Printer Friendly

Everybody's business: how to make security a part of your organization's culture.

in an age when security is a major corporate concern, responsibility for security ironically still rests on the security department. Those who benefit from security must take a more active and productive role in its implementation. The following steps will help generate the creativity needed to make your workplace safe as well as productive.

The goal is to make security part of your organization's culture. To succeed, management must convince all employees of its importance and teach each employee security improvement methods. Security must become a top priority at every level of your organization.

Quality rather than quantity should be the standard of measurement. Quick security fixes may be legitimate short-term responses, but planning is the key to long-term success. Security that was good enough yesterday may be barely passable today and inappropriate tomorrow. Improving security, therefore, is a never-ending journey toward protective excellence. The idea that security is "good enough" is tantamount to failure.

Eight fundamental steps are necessary to improve security, and each step lays the foundation for those that follow. When all are in place, the program should be up and running. Change does not come quickly, however. The program may require two or three years before it is fully operational and integrated into an organization's routine.

The eight basic steps for improving security are the following:

1. Obtain top management's commitment. Organizations take on management's personality. Therefore, if top management doesn't believe in improving security, any effort will prove meaningless.

Initiative starts with top management, progresses at a rate reflecting its demonstrated commitment, and stops when managers lose interest. The chief executive and senior staff are role models who must

* recognize that positive attitudes and enthusiasm are contagious,

* lead by example,

* participate in the improvement process,

* know in detail how to improve security, and

* continually monitor the program.

The chief executive must designate a senior management representative to oversee the process throughout the organization. Ideally, the appointee is credible, holds a functional management position, and believes security can be better served through employees' active involvement.

Consider drafting a standard security policy outlining your organization's goals and mission statement. Obviously, the policy should be clear, be concisely written, and not leave important matters to chance or quick interpretation.

The final phase of the first step is to conduct a company-wide survey of potential security improvements. Responses may be anonymous but should be identified by department to highlight problems and positive and negative attitudes that need to be dealt with. Managers should discuss the latest results with employees and solicit new suggestions for improvement.

2. Create a security steering committee consisting of senior management and labor representatives. Its purpose is to tailor the improvement process to fit the institution. The committee is the operational arm of the security improvement program. It considers programs, implements strategy, assigns responsibilities, and selects a method of measuring improvement. It also develops awareness and educational programs and resolves difficulties as they arise.

The individual appointed to implement the overall program is the committee chairperson. The committee should consist of credible employees to ensure that recommendations are adopted in spirit as well as in fact by their respective departments.

The security steering committee should conduct an introductory management meeting to bring first-line and middle managers into the program. The meeting is also an opportune time for the committee to announce a three-month action plan.

3. Ensure management participation. A security improvement program must be launched as a grass roots change in management style. Although only managers are involved in this step, the program will be relayed farther down the organizational hierarchy after managers understand and adopt it. By the end of the introductory meeting, the strategic security plan ought to be clear to those present. The group should also discuss problems and understand that the ultimate goal is to prevent problems, not merely react to them.

Managers must realize that the security improvement program applies to all departments and that success requires more than management support-it needs active employee participation. Managers must seek employee opinions on work-related security issues. An effective program leads to improved issue resolution, employee morale, and organizational problem solving.

An improvement program demands much from managers. They must trust employees and share problem-solving responsibilities with them. They must see work as a cooperative venture and be willing to accept employee ideas.

Unfortunately, many first-time managers see participative management as fine for employees and good for the company, but not good for them. Too often they see themselves as losing authority, taking on more work, and being unable to use familiar management techniques. Turning managers around takes training, involvement in changes, and exposure to peers who enjoy the participative challenge.

4. Encourage teamwork. Managers are conduits channeling enthusiasm and commitment for the program to others. When all managers are trained and involved in the program, it's time to bring in employees. A variety of team concepts can be used to draw them in, such as

* quality circles, which are small teams that meet voluntarily on a regular basis to identify and solve security problems;

* process improvement teams, which consist of experienced professionals from each department affected and are responsible for improving processes that cross departmental lines; and

* task forces, which are formed by upper management when major problems demand attention and consist of highly trained professionals who receive complete cooperation from everyone in the organization.

5. Get individuals involved. Despite emphasizing group activities, an improvement program should give all individuals an opportunity to contribute to and be recognized for improving security.

Recognition can take many forms, such as letters of acknowledgment, certificates of appreciation, awards ceremonies, and notes in performance appraisals.

6. Work to improve the system. To improve security overall, you must analyze possible improvements for specific security activities. The following questions may help your analysis:

* Can you draft a flow diagram of a security process?

* How is the current process serving the institution?

* Does the specific security product have the procedures, training, controls, and checks and balances necessary to produce high-quality service?

* Can you develop and implement improvements?

7. Establish a quality assurance mechanism for security.

Quality assurance allows you to conduct system audits that evaluate the effectiveness of specific security activities. Departmental audits e you see how well departments follow internal security procedures. You should also develop and conduct self-assessment programs for security management.

8. Plan for security. Ultimately, you need to develop long-range security strategies. In addition, the management team must understand security well enough to develop step-by-step, short-range plans that support that long-range strategy.

Finally, a word of caution: Improvement processes don't automatically work. Studies often attribute failure to management's

* misuse of the improvement process;

* lack of participation;

* feeling that an employee, not management, was the problem;

* unwillingness to make the long-term commitment necessary; and

* failure to make the improvement program part of business.

As the saying goes, "Whatever you cannot understand, you cannot possess," and the difference between knowing and understanding is great. As a manager you have a responsibility to increase your own knowledge and share it with others. Now is the time for everyone in the corporate world to understand the importance of security. About the Author . . . Charles P. Connolly, CPP, is assistant vice president of corporate security administration for New York City Health and Hospitals Corporation. He is a member of ASIS.
COPYRIGHT 1990 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Connolly, Charles P.
Publication:Security Management
Date:Aug 1, 1990
Previous Article:Securing hospital halls.
Next Article:Stealing from the store.

Related Articles
Corporate cultures for the 1990s: what is needed?
NO Boundaries NO Limits -- NO Kidding.
The Human Factor.
Go around disaster, not through it.
Managing knowledge assets: The cure for an ailing structure.
New scandals, old lessons financial ethics after Enron. (Ethics).
Polygamy, gays, and TV: Dustin Lance Black knows about devout Mormons. He was one before leaving the church as a teenager. Now he's an out writer...

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters