down and meet with someone?
Tracy McPike: That is Kirsten Jackson. We are now hiring ISOS. [The
decision to hire a risk management
provider] came from travel. We collaborated with our HR department,
our law department. All three of us
in risk management were there. Our
security facilities director was there.
Kathy, what about at NetApp?
Kathy Rust: Our risk management
team and travel team and safety and
security all work hand in hand. Risk
management actually owns the relationship with ISOS. We collaborate in
addressing issues and coming up with
policy and direction to travelers. Travel
generally facilitates the messaging to
travelers and to our TMC, while a lot of
decisions are made by risk management, legal, HR and so forth.
It’s always been that way?
Rust: I’ve been at NetApp for seven
years. When I started, risk management actually was a part of safety
and security. Over time, risk management got split off and travel got split
off, but the three have continued to
stay in good touch and collaborate
It sounds like for everyone here,
the travel management and risk
management roles are making
decisions together or consulting
each other. What prompted these
Shumate: March 22 in London was
a really great moment to emphasize
that we needed some protocol in
place. The head of security and I
said, “OK, the next time something
happens, you and I must be on the
phone with each other immediately.
The rest of this team—we need to
coalesce so that then we can build
our plan from there.” But to set up
protocols to severity levels—what
do we do when it’s extreme versus
something that’s not so extreme—
we’re back at Step One to build the
program and the integrations and
when do we need ISOS to support us
and all that kind of stuff. Sounds like
we’ve all come through that evolution.
Ruggiero: Oh yeah.
Rust: We have always worked together,
but we have had incidents happen in
the seven years that have underscored
the need to refine processes. A few
weeks after I started, we had the [Icelan-dic] volcano ash cloud incident [that
disrupted air travel in Europe for six
days], and that forced us into collaborating with [our risk provider] to find all
our travelers and get them home safely,
and so we improved our processes after
that. And then when the tsunami hit in
Japan and we had to look at continuity of business and the risk to our
employees in Japan, we worked with
risk management and put in protocols
that continue to this day. We’re getting
better and better over the years, and
that has taken a concerted effort.
Mauro, you oversee both travel
and risk at MIsys. How did that
come to be?
Ruggiero: When we started with the
integration of ISOS, we knew it was important to get the bookings into their
systems, make sure the data we were
transferring was accurate. We don’t run
a big shop—it’s really just me and one
other person based in Dublin—so we
took it over because we were going
to be able to control it. Now, we have
pre-travel emails that go out from ISOS
if a country [has a risk rating of] 3 or
higher. The TMC will not be allowed to
book travel to certain countries, so it
comes to our team and then we basically dive in and make sure that the
traveler is aware of the dos and don’ts
and give them the information via ISOS.
It just made sense to all be handled by
the travel team.
How about working with HR? Any
Ruggiero: They don’t really understand
travel, and then on top of it they don’t
always understand risk. Most of the time,
we have HR involved only if it’s a long-
term assignment. We try to keep them
out of it as much as we can. You get
mixed messages going back and forth
to the travelers, so we try to have the
travel team deal with the majority of it.
Shumate: HR here was referring to
travel risk and the partnership with
ISOS as a benefit. They weren’t really
thinking that travel needed to be
involved because it was really just a
voluntary benefit [for the travelers to
be] able to get the alerts or to travel
with that card and the phone numbers. I came into the conversation
[to help them realize] that the data
was coming from the travel side and
that in any one of these instances,
it would be our TMC partner who
should be working with the travelers
to then assure that we can reposition
and get them back when their initial
itineraries are disrupted. There [can
be] a misperception that ISOS would
take care of it. They will if that’s part
of your relationship with ISOS, but it’s
probably not the most expedient.
Gallagher: The data quality has to be
prioritized. Risk managers and security personnel, travel personnel have
done a lot here in the United States
of helping organizations understand
what their duty to care for their employees actually entails. The liability
that a company takes on when it
deploys personnel for business travel
is a very real thing. I work for an insurance company. We hedge bets for a
living, and that’s the approach that
we took. It was a risk-based financial
approach to getting this organization
to prioritize these things, which led
groups like HR to prioritize things like
data quality that we rely on for our
travel management systems.
Any other ways that you guys
interact with your counterparts?
Gallagher: I hate to plug this, but:
utilizing risk and their expertise to
ensure you’re purchasing the right
[insurance] coverages with the right
services for your organization. That
gives you an ability to build an infrastructure and policy around it.