A working group analyzing viable digitalization opportunities quickly focuses on one key area:
Digital Competence
Because the technologies are so diverse and their development is still in its early stages, an adaptable organization is essential. Only once structures and experience have been established can efficiency and automation be considered.
New technologies must be identified and evaluated. What about security? Are we introducing risks?
It quickly becomes clear that personal data will also be generated. Data protection is therefore another important consideration.
How can the company cultivate digital competence within its teams, management, and leadership?
The initial unease quickly gives way to motivated curiosity.
Sustainability is paramount.
And saving time is a given.
Management quickly recognizes the potential that arises from establishing security, risk assessment, and data protection at the highest level. Under this assumption, a multitude of business models are possible.
The decision is made: a lean organization comprised of motivated individuals who have mastered security, risk assessment, and data protection.
Five objectives are defined.
Goal 1: Selecting 5 suitable individuals for a permanent matrix team of 3-5 people for the "SMARTcheck Competence Center"
Goal 2: Developing processes for identifying new technologies and systematically evaluating them
Goal 3: The evaluation results must be sufficient for management to make informed decisions
Goal 4: The organization should launch within 4 weeks and then continuously improve
Goal 5: The Competence Center should be guided by the principles and values of the Agile Manifesto
LEADERSHIP: Management Ambition
Before the project can begin, management will participate in a workshop focused on their role.
Ambition is the key theme: For the team to reach its full potential, it needs a vision, a goal, and a strategy from management: the guiding principles.
Leadership is on the agenda: Currently, "agility" as defined by the "Agile Manifesto" is not implemented in the company.
The core principles and values are quickly conveyed.
The meaningful autonomy of the Competence Center is perceived as a relief.
Considerations for the application process for interested parties to the Competence Center are being developed.
Team Motivation
Team composition will be implemented through an application process with a recommendation (by the management), a hearing, and a workshop.
A draft organizational structure will be provided to the team.
The team will be given organizational structures similar to a line organization.
In a workshop, the initial organizational draft will be defined, and the retrospective process for continuous improvement will be introduced.
A policy will be introduced as a documentation method and adapted by the team.
The frequency and duration of the workshops will be determined.
There will be a 2.5-hour workshop every two weeks.
Know-how: Security, risk assessment, data protection, data value, business models
Following the organizational structure, workshops will be held to acquire the necessary knowledge.
One workshop will provide the foundational knowledge for pragmatic security management, including a risk matrix.
The structure is based on ISO 27000, allowing for future certification according to ISO 27001 if needed.
A workshop provides foundational knowledge of the GDPR and data protection law.
Another workshop covers three specialized topics:
"Data Protection by Design,"
"Data Protection Impact Assessment," and
"Data Protection Officer," ensuring the highest level of data protection.
Knowledge of "Data with Value" will be added through on-the-job training.
Skills: On-the-job training
Management is preparing a presentation where the vision, goals, and strategy will be presented.
The Competence Center will be a permanent institution.
No prior knowledge is required to join.
There are only requirements regarding motivation.
Applicants will be interviewed.
A weekend workshop will serve as an assessment center, allowing all interested parties to develop a general understanding of the topics and challenges and to test their ability to collaborate.
Organization of the Competence Center
With the launch of the Competence Center, the two bi-weekly "SMARTchecks," each lasting 2.5 hours, will be practiced:
SMARTcheck 1 includes:
1) Identification of sources and technologies: What new technologies are available?
2) Relevance check: What can be done with them?
3) Security check: Are the technologies secure, and how is the risk determined?
Homework assignments leading up to SMARTcheck 2 will clarify any areas for further investigation identified in SMARTcheck 1.
SMARTcheck2 includes:
4) Value Check: What is the value of the technology for the customer and for the company?
5) Data Check: What valuable data is conceivable?
6) Data Protection Check: What data protection package is needed for the Data Protection Impact Assessment (DPIA) and the Data Protection Officer (DPO)?
7) Decision Check: What information is needed to prepare a decision for management?
This decision-making basis is supplemented with homework assignments and presented to management in a regular meeting.
#fail2learn: Retrospective & Improvement
The team learns to analyze its work together and seeks insights for improvement.
What worked well and why?
What didn't work well and why?
Relevant insights are documented in the company policy.
This allows the company to remain independent of the individuals involved and mitigate staff turnover.
Experiences are reported to other teams periodically, and knowledge is shared.
The SMARTcheck Competence Center is open to interested parties at any time.
