The Role of People, Process and Technology in Security Program Management
Success of a security program relies on striking the right balance between the robustness of the organization’s processes, the skillset diversity of its people, and the proper selection of supporting technologies.
What are some of the best practices behind the people, process, technology balance and how can you apply them to your own organization? Here is a roadmap:
People are the core to any business or organization – and they are where your program organization should begin as well. Start with an audit of the existing status quo to ensure that your governance is in alignment:
- Vetted and set up correctly
- Assigned to the correct personnel
- Connected with the correct privileges
Once the initial audit is complete then the next step is to develop your governance as a tool of your wider program strategy.
Good governance programs are both cross-functional and collaborative. It is important to be aware of the larger organizational culture and goals. Most important to success is that any governance plan be supported and championed by leadership.
Your governance plan should include:
- Industry best practices customized for your unique organization
- Institutional knowledge at every level
- Clear and concise policies
- Physical space parameters
- Technology solutions and details
- A communication and problem resolution section
- An upstream and downstream engagement plan for program buy-in
The execution of the program governance is dependent on assigning roles appropriated resources to each element and stage of the program. Identify your leadership, decision making, management, supervision, administration, support and operation roles. Assign responsibilities and accountabilities to each role. This facilitates an efficient process in building the right skillsets for your organization, and adds a true best-in-class dimension to the security team.
A strong communication and escalation plan is the final step in cementing the governance of your organization. The plan should incorporate policies around decision making, business case driver, day to day operations, escalation to leadership, and feedback loops.
Central to the communication plan is both upstream engagement with leadership and downstream engagement with staff. The feedback process is central to this engagement and ensures longevity and sustainability of the people governance plan.
As in your governance plan, cross functional buy-in and collaboration is crucial for the success of the established process. The process to engage with other stakeholders of the organization, such as IT, facilities, or HR, should be organized and consistent. Steering committees, workshops, project collaborations, educational and/or recreational meet and greets are effective ways to create and maintain these relationships.
Cross functional collaborations should also follow a governance model, and engagement should be at all levels of respective organizations.
Supporting technologies in successful program management require careful vetting and selection based on unique organizational requirements. One size doesn’t fit all, and one solution doesn’t mitigate all risks. Combining effective technical solutions with the plan and process is the final piece of the program that adds further layers of risk mitigation.
Technology solutions range from the traditional access control and video management systems to innovative tools, such as Business Intelligence, Analytics, frictionless and advanced biometrics, and IoT sensor technologies.
These technologies and sensors can add considerable depth to an organization’s ability to manage security and safety of its people and assets. Sensors can provide valuable data to proactively mitigate an event, or manage office space utilization; Frictionless solutions can help enhance the authenticity of the credential, reduce tailgating, and raise situational awareness.
Business Intelligence tools can help security better manage its lifecycle. And integrations can allow security organizations to offer a better user experience by integrating employee and visitor facing apps and solutions.
These solutions can stand alone or integrate with the conventional video management and access control platforms to provide even more in-depth incident response and case management.
However, they come with risks that are important to understand, evaluate and mitigate. Each of these technologies is sensitive to the physical environments they are installed in.
Lighting, line of sights, physical contours of a space, false objects and false positives are all important limitations of each of these solutions.
Similarly, these applications require significant processing power, human intelligence, and change management to maintain their sustainability.
The most relevant best practice, therefore, is to evaluate each technology’s effectiveness in the intended environment. This ranges from whether a set of sensors can be properly installed in a curved ceiling of a lobby, to whether the network rules can accommodate a subscription based third party AI software.
Privacy and data protection, equity of skin tone detection in a facial recognition camera, robust protocols to validate the threat in case a gun detection sensor goes off are all crucial in getting the technical solutions right.
The effectiveness of all these solutions greatly depends upon the type of environment they are installed in; and how thoroughly the solution was vetted and physically tested for that environment. Pilots and proof of concepts that validate the deployment of these solutions, policies around managing them, and incident response measurements are vital to select the right solution.
Finally, the physical design of the space matters equally in addressing the overall risk.
Lines of sight, clarity of evacuation paths, digital signage, subtle but robust perimeter protections are design aspects that must be discussed with a risk minded approach towards safety and security. Design of these spaces is also very important on how the aforementioned technologies work, and therefore, must be worked out hand in hand with the security solutions under consideration.
Developing and managing a security program requires an organized approach, inclusive of the stakeholders, processes and supporting technologies. A documented governance plan defines the people and policies of the security organization.
An engaged process creates the right tools for communication, escalation, decision making and cross functional collaboration. Properly vetted technologies that meet the right functional requirements can provide effective protection and proactive risk mitigation.
The right balance of people, process, and technology can therefore help build, manage and sustain an effective security program for a security organization that has leadership buy-ins, employee engagement and sustained longevity through its lifecycle.
Atriade Atriade has worked on over 500+ projects, in 60+ industries, in 30+ countries. If you are ready to get expert assistance in creating your governance plan that will set you apart from your competitors, we are here to help. Our management team carries a lifetime of experience in all areas of Physical Security and Electronic Security that we are ready to put to work for your unique business and team.
Visit us online at Atriade.com
Connect with us on LinkedIn
Subscribe to our LinkedIn Newsletter: Take A Risk