The Importance of Project Benchmarking in Security Programs

Benchmarking is an important element of a security program that helps demonstrate the value of future state needs and recommendations. It is a process used to compile, interpret and present data that will help customers plan, select and deliver projects that best meet their specific needs.

Part 1: What and Why

In part one of this two-part series, we discuss what benchmarking is and why it is important.

Benchmarking ABCs

Project benchmarking is focused on measuring specific indicators against the market and industry trends. Maintaining this data to create an organized database is part of taking a strategic approach to make decisions that are best for an organization.

Benchmarking can be key to project success with respect to efficiency, cost-effectiveness, being highly customer-centric, and more. In general terms, it embraces the value of data collection and comparison against a standard rather than isolated decision-making.

Without benchmarking, organizations are making somewhat uniform decisions that may or may not be supported by best practices and market trends. When benchmarking is used, decisions can be made based on comfort, safety, and credibility, with justification in place for desired elements.

Successes resulting from the use of benchmarking may include:

An upgrade project being approved after an initial rejection—once benchmarking data was presented
A video upgrade being approved after benchmarking combined with metrics provided the necessary justification
The creation of a security steering committee after benchmarking successfully justified it

In addition, benchmarking can prompt important internal discussions and provide the foundation for a specifically requested item in a master plan.

To get started, it is necessary to determine end users’ expectations with respect to presentation and information and then select the most appropriate benchmarking data that is available.

End User Expectations

End users are often most interested in where they stand versus their peers as they enter the decision-making process. Typically, their expectations for benchmarking fall into two buckets: presentation and information.

Presentations must reflect the outcome of the benchmark, rather than the data, and they must be:

Concise and direct
Intuitive and easy to use
Illustrative and impactful

This means utilizing visual elements like bar graphs and pie charts rather than clunky charts that are difficult to understand.

The information provided via benchmarking must:

Be relevant to the organization’s environment, size or other characteristics that make the measurements meaningful
Demonstrate the organization’s relative position within the information presented
Lead to a proposed outcome
Be clearly supported by quality data

It is critical to ensure comparisons are apples to apples, i.e., organizations with similar footprints and challenges, and consider that a ‘win’ can occur even by validating the organization’s current state.

Available Benchmarking Data

Anonymous client data can and should be used for benchmarking unless all participants approve. Information that has been consolidated into a single, filtered master database. Data points available may include:

Type of end users and physical portfolio
Technology systems and peripherals
Policies and procedures
Governance and staffing

Types of end user benchmarks fall into two classifications: type of benchmark and data within the benchmark. What is important to remember is that one end user may fall into multiple types of benchmarks. Depending on the characteristics of the organization several of the following may apply: :

Financial and Government
Campus and High Rise
Suburban and Urban
Multi-tenant and Sole Occupant
Enterprise and Single Building

In addition, if that client converted from one benchmark (Suburban/Campus) to another (Urban/High Rise), it creates another type of benchmark reflecting its transformational story.

Creative thinking is required to come up with appropriate benchmarks. This may include identifying multiple data sources, looking at the total environment of the end-user, and determining what data points can create the right insights. It’s also important to address the six basic concepts that will inform a benchmarking effort: audience, needs, risks, executive order, comparison, and sources.

We’ll get deeper into this in the second part of this blog post, when we focus on data interpretation and data presentation and also present conclusions/takeaways regarding the project benchmarking process.

Part 2: Data Interpretation and Presentation

Data Interpretation

The best way to explain a solid approach to data interpretation is to showcase how we did it for a client. We have chosen a university whose project had a variety of program elements:

Security Systems

Access Control
Video Management
Visitor Management
Key Management

Communication Systems

Mass Notification
Emergency Phones
Global Security Operations Center (GSOC)
Network Infrastructure

Policy Controls

Security Policies & Standards
Credential Issuance
Organizational Analysis
Visitor Management

For each of those elements, we drilled down to identify specific needs. For instance, under Emergency Phones, we cited uniform platform, standardized location and infrastructure, technology profile for each station, and integration with mass notification.

Focusing on the six basic concepts informing our benchmarking effort, we came to these conclusions:

Audience: University Police
Needs: Gap Analysis, Best Practices
Risks: Legacy Systems, Standalone
Executive Order: Steering Committee
Comparison: Universities
Sources: Universities, Enterprise

Thus, the program implementation roadmap looked like this:

Current State—> Assessment—> Best Practices—> Gap Analysis—> Risk Profile—>Tactical Roadmap—> Future State

Benchmarking came into play for the middle segment: best practices, gap analysis, and risk profile. We created a matrix that included the university’s concerns as well as those of our comparison group, universities. Then we moved on to one of our differentiators.

To answer the question of whether a benchmark would justify the program, we did more than simply look at survey results, which are not informed data. We took one question and turned it into nine specific questions that would result in the informed data we needed for this client. For example, instead of merely asking about the current staffing level, we added questions about whether the physical security organization was consolidated under one entity, if there is an alarm monitoring center if private security officers are used, and more.

Finally, we looked at whether the comparisons were relevant in areas such as access control and video. We focused on legacy, contemporary, non-enterprise, and enterprise for both areas, and added IP, analog, and hybrid for the latter.

The result of all this work was a significant amount of data that we needed to present to the client in a succinct and understandable way.

Data Presentation

If we had chosen to merely share the data repositories we created with the client, they would not have benefited from our analysis and insights. Instead, we chose to use tools such as graphs and charts, percentages, and comparisons that are in keeping with the following dos and don’ts:

Don’t inundate with data
Do be concise
Do illustrate and visualize
Do identify the market and industry
Do be able to explain

Our final issuance was a series of bar charts that simply reflected all the data we had collected, making it easy for our client to digest. We were available to answer questions and provide additional details as necessary to explain what they were seeing.

The Takeaways

After many years of benchmarking experience, these four keys to success have become evident:

One size does not fit all.
Data repository is for collection and internal use only, not presentation.
Identify the right benchmarking metrics before going to the data.
Leverage the diverse nature of data sources and end user points.

And perhaps most importantly, it is critical to remember that the audience has never seen this data before, so it is necessary to explain and elaborate to ensure they understand its significance to their decision-making.

Our expert team at Atriade has used benchmarking to help countless organizations make decisions about their security system needs. Contact us if you would like to discuss your situation.

About Atriade

Atriade Atriade has worked on over 500+ projects, in 60+ industries, in 30+ countries. If you are ready to get expert assistance in creating your governance plan that will set you apart from your competitors, we are here to help. Our management team carries a lifetime of experience in all areas of Physical Security and Electronic Security that we are ready to put to work for your unique business and team.

Visit us online at Atriade.com

Connect with us on LinkedIn

Subscribe to our LinkedIn Newsletter: Take A Risk

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.