In my last blog, I talked about the role of the Baldrige Excellence Framework and Criteria for Performance Excellence in enabling organizations of all kinds to achieve sustainable high performance. As I stated, a critical factor in this is the ongoing process of keeping the Baldrige Criteria at the leading edge of validated leadership and performance practices. Through significant and intentional evolution over 29 years, today the Baldrige Excellence Framework offers organizations of all kinds a nonprescriptive leadership and management guide that facilitates a systems approach to achieving organization-wide excellence.
As the Baldrige framework and the Criteria evolve to remain relevant and effective, they must balance two important considerations. On the one hand, the Criteria need to reflect a national standard for performance excellence. They need to serve as a tool for educating organizations in all aspects of establishing an integrated performance management system that effectively considers and addresses internal and external stakeholder needs and expectations. On the other hand, the Criteria need to be accessible and user-friendly for a variety of organizations at varying levels of maturity.
To strike this balance, changes reflected in the 2017–2018 Baldrige Excellence Framework focus on strengthening two areas of growing importance to organizations’ long-term success (cybersecurity and enterprise risk management, or ERM) and on making the Criteria more logical from the users’ perspective.
There were an estimated 300 million cyberattacks in 2015—only 90 million of which were detected—and attacks are increasing at an annual rate of approximately 40 percent. For organizations of all kinds, managing and reducing cyber risks to data, information, and systems have become a necessity.
The Baldrige Criteria have addressed the security of information systems and the confidentiality of information since 2001. In the 2017–2018 revision, Criteria requirements and notes now reflect the growing importance of protecting against the loss of sensitive information about employees, customers, and organizations; protecting intellectual property; and protecting against the financial, legal, and reputational aspects of breaches. Just consider the immediate and potential long-term impact of the recent disclosure that 1 billion Yahoo email accounts were compromised in 2013, along with another 500 million in 2014.
Enterprise Risk Management (ERM)
No organization is risk-free. Intelligent risk management requires your organization to decide when and how to take and manage risks. These decisions can mean the difference between extinction, survival, or role-model performance. The Baldrige framework—through its systems perspective—has long addressed ERM. The future competitive advantage that will flow from good ERM is based on holistically addressing risk and taking actions—including pursuing intelligent risks—as part of an organization’s overall strategic approach to managing its performance.
In the latest revision, some Criteria requirements and notes now highlight (1) that risk is inherent in everything organizations do, and (2) that the challenge is to balance the level of risk taken with the organization’s sustainability and opportunities for innovation.
To make the Criteria more accessible and logical from users’ perspective, we have simplified several Criteria items, and some requirements have been moved, removed, or changed in wording to aid readers’ understanding.
For those who are newer users of the Baldrige Criteria, the Baldrige Program last year published an abridged version of the Baldrige framework for the first time. Called the Baldrige Excellence Builder, this resource consists of the most important questions for organizations seeking to improve their performance. A new Baldrige Excellence Builder based on the 2017–2018 Baldrige Excellence Framework will be available in late January (PDF) and mid- to late February (for printed copies). In addition, for an assessment tool targeted at your organization’s cybersecurity risk management efforts, download the Baldrige Cybersecurity Excellence Builder.
The 2017–2018 Baldrige Excellence Framework is available now. The sector-specific versions for health care and education organizations will be available in mid-January 2017.