Social Organization Design: The CIA Framework

This is an acronym for three essential things to maintain in a human system. It also serves as a guide to defining responsibilities and the kinds of actions and interactions that should describe a ‘good’ working system.

CIA, here, isn’t for the Central Intelligence Agency, rather it’s an acronym for Confidentiality, Integrity, and Availability. Three words that characterise and/or are fundamental in human relations, risk management, and organisation design. CIA represents a framework for principle centered design and decision making, particularly as it relates to human social systems.

All business organization is social because business is a social activity. Even the one man business has to relate with customers. In fact many businesses factor in the customer in their organisation design by defining rules, explicitly or otherwise, for the customers to follow. The understanding and correct treatment of the customer as an essential part of the social organisation of a business makes the business appear more responsive (in general) to their customers.

Think about the rules you might have been taught (or learned ) to follow by (or because of) the people and businesses you relate with.

In the ‘business’ of the marriage relationship, the husband and wife would have to maintain each other’s confidentiality since many things between them are for their ears/lives only. Each one keeps a personal integrity and helps the other with keeping theirs to ensure they both maintain their marital and family integrity. Also, they’d both ensure their availability, physical and otherwise, to each other. Hence, considerations of CIA affects when, how, and why they relate in different situations relevant to the context of marriage.

Picture the stereotypical three-girl group of (TV) friends in their friendship; that close-knit all female clique with passionate-cum-fearsome loyalty to one another, to their gang, and to certain ideals. CIA is implicit in their actions and interactions.

With reference to Information Technology (IT), system and data confidentiality, integrity, and availability (CIA) drive some business policies and practices. We can see how redundant systems, and the frequency, types, and location of backups support system integrity and availability. Also, it’s obvious how encryption, certificate authorities, user/login authentication etc promote confidentiality and integrity. Control processes and monitoring systems are there to ensure adequate confidentiality, integrity and availability are maintained.

So, with CIA, and adequate background knowledge or experience, one could write an IT policy document in about an hour, or, say, for operations at a tranport terminal …. And since IT policy is essentially risk management, the CIA criteria that drive it could also be used to drive risk management in other areas.

The use of CIA in the context of risk management necessarily runs on the assumption that the person, interaction (man-man, man-machine, machine-machine), or machine can be compromised or may act undesirably. Its output would thus try to achieve the implementation of systems/structures to guarantee—if at all possible—the acceptable behaviour. It would seek to minimize weaknesses and threats and/or maximize strengths and opportunities. In all this, the underlying assumptions matter greatly. And this is perhaps where experience or domain expertise matters most.

Because human systems are everywhere and exist in various contexts; because man, and man-made systems may fail; and because potentially influential interacting systems exist or may be encountered, we innately or explicitly perform risk management. To be truly conscious of this is to be conscious of our assumptions.

The wisdom of the separation of powers in government and governance is first in the need to preserve the integrity of the constitution. That a judiciary, legislature, and executive, are independent, and are not concentrated in one person, is deemed generally sufficient (as assumed) to mitigate the risk of elected leaders letting loose an inner tyrant or thief or fool over the nation. It hasn’t always worked, but it is good design. It doesn’t seem to work well every time, but the design works.

Designed organizations, whether consciously so or not, are everywhere. Recognizing this, we may see a place for us to act so that the system functions ‘better’. Looking around, we may come to see CIA as the basis of the decision making or operation structure of the Mafias, intelligence agencies, secret societies, sororities, fraternities, the Roman Catholic Church institution, G8 meetings, Bin Ladin and company, Harvard admissions etc—basically every company, institution or group. The good use of it is implicit in all-human sub-systems that survive the long walk.