4 New Year’s Resolutions for Security Directors
As we start the New Year, most of us have personal and professional goals to which we aspire. For security professionals, we recommend the following resolutions to help make 2018 a successful, uneventful one for your organization.
1. Update and test the business continuity plan (BCP). Beyond the dangers of a national emergency, every organization needs a current, robust plan to recover from a crisis. In recent years, companies across the country have experienced disruption from weather emergencies. Advances in cloud computing and increasingly remote workforces are two developments that can have a dramatic impact on a BCP. The breakneck pace at which technology continues to transform business practices makes annual review and testing of BCPs more important than ever. Today, the plan should include procedures that apprise organizations of employees’ whereabouts—particularly when key personnel are traveling. Putting a plan on paper is not enough; companies need to conduct a tabletop exercise and drill at least annually.
2. Establish (or enhance) an active shooter policy. Every company should have at least a basic policy that is communicated to employees. The U.S. Department of Homeland Safety publishes a guide that organizations can use as a starting point. In reviewing the active shooter policy, security directors need to keep in mind that the threat has increased. More shooters are forgoing handguns in favor of assault weapons. By the time police arrive, the assault is typically over. Contingency plans should include safe rooms where employees can retreat. In addition, organizations need clear guidelines regarding who closes and locks the door and when. Similar to BCPs, active shooter plans should also be tested annually with a combination of tabletop and live drills.
3. Ensure vendor compliance with internal screening standards. Many organizations have strict background screening standards for their employees but don’t extend those requirements to vendors that provide contract or temporary personnel. As some companies have learned through repeated incidents and infractions, external partners may perform minimum screening to fulfill a vague contractual obligation. Outline the basic requirements for vendor background screenings in the security policy. At a minimum, service agreements should include this specific language. Preferably, the host organization should identify a trusted third party to ensure consistent screening standards for all on-site personnel.
4. Perform penetration testing at key locations. While security protocols may appear iron-clad on paper, most are surprisingly easy to overcome. Resolve this year to put access control to the test: inspect perimeter fencing, check for blind spots in CCTV monitoring. Internal personnel can conduct preliminary testing, but organizations should consider contracting a qualified third party for unbiased reporting. Testing should focus on vulnerable entry points, testing the physical, human and technological aspects of the security program.
For information on how Sunstates Security can help your organization implement these resolutions, call 866-710-2019 or email us.
Security Operations Centers: More Accessible than Ever
As technology becomes more sophisticated, more affordable and more compatible, an increasing number of organizations are developing security operations centers, or SOCs, to support their security programs. In fact, Sunstates Security has partnered with companies to manage these command centers both locally and internationally.
Benefits of GSOCs
No longer restricted to spy thrillers and global mega-corporations, SOCs allow small-to-medium enterprises to leverage technology in expanding their security capabilities, while reducing headcount.
• Universal protocols. Managing security operations from a SOC makes it easier for large companies to apply security standards across their organizations. Controlling access from a central location, for instance, reduces the need to rely on individuals to follow company protocols. SOCs can help ensure that every facility adheres to the same procedures and benefits from the same level of security expertise.
• Improved asset control. Many companies use these centers to provide additional layers of asset control. Local employees are trusted to do the right thing, and technology provides verification. For example, some companies track high-value shipments with GPS technology. Geo-fencing the route sends an alert if the vehicle travels a specific distance off course, and SOC personnel can contact the driver and offer assistance, if needed. Similarly, SOCs can support employees traveling to high-risk countries by providing information on demonstrations or other incidents that could affect their safety.
• Remote monitoring. Technology integration has significantly increased the capabilities of SOC operators. In addition to monitoring an airplane hangar, for instance, to prevent tampering with corporate aircraft, security personnel can interact with individuals on site. In some cases, SOCs have allowed the remote identification of intruders, who ultimately left the facility before causing damage. Other operators have witnessed medical emergencies and directed responders to provide assistance.
• Real-time intelligence. Some sophisticated organizations have built briefing rooms adjacent to the command centers. If a major incident affects a company or one of its operating regions, executive teams move to the briefing room, which duplicates many of the monitors and other equipment in the SOC.
Additional Considerations
In developing and supporting SOCs for client companies, we’ve seen some common misconceptions. Frequently, organizations tend to overestimate cost savings from reduction in security personnel, while underestimating the risk of information overload.
• Lower headcount, higher skill level. Beyond the expense of creating the SOC, these sophisticated centers require highly skilled operators with specialized training. Security departments are “doing more with less” in terms of personnel, but these positions command higher pay, better benefits and increased training. At some locations, for instance, operators complete between 80 and 120 hours of one-on-one training before they enter the SOC.
• Less is more. Many organizations want to fill an entire wall with monitors, allowing command-center personnel to view more areas at once. However, operators can only absorb so much information. A more efficient practice is to support primary monitors with secondary monitors. If an incident occurs, the relevant images are transferred to the primary screens.
Thinking of creating a SOC at your organization? Sunstates Security can help you optimize a control center from a security perspective, in addition to arranging tours of active SOCs. Call us at 866-710-2019 or email us.