Creating layers beyond datasets – Dataset layers are the foundational pieces of building the organisation’s map, as without them the map can’t be complete. Preferably driven by automated ingests, there are layers likely manually curated – giving greater visibility to broader operations. In tracing the often-understood, rarely-captured components of an organisation – their processes and interdependencies – we need people able to follow paths from start to finish adding the layer to the mix. Here are a few areas for development:

1. Business continuity – it’s one thing to have a playbook for crisis-management, a whole different animal to show the paths from start to finish in an emergency. The purpose becomes a look into both the sequential order of actions as well as who is/is not served in the response options. Though it’s one thing to put the plan on paper, seeing the paths gives a better sense of efficacy.
2. Resilience – Just as the business continuity offers emergency management, operational resilience offers backup plans when something goes down. Resiliency may account for major incidents, but the purpose is to reduce the effect of shocks or volatility to naught – close as possible. Understanding critical software/ apps/ products/ services, who is affected/ dependent and the Plan B(C/ D/ E?) in case of disruption is not easy to follow without visualisation. With visual representation it’s hard to mistake.
3. Risk and controls – One of the biggest challenges in risk & control (R&C) space is making certain controls offer adequate coverage for known risks. In seeing where the coverage extends for various risks, it becomes easier to see absence or overkill.
4. Ecosystem – A common discussion topic, understanding the larger organisational ecosystem from both up- and down- stream perspectives, gives understanding of vested interests not often held in examinations of regional or sector connections. Whilst an internal map doesn’t extend far outside the organisation’s borders, it does show where the connections are as a start. As we button down the internal understanding of our ecosystem and the external connections, we can start extending our island resources into a continental mindset. Think through the effect of tying resilience efforts to your suppliers – how it would shift your responses to know when they suffer disruption. Develop greater rapport with your clients when they understand your actions and their knock-on effects during an incident. Imagine broader business continuity actions extending through the entire ecosystem, creating opportunities never previously considered. And beautifully, the extension between supplier/ clients would not be subject to anti-trust.
5. Process/ program – Plenty of other process/ program maps, dependencies and offerings can be built, giving greater visibility into the organisation’s operations and potential risks otherwise unrecognised. Examining the efficacy of training programs against behavioural indicators showing positive/ negative results would be an example.

As expected, the layering and builds come with caveats or considerations for developments.

1. Nesting – When we look across the organisation, we really don’t need to see each individual entity, rather the groupings where they belong. The goal would be having the ability to drill down into the business unit/ team/ network from a broader start. In order to do this, we have what’s called nesting which is done from the smallest units, building into larger. An example would be all the people in a team would nest into a larger entity-ish representative construct housing them to be opened up and explored at the searcher’s discretion. The team entity and others in the same division would be nested in a larger divisional representative entity just housing the teams within. This offers a few things:
   1. A clean starting point – If everything was properly nested, the organisation as a whole would be a single entity housing the lines of business. If those searching didn’t know what they were looking for it is easier for them to process the unfolding extraction of data as they continue their search, than the morass of data from the start.
   2. Relevant presentation – Nesting allows searchers to see only what they deem as relevant, at the level of granularity necessary. It allows visibility into the broader connections to be recognised, though nested group links will only show as connecting to the group as a whole until expanded. This may lead to assumptions of greater coverage within the group until examined to realise internal limitations.
   3. Recognition of outliers – by nesting like with like, we can see what/who has challenge in belonging. Whether an individual without a larger team, an offset group, or a lone server housing a critical function – nesting raises outlier awareness.
2. Time – Whilst we want to see near-real time views, there is value to seeing prior maps. Perhaps we are looking to show trending, or program evolution over time. Perhaps we are walking back an incident for after action purposes. Perhaps we need evidences for regulatory or audit purposes. Regardless the reason, we want an adequate retention policy to keep a versatile look back in where things were at a prior point in time.
3. Past versus current versus future values – Just as we have retention of past maps and seek to see where we are currently, we also will want to build out where we are going. Marking against goals and milestones (for example) can show where perhaps we are falling short before something fails.

In all these cases and those not captured here, once you’ve the dataset layers in place and people understanding curation/ navigation within the map, the limits are only imagination and resource allocation. With care in development, you have depth at a glance other organisations would require teams of people working projects for an extended period to emulate.

-scl