurity National Action Plan, is a strong advocate of the potential benefit to be derived from a Baldrige-based cybersecurity assessment process:

“We are making strides in raising the level of cybersecurity across the nation. Baldrige-based approaches have helped organizations to improve their performance over several decades,” says Scott. “Voluntary cybersecurity assessments using a Baldrige approach will stimulate improvement, begin to pool talent, and share solutions to the security challenges and problems organizations face today.”

During the past six months, the Baldrige Program has been part of a working group, including the Applied Cybersecurity Division (Mr. Scott’s office), and a diverse cross section of more than 20 industry participants representing hundreds of organizations, to explore the need for, the potential of, and the pitfalls to avoid in regard to a Baldrige-based cybersecurity initiative. Industry organizations taking part in these discussions have included Baldrige Award recipients PricewaterhouseCoopers Public Sector Practice, Advocate Good Samaritan Hospital, and Boeing. Working with industry to determine the path forward is one of NIST’s core competencies and is certainly key to this effort.

“NIST’s efforts to couple the proven processes and value of the Baldrige Program with the increasingly popular Cybersecurity Framework will be voluntary and private sector-driven. We will measure this initiative’s success by its usefulness to companies and other organizations in strengthening their cybersecurity risk management,” says Willie E. May, Under Secretary of Commerce for Standards and Technology and Director of NIST. “The goal is to help organizations get even greater value from the Cybersecurity Framework by providing a way to assess and guide their cybersecurity risk management.”

The first step in this effort will be the development of a self-assessment tool—the Baldrige Cybersecurity Excellence Builder. The tool will enable organizations to better understand the effectiveness of their cybersecurity risk management efforts and identify opportunities for improvement based on their cybersecurity needs and objectives as well as their larger organizational needs, objectives, and outcomes.

We are very excited about the opportunity to partner with industry to help address this critical national need. For nearly 30 years, we have been fostering organizationwide excellence, and in 2015 we embarked on two strategic initiatives that will bring the Baldrige concepts to a much wider audience: cybersecurity and Communities of Excellence 2026 (COE2026). The cybersecurity initiative drills down into a critical component of organizational performance and sustainability, while COE2026 adapts Baldrige’s systems approach to achieving excellence to entire communities.

We estimate that a draft of the Baldrige Cybersecurity Excellence Builder will be available for broad public input in fall 2016. If you would like the opportunity to review this draft, just send an email to baldrige@nist.gov.

The Baldrige Foundation is also supporting our cybersecurity and Communities of Excellence efforts through advocacy and fundraising. You may visit their website for more information.

First published July 12, 2016, on the Blogrige blog.


About The Author

Robert Fangmeyer’s picture

Robert Fangmeyer

Robert Fangmeyer is the director of the Baldrige Performance Excellence Program (BPEP) at the National Institute of Standards and Technology (NIST).