Corporate Security Maturity Checklist

Maintaining corporate security in a deteriorating risk environment

In the face of an unpredictable virus, business leaders are managing operations as best they can, with snap lockdowns, ad hoc remote working arrangements, and staff shortages making it difficult to ensure business continuity.

Often overlooked in this calculus, however, is the role of corporate security. After all, the function has been completely upended by the public health crisis, which has sent employees scrambling to newly fashioned home offices. 

Has it made corporate security simpler?

It hasn’t. Even with fewer workers in brick-and-mortar offices than in 2019, many of the top threats to corporate security from that year not only persist but have also intensified. 

What’s more, the COVID crisis itself has introduced new threats to the landscape, e.g., intensification of cyberattacks, civil unrest, increasing numbers of at-risk lone workers and absent personnel. The result has been a sharp increase in security risk.

Facing these threats are corporate security teams. Long considered a cost centre to the organisations, corporate security has its work cut out to manage all aspects of security operations proactively in deteriorating conditions.

What can the function do?

Senior leadership must step in, here, empowering the transformation of corporate security into a value-add, data-driven operation – one that can support the organisation’s strategic goals and objectives. 

But how will you know once the transformation is complete? That’s where we come in. We’ve created a handy checklist, in which corporate security teams and their sponsors in senior leadership can assess the operation’s level of maturity – up to most advanced.

Here it is. 

Corporate security maturity

Can collect information from across the organisation. 

Corporate security management has entered the digital age. Yet, many corporate security outfits have not. 

Guards track security incidents with pen, paper, and notepads. Those incidents get manually recorded in sprawling Excel spreadsheets. In the process, near misses get ignored; visibility into all incidents and an accessible audit trail get sacrificed. Sound familiar?

That’s because it is. And as a result, teams will have to start their transformation somewhere.

Why would it matter for smaller organisations in low-density facilities? These organisations likely only experience few, high-severity incidents. They do, however, experience some.

Their lower-maturity corporate security teams, as such, should have the functionality to track those incidents, even if the incidents themselves don’t require full-fledged investigations. 

Arriving at this level of maturity entails access to digital solutions that enable the capturing and documenting of all aspects of a given corporate security incident. 

What’s more, there should also be a consolidated, streamlined process in place, whereby those incidents are reported – preferably via mobile-optimised software applications that empower all security personnel to report incidents (including near misses) as often as possible. 

Other functionality to look out for include:

• Real-time analytics. Pre-configured analytics templates to communicate real time security insights to any stakeholder in the organisation or the ability to build on best-practice templates to create your own.
• Automated reporting. Automated reports to be sent periodically to chosen stakeholders or best-practice templates built to your own specifications to meet unique requirements.
• Create and share custom reports. Custom reports easily created, driving better understanding of your operations.

What’s the thinking, here?

The more incidents captured and reported serves to increase visibility and line of sight to senior leadership – the latter preferably facilitated via seamless notification processes. 

That way higher ups will begin to appreciate the ROI of the corporate security operation. Personnel decisions can then be more easily justified, with clear data that shows where, when, and how incidents are happening and how teams are responding to and investigating those incidents thoroughly – however rare. 

Can quantify the impact of incidents on the organisation

Digitising security incident data is one thing. Leveraging that data once in a digitised format to quantify the impact of incidents, particularly when multiple, related investigations are happening simultaneously, is quite another level of corporate security maturity. 

Why does it matter? As the security threat grows, organisations, particularly those in higher-density facilities, are likely to see larger number of incidents. Responding to these threats effectively is also likely to involve third parties. 

Further, increased security caseloads mean triaging those that do come in via centralised reporting. That way teams can track and manage action items that emerge from analysis. Chain of custody might also need to be secured to show proper collection and handling. 

This level of corporate security maturity entails effective digital case management, so that data users can more efficiently interact with the wider environment of information, resources, and services to make quicker, data-driven decisions throughout the life cycle of an investigation. 

The result: detailed investigations, which better track losses and recoveries as well as provide more information to law enforcements, mitigating the severity of future incidents.

How do teams know that they are at this level of corporate security maturity? Well, for investigative work, access to digital technologies with configurable workflows is key. Those workflows automate key facets of unpredictable work to increase visibility into complex operations, improve collaboration, and facilitate better stakeholder engagement.

Intuitive user interface and experience (UI and UX) also cater to the varying demographics and technology skill levels of investigators and their supervisors. Access to these other digital case management platform capabilities is also important:

• Business process management via key business workflows, to help automate and optimise business processes, making them easier to track and measure (See more below).
• Data capture via digitised forms, to eliminate human error associated with manual data entry, while also lowering cost and time outlays. Data that’s input digitally can be extracted within the same flexible system, as well, making it easier to retrieve relevant information. 
• Information management, to provide real-time situational awareness of an ongoing case, with security controls limiting visibility of sensitive information.
• Compliance management, to ensure an auditable trail of evidence and communications, in compliance with regulatory requirements. 
• In-system communication (e.g., chat, e-mail, case notes, etc.), to facilitate collaboration, while the communications themselves remain centralised and accessible.

Focus on digital case management capabilities for security operations 

At this level of corporate security maturity, the following operational processes should be supported by digital workflows:

• Triage of referrals, claim requests, and complaints to prioritise work
• Automate case creation, review processes, and user notifications following pre-defined workflow rules to reduce unnecessary human intervention
• Track case lifecycles at any time
• Create high-quality digital forms
• Upload and centralise documents from all external and internal sources, regardless of the format
• Create and record tasks, case notes, meeting notes, conversations, and more
• Create shareable outputs
• Get notified when processes are going off track
• Dashboards to track team performance analytics, e.g.
  - Security clearance, e.g., number of cases by vetting officer, number of cases by priority by stage, cases completed by month
  - Security investigations, e.g., number of referrals by month, number of complaints by month, number of open cases by case manager, active investigations by investigator
  - Parties of interest. Number of parties by type, number of related incidents by POI, number of related incidents by organisation of interest, number of related incidents by vehicle of interest

Can reduce the frequency and severity of incidents by optimising resources

Beyond digital case management for corporate security operations, some of the most mature teams take rootcause data to highlight areas of improvement and improve emergency response times. They also use that data to implement proactive measures in alignment with larger organisational objectives – objectives that go beyond mere compliance goals

This level of maturity can be witnessed in digitally advanced law enforcement environments but can also be obtained by private enterprises in high-risk sectors and geographies.

What does it look like? Characteristic of the digital environment at this stage are in-system dashboards designed to suit diverse types of law enforcement/ investigative work. All system users get easy access to the information most relevant to their responsibilities in a single-source-of truth platform where they can efficiently complete their tasks.

For law enforcement investigations, specifically, potential use cases serviced include:

• Security clearance. Particularly valuable when vetting is subcontracted out, digital case management software provides a centralised location for collected information, which might need to be reviewed for auditory purposes.
• Security investigations. In addition to law enforcement agencies, customer-facing organisations, like retailers, might need to conduct security investigations, either based on internal referrals or client complaints.
  
  Once submitted, those referrals and complaints might go to a triage officer who will determine whether they become official cases to be investigated further. Should they, the officer will need digital tools to send communications, add tasks and documents (including photos, videos, witness statements, etc.), as well as log updates. 
  
  Several concurrent investigations might also spin off from the same case, which digital case management technologies better help clarify. In their absence, relevant documents would instead be scattered across multiple systems (e.g., CCTV footage) rather than collated and available in a centralised location.
• Parties of interest. Digital case management technology provides registries of persons, organisations, or even vehicles of interest. Instead of manually capturing and updating information, these platforms capture details, such as gender, ethnicity, eye colour, height, hair colour, distinguishing features, build, age group, hair colour, weight, or details, like license plate information, brand, model, photos, as well as information about authorities and affiliates.
  
  Other law enforcement cases, including offender management, might be approached similarly to POI investigations. An enforcement officer might have a given order, such as extended supervision or continuing detention. 
  
  Right now, those orders might be managed manually, which means expiration dates, in particular, won’t be flagged dynamically. A digital case management platform, on the other hand,
  will make relevant information more accessible
  for case managers and executives.

Integration with Work Safety

Corporate security doesn’t exist in a vacuum, though – even the best-trained and equipped programs are only as good as the teams working around them. That’s why the most mature corporate security operations can efficiently manage incidents that cross domains, i.e., events that fall under the remit of Work Safety, but also the Emergency Operations Centre (EOC), as well. 

Such alignment tends to improve early warning detection capabilities. And then, when the event does take place, tight integration with Work Safety helps with conducting varied activities in a uniform, consistent manner.

Why isn’t that possible with a siloed approach to corporate security? 

Well, that approach typically involves standalone systems. However powerful, these systems are likely to have been implemented at different times, by different teams following different directives. As such, they don’t communicate well with each other – if at all. 

This lack of interoperability is likeliest to exist between safety and security, where disparate safety and security management systems (often locked apart from each other) aren’t set up to share relevant information, despite the demonstrated fact that security threats cascade into safety incidents (and vice versa). 

One effect is specific to organisations who’ve built security operations centres (SOCs). During critical security incidents (impacting safety), SOC practitioners receive a surfeit of data from different sources, including Safety.

That wouldn’t be bad in and of itself. However, the noninteroperable technologies that security practitioners use don’t provide a cohesive means of viewing all relevant incident information, let alone making sense of it. And so, despite the upfront investment in proactive protective security strategies and structures, such an organisation will still run the risk of duplications and redundancies. Those slow down incident response, even when the SOC itself was developed to address that very issue.

What is done by more mature programs? 

In these outfits, integrated platforms cut down on the overhead (cost and personnel-wise) of ensuring that separate point solutions keep communicating with each other. In addition to improved collaboration with Safety to neutralise common threats, these teams also get seamless access to operational, non-incident data, so often crucial in predicting future security incidents.

Too often, that data, e.g., intelligence on non-obvious threats or other incident causes that not apparent to human analysts, isn’t in the traditional bailiwick of corporate security.

However, the most mature programs have the capabilities to synthesise cross-domain data from multiple sources, including from the public. They often have the following tools at their disposal: 

• Gather reports from the public. Public forms enable anyone to report incidents, tipoffs, observations, and hazards directly into the system before applying a workflow to automate triage, notifications, investigations, and action close out reminders.
• Manage operational activities. Shifts managed using real-time dashboards. Dashboards pull together all incidents, breaches, alarms, observations, dispatches, and patrols into one place, enabling security dispatchers to dynamically manage and log shift occurrences.
• Centralise information from external data sources. Information is pulled in from external data sources including live weather events and news feeds, or integrated with CCTV and access control systems to enhance situational awareness for the entire security team, on any device.

Over the last few years, the corporate security threat has increased exponentially. Meanwhile, after years of cutsⁱ, corporate security teams are finally getting their funding restored.

What should they do? Well, investments must be made to ramp up to the level of security maturity necessary to mitigate risk, ensure compliance, and implement a proactive security culture.

Digital technology investments, such as in Noggin for Operational Security, should help in this process, expediting the ramp up process, closing the digital divide, and ensuring your team is able to scale to meet all challenges.

So, what are you waiting for? In this new normal of escalating threats, the most mature teams follow best practice, facilitated by their integrated software solutions, to collect information from across the organisation and the public, so they can deploy resources effectively, validate risks, and drive better understanding of where resources are best invested.

Sources

^i. Madeline Lauver, Security Magazine: Security budgets may double or triple in 2022. Available at https://www.securitymagazine.com/articles/96802-security-budgets-may-double-or-triple-in-2022.