Those who want to assess the performance and results of their employees in the home office should exercise caution when using monitoring software. VMware, a leading manufacturer of enterprise software, has published a report entitled "The Virtual Floorplan: New Rules for a New Era of Work" conducted a global study on the new era of work. It shows that the rising performance of employees and the trust built with the new hybrid working models could be jeopardized by the increasing implementation of remote monitoring measures.

Employee monitoring tools widely used

The survey was conducted by the market research company Vanson Bourne. It shows that 68 percent of European companies have either introduced or plan to introduce measures to monitor employee productivity since the shift to hybrid working. These measures include email monitoring (42%), collaboration tools (42%) and web browsing (38%), as well as video surveillance (28%), webcams (27%) and keylogger software (24%). However, 43 percent of organizations that have already implemented device monitoring and 46 percent of those currently doing so are seeing increased or even dramatically increased employee turnover.

Employees notice stronger evaluation of their performance

The study results suggest that companies need to strike a delicate balance in finding new ways to evaluate employee performance beyond their particular office presence. From an employee perspective, three-quarters (74%) agree that the shift to a flexible work environment has led to their performance - and not in traditional metrics such as time spent in the office - being evaluated more by their employers. In addition, 79% of employees believe that telecommuting technologies have enabled them to work more efficiently than before. 72% of the companies had to develop new methods to measure employee productivity. These companies achieved the new approach to controlling productivity through the use of performance-based solutions, such as regular meetings with managers to discuss workload (55%), the use of new project management software (47%), and the evaluation of output and agreed-upon outcomes (53%).

Flexible working environments require new measurement methods

But now that immediate employees are not necessarily sitting a few offices away, employers are developing new ways to monitor and quantify employee productivity. Nearly six in 10 employees (57%) understand that their company has had to develop new ways to monitor productivity as it shifts to hybrid work arrangements, but transparency remains critical. A quarter of employees (25%) do not know if their company has implemented systems to monitor productivity on their devices.

"Digital workspace tools enable people to work from anywhere, and our surveys show that employees feel valued and are more confident. A lack of transparency, surreptitious measurement and hidden control can quickly erode employee trust and lead to talented and motivated employees preferring to quit in a highly competitive and challenging skills market," Peter Trawnicek, Country Manager, VMware Austria, commented on the findings.

The number of cyber attacks is on the rise: Companies, authorities and municipalities are affected, but also healthcare facilities such as hospitals. And reports of successful attacks are increasing in Switzerland: just recently, the ICRC was hit by a cyberattack, and companies such as Stadler Rail, Comparis, Griesser Storen and even the municipality of Rolle in Vaud have also been attacked. In Germany, the MediaMarkt electronics retail chain was affected by an extortion attempt with ransomware in November 2021; servers and systems were compromised, which significantly disrupted operations in stores. According to a company spokesperson, the attack was targeted. In 2020, the Uniklinik Düsseldorf and Funke Mediengruppe were victims: in the case of the latter, a phishing email served as the gateway for a ransomware attack. In such an attack, ransomware acts like an "encryption Trojan" by encoding data indissolubly for the user and only releasing it again against payment of a ransom. Since phishing exploits human weaknesses, it is very difficult to prevent with technical solutions. 

A form of social engineering

Phishing is a so-called social engineering attack: it exploits the weaknesses and guilelessness of people. Phishing e-mails make the recipient believe that he or she is under a certain amount of confidentiality or put him or her under pressure. This entices them to click on a link, initiate a process or disclose confidential information. Three types of phishing can be distinguished:

• In the case of CEO fraud, the attackers pretend to hold a high position within the attacked company in order to inspire trust and to use the authority of the hierarchy and the threat of consequences to entice their victim to transfer a large sum of money, for example. The attackers often take a targeted approach and invest a great deal of time in selecting the company and the appropriate recipients. They often have a foot in the door and know how communication works in the target company.
• The same applies to the spear phishing variant: these mails are specifically tailored to the victim or to a certain victim group. The individualization makes it very difficult to recognize such a mail as phishing. Spear phishing is often the initial attack vector for introducing malware into a company.
• Classic phishing often aims to obtain victims' access data to systems and services. However, these e-mails are not tailored to individuals or groups of individuals, but are sent to a broad mass. It may also happen that a recipient does not use the service addressed in the mail.

Phishing is a constant threat

The danger should not be underestimated, as phishing emails are written with sophistication. They no longer feature per se strange and dubious email addresses of the sender or spelling and grammatical errors. In addition, the range of addressees is extremely broad: All employees who communicate with external parties via email are potential victims. Companies are usually affected by CEO fraud or spear phishing and thus by targeted campaigns. It turns out that phishing attempts are particularly frequent among those addressees whose names and email addresses are publicly listed on the company website, for example - usually, they have less pronounced expertise on the subject of malware than members of IT departments. As a result, it is often precisely those employees who are less sensitized to malware who are targeted by attackers. This makes it more likely that they will click on a link or download a contaminated attachment.

The danger for private individuals is that personal and sensitive data is tapped. Malware can also be infiltrated via phishing e-mails, so that the attacker secures permanent system access unnoticed. He moves invisibly in the network and thus obtains the sensitive data.

In companies, phishing emails are frequent gateways for malware such as ransomware. The attackers can gain control of computers, steal victims' identities and use them to launch further attacks. The victim can also be extorted for a ransom with sensitive data. These attacks are very costly for companies: they result in long IT outages, hinder or prevent business, and damage reputations. If malware is infiltrated, industrial espionage can also take place via phishing.

Prevent phishing with simulations

Since phishing is a psychological weapon and targets human behavior, it is difficult to defend against it on a technological level: Spam filters recognize the emails poorly and thus they usually reach the intended recipient. Using the example of a human resources department, it is possible for them to accept applications via a portal and thus bypass gateways via e-mail.

One effective way to defend against phishing is therefore to train employees and raise their awareness. Simulations and regular campaigns can be used to raise awareness, e.g., of possible entry points, and thus minimize the risk of an attack.

Employees are specifically confronted with the danger of phishing under real, but controlled conditions. Simulations of spear phishing, for example, familiarize them with the attackers' tricks without causing any damage. In such a campaign, phishing e-mails are sent out in a company over several hours or days, to all or to individual persons, groups of persons or departments. The company decides whether or not the employees are informed of this or of the duration.

If a recipient now opens one of the campaign mails or even clicks on the link, their behavior is stored anonymously in a database. This is made possible by user-specific links in the mails. A permanent evaluation is carried out over the agreed campaign period, and the results are summarized and processed at the end. This makes it possible to identify which areas or departments are particularly susceptible to phishing e-mails. Countermeasures can then be taken with training and education.

Communication is key here: It is not about assigning blame, but it must be clear that the simulations are used to build up know-how and that it is a learning scenario. It is also possible to educate employees about the phishing simulation directly after they click on a link, or to keep them in the dark for the time being. The latter is a good idea, as otherwise it is easy for word to get around in companies that a simulation is underway, which can distort the results.

Promoting skepticism and awareness with training

Follow-up training can establish processes to raise awareness and maintain skepticism. Sometimes the name of the boss in an email is enough to prompt immediate action - even without thinking. Employees are therefore provided with features to make it easier to recognize whether an e-mail is valid, for example whether the sender's name and provider match. But it is also important to establish a culture of skepticism, i.e., to ask questions, even if an e-mail from a supposed superior is accompanied by an immediate request for action.

It makes sense for employees to take part in a phishing simulation at regular intervals, for example once a quarter or every six months, depending on the company, in order to achieve the greatest effect, keep the training level high and develop a gut feeling for phishing emails. In doing so, the width of the spread can vary and gateways can be trained again directly with tailored campaigns.

Conclusion

Threat scenarios from cyber attacks are expanding, and more and more companies are affected by ransomware attacks that hinder operations and cause immense costs. The gateway is often phishing emails, through which the attackers gain access to systems and sensitive data and can thus blackmail companies. This worst-case scenario can be prevented by raising employee awareness through targeted phishing simulations and training.

Authors:
Leon Hormel is Cyber Defense Consultant at SECUINFRA Falcon Team in Berlin, Tobias Messinger is Senior Cyber Defense Consultant there. https://www.secuinfra.com/de/news/digitale-bedrohung-phishing/

Nationality is playing less and less of a role in the search for capable employees. Workforces are becoming increasingly international and work across different locations and national borders. This poses a number of challenges for HR managers at internationally operating companies. Compliance regulations in HR and workforce management often differ significantly from place to place and can also change at different times. Compliance with these regulations depends on an organization's ability to respond quickly to changes in existing laws and regulations - or even anticipate them - and then implement appropriate actions and adjustments. Five strategic starting points can help get a handle on compliance management in HR. 

Basis for Compliance Management in Human Resources: Effective Data Management System

The foundation for compliance at the international level is the collection of accurate data. To effectively organize HR data and identify gaps in your records, it is recommended to classify data into the following categories:

• Personnel master data: General employee information on age, base salary, place of residence, education and performance.
• Information on salary components: Records of bonuses, benefits and allowances
• Documents: Signed documents such as contractual agreements and other legally binding documents
• Personnel management data: Information on schedules, attendance and absences

The Data storage is another core issue for data integrity. For international operations, manually storing sensitive employee data in multiple locations is too insecure. This is a problem that many organizations face. Not to mention that this type of storage system often makes it nearly impossible to retrieve employee information in a timely manner. Modern cloud technology - for example, as part of an LMS or workforce management system - can increase data security and enable more efficient processes. If the system provides an audit trail of data changes, interventions in the data can be traced in an audit-proof manner. Ideally, such a system should offer configurable functions that can be adapted to a company's processes. In this way, a secure, cross-site data management system can be established that can be accessed by all responsible parties.

Implement a stable workflow process

Establishing an efficient workflow helps consolidate national and international compliance obligations and streamline work at each site. The resulting benefits include:

• Improved coordination and communication between subsidiaries and local support in each country
• Clearly defined roles and responsibilities that help all team members know who is responsible for what tasks
• Ensure work is consistent between global teams and stays on track
• Reduce operational inefficiencies, inconsistencies, and quality issues.

When teams around the world have clear visibility into the compliance status of the organization, they can better manage data and ensure its integrity.

Develop understanding of the laws and regulations of each country

Companies expect foreign organizations to comply with their laws and regulations. Each market has different challenges in doing so. An essential first step in navigating these waters is to understand local regulations.

To do this, first create a list of the domestic laws your organization complies with, and then identify the corresponding laws in your foreign markets. Flag requirements that exist only in those markets. When in doubt, working with a local expert is a good way to ensure you have captured all laws and regulations that relate to operations in that country.

To ensure compliance with all mandates worldwide, you need to understand the area in which your company operates. This means paying attention to local laws and cultures to ensure a deep understanding of what requirements exist and implementing strategies to engage your employees in the process. It also includes keeping an eye on current events and evaluating them in terms of your company's involvement.

Customize compliance training locally to appeal to employees

Managing employees at a global level requires expertise at a local level. When it comes to implementing compliance training, this is the surest way to gain employee buy-in or genuine participation. Organizations should therefore build programs that match local culture, local labor markets, and the needs of local business units.

Modern systems such as learning management systems (LMS) or a new generation of learning management experience platforms (LMXP) help to respond efficiently to training challenges. By systematizing and automating various aspects of training, global standards can be established and a central platform for program implementation is created.

Learning paths for better training adoption and more efficient evaluation

Developing a technical solution is only one piece of the HR and compliance training puzzle. If the process is completely automated, employees often feel they are not being addressed personally and are less motivated. Individualization empowers and makes them feel that their needs are being addressed in their own environment. For this reason, in order to develop global training programs that are well received and meet with genuine engagement, it is important to become familiar with local markets, cultures and employee needs. With an appropriate LMS solution, specialized learning paths can be established to provide employees with optimally tailored training and content based on their job roles and locations.

Also, when it comes to tracking training completion, such learning paths provide a great way to evaluate training success, as both participants and trainers get a clear snapshot of performance. Instead of having to manually combine and analyze data from multiple reports, the tools built into the learning path automatically aggregate data from all training into a single report. This makes the evaluation of employee training much more efficient.

Source and further information on the topics of compliance management in human resources, among others: https://de.sumtotalsystems.com

At its meeting on January 17, 2022, the Search Committee of the Suva Council Committee elected Gianni Roberto Rossi as CEO of Suva Clinics (Clinique romande de réadaptation Sion and Rehaklinik Bellikon). The 54-year-old will assume his new role on July 1, 2022. The appointment takes place as part of the organizational development of Suva Clinics. The aim is to achieve overarching strategic management as well as harmonization of structures. However, both clinics will remain independent and will be managed by a site management.

Well connected personality

Gianni Roberto Rossi has been CEO of Rehaklinik Bellikon since July 2018 and is very familiar with the concerns of Suva clinics, according to a Suva statement. He is well networked in the Swiss healthcare system and has the best professional and human leadership qualities, it said. His multilingualism (Italian, German, French) was also a decisive factor in his selection. Gianni Roberto Rossi holds an Executive Master in Business Administration from the University of Zurich and a Master in Innovation and Management in Public Administrations from the University Tor Vergata in Rome. In 2013, he obtained a Doctor of Philosophy for his research doctorate.

Suva clinics superordinate steering

Gianni Roberto Rossi is married and the father of three children. He is looking forward to his new challenge: "With my entrepreneurial mindset and ethical principles, I feel I am in the right place at Suva Clinics, which have an excellent reputation throughout Switzerland. My goal is to actively shape strategic developments in the rehabilitation market and thus further strengthen the position of the Sion and Bellikon clinics. Together we will successfully shape the future." And Daniel Roscher, member of Suva's Executive Board, comments: "With his sound economic training, his many years of experience in managing rehabilitation clinics and his winning personality, Gianni Roberto Rossi will skilfully steer, develop and lead the business of Suva clinics into the future."

Source: Suva

Awareness of digital risks and the demand for greater digital transparency and reliability are steadily increasing. Digital responsibility and digital trust are among the new requirements for companies to remain competitive. The market leaders of the future are organizations that actively assume digital responsibility. They put theoretical principles and principles into practice. This should be recognizable to users by means of a seal of approval. On the other hand, providers of digital applications can use the Digital Trust Label to declare their digital responsibility systematically and credibly.

The Digital Trust Label was developed in Switzerland with a special emphasis on the user perspective. Thanks to the participatory and inclusive approach, a label was created that offers organizations the unique opportunity to demonstrate their commitment to digital responsibility. It was developed in the November 2021 presented to the public. Now it is definitely launched.

A clear commitment to digital responsibility

The Digital Trust Label shows the trustworthiness of a digital application, such as a website or app, in clear, visual, and non-technical language that anyone can understand. "Similar to the organic label and the nutritional value table for the analog world, the Digital Trust Label serves as a trust mark in the digital world", explains Doris Leuthard, President of the Swiss Digital Initiative Foundation.

The digital applications are tested against 35 criteria in four dimensions: Security, Privacy, Reliability, and Fairness to users, which includes information about the use of automated decision-making processes. The set of criteria was created by a special Label Expert Committee led by the Swiss Federal Institute of Technology Lausanne (EPFL) and further developed based on feedback from several public consultations. The criteria developed serve as the basis for an independent review.

Swiss Re and Swisscom are the first Digital Trust Champions

The first Digital Trust Champions include Swiss Re and Swisscom, which have already gone through the auditing process for a Digital Trust Label and are allowed to use the label for the audited services. Credit Suisse is currently in the auditing process. Another seven companies have already registered for the labeling process and will begin the audit in early 2022: Atos, Booking.com, Cisco, Credit Exchange, Kudelski IoT, UBS Switzerland AG and wefox. "Financial services require greater trust in digital services more than ever. We support and believe in the Digital Trust Label as a driver for greater transparency and accountability," said Moses Ojeisekhoba, Chief Executive Officer Reinsurance and member of the Group Executive Board of Swiss Re. Urs Schaeppi, CEO of Swisscom adds: "The digital world is fast and easy, but also anonymous. Which digital services can I rely on, which provider can I trust, are the questions that are critical to success. Swisscom supports the Digital Trust Label and the underlying independent audit process because it creates transparency and builds trust in the digital world."

Radiation across industry and national borders

The topic of digital trust is also relevant for the banking sector. André Helfenstein Chief Executive Officer Credit Suisse (Switzerland) Ltd.: "Client trust and security are natural cornerstones of Swiss banking and this also applies in the digital world. Credit Suisse supports the piloting of the Digital Trust Label as it increases transparency regarding data flows and security in digital processes."

The Digital Trust Label sees itself as an example of a practical contribution to bring Swiss traditions and values into the digital world and serves as a starting point for a global movement towards digital responsibility. "There is no better place than Geneva to pioneer and test new tools for digital trust and responsibility. A label can be a way to bring together international stakeholders working on this issue and build global consensus," says Benedikt Wechsler, ambassador and head of the Federal Department of Foreign Affairs' Digitization Division. 

Source: Swiss Digital Initiative. More information about the Digital Trust Label

Stress in vocational training: According to the Job Stress Index 2020 from Health Promotion Switzerland (see chart), 42% of young workers aged 16-24 have too few resources to meet workplace demands, 30% are emotionally exhausted, and their risk of occupational accidents is twice as high. The pandemic has exacerbated this trend. Health-related productivity losses, which in this age group are a good 21%¹⁾ are the economic consequence.

Health promotion in vocational training is urgent

The fact that young workers are increasingly affected by emotional exhaustion is not surprising. After all, they are going through intensive developmental steps that affect almost all areas of life. These are also relevant in the cooperation of the learners with the vocational trainers, superiors as well as teachers in the vocational school. The urgency of specifically promoting the mental health of learners is evident from the aspects and figures mentioned.

At the same time, this increases the demands on those responsible for vocational training. Targeted support offers for the health-promoting management of young employees are therefore welcome. A good point of contact for this are, for example, industry associations, the Association of Vocational Trainers or Apprentice. The latter is a comprehensive range of Health Promotion Switzerland For effective mental health support for learners.

A human and economic gain

Companies in whose culture a systematic BGM is practiced have advantages when it comes to the health-promoting management of learners. Kuhn Rikon AG, for example, introduced a holistic health management system as early as 2006. Since 2009, the company has been awarded the label "Friendly Work Space" certified by Health Promotion Switzerland. The leading cookware manufacturer employs around 190 people in Switzerland. Eleven of them are young employees up to the age of 24, which includes a total of three apprentices in business administration and logistics.

In addition to the usual BGM measures, the company offers its learners individual support, for example:

• Personalized support from recruitment to the final examination, tailored to the specific needs and stage of development.
• The probationary period and interview will take place with the parents.
• The integration of learners into the team. For example, they participate in the monthly Continuous Improvement Process (CIP) meeting.
• The team spirit and the encounter of the apprentices among each other are promoted, e.g. by mutual support with preparation tasks of the inter-company courses or common lunch in the staff restaurant.
• Regular exchange between learners, vocational training officers and supervisors that consciously includes current well-being. This also includes giving the young people sufficient time for their leisure activities.
• An open error culture and appreciative interaction strengthen independent work and thus the learners' awareness of their self-responsibility and self-efficacy.

And this is how health-promoting leadership of learners succeeds. Essentially, three dimensions are decisive here²⁾:

1. Self-direction: The vocational trainers promote their own health. They are role models.
2. Contact with learners: The vocational trainers promote the health of the learners in direct, communicative exchange (behavior-oriented perspective).
3. Design of working conditions: The vocational trainers design the tasks of the learners, their goals and their working environment in such a way that they have a health-promoting effect on the learners (condition-related or relationship-oriented perspective).

¹⁾ Source: Health Promotion Switzerland - Job Stress Index Monitoring 2018 according to Galliker et al. 2018b

²⁾ Source: Franke, Vincent & Felfe, 2011

Live chat for vocational trainees

on tobacco consumption - with experts from Addiction Switzerland. January 31, 2022, 1 to 5 p.m. Participate with the FWS Apprentice Experts App.
An event organized by Health Promotion Switzerland.

Almost every day we read in the media about cyberattacks by criminals that cause considerable damage and even lead to production losses. Companies are increasingly afraid of becoming victims of such attacks themselves. This is also shown by the eleventh Allianz Risk Barometer, for which around 2,700 experts in 89 countries and territories worldwide were surveyed on top risks. Respondents included CEOs, risk managers, brokers and insurance experts. For example, cyber incidents are the top risk for businesses worldwide (44 % of responses), business interruption ranked second globally (42 %), while natural catastrophes jumped to third (25%, up from 6th last year). Climate change concerns also made a big leap forward to 6th place (17%), up from 9th place last year). The outbreak of a pandemic, on the other hand, seems to have lost some of its terror, at least in terms of its impact on the economy: it fell out of the top 3 to 4th place (22%). However, the survey took place before the outbreak of the Omikron variant, Allianz spokesman Daniel Aschoff noted in a media briefing. He did not rule out that the result would be somewhat different in view of the current pandemic situation.

Resilience is becoming a competitive factor

Naturally, the risks are assessed somewhat differently depending on the sector. However, it is noticeable that business interruptions were named as the No. 1 risk globally in more than half of the industries surveyed (in 11 out of 20 sectors), while cyber ranked top in "only" five out of twenty industries. "Business disruption is likely to remain the most important risk issue in 2022," said Christoph Müller, CEO of AGCS, summarizing this year's survey. "For most companies, the biggest fear is not being able to manufacture their products or provide their services. In 2021, disruptions occurred on an unprecedented scale, caused by a variety of triggers: Crippling cyberattacks, the impact of numerous climate change-related weather events on the supply chain, and pandemic-related production problems and transportation bottlenecks wreaked havoc. This year promises only a gradual easing of the situation, although further problems related to Covid-19 cannot be ruled out. Building resilience to the many causes of business disruption is increasingly becoming a competitive advantage for companies." According to the Euler Hermes Global Trade Report, further disruptions in the global supply chain are expected to continue into the second half of 2022. 

Top risks in Switzerland: cyber in first place

In Switzerland, the ranking is also dominated by cyber incidents (1st place with 61%) and business interruption (2nd place with 57%). Market changes, for example caused by volatility, increased competition/new competitors, stagnating markets or market fluctuations (25%), follow in third place. According to Allianz, uncertainty at the political level is also likely to play a role here: The lack of a framework agreement with the EU, unresolved problems in connection with Brexit or even monetary policy would lead to a kind of "feeling of powerlessness" in companies, as Christoph Müller explains.

The biggest climber alongside market changes is climate change (5th place with 17 %). New in the top ten ranks of top risks are the shortage of skilled workers, which ranks 7th (12%), as well as concerns about the failure of critical infrastructure (9th place with 11 %) and loss of reputation (9th place with 11 %). Worries about Covid-19 or another pandemic are of significantly less concern to companies than they were in 2021 (6th place with 15%).

New criminal tactics 

In the context of cyber risk, Christoph Müller sees "double extortion tactics" as particularly worrying: Increasingly, cyber criminals are not only limiting themselves to extorting ransoms after data has been encrypted, but are also subsequently threatening to publish sensitive data if payment is not made again. And further, the cyber threat goes hand-in-hand with military threats, as recent events in Ukraine, for example, would show, Mueller said. "Ransomware has become big business for cybercriminals, who are refining their tactics and lowering the barriers to entry - it hardly takes any technical knowledge to carry out an attack, and the relevant tools can be conveniently booked on the web. The commercialization of cybercrime makes it easier to exploit vulnerabilities on a large scale. We will see more attacks on supply chains and critical infrastructure," explains Ivo Heeb, Underwriting Expert Financial Lines at AGCS in Switzerland.

Business interruption: the constant among the top risks

In a year marked by widespread disruption, the extent of vulnerabilities in modern supply chains and production networks is more apparent than ever. In addition to cyber incidents, the impact of companies' increasing reliance on digitalization and the shift of work to remote locations are also important causes. Natural disasters and pandemics are the other two important triggers for business interruption, according to respondents. "The pandemic highlighted the extent of interconnectedness in modern supply chains and how inherently unrelated events can come together to cause widespread outages. For the first time, the resilience of supply chains has been severely tested on a global scale," says Christoph Müller, CEO of AGCS in Switzerland.

The outbreak of a pandemic remains a major concern for companies. In Switzerland, however, as mentioned above, the threat now ranks only 6th among the top risks. Although the Covid 19 crisis continues to overshadow the economic outlook in many sectors, companies believe they are well prepared for it. The majority of respondents (80 %) believe they are adequately or well prepared for a future wave of pandemics. Improving business continuity management is seen as the most important measure that companies are taking.

Source and further information: www.agcs.allianz.com

Robin Setz joined the corporate group in November 2021 and has assumed responsibility for all QM matters for both SVTI Swiss Association for Technical Inspections and Swiss Safety Center AG. He succeeds Dr. Elisabetta Ramsperger-Prati. SVTI is one of the most important Swiss institutions in the field of technical safety inspection. The purpose of the SVTI is the prevention of accidents, malfunctions and damage and the elimination of hazards in the manufacture and operation of technical equipment of all kinds.

Robin Setz is an expert in quality management, project and process management. He brings many years of experience and has worked in a wide variety of project and quality management functions at internationally active companies. Most recently, as Head of Process Management and Quality at an industrial company, he was responsible for setting up and implementing the process and quality management system. His goal is to ensure that the SVTI Group has a modern quality management system that is appreciated and lived by employees, managers, customers and auditors alike.

His part-time job as a lecturer in project and process management at the University of Applied Sciences Graubünden enables him to build a bridge between theory and practice. 

Source and further information: www.svti.ch

Process automation is a central aspect of digital transformation. Because when it comes to organizational change, it offers a number of advantages. Companies that automate highly manual processes quickly and visibly benefit from greater efficiency and speed as well as a lower error rate and workload. Experts see five major trends in this area for 2022.

Trend 1: The triumph of low-code/no-code tools

Low-code or no-code development environments are designed to enable so-called citizen developers - employees with no programming skills - to program small automations for everyday work themselves. Such tools are popular with many users because they offer companies advantages such as scalability, security or simple application deployment. Given the high demand for new applications in companies and the simultaneous persistent shortage of IT specialists, the use of such tools will continue to grow strongly in 2022 - but not where many expect it. 

Trend 2: Citizen-assisted development on the rise

For more than a decade, companies have expected citizen developers, often referred to as power users, to step in instead of IT professionals - but with limited success. This is because power users focus on solving their own problems during application development. This results in applications that cannot be scaled to the entire company and are not designed for long-term growth. Citizen development projects are thus becoming passé: Citizen-assisted development is taking their place.

The two trends mentioned above - the acceptance of low-code/no-code tools by professionals and the decline in citizen development projects - should be viewed together. The result will be the citizen-assisted development approach: a method in which citizen developers and professional developers use the same tools to work hand in hand on the digitization of business processes using rapid prototyping. "This enables companies to develop applications that are tailored precisely to their own needs - and to do so much faster and more purposefully than in Citizen Development projects," says Philipp Erdkönig, Partner Account Manager at WEBCON, the company that identified these five trends. The company itself offers a low-code platform for the automation and management of business processes.

Trend 3: A damper on Robotic Process Automation

Robotic Process Automation (RPA), or robotic process automation in the true sense of the word, does not exist. What RPA vendors are really selling is the automation of individual tasks - not the automation of a broader process. That's not to say this technology won't continue to be very successful; but companies will find they're asking too much of it. In the coming year, we will instead see more of a combination of RPA and digital process automation.

More often we will see, for example, the automation of data capture or data retrieval in or from legacy IT systems or other information sources using RPAs that do not have any interfaces. This data is then further processed as part of a digitized and thus transparent and efficient business process.

Trend 4: Content management as part of process automation 

Many companies will also rethink the area of content management. For too long, users have been under the misapprehension that it is enough to make content shareable and accessible by centralizing and organizing it. However, this will not achieve true real-time collaboration or true digital transformation. Rather, content should be used as part of a larger process management and automation initiative. In addition to the authorization management and versioning of documents, they should also be made available in the context of business processes, or created and edited accordingly in the course of a process - because documents and other types of content such as tables, technical drawings, etc. are an important part of almost all processes in a company. 

Trend 5: The waterfall model remains

In the waterfall model, software development is supposed to take place in a series of sequential steps, each completed. However, this methodology is now antiquated - especially in light of today's agile development methodologies. These focus more on the continuous delivery of software in rapid iterations and lead to faster results. Some companies are already embracing this type of development in many places. "However, as long as companies hire external consultants and agree on projects at fixed prices, with fixed durations, the waterfall model will unfortunately continue to be used in the foreseeable future - which will have a negative impact on process automation. After all, processes are constantly evolving. So it's better to implement and continuously refine a process automation solution than to treat it as a one-off project that won't be touched after completion," adds Erdkönig.

Process automation no longer imaginable without

"Depending on the industry, companies will adapt the trends at different speeds. But one thing is clear: 2022 will be dominated by process automation - no organization will be able to imagine life without it. This is the only way they will remain viable in the long term in disruptive times like these," concludes Erdkönig.

Source: WEBCON

A new study by the Lucerne University of Applied Sciences and Arts shows: Management of data quality and quantity is also a highly relevant topic in banking. At the same time, many banks state that they do not comment on this topic because this would reveal too much about their business activities. The study was conducted by the Institute of Financial Services Zug IFZ together with BSI (Business Systems Integration AG), Dun&Bradstreet as well as Finnova and msg GillardonBSM. It examined how well banks are prepared for the upcoming challenges in customer management and the upcoming leap in technology. The study analyzed the connection between data management and the resulting opportunities to increase the business success of banks in a sustainable and automated way. It also aims to elicit the challenges and opportunities for banks that arise from qualitatively and quantitatively excellent data management. To this end, the researchers surveyed the largest 70 banks in the DACH region from May 2021 to September 2021.

High data quality and quantity: benefits show up with a delay

"If we look at the size of the participating banks, we see that small and very large banks in particular maintain dedicated teams for customer master data management," notes Nils Hafner, author of the study and lecturer in customer management at the Institute of Financial Services Zug IFZ at the Lucerne University of Applied Sciences and Arts. This could be due to the fact that medium-sized institutions in particular do not yet see the need for consistent data-based management of the customer base as a success factor. The same applies to anchoring master data management in the corporate strategy. "Since the specific benefits of high data quantity and quality only become apparent over time, we assume that banks in the DACH region are just beginning to understand fundamental connections between knowledge in the form of data and skill in the form of successful campaigns," says the study leader.

Data management as part of the business model

When it comes to deriving concrete recommendations for banking institutions from this study, these are not necessarily based on developments within the industry. Particularly in the context of participating in and shaping ecosystems, banks are often not in the position of the orchestrator of such an ecosystem, as the study authors note. These are often shaped by industries closer to the customer, such as retail. Drawing from this, the study recommends that banks increase their knowledge of how to collect, store and analyze key customer data categories. This means in detail:

1. Banks should think about the strategic importance of customer knowledge and thus about the collection, storage and analysis of customer master data for their own business model. This includes an analysis of the current situation, i.e., a customer data quality assessment, and the derivation of measures to increase the quantity and bring the data quality to an acceptable level. Essential here is the formulation of strategic principles for data management, such as the requirement for a complete 360° customer view, the principle of error-free recording "first time right," the establishment of a "single source of truth" or the "golden record," and the idea of "zero maintenance" through a high degree of automation in the quality management of the customer master data.
2. Particularly in the context of the first principle of a complete 360° customer view, it is important to abandon traditional priorities in the touchpoint and channel view of financial institutions. The study clearly shows here that banks still distinguish between the "physical customer" via telephone and branch and the "online customer on the net". However, a holistic customer view can only be established if the "classic-physical" observation of customer behavior is supplemented with the "digital" click behavior of customers in e-mail campaigns or on the net. Only in this way can the interests of the clientele be analyzed holistically.
3. Overall, financial institutions must become faster and better at understanding the lives of their customers. Compared to the insurance industry or retail trade, they are often not in a position to identify and react to changes in their customers' lives in real time and in a fully automated manner. As a result, they are also unable to analyze and leverage customer potential for cross- and up-selling in the medium term. However, if the other sectors mentioned above succeed in doing this, they will take some of the business volume away from the traditional banks.

Finally, it can be stated that banks are still at a surprisingly low level of maturity in customer data management and should urgently develop accordingly if they want to be successful in competition in an increasingly digitalized world.

Source and further information: Lucerne University

The company ownCloud, a specialist for digitally sovereign and secure data storage, sees five central trends for IT security coming our way in the next year. With them, companies and authorities are responding to new challenges and old familiar threats.

1. Companies are rethinking their cloud strategies in terms of digital sovereignty. More and more organizations want to regain their digital sovereignty. That is why they are looking for alternative solutions to the public cloud, especially for software that stores and processes personal data. There is a demand for solutions that can be operated in private cloud environments without compromising user-friendliness and functionality - whether in the organization's own data center or with trusted and certified European service providers.
2. Open standard procedures simplify user authentication. Companies have been using single sign-on and multifactor authentication to authenticate their employees for some time now. Instead of in-house developments, they will increasingly rely on established open standard processes in the future to make their work easier. These include the Open ID Connect standard, which enables an uncomplicated connection to external identity providers such as Keycloak, Ping Federate, ADFS, Azure AD or Kopano Konnect.
3. Organizations are also increasingly encrypting "data at rest." In response to rising security threats and increasing mobile and remote working, more and more companies are adopting zero-trust approaches. In doing so, they are now increasingly restricting the access of their administrators by encrypting data not only on its transmission paths, but also in its stored state on their servers. Access by administrators can be prevented with procedures that store master keys in a hardware security module.
4. Audit solutions support IT security at the application level. An important component of zero-trust approaches is also threat defense at the application level. Companies will increasingly rely on audit trails for this purpose. To enable comprehensive auditing, many applications now record all data accesses and actions. These logs also form an ideal basis for comprehensive monitoring. This is even more true if they can be transferred to professional SIEM solutions that can detect potentially dangerous patterns with machine learning algorithms. 
5. Companies position file sharing against ransomware. In the fight against the growing threat of ransomware, organizations will increasingly rely on file-sharing solutions. After all, the centralized data storage of these systems makes them the ideal platform for defending against such attacks. For example, they can prevent the upload of files with ransomware-typical extensions, automatically block user accounts affected by conspicuous file changes, or reset affected files to their state immediately before the attack.

"In view of the unabated growth in threats, the topics of data protection and security are becoming even more explosive," says Klaas Freitag, CTO at ownCloud. "Companies are also taking unusual approaches and, for example, using systems that do not originate from the actual IT security environment, but whose specific strengths can offer particularly good protection against ransomware attacks.

Source: ownCloud

A large medical technology manufacturer in Germany is now using a scattered light measuring device for surface inspection. The company, which does not wish to be named, manufactures in particular medical products for surgery, such as hip joint implants, for which quality is a top priority. For this purpose, the first such device from OptoSurf was purchased back in 2008, an OptoSurf OS 500. A second followed in 2012. "The decisive factor for investing in our products was the USP's that it offers," reports OptoSurf Managing Director Dr. Rainer Brodmann, listing: "For example, non-contact measurements are made of the entire surface, not just of cutouts, and both polishing quality and defects are detected. The geometry/shape measurements and the short cycle times are also impressive."

Scattered light measuring machine replaces coordinate measuring machine

The scattered light measuring device is used in the last work step in production, directly before packaging in the clean room. In this environment, the goal of the OS 500 is to move away from the visual 'good/bad' evaluation to a traceable measurement. In the past, a visual inspection of the highly polished surfaces was also carried out by two independent persons. However, this was very tiring for humans, so there was a significant risk in terms of reliability in defect detection. With the OptoSurf system, it was also possible to replace the time-consuming tactile form measurement with a coordinate measuring machine with optical form measurement.

Surface quality as a critical factor

The surface of a prosthesis head is of great importance in the manufacture of artificial hip joints. It should have an ideal spherical shape, no scratches or other defects and the roughness should be in the range of a few nanometers. Excessive roughness of the polished ball and even the slightest deviations in the macrogeometry lead to increased wear. Even the finest scratches can significantly promote abrasion. These substances penetrating the body are potential allergy and disease triggers.

The scattered light measuring machine from OptoSurf is capable of measuring the entire surface of the prosthetic head in the range of seconds. The measuring machine consists of a swivel and rotation module that guides the scattered light sensor over the surface, recording 2,000 measurements per second. Comparative measurements with a confocal microscope have demonstrated that the scattered light sensor can be used to repeatably measure the finest polishing quality differences in the nanometer range and scratches that are no longer visible to the eye. Shape deviations above the pole and equator are detected with an accuracy of < 0.2 μm.

Measurement according to ISO 17025

The roughness and form measurement with the scattered light technique is a traceable measuring method, which is secured with standards and ISO 17025 certificates. Both metal and ceramic heads can be measured. "In addition, in the first step we further developed the OS 500 based on the customer's extensive requirements profile. This was followed by various subsequent technical as well as normative requirements, which we also implemented," summarizes Dr. Rainer Brodmann. "After we fulfilled all the wishes of the medical technology manufacturer, the result is absolutely impressive: A significant increase in productivity thanks to our scattered light measuring device."

Source and further information: OptoSurf GmbH