With practical tips and from unusual perspectives, the ConSense EXPO 2023 to the increasing demands on quality and compliance officers. In addition to suggestions for action and tools for efficient and flexible management systems, the focus will be on current AI trends and efficient QM methods. Special impulses will be provided by motivational trainer, entrepreneur and success author Dr. Stefan Frädrich in his keynote. He will humorously give tips on how to "Günter", our inner pig dogand trained to become a "quality partner. And Stefan Heinloth, entrepreneur, trainer and coach, shows how management can be integrated into an "Integrated Top Management System" in a targeted manner. With "What we WEIRD People can learn from hunters and gatherers," cultural and social anthropologist Khaled Hakami delivers a very inspiring contribution that provides lasting encouragement to look far beyond one's own horizons and routines.

The exhibition program and the possibility to register for the virtual expo are now available on www.consense-gmbh.de/expo available. Online registrations for the individual conferences are also already available at www.consense-gmbh.de/expo-konferenzen possible. Participation is free of charge.

AI and communication: What does the future hold for quality management?

Efficient work and successful communication remain the keys to quality management of the future. In "Inspire your management with well-planned management reviews" and "Processes are internal communication", ConSense management consultant Michael Weubel addresses this in particular. The "Acceptance check" for one's own QM system and tips for internal company "QM marketing" complete the toolbox for successful quality management.

With the panel discussion "AI power for your management system" and the QM workshop "Current opportunities and challenges for quality management", ConSense EXPO invites participants to actively exchange ideas among their professional colleagues. Perspectives, opinions and experience reports are welcome and can also be discussed in the digital networking area.

QMS and IMS: From setup to professional user

ConSense's virtual expo has numerous offerings in its program for both QM newcomers and long-time users: from "Introducing a Management System" to measures, workflow, training and qualification management to power user sessions and exclusive consulting hours.

The virtual booths will be open from 9 a.m. to 5 p.m. throughout the show, Tuesday, Sept. 26, through Friday, Sept. 29, and can still be visited the following week. Here, in addition to free downloads, live demos of ConSense software solutions will be offered.

Thinking outside the box: Quality thrives on inspiration

"Change and continuous improvement thrive on openness to new things and the courage to break new ground. That is why we have deliberately chosen formats and presentations for this ConSense EXPO that encourage a change of perspective, exchange and fresh ideas. These impulses, combined with many practical tips, accompanied by top-class and experienced speakers, make this QM event so special," explains Dr. Iris Bruns from the management of ConSense GmbH.

Mother-tongue childbirth preparation course, app-based early detection of cancer symptoms, electronic monitoring of adverse drug reactions, etc. - just a few examples. previous winning projects of Innovation Qualité show: Pioneering works that improve patient care exist in all specialties of the healthcare system. To publicize such quality projects and encourage their imitation and further development, the Swiss Academy for Quality in Medicine SAQM of the FMH awards its Quality Prize every two years. Tried and tested quality projects can be submitted for evaluation by independent experts until December 4.

Digital innovation, patient safety and physician quality initiatives.

In order to always reflect and promote current quality efforts, a new thematic focus is chosen for each issue of Innovation Qualité. In 2024, it will be dedicated to digital innovation and thus to quality projects that contribute to the well-being of patients with the help of new digital technologies. This first prize category is endowed with 15,000 Swiss francs. The same prize money is also awarded in the second prize category on the topic of "Patient safety and prevention of avoidable adverse events". And if a quality project worthy of an award fits neither the first nor the second prize category, those responsible should apply for the jury's special prize of 10,000 Swiss francs. This third prize category is reserved for physicians, while the other two categories are open to professionals from all healthcare professions and disciplines.

Broad support and awareness

31 organizations from across the healthcare sector support Innovation Qualité 2024. The winning projects will be presented to the media as well as in the Swiss Medical Journal and on the award website. In addition, the winners will be able to present their quality projects to an interested professional audience at the award ceremony. The Innovation Qualité will be awarded at the SAQM Symposium on May 24, 2024 in Bern.

Further information: www.innovationqualite.ch

In 2015, with the product launch of SAP S/4HANA, the successor product to Business Suite, SAP announced a solution with which customers can drive digital transformation with the simplicity of the cloud. Here, the "S" in the name stands for "Simple" and the "4" for the fourth product generation. "HANA" indicates that the solution runs entirely on the SAP HANA in-memory database. According to SAP, just 8 months after the official product launch, more than 30 customers were live with SAP S/4HANA and more than 417 active projects were communicated (Source: https://it-onlinemagazin.de/wp-content/uploads/2016/01/S4HANA_SAP_HANA_S4_Grundlagen_2016.pdfpage 3). Many customers who were using the Business Suite productively at the time did not really take the announcement seriously at the time, since according to the roadmap they still had a commitment from SAP to maintain and further develop their solution until the end of 2025.

Although SAP launched a series of campaigns in the years that followed, which promoted a timely migration to SAP S/4HANA, those responsible in many user companies did not initially decide to make the switch, or rather saw it in the distant future. We can only speculate about the reasons for these decisions. The cost/benefit aspect certainly played a significant role in the considerations.

Sluggish readiness to migrate

ERP implementation projects usually cost more than planned, take longer and do not achieve the expected results in the end. The strategy of initially deciding against a migration "of the first hour" is also perfectly understandable for factual reasons. Software products are never error-free, and this is especially true for complex applications such as ERP solutions. Companies that decide to use a standard application with a small number of productive users should therefore factor in a higher cost for support, both external and internal.

Another relevant aspect of deciding against an early SAP S/4HANA migration was certainly the lack of availability of implementation consultants with relevant practical experience. The established system houses and implementation partners had only a few SAP S/4HANA projects of their own at the time. The opportunity to deploy their consultants in corresponding projects was therefore limited. In addition, training implementation consultants in new software versions is usually difficult anyway, as their availability is usually limited due to their high workload.

What is the current market situation today, almost 8 years after the product announcement by SAP with regard to S/4HANA? This was one of the topics addressed by the DSAG (German-speaking SAP^® Anwendergruppe e.V.), which is why it surveyed its member companies for its annual investment report. For the 2022 report, the question "How far along is your company or organization in terms of implementing S/4HANA?" was answered as follows (see Figure 1). 12 % of respondents had not yet decided and 6 % did not want to switch to S/4HANA. Those who did not want to switch cited "uncertainty about functionality" and "lack of business case" as reasons, among others. 47 % of respondents said they were planning to migrate but had not yet started. 23 % of the companies were in the process of implementing the solution and only 12 % already had S/4HANA in use.

In the 2019 investment report, four years after product announcement, only 3 % of DSAG members had already migrated to S/4HANA and 30 % were planning to migrate in three years at the earliest. Because of this sluggish migration readiness, DSAG lobbied SAP for resilient release and maintenance planning beyond 2025 for its members. In response, SAP extended Business Suite maintenance and development by two years in February 2020. The so-called "mainstream maintenance" now runs until the end of 2027 without additional fees. Those who need even more time for the changeover to S/4HANA can take advantage of the additional chargeable maintenance offer "Extended Maintenance" for the Business Suite until the end of 2030. This is associated with a surcharge of two percentage points on the existing maintenance base, i.e. an increase from 22 to 24 %. In a statement on the maintenance extension by SAP, DSAG board member Andreas Oczko recommended in February 2020 that the time gained be used immediately: "The maintenance commitments for Business Suite 7 until the end of 2030 are not a carte blanche to continue waiting. On the contrary, it must be the starting signal for companies to put aside their last restraint and begin the digital transformation."

Ways for a successful transformation

SAP customers who have not yet started the transformation project (approx. 60 %) have various technical and conceptual options for migration at their disposal. With regard to the migration approach, a distinction is made between brownfield, greenfield and a middle way, so-called selective migration.

The brownfield approach follows the concept of a step-by-step conversion and changeover of the existing system in the direction of S/4HANA. The implemented solution remains almost unchanged, but receives a kind of upgrade. Individual customizations are largely retained and existing data is essentially continued to be used. For technical support of the migration, SAP provides solutions such as the Software Update Manager (SUM) or the Database Migration Option (DMO), among others. The advantages of the brownfield approach are the possible retention of individual processes and integration into the existing system landscape with simultaneous modernization, standardization and consolidation of the overall system.

In the style of "building something on a greenfield site" without taking existing or evolved constraints into account, the greenfield approach corresponds to a fundamental new implementation of the SAP S/4HANA solution. The greenfield approach is similar to switching from another ERP product to SAP S/4HANA. In both cases, a completely new instance of SAP S/4HANA is set up by analyzing and redesigning current business processes to map them as closely as possible to the standard within the new software. The existing master data of the existing SAP or non-SAP solutions is migrated step-by-step into the new system by means of appropriate adjustments and conversions. As a rule, transactional or historical data is not migrated in its entirety, as the effort required for the transformation may be considerable. The greenfield approach offers companies the advantage that ERP systems that have been individualized over the years are replaced by a new standard version of SAP S/4HANA and that business processes are optimized in parallel with the SAP implementation. However, a prerequisite for this is the willingness to implement comprehensive process and, if necessary, structural organizational changes as part of the implementation. Methodologically, the implementation of the necessary organizational measures should be underpinned by appropriate change management.

Selective migration or landscape transformation represents a middle ground between greenfield and brownfield. Experts also refer to this as the color field approach or a hybrid strategy. Selective migration is an approach based on brownfield. If companies take such a path, the current productive system is first copied, then all existing transaction-based data is deleted. The system is then migrated to SAP S/4HANA. If necessary, required adjustments and configurations are made. Subsequently, data is selectively mi-grated from the current productive system. As part of this approach, it is necessary to control the data transfer individually, for example, by transferring or recoding only a defined section of data. This increases the complexity of the already complicated data migration. A version of this approach was developed by SNP Schneider-Neureither and IBM Services and is marketed under the name Bluefield. With the CrystalBridge platform, SNP provides a corresponding tool for data transfer as part of an SAP S/4HANA migration. Various SAP system houses are qualified as partners with SNP and use SNP's platform as part of their projects.

Which type of migration, brownfield, greenfield or bluefield, makes the most sense for a company depends on various criteria. In addition to the strategic objective of the project, the objective of the migration project (e.g., process optimization, process harmonization, "back to standard," improvement of data/information quality), the following aspects play a role, among others:

• Readiness of the company for organizational change
• Degree of automation of business processes
• Available project budget
• Restriction regarding the project duration
• Configuration of the current productive system
• Number and scope of individual adjustments
• Requirements regarding the availability of historical data
• Operating model (public cloud, private cloud or on-premise)
• Number and scope of interfaces to other applications
• Know-how of the project managers in the company
• Methodological competence of the implementation service provider

Operating models: Examine various options

Companies also have several options in terms of operating model, licensing and deployment (see Figure 2). In general, there is the option of licensing the solution on-premise (classic purchase model) or as SaaS (subscription or rental model). SAP bundles the latter in RISE. "RISE with SAP" is an offering package designed to help companies switch to SAP S/4HANA in order to develop and optimize business processes in the cloud. As a contractual partner, SAP takes care of all the necessary steps, such as analysis, operation, support, and the selection of and negotiations with suitable hyperscalers. In order to advise customers on the selection of the operating model, the required scope of services and the associated costs, SAP offers corresponding analyses in the form of questionnaire-based workshops (e.g. the so-called "Readiness Check" or "Process Discovery"). As a rule, these are free of charge and a prerequisite for the provision of a corresponding offer for SAP S/4HANA use.

As already mentioned, there are many examples that prove that ERP projects always turn out to be more expensive than calculated and take longer than planned. However, it is worth taking a closer look. There is a well-known quote that every project manager should know: "Tell me how your project starts and I'll tell you how it ends". In many cases, one main cost driver for inadequate project implementation is ignored at the very beginning: Choosing the right sourcing strategy! Especially in the case of SAP S4/HANA migrations, people often reflexively consider only the current SAP system house and negligently omit a systematic selection of the optimal SAP service provider. Yet the market for potential implementation partners is large and heterogeneous. A sufficient number of system houses have a great deal of experience, often decades of cooperation with SAP, various partner roles and different partner statuses or certification levels according to the SAP PartnerEdge program.

The PartnerEdge program distinguishes between four levels. With the SAP PartnerEdge Open Ecosystem partner level, SAP aims to reduce the barrier to entry into the organized partner landscape. No fees are charged for the program and, apart from a few product-specific training courses, no proof is required. The next two levels, Silver and Gold Partners, are designated as "Committed Partners". Here, both program fees are due and the verification requirements are significantly increased. The partners must have comprehensively trained personnel, coordinate a business plan with SAP and, if necessary, have their solutions certified. Advancement from silver to gold partner is governed by a points system. The partner receives the so-called value points for certain activities (e.g. sale of a solution, additional training of personnel, new references, certification of a solution or services, etc.). In addition, partners at these levels can participate in the "SAP Recognized Expertise Program". The program is used to mark a partner's special expertise in one of 21 industries or one of 30 solutions. For certification, partners must prove their competencies through appropriate references, projects, and specific training of their employees. In addition, SAP requires partners to submit a specific business plan for the industry or solution, the implementation of which is reviewed by SAP. The highest level, Platinum Partner, is reserved for long-term strategic partnerships. These partners currently include large technology groups such as IBM and Deutsche Telekom, as well as internationally positioned sales partners such as NTT DATA and large system integrators such as ATOS and Capgemini.

An initial orientation of the SAP partner market is provided by the "Partner Finder" on the SAP homepage (https://www.sap.com/germany/partners/find.html). Filter options can be used to select the companies listed in the SAP Partner Program. A search for partners offering "Project Services" for the solutions "ERP and SAP S/4HANA" yields a hit list of more than 1,550 companies worldwide. For the German market, there are still just over 230 system integrators. An additional filter can be used to further narrow down the list of partners to a so-called "focus industry". For example, for "industrial manufacturing" the list of providers can be reduced to around 160, for the "retail" sector there are just over 130 and for "life sciences" around 100.

As part of a well-founded and competitive sourcing strategy for an SAP S/4HANA migration, the client should evaluate the potentially best service provider before the actual start of the project, develop a secure contractual agreement and, last but not least, build a good starting point for the upcoming commercial negotiations. In Trovarit's view, a professional SAP system house selection and project award should successively reduce the bidder environment and provide well-founded, easily comparable information from the potential SAP partners. In this context, questions such as:

• Which SAP S/4HANA certifications does the partner have? How many comparable migrations has the service provider already performed in the S/4HANA environment?
• Which project approach (greenfield, brownfield, or color field) does the migration partner recommend?
• How is the project-specific implementation methodology characterized and with which tools and templates (so-called tool chain) does the service provider usually work?
• Which operating model (public cloud, private cloud or on-premise) is recommended by the service provider?

Cooperation with partners: What it can look like in practice

Figure 3 shows Trovarit's standard procedure. In the first module "Start-up", the project is first defined together with the client. For example, the objectives, the project schedule, the project documentation and the project controlling are agreed upon. In the subsequent "Project Request" module, a so-called project profile is compiled with all the relevant information for an RFI (Request for Information) and the distribution list and contents of the request are defined. The project request is sent online to the potential system houses via IT-Matchmaker. By means of the so-called project chat, the participants in the inquiry have the opportunity to ask the client further qualifying questions. This digital, context-related dialog can be used to efficiently clarify ambiguities in the documents sent. If necessary, the corresponding contents of the chat history can be made available to all requested providers at the push of a button. Based on the responses of the requested system houses, the favored companies (TOP 3) are determined for the subsequent tender.

Parallel to the project inquiry, the project scope is roughly agreed or defined within the scope of a "fit gap" analysis. For sourcing in the SAP environment, it has proven useful to use the list of scope items provided by SAP. The specification of whether or not these approximately 700 items are required in the scope of services for the S/4HANA migration provides a good initial indicator of the project complexity. When evaluating the scope items, it is also advisable to include so-called focus topics in parallel to selected processes/tasks and to specify them in bullet points. In preparation for the subsequent pre-selection, it is necessary to create a tender and award document. Among other things, this document outlines the entire award process, describes what is expected of the service provider, sets out the requirements for the project methodology, and specifies the form of contract desired by the client. As part of the RFQ (Request for Quotation), the favored implementation partners are also provided with the previously recorded project scope (evaluated scope items) as well as the task definitions with regard to the recorded focus topics.

In parallel with the RFP, vendors will be invited to participate in two to three day workshops. In preparation for the workshop, they will receive a script that includes the agenda, expectations for the process, and task/question statements for that date. Based on the previous preparatory work, solutions to the focus topics are expected, the presentation of the project methodology is covered, a recommendation for the project approach (Bownfield, Greenfield and Bluefield) and the operating model are requested. Interviews with the designated project manager and solution architect are conducted to get to know the key people involved in the project, and selected reference customers are interviewed by phone, if applicable. The result of the tender and final selection is a final overall evaluation. Thanks to the structured approach, all the available information can be compared very well and condensed into an overall value for each provider and system. As part of the overall evaluation, all relevant evaluation aspects should be taken into account and compared with the cost information provided by the suppliers.

The final step is the contract negotiation/formulation with the "TOP provider". In addition to the legal and commercial aspects, it is essential for the contractual agreement to define the responsibilities for all relevant project tasks in a so-called RACI matrix. For this, Trovarit uses its own template stored in IT-Matchmaker with approx. 400 project activities. A module contract has proven to be the best form of contract for SAP S/4HANA migrations. All cross-phase topics are defined via a framework contract. With the completion of a project phase, the scope of services and the results to be delivered for the next project phases are defined and bindingly agreed in a corresponding individual contract.

Author:
Peter Treutlein is a member of the Executive Board of the consulting firm Trovarit AG in Aachen. www.trovarit.com

Thermal imaging cameras can be used to reconstruct and read traces of fingerprints on surfaces such as smartphone screens, computer keyboards or ATM touchscreens - in other words, anywhere users are prompted to enter a PIN code or other personal data. According to the study, hackers can use the relative intensity of heat traces on recently touched surfaces to reconstruct passwords, for example. A team of computer security experts from the University of Glasgow has now developed a set of recommendations for defending against such "heat attacks" that can be used to steal personal data.

Cracking passwords with handy thermal imaging cameras and AI

This was preceded by research by Dr. Mohamed Khamis, a professor at the University of Glasgow's School of Computing Science, and his colleagues. They showed how easily thermal images can be used to crack passwords. The team developed ThermoSecure, a system that uses artificial intelligence (AI) to scan thermal images and correctly guess passwords in seconds, alerting many to the threat of thermal attacks. Based on this, Dr. Khamis' research team conducted a comprehensive survey of existing computer security strategies and asked users for their preferences on how to prevent thermal attacks on public payment devices such as ATMs and ticket machines.

Measures against thermal attacks

The authors presented their research findings on August 11, 2023, at the USENIX Security Symposium conference in Anaheim, California. The work presented also included advice for manufacturers on how to make their devices more secure. The team identified 15 different approaches described in previous computer security research that could reduce the risk of thermal attacks. These included ways to reduce heat transfer from users' hands by wearing gloves or rubber finger hats, or changing the temperature of hands by touching something cold before typing. The literature also suggested pressing the hands against surfaces or breathing on them to hide the heat from fingerprints after typing.

Other suggestions for more security involved hardware and software. A heating element behind surfaces could erase traces of finger heat, or surfaces could be made of materials that dissipate heat more quickly. Security on publicly accessible surfaces could be enhanced by introducing a physical shield that covers the keys until the heat is dissipated. Alternatively, eye-tracking inputs or biometric security could reduce the risk of successful thermal attacks.

Users want two-factor authentication

After studying existing security measures, the team conducted an online survey with 306 participants. The goal of the survey was to determine users' preferences among the strategies identified by the team and to ask them for their own thoughts on security measures they might apply when using public devices such as ATMs or ticket machines. Dr. Mohamed Khamis, who led this study, can be quoted as saying, "This is the first comprehensive literature review on security measures against thermal attacks, and our survey revealed some interesting results. Intuitively, users suggested some strategies not found in the literature, such as waiting to use an ATM until the environment seems safest. They also advocated for strategies that were already known, such as two-factor authentication, because they were aware of its effectiveness. We also saw that they considered issues around hygiene, which made the strategy of breathing on devices to mask heat trails very unpopular, and privacy, which some users considered when thinking about additional security measures such as facial or fingerprint recognition."

The paper concludes with recommendations for users on how to protect themselves against heat attacks in public and for device manufacturers on how security measures could be built into future generations of hardware and software. Co-author Prof. Karola Marky, now working as a professor at Ruhr University in Bochum, Germany, but still a postdoctoral researcher on Mohamed Khamis' team at the time of the study, advises users to pay close attention to their surroundings when entering sensitive data in public to ensure no one is watching, or to use a secure facility such as a bank. "Where this is not possible, we recommend placing the palms of the hands on the devices to cover heat traces, or wearing gloves or finger guards if possible," Prof. Marky said. "We also advise using multi-factor authentication whenever possible, as it protects against a number of different attacks, including thermal attacks, and protecting all authentication factors as much as possible."

Manufacturers of vending machines and thermal imaging cameras also under obligation

Manufacturers of ATMs or ticket vending machines are advised to consider the possibility of attacks via handheld thermal imaging cameras at the design stage. Devices should be equipped with physical screens to block surfaces for a short period of time, or keyboards that improve privacy by rearranging the arrangement of keys after use. For devices already in circulation, software updates could help remind users to be aware of their surroundings and take measures to prevent observation by thermal cameras. "Our final recommendation is for thermal camera manufacturers to prevent attacks by incorporating new software locks that prevent thermal cameras from taking images of surfaces such as PIN pads on ATMs," adds Mohamed Khamis. "We continue to explore potential approaches to mitigate the risk of thermal imaging attacks. While we don't yet know how widespread these attacks on personal data currently are, it's important that computer security researchers keep up with the risks thermal imaging cameras could pose to users' personal data, especially since they're now so cheap and widely available."

Source: Techexplore.com / University of Glasgow

Street festivals, open-air cinemas, festivals: partying outdoors is part of a successful summer for many people. But if your smartphone is suddenly missing when you reach into your pants pocket or handbag, it can quickly dampen your spirits. Summer is the peak season for pickpockets, as AXA's loss statistics over the last ten years show. Almost a quarter of all cell phone thefts reported to the insurance company occur in July and August. The fewest occur in April, with only one in 15 cell phone thefts happening then. "In the summer, people are outside more often. That gives thieves more opportunities to strike - especially in large gatherings of people," explains Stefan Müller, head of property insurance at AXA. So it's hardly surprising that most thefts occur at the weekend, when numerous festivities are taking place. Over 40 percent of all cell phone thefts occur on Saturdays and Sundays. The risk is lowest on Wednesdays, when only one in ten cell phone thefts occurs.

Increase in thefts by 40 percent

The fact that people are more mobile again and more events are taking place is one reason why the number of stolen cell phones has increased since the end of the pandemic. In 2022, 40 percent more cell phones were stolen than in 2021 and as much as 50 percent more than in 2020. "Cross-border crime, which is now more feasible again, is probably also playing its part in the fact that the theft rate has increased," says Stefan Müller. In the first half of 2023, Axa's figures show a further increase of around 20 percent compared with the same period last year, so that the pre-pandemic level is likely to be reached again.

Caution in Geneva, Basel and Bern

AXA's evaluations show large differences not only between years, months and days of the week, but also between the cantons in which the insured persons reside. People from the canton of Geneva reported stolen cell phones to AXA around 5 times more frequently than the Swiss average and as much as 11 times more frequently than people from Ticino, who seem to be exposed to the lowest risk. Insured persons from the cantons of Basel-Stadt and Bern are also affected more often than average - but rarely from the cantons of Graubünden and Uri. These two cantons and Ticino record less than half as many stolen cell phones per insured person as the Swiss average.

Smartphone gone - what to do?

If the cell phone has been stolen, this must be reported to the local police station and the insurance company. Cell phone theft away from home is covered by the household insurance, provided that coverage for simple theft away from home or all-round coverage for smartphones, tablets and consumer electronics has been taken out.

Source and further information: AXA

Michael Widmer is the new Head of the Legal & Data Privacy Consulting Competence Center at Swiss Infosec AG and also a new member of the Executive Board. After studying law in Zurich, Michael Widmer gained a great deal of experience in various functions, particularly in the telecommunications industry. Most recently, he was a member of the Executive Board at SwissSign, where his responsibilities included legal, compliance, finance and HR. "Reto Zbinden, CEO of the company, is convinced that "Michael Widmer brings with him all the prerequisites to further develop the Data Privacy and Legal Competence Center in a high-quality and successful manner. 

Michael Widmer will lead a team that has grown steadily in recent years and enjoys an excellent reputation. Swiss Infosec AG's data protection competence center now employs more than 10 lawyers, several of whom are admitted to the bar. This makes it probably the largest data protection team in Switzerland in terms of the number of people working outside of law firm structures.

At Swiss Infosec AG, Michael Widmer joins the management team as head of the Legal & Data Privacy Consulting team. In addition to his management duties, he will advise companies, public institutions and non-profit organizations in the areas of data protection and ICT law and act as an external data protection consultant for companies and organizations. Michael Widmer will also pass on his extensive best practice knowledge in training courses as part of the company's training and development offering.

Source and further information

For the eighth time, the 3DMC is organized by the WZL of RWTH Aachen University in cooperation with the National Physical Laboratory (NPL), University College London (UCL), the Physikalisch-Technische Bundesanstalt (PTB) and this year for the first time by the two Spanish partners Tekniker and IDEKO. After successful editions in Aachen, Hamburg and London, the conference now travels to the high-tech region of the Basque Country.

Metrology as a driver of innovation

At 3DMC, up to 200 industrial users and academically renowned experts exchange ideas and shape the innovative and open character of the event. This is also reflected in the program design: a top-class lecture program paired with an open industry exhibition, special interest sessions and dedicated networking formats. Prof. Ben Hughes and Prof. Robert Schmitt will moderate and shape the event as Chairman and Host.

The conference will focus on measurement technology as an innovation driver in automation and quality assurance. Industrial end users will provide insights into successful use cases from various sectors, such as automotive, aerospace and energy. In addition, leading international scientists will present advances and associated new application possibilities in measurement technology itself. 3D data and machine vision form the DNA of the conference and are complemented by other technologies, e.g. from the fields of digitalization and artificial intelligence.

Accompanying industrial exhibition

With two strong partners on site, the 3DMC offers the unique opportunity to get to know leading technology drivers and their forward-looking research facilities up close: For the first time, the industry exhibition will be spread over two presentation venues during the two conference days, giving participants and exhibitors the opportunity to enter into a creative dialog with each other in various unusual settings, to present innovative use cases live and to cultivate their own network within the community. The 3DMC thus combines the advantages of a trade fair, a production technology laboratory and an expert forum in a single event.

Selected papers can additionally be published as an associated peer-reviewed article in the Open Access Journal Metrology will be published, further reinforcing the sustained scientific excellence of the conference. The conference language is English.

Participation is still possible as a visitor (Delegate), speaker (Presenter) or exhibiting company (Exhibitor). Further information: https://www.3dmc.events

Why are there still fewer women on boards than men? Several factors come together here, as the founder of the management consultancy The Boardroom had to realize. It's not just the boards that are to blame, but it's not just the women either. The question of blame is a vexed issue anyway, because only with synergetic cooperation do the two groups converge!

Boardroom women on the way up - when the board becomes the goal

On a rainy May day in Zurich, nearly 20 women gather for a meeting to listen to successful businesswoman Mirjam Staub-Bisang (Blackrock Switzerland). She gives a talk on investments, leadership challenges and diversity in business. All the listeners have one thing in common: they are professionally successful! Whether CEOs or HR managers, they have already found their way.

But that's not the end of the story, because the dedicated businesswomen want the space on the board of directors, for more diversity. Career women have one more thing in common: They belong to The Boardroom, the club that wants to revolutionize the quota of women on Swiss boards of directors.

Currently, only 30 percent of board seats are held by women, the rest by men. Diana Markaki, founder of The Boardroom, received her very first mandate at 36 and had only one female fellow member. She felt odd, alone, the great exception. Things didn't get any better after she moved to a Swiss company.

All of this led Markaki to feel a strong pressure to perform, which also brought insecurities. From the perspective of numerous other women, these feelings were a blessing. They eventually moved Markaki to create The Boardroom. The bootcamp where women (and men, too) can learn, to hold their own on the Board of Directors or get there at all.

With The Boardroom, an exclusive club, Markaki wants to change that and prepare women for leadership positions. The club's excellent network plays a major role in this and leads to advancing and living diversity within the framework of various event formats and trainings.

The right personalities are more important than gender

Although Diana Markaki thinks highly of women in leadership positions, gender is not the most important factor for her. It takes the right people for the position. Everywhere discussed about shortage of skilled workersMany of these positions are often filled incorrectly.

The more diverse people's experiences, the more the board benefits. Complex decisions often have to be made, which can be completely re-evaluated through different perspectives. The Boardroom is therefore not specifically aimed at female careerists, but also at those who have not yet thought outside the box. The goal is to tease out strengths and prepare women to assert themselves on boards. This works through networking, trial and error, and assertiveness, even with men!

The system for backflow prevention called STOPR was developed by vonRoll hydro. The "godfather" for this development was the function of the human heart valve: best flow values and reliable closure are decisive for the efficiency of the heart. The situation is similar with hydrants: they must be able to draw water quickly in large quantities, and at the same time they must protect the water network against contamination through backflow. The spring-loaded check valve of the STOPR is mounted in the so-called Storz and reliably closes the hydrant from a pressure of 0.003 bar, which corresponds to the force of a water column of only 3 cm. In order to ensure that water can be drawn without interference, the STOPR has been flow-optimized by vonRoll hydro engineers. Where previous systems cause flow losses of up to 40%, the system results in no significant impairment of hydrant performance.

Easy mounting and permanent protection

Today, the safety of drinking water supplies is more important than ever. Accordingly, vonRoll hydro relies on permanent solutions for water safety technologies. The STOPR is permanently installed, which can be done in the simplest way on hydrants from all manufacturers, even retrofitted. Thanks to a patented venting system in the system itself, no modification of hydrants is required. By simply changing the Storz, any water supply can inexpensively implement a new standard of drinking water safety.

Pioneering role of the water supply Würenlos

Felix Zürcher, well master of Würenlos (AG), emphasizes the importance of reliable protection of drinking water: "The municipality of Würenlos is proud to have realized the first reference project with the new technology in Switzerland. This reliable and permanent protection of drinking water will set an example at home and abroad," he is convinced. Jürg Brand, Chairman of the Board of Directors of the vonRoll hydro Group, comments: "Water has become the fundamental strategic issue par excellence. With the mission statement ZEROWATERLOSS, we are directing our commitment towards the Water and water supply safety. The new STOPR performs an important function in this regard and, after Switzerland, will also be delivered in Europe and worldwide."

Source and further information: FromRoll hydro / Community Würenlos

In a market environment characterized by constant change, agility turns out to be an important tool for many: regular feedback, short iterations, early detection and correction of errors, and autonomy lead to top results. What sounds tempting in theory, more and more companies are putting into practice - and failing miserably. With the following key factors, agility can be better mastered:

1. understanding as foundation

First understand, then act. Those who take it upon themselves to integrate agile methods must first and foremost recognize that they are not one-size-fits-all: They depend on the industry, the corporate culture, the employees and individual Challenges. What works for competitors is not automatically groundbreaking for one's own success. Edgar Ehlers, founder of the ee factor agile consulting GmbH, knows what it's all about: "Agility means adaptability, flexibility and direct response to change - above all, implementation is not a short-lived trend, but a continuous process." Companies use agile methods as a tool and learn to continue them in the long term as well as independently in order to cope with today's fast pace.

2. analyze situation and set goals

Verbalize strengths, identify weaknesses and formulate goals - anyone who wants to lead a company to agility cannot avoid a rigorous analysis of the current situation. A thorough examination of corporate cultures, hierarchies, communication structures and work processes strengthens the foundation for restructuring. "Whether it's increasing efficiency, boosting innovation, or increasing employee engagement, companies need to pre-define the goals they're pursuing with agile methods and consider what needs or challenges they'll face along the way," says Ehlers.

3. communication and transparency

Why does a company decide to restructure towards agility? The answer to this question must be communicated openly and transparently, especially internally. "All teams learn about the reasons and benefits at the outset, as well as about decision-making processes and project progress on an ongoing basis - this strengthens employees' trust and commitment with regard to implementation," explains the managing director of the agile strategy consultancy ee factor. The introduction of more efficient communication channels and tools supports fast and collaborative exchange within the working community. Regular stand-up meetings as well as check-ins promote collaboration. The introduction of agile methods also affects customers, business partners, and the public - so communication of upcoming or occurring turnarounds must also take place externally.

4. corporate culture and value change

Prevailing norms and attitudes set the tone and significantly shape the working and corporate culture. CEOs often wonder why change is slow or has not yet taken root. The reason: In a company, there are often several Change curves and each employee is at an individual point on his or her own curve. While management is already acting in line with the new corporate culture, some employees are only at the beginning of the curve. This results in differences that are the result of non-transparent communication. In order to loosen up behaviors and processes, it is advisable to introduce trial phases. These periods serve as a test run for new methods or processes before companies finally implement them. In this way, management gently weans employees off old patterns. Pilot projects help to gain initial experience and achieve success through innovative methods.

5. involvement of the management

Agile processes make a good impression on the outside. It often happens that the company management adorns itself with agility, but puts little energy into the implementation itself. Pure hubris and a lack of commitment often stand in the way of moving away from long-outdated hierarchical models and organizational structures. The management level sets the pace in transformation processes - only then does the entire company follow suit. In order to break through hierarchies and distribute responsibility equally among all, managers move from the passive to the active role: In addition to participating in training courses, they lead agile projects themselves and hand over decision-making power to employees.

6. empowerment of employees

Comfortable routines characterize everyday working life in German offices. Forced to abandon this rhythm is met with rejection by many employees - but they have a lot of responsibility, especially in agile companies. Leaving one's own comfort zone triggers insecurities, especially if there is no solid feedback or error culture in the company. Edgar Ehlers speaks from experience: "The fear of doing something wrong inhibits the potential of employees. Only the promotion of a Culture of continuous improvement releases rigidity: employees learn here that mistakes are part of the learning process and change their working attitude without fear. From Errorculture develops Learnculture and failures give rise to new learnings and motivation, which in turn increases engagement."

7. regular further training

Stagnation and lack of know-how are the biggest factors for agile methods to fail. On average, a manager receives 1-3 days of training per year. This is by far not enough. Employees and management should therefore participate in preparatory and accompanying training courses and workshops in order to build up the necessary knowledge and understanding. For objective expertise and interdisciplinary experience, it is advisable to involve external consultants or trainers who take on a supporting role until the company is in a position to do so autonomously. For this purpose, the management level appoints so-called change agents who act internally as ambassadors for the agile transformation. They provide advice and support to other employees in order to continuously expand the knowledge and skills of all.

8. patience and realistic time planning

Faster, higher, further - those who strive for change would ideally like to achieve results as soon as possible. "To establish agility as part of the organizational structure and culture, companies need to be patient and have realistic expectations," knows Edgar Ehlers. "Introducing agile methods takes time for them to have their full effect - only then will companies really succeed in implementing and benefiting from ways of working in the long term." To measure progress, it is important to regularly reflect on and review agile methods. This allows potential gaps in the tailored strategy to be identified and possible adjustments or further developments to be made.

 Source: ee factor

The global spread of the SARS-CoV-2 virus in 2020 led to a 3.5 percent decline in global economic output compared with the previous year. In the wake of varying resilience of sectors, there has been increased discussion of the opportunities of digitalization for the economy, for example through home office and automation, and calls for more digitalization. However, according to the team of authors of the new study at RIFS in Potsdam, this raises the question of whether the degree of digitization can actually be linked to the economic performance of economic sectors during the crisis. This is because there is little evidence of a correlation between the socioeconomic performance of sectors and their degree of digitization, they say. Although the study refers to the situation in Germany, it certainly allows conclusions to be drawn about the Swiss economy, which had to contend with similar conditions during the pandemic.

Government support may have increased resilience

The researchers used stock market performance, gross value added (GVA) and employment data to analyze resilience and compare it to the degree of digitization of economic sectors in Germany in the pandemic year 2020. Their question: What differences can be identified in socioeconomic resilience between more and less digitized economic sectors in the Covid 19 crisis in Germany?

The study results cannot confirm that highly digitized sectors were consistently more resilient than less digitized sectors during the Covid 19 crisis, according to the RIFS team. Sectors with high and medium digital intensity did show better stock market performance than those with low and medium digital intensity. However, the high fluctuation and uncertainty in the stock market was detrimental to the resilience of the economy, they said. Industries with low digital intensity, on the other hand, performed better in terms of gross value added and employment than those with high and medium digital intensity, with the exception of the information and communications sector. Specifically, the data showed that low- and medium-digital-intensity industries - such as public administration, education, defense, health, social work, and construction - were the only ones that saw employment increase during the pandemic, with the exception of the information and communications sector.

"The observations ultimately led to the thesis that digitization may not be a panacea for achieving social and economic resilience in the economy in times of crisis," says first author Stefanie Kunkel. A positive correlation of digitization with stock market values is relevant for investors, she adds. However, it was precisely 'people-oriented', public sectors such as health and education - with lower levels of digitization - that seemed to contribute more stably to value creation and employment during the crisis. However, the authors around Kunkel pointed out in the study that it was not an analysis of causal relationships. One of their conclusions: Government support plays a significant role in the resilience of sectors in the crisis - some studies go further and conclude that government support is possibly the main reason for resilience in the crisis.

Recommendations for the economy

A policy that focuses only on promoting digitization in order to mitigate future crises could prove misguided. Digitization not only leads to changing occupational profiles, potentially favoring better qualified workers and leading to greater wage inequality, but also poses ecological risks such as increased energy and resource consumption. Instead, resilience policies and financial support programs in times of crisis should focus on strengthening social and environmental resilience by targeting sectors that promote stability and support a broader socio-ecological transformation in line with international sustainability goals, such as the United Nations Sustainable Development Goals.

Recommendations for companies

For companies, the team recommends that managers create work environments in which remote and on-site tasks are evenly distributed among employees to avoid widening the digital divide among the workforce in times of crisis. In terms of environmental goals, digital technologies should be used to measure environmental parameters, reduce energy and material consumption along the supply chain, and identify greener business models, for example in the context of the circular economy. In this way, employees in future crises could benefit more evenly from digitization, improve their digital skills, and reconcile social, economic, and ecological goals.

With this analysis, the question for future crises could already be asked today: What factors enable the digitization of industries to support the achievement of goals such as well-being and environmental protection? Now and in the future, a change toward higher ecological standards should ultimately be initiated, because the past crisis alone did not lead to this.

Source: RIFS

The consequences of a cyber attack can be devastating. They range from financial losses to reputational damage to legal repercussions. And the risk is increasing. Latest Studies confirm that ransomware attackers succeed in encrypting data in 71 percent of attacks and that the overall cost of recovery doubles when a ransom is paid. In addition, data is also stolen in 30 percent of ransomware attacks in Germany.

The good news: companies can protect themselves against this by taking into account the five pillars of cyber resilience: identify, protect, detect, respond and recover. However, mistakes keep happening in the implementation of cyber resilience, which subsequently imply supposed security - just long enough for cybercriminals to find a gap in the seemingly secure wall of protection and cause major damage. The experience of Arcserve's data security and recovery specialists shows that there are usually three mistakes in the affected companies that lead to high risk and subsequently contribute to damage from cyberattacks.

The value of digital data is underestimated

One of the most consequential mistakes in cyber resilience efforts is that organizations misjudge the importance and value of their data. To realize the strategy of cyber resilience in cybersecurity, it is essential to fully understand the exact value of data, including intellectual property, customer data and proprietary information. Only then will leaders realize the importance of data to the business and what resources, budgets and solutions are needed to protect it. Often, insufficient awareness leads to inadequate protections, such as weak passwords, outdated software, and inadequate access controls, exposing the business to cyber threats in the first place.

The fact is that with the increasing reliance on digital technologies and data-driven decision-making processes, digital assets are more valuable than ever. Nevertheless, cybercriminals are on the hunt for this very data, because in addition to encryption, business interruption and ransomware, it can be sold underground at horrendous prices. Organizations should therefore conduct a thorough risk assessment to identify their most important assets, better understand potential Achilles heels, and implement robust security policies to protect data. These measures should include continuous monitoring, patching and updating systems and software, and implementing strong authentication mechanisms and encryption protocols.

Companies should also pay particular attention to checking potentially outdated operating systems and applications. This is because these can represent a significant problem and gap in the data security strategy - for example, if a backup provider cannot support the outdated operating systems. It's important to assess how many legacy applications are running on older operating systems and whether they can be backed up. If a company is still running legacy applications - perhaps forced to do so - and they cannot be backed up, it is essential to solve this problem to ensure data protection and security.

The ineffective management of risks by third parties

Many companies increasingly rely on third-party vendors, suppliers and service providers to support their business operations. These external partners often have access to critical systems, data and networks. But not all third-party providers have a solid cybersecurity structure in place and can become a critical vulnerability or gateway for cyberattacks.

Organizations often fail to thoroughly assess the cybersecurity of their third-party vendors and ensure that they adhere to at least the same security standards as they do. Poor cyber resilience at third parties can create vulnerabilities in the cybersecurity chain. This gives cybercriminals the ability to exploit vulnerabilities in third-party systems and gain unauthorized access to a company's data or systems through the digital chain (supply chain). Comprehensive due diligence on third-party vendors provides a remedy. This assesses their cybersecurity capabilities, which simultaneously leads to solid contracts and agreements that clearly define security expectations and responsibilities. Of course, this one-time status quo does not last forever. Regular audits of third-party vendors ensure that they do not slacken in their security efforts, but rather adapt and evolve their security in light of the ever-changing threat landscape. Incidentally, such audits are also the basis for compliance with data protection regulations.

Third-party cyber risk is particularly acute for organizations operating in a hybrid cloud environment. This is because supporting different cloud platforms and ensuring that they work well together can be complex and result in security breaches. The solution: organizations should develop an appropriate data protection and recovery strategy for their hybrid cloud environment. This includes choosing a cloud storage solution that provides continuous snapshots, multiple recovery points and security controls for private, public and SaaS environments.

Contingency plans without testing are rarely good in an emergency

Companies invest considerable resources and budgets in the development of emergency plans. The goal is to nullify or at least mitigate the effects of cyberattacks in an emergency. However, such plans often disappear in a drawer without further review or continuous adaptation until one day they are needed. By then, however, it is often too late, because no one knows whether the plan will actually work, since neither the interaction of employees and technology has been tested and practiced, and because too many general conditions have changed significantly since the plan was created. Experience shows that incident response strategies and plans are only effective if they are regularly tested, refined, and updated based on evolving cyber threats and changing business needs.

To eliminate this problem and to determine the effectiveness of emergency plans, companies should regularly conduct exercises or simulated cyberattack scenarios. These exercises help identify gaps and weaknesses in the plans and make necessary adjustments. This includes a detailed evaluation of the tests to determine the effectiveness of the response and potential for optimization. This continuous feedback loop is critical to improving an organization's response capabilities and the effectiveness and relevance of its plans.

Conclusion: Safe with security

One thing is clear: as the threat landscape evolves, organizations must avoid mistakes in their cyber resilience efforts. Understanding the value of data, effectively managing third-party risks, and actively testing contingency plans on a regular basis are the foundation for functioning and robust cyber resilience.

Author: 
René Claus is EMEA MSP Sales Director at Arcserve.