Government

 

 

https://sm.asisonline.org/Pages/The-Next-Tase-Phase.aspxThe Next Tase PhaseGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652016-10-01T04:00:00Zhttps://adminsm.asisonline.org/pages/mark-tarallo.aspx, Mark Tarallo<p>​Tasers may pose some health risks, depending on how they are used, and on whom. But in many cases, they can be used as an effective enforcement tool that may ultimately reduce the number of violent assaults, and sometimes even save lives.</p><p>Both of these assertions are supported by recent studies, and together they form what may be the consensus view of Tasers—a useful tool with some risk attached. And the view naturally suggests a follow-up question: Given the usefulness and the risks, when are Tasers best used? </p><p>A new landmark study, released by the state of Connecticut, begins to explore that question through an extensive examination of how Tasers were used over the course of one full year. </p><p>The study, Electronic Defense Weapon Analysis and Findings 2015, was issued a few months ago by the Central Connecticut State University's Institute for Municipal and Regional Policy. Connecticut was the first state to require law enforcement to document Taser use, and the report represents </p><p>the first statewide study on how police use them. </p><p>According to the new report, police in Connecticut used Tasers 650 times last year. In an interview with Security Management, Ken Barone, project manager and coauthor of the report, says "two big interesting findings" stood out to him after the study was completed. </p><p>One was that one-third (33 percent) of the persons involved in Taser incidents were described in police reports as "emotionally disturbed." </p><p>The second finding that Barone flagged was that nearly half (49 percent) of those involved in Taser incidents were identified as either possibly intoxicated, or clearly under the influence of alcohol or drugs.</p><p>These findings touch on the potential health issues of Tasers, which are electroshock weapons manufactured and sold by the Scottsdale, Arizona–based TASER International, Inc. The electrical probes that shoot out of a Taser deliver a pulsing 50,000-volt shock, which causes skeletal muscle contractions and pain. </p><p>TASER International cautions that Taser use may be ineffective against those under the influence of certain drugs. For example, in the last few years there have been various news reports of incidents where Tasers were unsuccessful in incapacitating someone who was high on a drug like PCP and virtually oblivious to pain.</p><p>In addition, medical research cautions that using the weapon on someone experiencing a psychiatric crisis may pose a heightened risk of injury. </p><p>However, the report also notes that "at the same time, circumstances may exist in which a Taser is the most appropriate option for gaining control of people experiencing psychiatric crisis and getting them into treatment."</p><p>For example, tasing a person who is carrying a gun and appears suicidal could ultimately save his or her life, Barone says. (Thirteen percent of Taser incidents in the report involved those described as suicidal.) </p><p>The report also concludes that females were much less likely to be involved in Taser incidents, which involved men 94 percent of the time. Black and Hispanic males were more likely to be tased (as opposed to simply warned) than white males. About 30 percent of those who were tased received more than one shock.  </p><p>Given their findings, the report's authors are calling for further research to aid in the development of evidence-based Taser use policy. </p><p>In particular, the authors are calling for studies aimed at answering the following questions: In which circumstances might Tasers pose health risks for those experiencing an apparent psychiatric crisis? In which circumstances might Taser use be a safe option for the officer, the person in crisis, and other people involved? </p><p>"We're trying to understand—for people in psychiatric crisis, is this the best tool to be using?" Barone says. </p><p>Report authors are also calling for a review of the existing model Taser Use policy that was developed by the state's Police Officer Standards and Training Council. The council's current policy is in many ways less precise than both the Taser use guidelines released by the U.S. Department of Justice a few years ago and the use recommendations that TASER International has made.</p><p>Barone also acknowledges that developing specific Taser policy is tricky; it is likely not possible to have a series of hard-and-fast rules that can be followed in every situation. </p><p>"It can't always be black and white. Each incident is unique and complex," he says.</p><p>However, there does seem to be room in the middle that is more specific than current model policy, but not overly simplistic. The Institute for Municipal and Regional Policy plans on conducting a multi-year study that can track how Taser use in Connecticut is changing year over year, which could be a helpful tool in future policy development efforts, Barone says. </p>

Government

 

 

https://sm.asisonline.org/Pages/The-Next-Tase-Phase.aspx2016-10-01T04:00:00ZThe Next Tase Phase
https://sm.asisonline.org/Pages/A-Vote-for-Biometrics.aspx2016-05-01T04:00:00ZA Vote for Biometrics
https://sm.asisonline.org/Pages/In-the-Public-Interest.aspx2016-05-01T04:00:00ZIn the Public Interest
https://sm.asisonline.org/Pages/A-Head-Start-on-Insider-Threats.aspx2016-05-01T04:00:00ZA Head Start on Insider Threats
https://sm.asisonline.org/Pages/The-Lessons-of-Flint.aspx2016-05-01T04:00:00ZThe Lessons of Flint
https://sm.asisonline.org/Pages/Industry-News-October-2015.aspx2015-10-19T04:00:00ZIndustry News October 2015
https://sm.asisonline.org/Pages/Andreas-Poppius.aspx2015-10-14T04:00:00ZFrom Military Heroes to Security Assets
https://sm.asisonline.org/Pages/Washington-Navy-Yard-On-Lockdown-After-Reports-of-Shooter.aspx2015-07-02T04:00:00ZWashington Navy Yard On Lockdown After Reports of Shooter
https://sm.asisonline.org/Pages/China-Tries-to-Cage-Corruption.aspx2015-04-01T04:00:00ZChina Tries to Cage Corruption
https://sm.asisonline.org/Pages/lax-lab-safety.aspx2014-11-01T04:00:00ZLax Lab Safety
https://sm.asisonline.org/Pages/a-new-point-view-0013505.aspx2014-07-01T04:00:00ZA New Point of View
https://sm.asisonline.org/Pages/crime-lab-manual-0013520.aspx2014-07-01T04:00:00ZCrime Lab Manual
https://sm.asisonline.org/Pages/united-states-charges-china-first-criminal-cyber-espionage-case-0013423.aspx2014-05-19T04:00:00ZUnited States Charges China in First Criminal Cyber Espionage Case
https://sm.asisonline.org/Pages/infrastructure-protection-0013189.aspx2014-03-01T05:00:00ZUpdated National Infrastructure Protection Plan Released
https://sm.asisonline.org/Pages/security-clearances-0013186.aspx2014-03-01T05:00:00ZWhen Are Security Clearances Necessary?
https://sm.asisonline.org/Pages/who-really-needs-a-security-clearance-0013192.aspx2014-02-26T05:00:00ZWho Really Needs A Security Clearance?
https://sm.asisonline.org/Pages/canine-evidence-0013125.aspx2014-02-01T05:00:00ZCanine Evidence
https://sm.asisonline.org/Pages/data-breaches-0013123.aspx2014-02-01T05:00:00ZReport: Federal Responses to Data Breaches
https://sm.asisonline.org/national-security/border-security2014-01-31T05:00:00ZBorder security.
https://sm.asisonline.org/Pages/dhs-inspector-general-nominee-testifies-senate-committee-0013077.aspx2014-01-08T05:00:00ZDHS Inspector General Nominee Testifies Before Senate Committee

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/How-to-Build-a-Culture-of-Security.aspxHow to Build a Culture of Security<p>​<span style="line-height:1.5em;">“</span><span style="line-height:1.5em;">Security is everyone’s business” may be a popular truism in the industry, but how many security managers can honestly say this philosophy is practiced by their companies? Some organizations have regular incidents in which employees simply disregard security rules and regulations. Sometimes, even the leaders of a company will disobey security and safety rules out of a sense of entitlement—these rules are for employees, not executives.</span></p><p>These lapses can be costly. It is only when everyone associated with the company adheres to and executes security rules and practices on a daily basis that a firm can credibly claim that it maintains a true culture of security.    </p><p>To determine whether a company encourages an effective security culture, company leaders should start by determining whether it adheres to the appropriate best practices. The security department should develop and communicate security rules, practices, and procedures to employees, contractors, visitors, and vendors. Executives must lead by example and follow all security practices and procedures. Employees must take care of their security responsibilities at work, such as locking their work spaces and computers or asking to see a badge of a person in a secure work area instead of simply holding open an outer perimeter door for a stranger to be polite.   </p><p>If an organization follows most of these procedures, it maintains a robust culture of security. If not, the best practice advice and solutions stated below can be used by security leaders to strengthen security awareness in their companies and develop a culture of security. ​</p><h4>The Assessment</h4><p>A culture of security can only be built on a solid foundation. And that foundation is an effective security program. </p><p>However, if the security program is perceived as inconsistent or unprofessional, an initiative to build a culture of security around it will be doomed from the start. Thus, it is imperative to conduct an initial assessment of the security program to evaluate past security practices and present security operations. </p><p>The assessment must include, but should not be limited to, the following methodology:</p><ul><li><span style="line-height:1.5em;">Conduct interviews with security staff to determine past practices and to engage them in the assessment process.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate existing documents regarding past security missions.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate security staff job descriptions.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate security current procedures, processes, and guidelines. </span><br></li><li><span style="line-height:1.5em;">Review and evaluate the security budget to ensure that it is in line with the mission, and that funded programs are not obsolete.</span><br></li><li><span style="line-height:1.5em;">Spend time working directly with all security staff to obtain first-hand knowledge regarding daily duties. Get to know your people.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate any compliance tasks that have been assigned to security.</span><br></li><li><span style="line-height:1.5em;">Review, evaluate, and coordinate security requirements with heads of departments with security cross-functionality. Conduct collaborative meetings with other department heads and staff on their opinions of security.</span><br></li><li><span style="line-height:1.5em;">Obtain input from executive management on its vision of security.</span><br></li><li><span style="line-height:1.5em;">Define and document your company-specific security missions.</span><br></li><li><span style="line-height:1.5em;">Review the security requirements within these missions and analyze them for potential mission creep.<br></span><span style="line-height:1.5em;"> </span></li></ul><h4>The Blueprint</h4><p>Once past and present security operations have been assessed, organization leaders can plan for the future by improving and refining, based upon the factual analysis that has already been completed.</p><p>The first part of the blueprint process is to develop missions and objectives. This includes enlisting management for direction and involvement and establishing security goals and engaging security team members in ways to accomplish them. This part of the process also includes documenting security mission statements and assigning a leader to each one. These leaders must be capable and willing.</p><p>The second part of the blueprint pro­cess is to standardize operations and document these procedures in a manual of operations. This manual will serve as a central repository of security standard operating procedures and processes that cover core duties and responsibilities throughout the company. </p><p>Once the assessment is completed and the blueprint is in place, security managers must ensure that key attributes of the program are successfully maintained. These attributes include consistent pro­fessionalism, first-rate training and com­munications, a commitment to the program from upper management, and procedures designed to address violations.​</p><h4>Professionalism</h4><p>Professionalism is a crucial component of a strong security culture. The professional security staff and security officers should be a model for the organization’s general population. High standards of conduct should be set; staff and officers should be evaluated; and problems should be weeded out. Most important, security department leaders should live those high standards to set an example for others to follow. </p><p>Specific best practices can ensure that staff members and officers consistently project a strong level of professionalism to other company personnel. One of these is presence. Uniforms, if worn, should be consistent. Officers should engage all persons entering the facility with eye contact. Officers should not be texting or talking on their cell phones, or congregating in an area to smoke and joke.             </p><p>Security leaders must also be careful to prevent “mission creep,” or assigning nonsecurity duties to security personnel. This may distract security staffers from their core duties, to the detriment of the organization’s security culture.  </p><p>For example, one company used the security department to conduct security training as well as training in legal issues, compliance, and ethics. Security’s training duties also included tracking of annual requirements for all of the compliance-based training, for both employees and nonemployees. The two training avenues, employee and nonemployee, were not standardized between departments. Because of the lack of standardization, there were two completely different methods of administering, developing, and tracking training.   </p><p>In this case, the solution was to clearly define the security and human resources missions at the company. Once defined, human resources assumed control of the entire company training program and standardized the administration of training. Security was responsible only for content of any security-related training.​</p><h4>Training</h4><p>A strong security culture requires an effective training program for both existing and future security personnel. In addition, the process should ensure that security personnel are cross-trained in security position responsibilities and missions, to eliminate the potential for gaps in coverage should a critical team member be unavailable. </p><p>For example, if a company’s security missions are asset protection, compliance, and physical access control, the manual of operations would contain a section of step-by-step procedures and guidelines for each. This would allow the asset protection specialist to cover for the physical access control specialist for certain tasks, such as issuing badges, instead of waiting for the access control specialist to return. </p><p>In addition, companies should pay close attention to the processes and standards for granting and tracking access that are documented in the manual of operations. This can be an issue if companies have manual, cumbersome, or archaic methods for granting access. At many companies, this is an area that needs to be addressed. The granting of physical access should be automated to an electronic format.​</p><h4>Communication</h4><p>Communication is one of the critical keys to success in any security program, and it will be part of every component of the program. From the initial assessment of the program to the final phases of the implementation of blueprint plans, all affected parties should be kept informed and aware of the security program and how it will impact their operations at work.  </p><p>One company initiated a report that was sent twice a month via e-mail with the facts of any security incidents, so executives could track important issues. This communication also allowed security to remain within the scope of the executives while maintaining a successful program. As security expanded and implemented new initiatives, these were included in the bimonthly report. </p><p>For their part, the executives of the firm should be involved and engaged early on in the communications effort. Security should offer concise presentations, such as a PowerPoint presentation, that explain how the company benefits from the security program, be it through incident prevention or the preparedness to react and minimize negative impact to the company’s operations. Security goals, objectives, operations, procedures, and mission statements should be effectively communicated across the corporate footprint. Executives should understand the security role in their company and communicate their support for security programs to all company employees.  </p><p>Within the chain of command, the security leader must develop a system of communication to keep executives aware of the challenges faced by the security department and of the programs currently being used to protect the company’s physical assets. For example, at one company I worked at, security mandated monthly luncheon meetings with staff.</p><p>Company executives were also invited to these meetings, which they attended periodically. I documented each of these meetings in formal memoranda, including progress made on issues from the prior month, issues resolved, and problems currently being addressed. These memos were sent up the chain of command for executive review.  </p><p>Annual security awareness training is another effective communications tool. By delivering accurate, updated, and simple instructions regarding security rules, policies, and procedures, the company can effectively ensure that its workforce has been periodically exposed to security standards and the roles and responsibilities in daily operations. Security awareness posters that are updated quarterly can also help in communication efforts.   </p><p> Finally, do not underestimate the power of word of mouth. For any company, there is no stronger security tool than having a workforce that is security- minded and well informed of current security policies, procedures, and daily practices. ​</p><h4>Violations</h4><p>Even with a well-established culture of security, violations of an organization’s security policies will occur.   </p><p>There are slips and breaches even in the most secure environments—some caused by intentional acts; some unintentionally, through malaise or misfortune. And while the people who work for an organization are its greatest asset, they also can be its greatest vulnerability if they decide to inflict harm. They know how the organization operates, and they can circumvent the most sophisticated security systems.  </p><p>For private industry, the enforcement of security program policies requires a company to be fair, firm, and consistent. Take, for example, a company that has a clear security rule that all visitors must be escorted by the company representative who is responsible for the visitor while on premises. If a visitor is found roaming around by himself in a secure area, the employee who brought the visitor to the property should be disciplined.  </p><p>And the discipline should be consistent, whether the employee is the CEO or the janitor. The enforcement should be documented and tracked, to monitor patterns of behavior. If the violation is severe enough that it results in a loss of property or affects employee safety, the matter should be referred to the violator’s manager for evaluation and possible further action. </p><p>Consistent and fair enforcement of the rules across the entire organization will further solidify a culture of security. It will demonstrate that security matters to the organization, and that it plans to ensure that the rules are followed. To expand on an earlier example, if the CEO forgets his or her access badge and either goes home and gets it or signs for a temporary one, the standard is set at the highest level of the company.  </p><p>In the end, success in developing a culture of security at your company will mean the organization has established a robust, comprehensively assessed, and documented security program across the enterprise. Executive leaders are meaningfully engaged, and everyone is educated in the program’s components and follows them. </p><p>--<br></p><p><em><strong>Thomas Trier</strong> served for 25 years as a special agent of the FBI, where he attained the rank of assistant special agent in charge in the intelligence branch of the FBI’s Washington Field Office. Trier has also served as the leader of corporate security for a Midwestern electrical transmission-only utility company. He now provides advisory services through Security Intelligence Consulting L.L.C.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/December-2016-Industry-White-Papers.aspxDecember 2016 Industry White Papers<p><em>​Sponsored Content.</em></p><p>SIS international is committed to serving the information needs of the global community of security </p><p>practitioners. One means of delivering subject matter expertise is to partner with the manufacturer and supplier community to elicit a breadth and depth of insight and practical information that all too often goes untapped. The papers in the following pages reflect one aspect of that ongoing project. </p><p>According to a recent Security Management survey, fully 90 percent of ASIS members describe vendors as reliable contributors to the ongoing conversation in the industry, and many say they have gleaned valuable insights and information from vendor materials that they are not getting from other media sources.</p><p>The challenge, say security practitioners, is the low signal-to-noise ratio in vendor communications. Some say that vendors communicate only information that contributes to their sales. Others suggest that vendor communications historically have been narrowly tailored to their specific products and services. </p><p>To leverage this industry source for members while simultaneously addressing the concerns they describe, Security Management is partnering with security vendors to develop original content. For the past six years, this partnership has produced white papers, case studies, and an online presentation series that showcases subject matter expertise with impartiality and context. </p><p>We hope you will find that this collection of 2016 papers instructive and educational. The experts representing distinct solutions often use their own products and services to illustrate points about technologies used or practices chosen, but the information is designed to be a useful addition to your broader efforts to keep abreast of the advancing security industry.​</p><h4>No Train. No Gain</h4><p><strong>By G4S</strong></p><p>A cross sectors and industries, employee training becomes a vulnerable budget item in challenging </p><p>economic environments, and the security industry is no different. As organizations seek to boost competitiveness and profitability through cost reduction, business processes are identified for reduction or elimination. All too often training is seen as expendable, rather than a strategic necessity. </p><p>Research shows that effective training affects profitability, competitiveness, employee engagement, and customer satisfaction. A recent webinar sponsored by G4S and hosted by Security Management magazine emphasizes the importance of maintaining an adequate employee training program. This paper and the companion webinar, which is available at no cost, explore the impact that such programs have on an organization’s culture, reputation, and bottom line.</p><p><strong>Successful Companies Have Strong Employees.</strong></p><p>For every company, organizational strength is directly linked to the performance of its employees. According to a recent IBM survey of C-suite managers, 71 percent of CEOs rank human capital above products, customer relationships, and brands as the leading source of sustained economic value. </p><p>For the security industry, which is primarily service-based, employees constitute the product itself. Training security officers, therefore, not only improves the individual employee but also advances the interests of the organization. The same IBM survey found a correlation between training and organizational success, noting that 84 percent of employees in the best performing organizations receive the training they need compared with 16 percent in the worst performing companies. </p><p>Employees who are given the skills to do their jobs well and the support to grow their abilities and take on greater responsibility become more effective in their roles. Personal development of each individual employee helps produce long-lasting competencies and increases an employee’s motivation. </p><p>Most managers recognize that training is critical to project success. A majority of global leaders surveyed by IBM (65 percent) cited talent and leadership shortages as their top business challenge. At the same time, leaders at most of the organizations surveyed believe employees are currently receiving the training they need. Seven out of 10 human resources professionals said employees were being adequately trained, a number that rises to eight out of 10 among senior management. In many organizations, there is a disconnect between what decision-makers think about the level of training provided and what recipients feel that they need.</p><p>The Association for Talent Development reports that training and development supports business growth more than 75 percent of the time. They also note that large organizations have an advantage when designing, implementing, and budgeting for training programs compared to employees at midsize companies. While larger employers often have generous learning expenditure budgets, they typically spend less per employee than midsize organizations. This is because the cost to develop and maintain the training and development program is spread among more employees. </p><p>As a result, employees at large organizations typically receive more training hours than their counterparts at midsize organizations. On average, large organizations report that their employees received 36 hours of training, or approximately 4.5 days, compared to midsize organizations, which report that their employees received 27 hours of training, or nearly 3.5 days. At the same direct learning expenditure per employee, large organizations were able to provide an extra day of training to their employees. </p><p><strong>Safety and Risk Mitigation.</strong></p><p>Employee training and staff development helps organizations mitigate risk and has a considerable impact on safety for the organization, stakeholders, and the public. A 2008 Michigan State study found that U.S. security services is a $7 billion industry, employing 1.1 million unarmed security officers compared to 833,000 police officers. This study demonstrates that security officers play an increasing role in public safety.</p><p>Safety and risk mitigation are issues that security professionals help clients address on a daily basis. Employee training is a risk mitigation strategy that is measurable and can affect the bottom line. Training prevents unsafe environments that arise when workers lack the knowledge and skills required to use equipment and supplies safely, which could result in injury or death. A company that fails to train staff adequately should expect an increase in expenses related to medical care, damaged equipment, compensating customers for defective products, and lawsuits. </p><p>For example, as a result of an inspection by the Occupational Safety and Health Administration, one security company was cited with 15 alleged safety violations and faced penalties totaling $149,250. The majority of the proposed fine ($140,000) was for four willful citations for failing to train workers on recognizing hazardous situations and slip, trip, and fall prevention. </p><p>According to the U.S. Department of Labor, slips, trips, and falls cause 15 percent of all accidental deaths, second to motor vehicles, and are the number one cause of injury and lost working time in the world. In 2014, G4S implemented a Slip, Trip & Fall Safety Campaign to reduce preventable incidents and emphasize the importance of safety at their work sites. In the first year of the campaign, the company saw a 5 percent reduction in incidents, a 25 percent reduction in slip, trip, and fall costs, and a 27 percent reduction in average cost per incident. </p><p>Campaigns like the one implemented by G4S also provide opportunities to document processes or routines, a best practice that is a positive byproduct of training. Documenting processes mitigates risk and compensates for the absence of skill of individual employees.  </p><p><strong>Create a Learning Culture.</strong></p><p>Organizations that prioritize training and development minimize turnover, create an environment of continuous performance improvement, and improve customer satisfaction. An investment in training is an investment in employees. It increases motivation, making employees more positive, productive, and valuable to the organization over the long term. </p><p>Employee turnover costs organizations time, human capital, and money. Turnover of new hires is particularly costly. Since recruiting new staff is more expensive than retaining existing staff, appropriate training is imperative. Research shows that employees who do not feel they can achieve their career goals at their current organization are 12 times more likely to consider leaving than employees who do feel they can achieve their goals. New employees are 30 times more likely to consider leaving. </p><p>Staff development and education dramatically improve employee retention. The larger the gap between the skills required to perform a task and the actual skills of employees, the greater their dissatisfaction and the higher the turnover. According to IBM, new employees are 42 percent more likely to stay in their current position when they receive the training they need to perform the job properly. Conversely, employees who do not feel they can achieve their career goals at their current organization are 12 times more likely to consider leaving than employees who do feel they can achieve their career goals. </p><p>Training contributes to a learning culture in other ways as well. It strengthens the leadership skills of those implementing the training and creates opportunities for feedback, from manager to employee but also from employee to manager. It promotes the open communication necessary for a positive work environment. Finally, without proper training, it is difficult to promote or hire internally for positions higher up in the corporate hierarchy. </p><p><strong>Providing Value for Stakeholders.</strong></p><p>The benefits of a skilled workforce affect all areas of the organization from sales and marketing to customer service and support, and these efficiencies add value for stakeholders. </p><p>Research shows that adequate training improves communication and helps employees establish a greater number of positive working relationships, improving the employee’s experience as well as performance and customer service. Improved team skills ensured that objectives were met 90 percent more often. Strengthening team skills by only 1/3 increased the likelihood that stakeholders would meet their objectives from 10 to 100 percent, according to the IBM survey. </p><p>The International Data Corporation reported a $70,000 annual savings and 10 percent increase in productivity when teams were well trained, and an IBM case study pointed to 22 percent faster rollouts of products and processes. </p><p><strong>Training Methods.</strong></p><p>Many organizations are already training employees in customer service, legal authority, access control, and fire and life safety, as well as first aid, CPR and AED. Companies might consider expanding training further to include topics like ethics, conflict resolution, de-escalation, or how to interact with local and state officials who respond in emergencies. </p><p>Training and education are most productive when they are ongoing and continuous, but every training opportunity need not be a huge commitment of resources. Training formats vary and require different levels of resource commitment. Organizations may invest in big campaigns like the G4S Slip, Trip & Fall initiative, but a monthly meeting that addresses new industry trends or regulations is a small but worthwhile training effort as well. When preparing for a project, teams receiving 40 hours of training per member met their significant project objectives three times as often as teams that received 30 hours of training or less.</p><p>Some training methods include: </p><p> • Lectures – Usually take place in a classroom format and are led by a trainer or instructor covering specific topics.</p><p> • On-the-job training – Relies on employees to recognize the skills and knowledge they will need as they perform their work and then develop those skills on their own.</p><p> • Coaching and mentoring – Gives employees a chance to receive training one-on-one from an experienced professional and gives trainees the chance to ask questions and receive thorough, honest answers. </p><p> • Role playing – Allows employees to act out issues that could occur in the workplace. Key skills often touched upon are negotiating and teamwork. </p><p> • Technology-based learning – Includes basic PC-based programs; interactive media, using a PC-based CD-ROM; interactive video, using a computer and a VCR; web-based training programs. </p><p> • Technical training – Focuses on a specific need of specific employees.</p><p> • Outdoor training – Employs physical and mental activities that encourage teamwork and help develop collaborative skills. </p><p> • Case Studies – Provide trainees with a chance to analyze and discuss real workplace issues. They develop analytical and problem-solving skills and provide practical illustrations of principle or theory.  </p><p><strong>Lessons Learned.</strong></p><p>Leaders of top performing organizations understand the importance of training, education, and staff development at every level. Fostering an environment of continuous learning reaps benefits for the employee, the organization, and stakeholders. Training should be ongoing and processes should be documented as a strategy for mitigating the absence of skill of individual employees. As competition among businesses in the security industry increases, having an effective employee training program can be the difference between failure and success.</p><p>​<br></p><h4>Leveraging Business Intelligence in Your Security Strategy</h4><p><strong>By iView Systems</strong></p><p>Today, nothing is more critical to security and loss prevention operations than meaningful data. Every department within the operation bears the responsibility to not only provide useful data, but to continually improve the value of that data. Business Intelligence is used to help companies gain insight into their operations; segment and target customers to improve customer security, safety and experience while finding anomalies in the heaps of data to run more efficiently and effectively </p><p>This white paper explores how to change the game for your company. Learn how to collect and, leverage data to achieve effective loss prevention, risk mitigation, efficient fraud detection, incident analysis and monitoring. </p><p><strong>Harness Big Data.</strong></p><p>Today, the sources and volume of data collected have exploded. Security operations collect every event and incident from every transaction from various sources including alarms, environmental sensors, intrusion-detection systems and video surveillance.</p><p>The goal of a modern security department includes a set of processes and supporting technologies for data management to allow security practionitioners greater flexibility in cobbling together disparate systems into a unified security control system that enables Security Directors to know exactly what’s going on, in  real-time while providing analysis to generate actionable items that can give security operations the agility it needs in times of crises.</p><p>We define “big data” as a capability that allows companies to extract value from large volumes of data. Like any capability, it requires investments in technologies, processes and governance.</p><p>There is no doubt that business intelligence software provides the ability to analyze a multitude of transactions and information on one centralized platform, empowering users to capture, analyze and glean actionable insight, hidden in the layers of data within the enterprise. Data-driven risk management requires situational awareness that can only come from a systemic and holistic approach. True value comes from correlating large amounts of incident and security data and presenting it in an visually appealing format, whereby users are able to quickly draw conclusions act on it in in a timely manner.</p><p>Nowhere is this more true than in the security function, where protection can be only as complete as situational awareness. By giving safety, security, risk management and loss prevention managers the ability to track, organize and analyze their data via configurable dashboard visualizations, BI software can provide context and comparison of security related information. This context moves the risk capabilities of an organization toward prevention from a traditional reporting and documentation function, providing the ability to show causality and structure, while giving insight into security and safety related issues.</p><p>More than 86 percent of respondents to a June 2016 survey by CIO Insight now say that BI is important to their company and intrinsic to their role. Global revenue in the business intelligence and analytics market will grow more than 5 percent in 2016, reaching $16.9 billion this year according to a recent Gartner forecast. But it is only now that BI and analytics have matured enough that the market is offering easy-to-use, agile products designed for specific business functions. Off-the-shelf software products provide data in a way that can be incorporated into larger enterprise BI. They are grounded in specific functions in a way that fills the gap between the promise of BI and the reality of its application in the business unit and in small- to medium-sized businesses. For the purposes of this paper, we will consider the iTrak® Business Intelligence package available from iView Systems. While there are many competitors in the BI field—many of which are already in use in organizations that have not adopted BI for security—iView software is built specifically for the needs of security, surveillance and loss prevention. Unlike SAP, Microsoft BI, IBM Cognos, and other enterprise-level BI solutions, iTrak® is not a software that needs to be bent to the task of security and loss prevention through extensive customization and programming, but one that can be immediately deployed to produce results. </p><p><strong>Business Intelligence with Roots in Security and Loss Prevention.</strong></p><p>BI is not shaping just the practice of security and loss prevention, but also their overall role in the enterprise. “In the security and related risk fields, data comes in an unending stream from every device and direction,” says Martin Drew, president of iView Systems. Harnessing that data provides operational insights that create greater organizational efficiencies.  The investment in security is no longer just about protecting assets—but about leveraging those capabilities to create a financial return that is directly attributable to that investment. </p><p>Security practitioners have long competed at a disadvantage with other departments that made demonstrable connections to the financial bottom line. As the IT function became more integrated with security operations, the requirement to “make a business case” became the challenge for every upgrade or new investment.  But as Avi Perez, the chief technical officer for Pyramid Analytics writes, the best practices of business intelligence are not about making business cases, but about solving problems. </p><p>The iTrak® BI application was built explicitly for the security function and is rooted in just that—detecting anomalies in your data to to solve problems. The first and most obvious return on investment BI makes is in the reduction of manual security processes. Fully 76 percent of midsize or larger companies (more than 500 employees) relied on a manual processes for exception alert reporting from physical security systems as recently as two years ago according ASIS International research. Fewer than 30 percent of these same organizations had invested in business intelligence at that time. Considering that fully 71 percent of companies were using BI in some aspect of their operations as early as 2012, this represented a comparatively slow adoption rate by security practitioners. iView Systems committed to change these statistics with its iTrak® BI and found one of the most ready sectors to be the gaming industry. </p><p>“Casinos would spend as much as five days of every month just doing required manual reports,” says Giselle Chen, senior business intelligence analyst at iView Systems.  Automating that process can virtually eliminate that time requirement, improve the accuracy of reports, while speeding  the dissemination of the information to all identified stakeholders by simply scheduling the reports to run at whatever required interval.</p><p>“Several dashboards can eliminate virtually hundreds of reports and provide the ability to quickly drill down from the highest summary to as many established groups and sub-groups as required—even down to individual incidents,” says Chen. The investigation is not conducted through reams of paper, but by highly intuitive paths navigated by the simple click of a mouse. An international organization such as a hotel would be able to identify gaps in efficiency as the aggregate effect impacts the overall organization. Users can also expect a substantial decline in errors. While errors will always occur, through BI they can be addressed at a systems-wide process level and fixed once. With manual reporting, a certain persistent level of error exists mostly as occurrences at the incident report level. Training and active monitoring can help to reduce these, but human error is simply the cost of doing business with manual processes.</p><p><strong>Data Visualization: A New View.</strong></p><p>From this larger awareness, gaps can be explored and analyzed by specific regions, types of properties, or seasons of the year. This is the nature of how BI and analytics provide established reports and dashboards to raise situational awareness while providing ad hoc reporting to investigate the source of problems. Throughout the process, data visualizations depict the rows and columns of raw data in an intuitive format. Incident reports presented as bar charts immediately draw the eye to anomalies. Pie charts, heat maps and bubble graphs all create pictures that more directly engage the problem-solving capacity of the human brain. </p><p>By filtering out all the steps it takes to get from raw data to the dashboard display, BI software makes it easier and faster for end users to understand the information and how it relates to their department and operations using customizable data visualizations and dashboards.</p><p><strong>Showing the Big Picture as Well as Supporting Details.</strong></p><p>Another early win that has application in every security environment is reducing the impact of false alarms. “As much as 80 percent of any front-line security officer’s day can consist of responding to false alarms,” says Chen. The high rate of false alarms inflates the number of personnel required to guard a facility and can reduce the response time to actual incidents—increasing costs, while lowering efficiency. </p><p>With BI, supervisors have a real-time awareness of how their resources are allocated—where officers are dispatched, which officers are on break while distinguishing proprietary from contract staff and armed from unarmed officers. </p><p><strong>Self-Service business intelligence (SSBI)</strong></p><p>Self-Service BI enables business end users to rapidly design, deploy and analyze reliable data, at a relatively low cost to a business unit, with less dependence on IT.</p><p>“Reports are highly customizable and the training to use the BI toolset can take as little as 10 minutes,” says Chen. “Once a system is implemented, much of the data is already customized according to the requirements of the facility and the organization. The data, entered once, can serve many purposes without the burden of multiple entry in different systems. </p><p>From there end users can create and customize dashboards and reports with a simple drag-and-drop. This ad hoc capability to create new scenarios, combine disparate data sources and explore a variety of permutations and parameters of data are all part of a mature BI system that no longer requires extensive programming competencies. </p><p>The key to the success of iTrak® Bi is the fact that users don’t need IT experts by their side to work with the data presented in the dashboard. Users can access the dashboards, manipulate and analyze data and bring in other members of a team to work together on certain data analysis projects.</p><p><strong>Moving from Reaction to Prevention and Prediction</strong></p><p>The value proposition for BI in the security sector is not limited to creating efficiencies. Oft-cited in the industry literature is the capability for retail facilities to mine surveillance systems to better understand traffic patterns and position products with a data-driven understanding of their environment. Surveillance systems can also be used to monitor and enforce safety practices in warehouses and other environments where injuries are common. Access control systems and computer log-ins can provide international businesses with better awareness of how remote facilities are being used and create savings through fine-tuning HVAC systems and even reducing and increasing office footprints according to actual needs. </p><p><strong>A Look Ahead at BI.</strong></p><p>Data is the water we swim in today. We are creators and consumers of data and wielders of the intelligence it provides. The most substantial impact in 2017 will be the continued deployment of specialized BI platforms from analytic packages which come with an integrated set of tools, data schemas, business views, and predefined reports and dashboards that significantly accelerate the time it takes to get a BI solution up and running. </p><p>Packaged applications like iTrak®BI allow organizations to deploy BI on a small scale for a single department and then expand seamlessly to support other departments using the same model and platform, delivering a consistent view of enterprise information.  </p><p>BI will move increasingly to cloud deployments and mobile platforms with data security as the prime governor in the transition and the total cost of ownership will continue to drop and the realized return on investment will continue to grow quickly </p><p>Within a decade, the way we did business 10 years ago will be unrecognizable. The fundamentals of security and loss prevention will remain familiar, but how their function partners with other departments and contributes to the mission of the organization as a whole will be limited only by the imagination of the practitioner.</p><p>​<br></p><h4>Emergency Towers: The Case for Safety in K–12</h4><p><strong>By Talkaphone</strong></p><p>The perception and practice of security in primary schools around the United States changed one December day in 2012.  The tragedy that occurred at Sandy Hook Elementary School in Newton, Connecticut was a tipping point. Those charged with the security of K-12 school facilities across the country looked to their own charges with a collective sense of urgency. </p><p>“With everything in the media and some of the major events occurring, not only in our country, but also abroad, we’re coming to a better realization that some of these incidents could occur anywhere,” said Chief of Police Alan Bragg of Cypress-Fairbanks Independent School District in Texas.  </p><p>Cypress-Fairbanks is the third largest school district in Texas, providing education to more than 115,000 students in an area spanning more than 186 square miles. Eleven high schools, eighteen middle schools, and fifty-six elementary schools comprise Chief Bragg’s charge. </p><p><strong>Working with the District</strong></p><p>In 2014 the district passed a $1.2 billion bond, setting the stage for massive security, transportation, and infrastructure upgrades aimed at preparing the district for large-scale growth. With two to three thousand students added each year, just keeping up with growth is a primary challenge.</p><p>But Bragg, who came to Cypress-Fairbanks four years ago to start the police department, is ready for the challenge. He credits the school bond with empowering his team to create an environment that provides the best solutions to protect students, staff, and community members.</p><p>Key to those upgrades are 67 Talkaphone blue light emergency towers with call stations to be installed throughout the district. The blue light systems will be placed in strategic locations where the community tends to gather.</p><p>Bragg is not new to the advantages of Talkaphone. When he was leading police efforts at Spring Hill Independent School District, another large school district in Texas, Bragg credits a blue light system for saving a life when there was a medical emergency at a school athletic event. Because the blue light tower was integrated with the access control system, dispatchers were able to remotely open a door and give access to a life-saving automated external defibrillator (AED) system. Without that AED when and where it was needed, the outcome would likely have been different.</p><p>“When things go bad and an emergency occurs, sometimes cell phones aren’t available,” Bragg said. “Having that extra device out there could also be a lifesaver for us.” When response time is critical, the towers also offer the advantage of known location</p><p><strong>Installation Considerations.</strong></p><p>At Cypress-Fairbanks, the Talkaphone towers will be installed in centrally located areas where a lot of traffic is likely. Many of the schools are on what Bragg calls a “triplex”—a campus that includes a high school, middle school, and elementary school.</p><p>Each triplex will include a tower with a camera that will be placed in front of the high school, near a large parking area. Two additional camera-enabled towers will be placed near the athletics complex and in another central location.</p><p>Bragg’s goal is to place the towers where they can be accessible by almost everybody. Strategic sites have been identified across each of the Cypress-Fairbanks campuses and installation began in the summer of 2016.</p><p>While the shootings at Sandy Hook precipitated a far-reaching investment in security in schools around the country, the fact is, violence on K-12 campuses is a common experience. According to a report by the United States Bureau of Justice Statistics, Indicators of School Crime and Safety: 2015, there were 53 school-associated violent deaths from July 1, 2012 through June 30, 2013. In 2014 there were about 850,100 nonfatal victimizations at school, resulting in 363,700 thefts; and 486,400 violent victimizations, which include everything from simple assault to serious violence.</p><p>For Bragg, preventing these far more common threats is his day-to-day charge. That’s why his department functions just like any other police department, with round-the-clock monitoring and trained professionals on duty. </p><p>“It’s a 24-hour operation for our police department,” he said. “We monitor all our district burglar alarms and access control. Everything is handled by our police department.” </p><p>Soon Bragg will add those 67 Talkaphone towers to the list of tools his police department uses to secure the district’s campuses. He said he’s looking forward to the ability to turn on a camera at the device location and help diagnose a threat before arriving. Each of his blue light systems will allow the user to autodial directly into the Cypress-Fairbanks dispatch center.</p><p><strong>The K-12 Environment.</strong></p><p>Blue Light towers have been a staple on college campuses for decades, but have only recently begun to be deployed at primary and secondary school locations like those in Cypress-Fairbanks. The reasons are numerous, but Bragg and other industry experts think media coverage and heightened public awareness contribute to the pressure the public has begun to exert on its local schools.</p><p>Bragg said that it is not uncommon for him to receive a call from parents considering a move into the district. “Some of their questions revolve around crime statistics and if we’re safe,” he said. “Parents ask those questions now. It’s important to them.”</p><p>Today’s society is hyper-aware about security issues. Parents actively inquire about physical safety measures alongside the more traditional considerations such as class size and educational testing results. Those distinguishing factors ripple outward as successful schools create desirable neighborhoods which in turn drive local economies. To that end, the highly visible Blue Light towers are powerful symbols of security infrastructure. </p><p>While parental demands for greater protections are common, it is still unusual for school districts to have formally trained life safety professionals on staff such as Bragg at Cypress-Fairbanks. Life-long educators are not police and before investing in significant upgrades, it behooves schools to reach out to professionals that can conduct a thorough risk assessment and make thoughtful recommendations that will likely include both obvious and less-obvious security precautions. </p><p>Sometimes in budget discussions and even the occasional story in the media there will be a question as to how much security is actually needed. The plain fact is that the media does gravitate to school violence in ways that may raise fears out of proportion with actual risk. On the whole, K-12 schools are very safe places compared to the world that often surrounds them. </p><p>But school systems are legally accountable for a duty to protect students. This duty requires school officials anticipate potential and foreseeable dangers and take reasonable measures to safeguard children. </p><p>While secondary schools are the subject of a higher frequency of published negligence litigation, primary schools have a far higher proportion of judgements decided against them. Younger students are considered more vulnerable which places a higher duty of care on the school.  Ultimately, the decision will fall to a jury comprised of people who read the same media coverage of school violence. </p><p>Funding is the other obvious challenge. The simple fact is that most school districts are forced into making hard decisions with the budgets they are allocated. In such environments, it can be difficult to know where to start. </p><p><strong>Making Budgets Work.</strong></p><p>Bragg is quick to acknowledge these concerns, but believes parents and elected school officials will advocate for needed changes when they see the value in a blue light system. </p><p>“You can start with a basic device and you can get basic features that will enhance some of the security levels on your campus and then add other features as funds become available,” he said. “Sometimes picking a basic system to enhance security is a good first step. That’s important.”</p><p>Bragg adds that, in his years working with school districts, he’s witnessed parents mobilizing when the issue is important enough. “You’d be surprised how many times parents get together and say, ‘you know, that’s really great, I wish we had another one back behind the athletics fields’. Then they’ll do a fundraiser and car wash to help find the funds to make that school even safer,” he said.</p><p>Installing a Blue Light system, similar to those favored by Cypress-Fairbanks, doesn’t have to be a budget breaker and the return on investment is immediately felt in the deterrent factor created by the high visibility of the product. The towers, which stand more than 9-feet tall, can be modified to meet various needs and price points. Cameras, two-way broadcast systems, and even an AED can be stationed inside the tower. </p><p>The Talkaphone systems are built on an open platform that can be integrated with current standard communication systems and third-party vendors. This approach means that Talkaphone can easily be retrofitted into an existing environment without the need for numerous and costly upgrades—a major appeal for large and established districts like Cypress-Fairbanks. </p><p>The Talkaphone system operates on the standard Session Initiation Protocol (SIP), which means it will work with most major or modern Voice over IP (VOIP) phone systems on the market. Talkaphone devices can also send a digital output that can communicate with other central server systems, such as access control. This means that secondary or tertiary events, such as a lockdown or camera call-ups, can be triggered from the Talkaphone device. </p><p>Finally, mass notification capability is differentiator of the product, triggering notifications over the company’s Wide-Area Emergency Broadcast System (WEBSTM) to provide mass broadcasts and notifications that keep classrooms, offices, buildings, outdoor areas, and entire districts connected.</p><p><strong>Strategic Visibility.</strong></p><p>For Cypress-Fairbanks, the Blue Light towers are the most visible, public-facing, security upgrade to the campuses. Several other changes have been made behind the scenes to make the district a leader in securing its students. </p><p>VOIP phone systems are being installed this summer as are several new CCTV cameras—40 new cameras in each high school, 20 in each middle school, and 10 in each elementary. All of these upgrades work together to create a cohesive security program that provides the police department with the information and tools they need to do their jobs. </p><p>Equally important, however, is the fact that with the Blue Light system, each visitor to campus is empowered to keep themselves and their fellow community members safe. Even at night, Bragg knows that the towers will remain lit and visible and the only thing a user needs to do to find help quickly is push a button.</p><p>It is no accident that the Cypress-Fairbanks towers are placed in highly trafficked areas. “Our district is a very busy and active district with a lot of community involvement in the evenings,” said Bragg. For example, during the busy high school football season, the two football stadiums are in use from Thursday through Saturday during the week between late August and early December.</p><p>Bragg said that with a district as diverse as his, cellphones are not a given. Additionally, in events where quick intervention is required and first responders need to be called, the towers eliminate the hesitation that may come from not knowing what number to call.</p><p>At the end of the day, Bragg’s operational focus is strategic. “We’re being proactive and preventive,” he said. “Not a day goes by that we don’t talk about the safety and security of our staff, students, and facilities. It’s a priority for me and our district.​</p><h4>Cloud-Based Security Integration</h4><p><strong>By Team Software</strong></p><p>Without WinTeam, Jayson Yao believes he would have never landed one of his biggest customers. His company, 50 State Security Service, Inc., was seeking a government contract, and the client required customized billing. “The way that they needed their billing was the most complicated billing we had ever encountered. And because we were on WinTeam, we were able to furnish the detailed billing they needed,” Yao said. “It also had to match up to the biometric reports that WinTeam receives. If we weren’t on WinTeam, we couldn’t have complied with the invoicing.”</p><p>Yao, chief financial officer and vice president of 50 State, said his company was able to further cement the contract through an integrated customer self-service portal, which allowed the client to access 50 State’s officers’ schedules. “With the customer self-service portal, it was very easy for us to give them access to scheduling,” Yao said. “Without WinTeam, this would have been next to impossible to provide.” </p><p>WinTeam is an integrated, cloud-based software system developed by and for contractors in the building service and security industries. Developed by TEAM Software, it delivers financial, operations, and workforce management components to help streamline business processes and deliver a complete picture of profitability. Companies can leverage shared data from throughout their organization, and because it’s a cloud-based solution, data can be accessed from the office, home, or on the road. TEAM Software currently has nearly 400 clients in the United States, Canada, and the Caribbean, with hundreds of thousands of end users. TEAM Software is employee owned and focused on customer service. </p><p>Many companies choose TEAM Software because of the integration of the various components of its software. This integration helps reduce time and resources required to maintain various independent solutions, makes it easier to extract coherent information and reports from the overall system, and helps ensure compliance more efficiently. “We have everything from not only the operation side of the business and workforce management, but we also incorporate payroll and human resources and then tie it all to the backend, which is the general ledger for financial reporting,” said Jill Davie, TEAM Software senior vice president of client experience. “So having all of that information in one database and one system, where information flows seamlessly from one area to the next, is definitely the advantage of using TEAM Software.”</p><p>If companies are not using an integrated package like WinTeam, they may be using paper systems, spreadsheets, or unrelated software applications. Those systems may offer individual pieces like scheduling or payroll, but they will not be integrated with the backend general ledger. So then companies must purchase an additional accounting package and figure out how to make the various systems talk to each other. Companies may be working with multiple vendors, facing implementation issues, and struggling with ongoing costs and maintenance. </p><p>“WinTeam is focused on security companies, so their scheduling is really strong for that type of business,” said Betty Ritts, vice president of information technology at AlliedBarton Security Services. “It integrates compliance with it, so many of our officers’ licenses for various state requirements as well as armed licensing is integrated. Also, the scheduling is integrated with payroll and billing, so it keeps it all together. That makes it much easier if you have to go back and audit for a client. And there’s a lot of good bells and whistles to help us to manage the business.”</p><p>“We switched to TEAM Software because of the added versatility and added capability,” said Denis Kelly, executive vice president of Sunstates Security. He said his company made the switch in 2008 because of the integrated accounting, payroll, and scheduling functions that were offered, enabling users to run reports and analyze data. </p><p>In the end, businesses see a financial gain because they can get a complete picture of their profitability and make better business decisions, especially as they face shrinking margins and increasing competition. “It’s saving them time, making them more efficient, and getting them better insights into their business,” said Scott Gauger, TEAM Software director of sales. “There are a lot of different individual software solutions, but putting them all in a consolidated, integrated package—there aren’t that many out there.”​</p><p><strong>Integrated Features.</strong></p><p>WinTeam offers comprehensive financial and accounting management capabilities and allows companies to manage their workforce effectively with powerful scheduling tools. Companies can save time by creating weekly work schedules from permanent master schedules, then manage exceptions at a glance, like overlapping shifts, overtime, or compliance issues. The compliance tracker tool helps ensure that employees meet job requirements, like special licensing or training. Scheduling information is seamlessly integrated with accounts receivable and payroll, so companies can bill customers with accurate and timely information. The software also allows companies to track inventory and equipment issued to employees or jobs and monitor supply levels and costs. </p><p>WinTeam includes human resources tools to help companies administer insurance benefits in compliance with Affordable Care Act (ACA) employer regulations. Because timekeeping and human resources data is contained in one system, companies can easily determine employee benefits eligibility based on hours worked. In addition, all benefits and eligibility data is captured and available for ACA reporting and compliance. </p><p>Customers appreciate the many different features of WinTeam. For example, Barry Williamson, chief financial officer of GMI Integrated Facility Solutions, said his company finds the integrated system makes job cost reporting easier. “You can run an onscreen job cost on your computer, and there are drill downs to the source of every single number. So if accounts payable is involved, you drill down and see the accounts payable invoice that makes up the entry. If it’s revenue, then you can drill down to the customer invoice that makes up the revenue. You can drill right down to the daily time sheet through payroll to see where those numbers are coming from. It’s the same with inventory,” Williamson said. “Without even getting out of your chair, you can see every component that makes up the revenues and costs to see where you’re missing the budget or where you’re performing well against budget.”</p><p>WinTeam’s features work especially well in the security industry, where scheduling and licensing play such an important role. Companies can use the system to make sure officers are where they need to be at the right time and that they’re qualified for the job. Plus, the integrated mobile features mean information from WinTeam can be used by supervisors and officers in the field, in real time.</p><p>The personnel scheduling feature allows companies to track where they need to place officers based on their clients’ needs. In addition, workforce tools help managers ensure officers report to the site. With integrated time and attendance features, employees can clock in via telephone, biometric time clock or on their mobile device, and that timekeeping information is updated back in WinTeam from the field. Plus, the system will post alerts when officers do not report to duty. “They get a bird’s eye view of the entire operation, including all shifts that are currently active or will be active in the next hour,” said Mike Straub, TEAM Software senior vice president of software development. “They’re able to see all of the activity and all of the exceptions as they happen.”</p><p>Compliance has been a core component of WinTeam for more than 15 years. Companies can enter requirements at the job level, and then monitor whether employees have the proper licensing and training. When companies schedule employees for a shift, they can check to see if their licensing has expired. “The system will either warn or even not allow people to be scheduled based on that compliance,” Straub said. In addition, a compliance alert engine will allow companies to notify officers when licenses are coming due, so that companies can be proactive in making sure their officers have all that they need to be put in place. </p><p>Kelly, from SunStates Security, said TEAM Software has helped his company track compliance and training for its employees. “We have several hundred courses available for our people, from initial training to ongoing learning to customized courses,” Kelly said. “When someone takes a course, the challenge is tracking their results and ultimately seeing how they’re progressing as an employee. All of that information flows into WinTeam, so we can see everything from their initial background checks to when they’ve been hired and all the training they’ve completed.”</p><p>The mobile features offered by TEAM also work well in the security industry, allowing supervisors to access the information in the field so they can make good decisions about scheduling employees or finding the appropriate kind of employees to work. TEAM Software’s employee and customer self-service solution can be used on Android and Apple devices, with a downloadable app. Everyone in the company, from supervisors to employees, can use the app to see their schedules or retrieve their paystubs. And because most people are accustomed to using an app, it’s user friendly. </p><p> “With our mobile and web offering, we’re really trying to penetrate the entire organization of our customers. We want to bring our solutions all the way to the security officers, so the officers can benefit from receiving their paychecks through a mobile device,” Straub said. “We can even bring the technology to our clients’ own customers. They have customers who need to be able to access invoice information or other various operational types of information, so we’re continuing to improve our customer self-service capabilities so our customers can provide more information to their customers.” </p><p>Kelly said his company relies heavily on the mobile application, which allows managers to do quality assurance checks, compliance reports, and inspections in the field. Because officers have access to their schedules and paystubs on their mobile phones, those mobile features save time, which can be put back into improving customer service and growing the business.</p><p><strong>Roots in the Security Industry.</strong></p><p>TEAM Software was formed in the 1980s in Omaha, Nebraska. It all started when a building service and security contracting company was hunting for an integrated, industry-specific management system to help organize operations, streamline accounting processes, and provide insight into profitability. The company couldn’t find any existing solution that could do exactly what it wanted, so it put together a small team to build one of its own. Six years later, the team had developed the prototype for what is now known as WinTeam. Frank Labedz, the CFO and software project lead, realized that this unique solution could make a significant difference for other businesses, so he started a new company to offer the solution to other contractors.</p><p>Some 25 years later, TEAM Software still remembers its roots in the security industry. “We tailored the software around the security business, where what drives everything is your labor, your hourly workers. That drives your billing and your payroll, your margins and profitability,” said TEAM Software’s Davie. “So focusing our system around that piece of the software gave us an advantage in speaking the language of these companies—understanding that if you manage your labor and your workforce, that will drive your profitability and your success.”</p><p>Davie said TEAM Software actively promotes its product in the security industry, attending trade shows regularly and connecting with its customers face to face. TEAM Software also hosts its own annual conference for clients.</p><p>GMI’s Williamson said his company has taken advantage of the networking opportunities offered by TEAM Software. “TEAM’s yearly conference has evolved from a meeting that was basically sitting around in a hotel room to a large hotel gathering with hundreds of people. It’s come a long way,” Williamson said. “That environment is great to meet with people who are doing what you are doing and who have the same challenges as you do. It’s a good opportunity to talk with your peers.”</p><p>TEAM Software stresses not only its background in the security industry, but also its focus on customer service. The company became employee owned in 2007, with each employee owning stock in the company. The company was looking to reward its employees for all their hard work and wanted its employees to have a stake in the success of the company. And because they have a vested interest in TEAM Software’s success, they understand that they are only successful if their customers are satisfied. </p><p> “One of the key things we hang our hat on is great customer service, providing our clients with appropriate answers to their questions in a timely manner and following up on their needs,” TEAM’s Gauger said. TEAM Software offers a dedicated support department that answers customers’ calls, an implementation and education department that helps new clients, and ongoing training of existing clients for new products as they are brought out. </p><p>Ritts from AlliedBarton said TEAM Software listens to its clients. “Staff are very good about taking feedback and suggestions from their clients, especially when they’re going to change things or add new functionally. They’re very good about reaching out to clients for their input and brainstorming through things,” Ritts said. “They also stay on top of new things as they relate to payroll regulations, such as the ACA. And they let their customers know, so they’re a good source of information for their clients.” </p><p>The fact that TEAM Software is employee owned results in other benefits to its customers as well. “Our customers in the security industry know turnover and costs related to turnover. So being employee-owned reduces our turnover, which increases quality and efficiency and our ability to deliver,” said Straub. “We’re able to retain an amount of knowledge. Because that knowledge is not walking out the door every two or three years, we’re able to be a lot more efficient.”</p><p>By promoting a culture of strong customer service in the security industry, TEAM Software employees build strong relationships with their clients. “They’re more than a vendor, they’re a consultant,” Yao said. “They’re a resource that I use,  so it’s not only about how their software can help us. They have their finger on the pulse of the industry, so I can get feedback from them on the trends in the security industry.”</p><p><strong>Future Plans.</strong></p><p>Providing good customer service also means keeping abreast of changes in technology. TEAM Software made an early move to the cloud in 2001. While customers used to receive software and install it on their own computers, now most new businesses use the cloud, and more and more customers are coming to expect that type of service. The cloud makes it easier for companies to get on board, since they no longer have to purchase equipment like servers, install a network, and get everything up and running. </p><p>TEAM Software will continue to expand the technological capabilities of its software. “We’re on the cusp of bringing all that technology to a more central unified technology, meaning bringing our Windows application forward to be more of a Web-based solution,” Straub said. “That’s where our future belongs: trying to bring our entire set of platforms together as one suite of offerings so that it’s a more of a seamless and unified solution to all our customers.” </p><p>The company will also respond to the changing landscape, as the security industry sees more consolidation. “There are a lot of mergers and acquisitions happening,” Davie said. “Mid-size companies feel that they can market themselves to an acquiring company because they use our products.  Because we do have three of the top five largest security companies in the industry, some companies have felt that using WinTeam gives them an advantage in selling their business because they can integrate more seamlessly into the buying company if they use WinTeam as well.”</p><p>Davie said TEAM Software will continue to seek opportunities in the security industry and feels that there is room for growth. “It’s important for people to know we’re committed to the industry,” Davie said. “While we may consider branching out and offering our software outside of our niche markets down the road, we do not plan to turn our back on the security industry or leave that market in any way.”​</p><h4>Leveraging the Command Center Investment Enterprise-wide</h4><p><strong>By Christie</strong></p><p>Traditionally, command centers are considered part of the security operations domain. Cameras, intrusion detection systems, video and audio recordings, and alarms are just some of the security-related systems effectively monitored and managed in traditional command centers. </p><p>However, threats to an organization are not limited to physical security, and command centers can process data from a wide range of sources, offering risk mitigation throughout the enterprise. The ubiquity of IP-enabled technology, the increasing access to raw data, and the desire to minimize information silos expand the role of command centers. In this white paper, you will learn how investing in a command center can benefit the entire organization. </p><p><strong>Role Within an Organization</strong></p><p>For decades, certain industries have harnessed the power of a command center to support business operations beyond security. For example, telephone and data providers monitor outages, traffic, and data flow by region. Command centers are ideal for managing operations on waterways, highways, and public transportation networks. </p><p>In general, command centers enhance situational awareness, so events can be managed quickly and effectively. In the security world, that often means responding to physical threats. When a locked door is suddenly opened, an alarm sounds, and a streamlined response begins. </p><p>“In the old days a security guard would consult a notebook, saying, ‘What do we do when door number 32 is opened? Do we send a guard? Point a camera at the door?’” says Richard Derbyshire, CTS-D, consultant relations manager at CHRISTIE Digital Systems. Modern command centers offer an entirely automated environment. </p><p>“The response in the software is to trigger some form of alarm that then alters some aspect on the visual display,” Derbyshire says. “You have an intrusion detection, a connection outage in your security system, or some other abnormality. You also have an automated sequence to point a camera at the door, call up a series of response procedures, or display the scene of intrusion. </p><p>Command centers often feature a large-format, video display. For example, the screen might show a geographical map of a campus or a series of different images that change from green to red when an alarm status is triggered. The anomalous event is clearly registered by everyone in the room and—if required—elsewhere in the organization. What’s more, command centers provide flexible monitoring. Visual displays are networked; they can be monitored remotely, from a laptop, smartphone, or a backup command center. “The shared display within a shared space enhances understanding of what’s going on in the area you are covering,” Derbyshire says.</p><p><strong>Beyond the Security Budget.</strong></p><p>“Command centers are best applied when monitoring systems,” Derbyshire says. “Think of all the different entities in the world that can be construed as systems.”</p><p>Command centers are valuable tools for securing physical assets, but they also provide situational awareness that extends beyond security, mitigating risks, and safeguarding business processes. “Command and control environments are used for multiple aspects of the business, on both the commercial side and the government side,” says Ronald Willis, a senior associate at Shen Milsom & Wilke, LLC, an international technology and acoustical consulting firm.</p><p>For example, a command center can monitor the IT network across the corporation. “It has some aspect of security,” Willis says, “but the cyber guys are doing security. This is network or content monitoring,” he adds. “You might be a software development firm working on a video wall so that everyone can see it and track progress.” </p><p>Integrator Dan Gundry, a senior control room specialist at Vistacom Inc., agrees.  According to Gundry, one of easiest ways to leverage a command center is to integrate IT and physical security. “It provides the ability to leverage the same content to achieve the same goal—protecting the organization’s business interest and its people,” Gundry says. “We’re seeing the integration of both IT and physical security to leverage that investment, leverage the space, and bring operations into alignment.”</p><p>Providing everyone with a common operating picture improves responsiveness and decision-making by assimilating all the right data, Gundry adds. “When you take that concept and you move it beyond, you’re still talking about having the right info at people’s fingertips in a highly functional way.”</p><p>Derbyshire points to universities, which often integrate security functions within their data communications network command centers, either locating them in the same space or in adjoining spaces. “The security command center function is incorporated into the data network design because so much of the security system is an IP system,” he says. “If you lose a part of your IP system, you lose a part of your security system.”</p><p><strong>Supporting the Global Workplace.</strong></p><p>The command center environment also supports global business and information sharing. “If you’re working on a project in Abu Dhabi and you have to talk to an engineer in Chicago, you can do a Skype call and talk to them while sharing content over the network,” Willis says. “That information can be deployed and displayed on a virtual surface, or video wall surface. Whether you have a three-foot-square array or a 10-by-12 foot video wall, it’s still a virtual surface. You can do anything you want on that surface.”</p><p>Willis prefers the term “multi-array deployment” to command center, because the purpose of the technology and the way it is implemented can vary so widely. “I have a customer that has three different conference rooms, and they all have video walls in them,” he says. “They have different size arrays but the main purpose is to be a conference room or multipurpose room.”</p><p><strong>Growing Trend.</strong></p><p>Experts say that command center technology is being used in more building-wide applications, particularly in emergency management, emergency operations, and other specialty buildings where it’s important to have flexible content. While these organizations may have a command center or control room, information must also be sent to breakout rooms, conference rooms, war rooms, and managers’ offices. “Using CHRISTIE’s Phoenix platform as the backbone for video sharing across the enterprise, and within a building, is becoming more commonplace,” Gundry says.  </p><p>Command centers have a greater breadth of scope in an IP-enabled world, because a broad range of devices can be monitored. “Walk into a big building and, in your mind, peel away the finishes,” Derbyshire says. “Look behind and ask, ‘Why does that elevator go to the right floor every time? Why does the escalator stop and start when it’s supposed to, and how are the temperature and humidity controlled?’ They are all systems, and they can all be monitored and controlled by a central network.” </p><p><strong>A Case Study.</strong></p><p>When Ohio’s Hamilton County Emergency Management and Homeland Security Agency (EMA) upgraded its facility nearly three years ago, it was looking for a system that was flexible and reliable. “Unlike a lot of security centers, we’re not stagnant,” says Steve Siereveld, the organization’s operations manager and emergency operations center manager. “Most of the time when we looked at security centers, they had the same 20 or 30 displays up all the time,” Siereveld adds. “We switch wall layouts as the incident dictates.”</p><p>The EMA coordinates emergency response to all natural and manmade hazards in Cincinnati, Hamilton County, and 12 counties in three states (Ohio, Kentucky, and Indiana). However, its emergency operations center is a 24/7 “warm” facility, which means it is not always occupied. “It’s nothing for weeks and weeks,” Siereveld says. “But when something happens it’s a million miles an hour right out of the gate. We need something that’s quick and responsive.”</p><p>In 2014, the EMA purchased the CHRISTIE Phoenix—a network distributed open content management system for simultaneous encode, decode, and display of AV data—to use with its street and river camera system. Phoenix captures the camera feeds and brings them into a full HD video wall of 32 CHRISTIE Entero high-brightness 67-inch LED cubes. </p><p>“We’re constantly changing and redrawing the screen, and the screen redraws are quick,” he says. “We didn’t need something that took a minute to change screen layouts; we needed it to take a couple of seconds.”</p><p>While the center is equipped to help operators react to large-scale emergency incidents—caused by weather or terrorism, for example—Siereveld says the EMA has not experienced such an event for a few years. Instead, the center is used on a regular basis for planned events throughout the year, like firework displays over the Ohio River; Taste of Cincinnati, one of the nation’s largest street festivals, and the 2015 MLB All-Star Game. </p><p>The organization also uses the operations center for meetings, simulations, exercises, drills, and national homeland security classes. Human resources even uses the facility for employee testing. “There aren’t many places where you can find 54 computers in a room,” Siereveld notes. “They might put a PowerPoint up or just put a timer up on the video wall.”</p><p>Regardless of its use, the command center is a steadfast tool for the EMA. “From a user comfort and the reliability level, CHRISTIE’s technology has been very advantageous for us,” Siereveld says. “With our old system, it was older technology and sometimes it would work and sometimes it wouldn’t. With our current system, I don’t feel the need to fire things up two or three hours ahead of a meeting. I’m comfortable turning it on five minutes beforehand, knowing it will work.”</p><p>From an investment perspective, Siereveld says, “You can’t put a dollar tag on a life.” But he acknowledges that the CHRISTIE system saves the EMA money. With the old system, if a part broke, it had to be ordered from Japan and might take as long as three months to replace. Replacing bulbs cost approximately $50,000. “With the all LED, there’s one moving part, and we have no real maintenance,” Siereveld says. “Also, we have one set of spare components, and we can field swap them. If we do lose a display we can pull a module out and replace it. We’ve never had to do it, but we can if we need to.”</p><p><strong>Conclusion.</strong></p><p>With today’s networked systems and IP-enabled world, command centers can do more than alarm and video monitoring. In the security world, command centers focus primarily on situational awareness of the physical environment. They improve responsiveness by providing all operators with the same picture and positively impact decision-making. The security investment of a command center can now be leveraged throughout the enterprise—to enhance communication, secure supply chains, protect business interests, and contribute to the bottom line.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/corporate-security-assessments.aspxCorporate Security Assessments<p dir="ltr" style="text-align:left;">​At Concurrent Technologies Corporation (CTC), a Johnstown, Pennsylvania-based research and development company, the security staff developed a tool that keeps senior executives informed on critical questions. Adapted from U.S. government assessments used in Iraq, the tool was adapted to CTC’s security environment. CTC, which provides physical security for laboratories and industrial facilities, protecting more than a thousand employees, contractors, and visitors, has used KPA assessments to measure and strengthen its corporate security function since 2009.</p><p dir="ltr" style="text-align:left;">This article describes a tool for communicating important security program performance information to CEOs and those who advise them. The tool is adapted from an assessment methodology developed by U.S. and British military officers and U.S. Department of State representatives building Iraqi civilian police capabilities from 2005 to 2007. Aligned under the Multi-National Security Transition Command – Iraq, the team directed recruiting and training programs, advised Iraqi government officials, and managed delivery and distribution of vehicles, weapons, and police equipment. By 2006, the team had developed a series of metrics that identified the most important aspects of those processes and tracked progress toward specific goals established by senior military commanders. The aspects deemed critical to overall mission success were termed key performance areas (KPAs). Monthly assessments of KPAs were presented to senior military commanders and resource adjustments were often based on the monthly assessments, team recommendations, and subsequent discussions.  </p><p dir="ltr" style="text-align:left;">The reliability and usefulness of the tool increases over time as key staff become familiar with it and trends become evident.  The tool is flexible – any relevant factor may be captured in the methodology. Assessments can be conducted monthly, quarterly, or annually. </p><h4>Defining KPAs</h4><p dir="ltr" style="text-align:left;">The following paragraphs offer an example of how to define and implement a KPA process. It is important to begin with a common understanding of terms used in the assessment. The security manager must carefully define each KPA for his or her particular security environment.  Capacity, for example, may be based primarily on the number of staff members in one instance and on data storage in another case. Senior executives routinely work with risk management and strategic planning concepts, and will quickly grasp essential points when those concepts are used within a security context.  </p><p dir="ltr" style="text-align:left;">Information presented to top executives should identify and define the KPAs and metrics used in the assessment. The security manager should then provide an assessment of the overall security program, followed by a drill down assessment of each KPA. Senior executives will want to know why a problem exists and how the company can help solve it. To help answer those questions, ratings and values may be projected for upcoming time periods based on security projects being planned, new policies being considered, a program or requirement ending, or other anticipated changes.    </p><p dir="ltr" style="text-align:left;">The security assessment model considers five KPAs: capacity, strategic planning, compliance, risk management, and efficiency.</p><p dir="ltr" style="text-align:left;"><strong>Capacity:  </strong>The ability to support routine workload, anticipated surges, personnel screening and onboarding, sensitive document and material storage, and special projects.  </p><p dir="ltr" style="text-align:left;"><strong>Compliance: </strong> Current conditions or ability to meet corporate, client, and program security specifications such as intrusion detection and assessment, visitor processing or throughput standards, government security classification guides, material handling plans, or other security-related guidance.</p><p dir="ltr" style="text-align:left;"><strong>Risk Management:</strong>  Balancing security concerns with threats and other business processes; providing leaders with accurate and useful information for risk management decisions.</p><p dir="ltr" style="text-align:left;"><strong>Efficiency: </strong> Providing value added to the corporation; return on security investment; delivering vital services at low cost.</p><p dir="ltr" style="text-align:left;"><strong>Strategic Planning: </strong> Existence of an approved, viable, resourced plan to help ensure Security initiatives support long term corporate objectives.</p><p dir="ltr" style="text-align:left;">Good management decisions are often based on quantifiable results or an expected return on investment. Effective assessment models will present information and recommendations in the way decision makers are accustomed to seeing them for other key areas such as production, advertising, or sales. In competitive business environments, managers will either improve or abandon areas deemed to be floundering, inefficient, out of compliance, or unhelpful to the organization’s long term interests. Security managers must be clear about the scale used to indicate relative strengths and weak areas. CTC executives are now accustomed to seeing a series of charts indicating the current status of the overall program as a single color: green, yellow, or red. The color is followed by a detailed assessment of each KPA. CTC uses the following simple relative values scale.  </p><p dir="ltr" style="text-align:left;">1- Red - Low or unacceptable; warrants immediate attention </p><p dir="ltr" style="text-align:left;">2 - Red or Yellow - Marginal; adverse trend</p><p dir="ltr" style="text-align:left;">3 - Green or Yellow - Meets standards or requirements</p><p dir="ltr" style="text-align:left;">4 - Green - Exceeds standards or requirements; positive trend</p><p dir="ltr" style="text-align:left;">5 - Green -  Far exceeds standards or requirements</p><p dir="ltr" style="text-align:left;">This simple system of color codes and numerical values along a relative scale enables the security manager to easily communicate important trends and messages to senior executives.  The staff member, security manager, or committee making the assessment must have first-hand knowledge of actual program performance and be ready to provide supporting information for each subjective determination.   </p><h4>KPA Sub-Areas</h4><p dir="ltr" style="text-align:left;">The KPAs are broad topics or concepts comprised of sub-areas that must be identified and evaluated against set standards or requirements. While an overall corporate program or particular KPA may be assessed as green, certain problems and adverse trends may warrant executive level attention. Drill-down information should support the overall assessment for each KPA, especially when the organization is underperforming or when added resources or a major policy change may be needed. Potential KPA sub-areas for a corporate security program are listed below and may be tailored to fit specific situations and organizations.</p><p dir="ltr" style="text-align:left;"><strong>Capacity</strong></p><p dir="ltr" style="text-align:left;">--Availability of expertise in applicable security disciplines (operational security, physical security, industrial security)</p><p dir="ltr" style="text-align:left;">--Secure storage and facilities</p><p dir="ltr" style="text-align:left;">--Ability to support business proposals, conduct investigations, handle visit requests, or respond effectively to unanticipated workload</p><p dir="ltr" style="text-align:left;"><strong>Compliance</strong></p><p dir="ltr" style="text-align:left;">--Results of audits and inspections, including self-inspections</p><p dir="ltr" style="text-align:left;">--Number and nature of security incidents such as procedural violations and data spills </p><p dir="ltr" style="text-align:left;">--Meeting security-relevant contractual commitments</p><p dir="ltr" style="text-align:left;"><strong>Risk Management</strong></p><p dir="ltr" style="text-align:left;">--Conducting security risk assessments (analyzing threats and vulnerabilities)</p><p dir="ltr" style="text-align:left;">--Mitigating known risks through process improvements and funded projects</p><p dir="ltr" style="text-align:left;">--Keeping senior executives informed on security issues</p><p dir="ltr" style="text-align:left;">--Including security stakeholders—directors of human resources, contracts, information technology, legal department, and others—as part of a collaborative team</p><p dir="ltr" style="text-align:left;"><strong>Efficiency</strong></p><p dir="ltr" style="text-align:left;">--Proprietary or contract guard force operations</p><p dir="ltr" style="text-align:left;">--Access controls</p><p dir="ltr" style="text-align:left;">--Monitoring or surveillance of sensitive areas</p><p dir="ltr" style="text-align:left;">--Inventory shrinkage/property losses</p><p dir="ltr" style="text-align:left;">--Visitor processing functions</p><p dir="ltr" style="text-align:left;">--Security training and awareness programs</p><p dir="ltr" style="text-align:left;">--Screening and on-boarding new employees</p><p dir="ltr" style="text-align:left;"><strong>Strategic Planning</strong></p><p dir="ltr" style="text-align:left;">--Establishing security objectives and milestones aligned with corporate values and goals</p><p dir="ltr" style="text-align:left;">--Providing resources to achieve short term, mid-term, and long term objectives</p><p dir="ltr" style="text-align:left;">--Maintaining organizational relationships and assessing evolving security threats and trends in relevant market areas</p><h4><br>Develop Metrics</h4><p dir="ltr" style="text-align:left;">A handful of reliable, relevant, and easily maintained metrics should provide the bedrock for any organizational performance assessment. Measurements and recorded data should be included or relied upon whenever possible. Average visitor throughput, number of trouble calls received, the number and nature of security violations, inventory loss rates, security overtime hours, and client or employee feedback are examples of measurable factors which may support periodic assessments and indicate positive or adverse trends. </p><p dir="ltr" style="text-align:left;">If information taken from multiple site locations or departments, the security manager must ensure a common approach is used in determining what events or data to include. Site A may record a vendor delivery as a “visitor” while Sites B and C may count those events simply as a “delivery.”<br></p><h4>Conduct the Assessment</h4><p dir="ltr" style="text-align:left;">Quantifiable metrics must be validated with a solid understanding of internal processes and supplemented with the security manager’s more subjective determinations based on experience and personal observations, along with feedback from other departments, key program managers, his or her own staff, and clients. The aim is to periodically review each KPA and assign a specific value or rating for that performance period.  </p><p dir="ltr" style="text-align:left;">Security should design charts displaying an overall KPA assessment. For example, security should be prepared to explain lapses in performance along with recommendations for fixing the problem. If the security manager will not have opportunity to speak directly to senior executives, accompanying notes or flag words should be included with the assessment to convey supporting information and recommendations. For example, clarifying notes accompanying a KPA assessment on capacity could indicate that product shipment delays are affecting the availability of storage space for high-value inventory.  </p><h4>Getting Results</h4><p dir="ltr" style="text-align:left;">The risk management KPA has been particularly useful at CTC in advocating security initiatives to keep pace with evolving threats and client concerns. Decisions taken during program reviews and discussions among C-suite executives led to new Web-based security training, a consolidated security policy manual, special events promoting security awareness, a structured approach to handling suspicious e-mail, annual vulnerability assessments for sensitive facilities, and projects to upgrade or refresh electronic security systems. The increased emphasis on risk management processes, along with buy-in across departments and at all levels led to improved performance on compliance inspections and significant reductions in security violations.</p><p dir="ltr" style="text-align:left;">Focusing attention on the efficiency KPA helped foster CTC processes for purging old documents and electronic media containing sensitive information. Accountable document inventories were reduced by 30 percent in two years, saving thousands of dollars in overhead costs and reducing the risk of information loss or compromise.  </p><p dir="ltr" style="text-align:left;">Effectively implementing KPA processes over the long run also resulted in CTC receiving the highest possible rating on two consecutive security compliance audits conducted by U.S. government representatives in 2012 and 2014, enhancing CTC’s business reputation.        <br><br>The most productive and beneficial KPAs will present concise, accurate and relevant information to those who must balance security, financial, operational, and technological risks, along with strategic factors such as human capital and market trends.  Consistent use of a methodology such as KPA assessments will help security professionals build long term credibility and confidence among senior executives. Periodic assessments also give senior executives added opportunities to steer the security program and ensure it stays in step with long term organizational goals and values.        </p><p dir="ltr" style="text-align:left;"><em>Ronald R. Newsom, CPP, is senior director, enterprise security for Concurrent Technologies Corporation, of Johnstown, Pennsylvania.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465