The Importance of Project Benchmarking in Security Programs
Benchmarking is an important element of a security program that helps demonstrate the value of future state needs and recommendations. It is a process used to compile, interpret and present data that will help customers plan, select and deliver projects that best meet their specific needs.
Part 1: What and Why
In part one of this two-part series, we discuss what benchmarking is and why it is important.
Project benchmarking is focused on measuring specific indicators against the market and industry trends. Maintaining this data to create an organized database is part of taking a strategic approach to make decisions that are best for an organization.
Benchmarking can be key to project success with respect to efficiency, cost-effectiveness, being highly customer-centric, and more. In general terms, it embraces the value of data collection and comparison against a standard rather than isolated decision-making.
Without benchmarking, organizations are making somewhat uniform decisions that may or may not be supported by best practices and market trends. When benchmarking is used, decisions can be made based on comfort, safety, and credibility, with justification in place for desired elements.
Successes resulting from the use of benchmarking may include:
- An upgrade project being approved after an initial rejection—once benchmarking data was presented
- A video upgrade being approved after benchmarking combined with metrics provided the necessary justification
- The creation of a security steering committee after benchmarking successfully justified it
In addition, benchmarking can prompt important internal discussions and provide the foundation for a specifically requested item in a master plan.
To get started, it is necessary to determine end users’ expectations with respect to presentation and information and then select the most appropriate benchmarking data that is available.
End User Expectations
End users are often most interested in where they stand versus their peers as they enter the decision-making process. Typically, their expectations for benchmarking fall into two buckets: presentation and information.
Presentations must reflect the outcome of the benchmark, rather than the data, and they must be:
- Concise and direct
- Intuitive and easy to use
- Illustrative and impactful
This means utilizing visual elements like bar graphs and pie charts rather than clunky charts that are difficult to understand.
The information provided via benchmarking must:
- Be relevant to the organization’s environment, size or other characteristics that make the measurements meaningful
- Demonstrate the organization’s relative position within the information presented
- Lead to a proposed outcome
- Be clearly supported by quality data
It is critical to ensure comparisons are apples to apples, i.e., organizations with similar footprints and challenges, and consider that a ‘win’ can occur even by validating the organization’s current state.
Available Benchmarking Data
Anonymous client data can and should be used for benchmarking unless all participants approve. Information that has been consolidated into a single, filtered master database. Data points available may include:
- Type of end users and physical portfolio
- Technology systems and peripherals
- Policies and procedures
- Governance and staffing
Types of end user benchmarks fall into two classifications: type of benchmark and data within the benchmark. What is important to remember is that one end user may fall into multiple types of benchmarks. Depending on the characteristics of the organization several of the following may apply: :
- Financial and Government
- Campus and High Rise
- Suburban and Urban
- Multi-tenant and Sole Occupant
- Enterprise and Single Building
In addition, if that client converted from one benchmark (Suburban/Campus) to another (Urban/High Rise), it creates another type of benchmark reflecting its transformational story.
Creative thinking is required to come up with appropriate benchmarks. This may include identifying multiple data sources, looking at the total environment of the end-user, and determining what data points can create the right insights. It’s also important to address the six basic concepts that will inform a benchmarking effort: audience, needs, risks, executive order, comparison, and sources.
We’ll get deeper into this in the second part of this blog post, when we focus on data interpretation and data presentation and also present conclusions/takeaways regarding the project benchmarking process.
Part 2: Data Interpretation and Presentation
The best way to explain a solid approach to data interpretation is to showcase how we did it for a client. We have chosen a university whose project had a variety of program elements:
- Access Control
- Video Management
- Visitor Management
- Key Management
- Mass Notification
- Emergency Phones
- Global Security Operations Center (GSOC)
- Network Infrastructure
- Security Policies & Standards
- Credential Issuance
- Organizational Analysis
- Visitor Management
For each of those elements, we drilled down to identify specific needs. For instance, under Emergency Phones, we cited uniform platform, standardized location and infrastructure, technology profile for each station, and integration with mass notification.
Focusing on the six basic concepts informing our benchmarking effort, we came to these conclusions:
- Audience: University Police
- Needs: Gap Analysis, Best Practices
- Risks: Legacy Systems, Standalone
- Executive Order: Steering Committee
- Comparison: Universities
- Sources: Universities, Enterprise
Thus, the program implementation roadmap looked like this:
Current State—> Assessment—> Best Practices—> Gap Analysis—> Risk Profile—>Tactical Roadmap—> Future State
Benchmarking came into play for the middle segment: best practices, gap analysis, and risk profile. We created a matrix that included the university’s concerns as well as those of our comparison group, universities. Then we moved on to one of our differentiators.
To answer the question of whether a benchmark would justify the program, we did more than simply look at survey results, which are not informed data. We took one question and turned it into nine specific questions that would result in the informed data we needed for this client. For example, instead of merely asking about the current staffing level, we added questions about whether the physical security organization was consolidated under one entity, if there is an alarm monitoring center if private security officers are used, and more.
Finally, we looked at whether the comparisons were relevant in areas such as access control and video. We focused on legacy, contemporary, non-enterprise, and enterprise for both areas, and added IP, analog, and hybrid for the latter.
The result of all this work was a significant amount of data that we needed to present to the client in a succinct and understandable way.
If we had chosen to merely share the data repositories we created with the client, they would not have benefited from our analysis and insights. Instead, we chose to use tools such as graphs and charts, percentages, and comparisons that are in keeping with the following dos and don’ts:
- Don’t inundate with data
- Do be concise
- Do illustrate and visualize
- Do identify the market and industry
- Do be able to explain
Our final issuance was a series of bar charts that simply reflected all the data we had collected, making it easy for our client to digest. We were available to answer questions and provide additional details as necessary to explain what they were seeing.
After many years of benchmarking experience, these four keys to success have become evident:
- One size does not fit all.
- Data repository is for collection and internal use only, not presentation.
- Identify the right benchmarking metrics before going to the data.
- Leverage the diverse nature of data sources and end user points.
And perhaps most importantly, it is critical to remember that the audience has never seen this data before, so it is necessary to explain and elaborate to ensure they understand its significance to their decision-making.
Our expert team at Atriade has used benchmarking to help countless organizations make decisions about their security system needs. Contact us if you would like to discuss your situation.
Atriade provides customized and physical security services throughout the USA. Our services help enterprises meet compliance requirements and raise security standards. We have been designing and executing electronic security solutions for businesses of all sizes. Although in the 21st-century, security challenges and complexities are growing, however, our plan remains the same to protect our clients against physical security risks and threats that cause harm. For continued engagement, follow us on our LinkedIn.