Typically when industry leaders step up and lead, good things happen.
When ASIS International announced that it had identified Enterprise Security Risk Management (ESRM) as a strategic priority, it was doing exactly that—stepping up as a leader.
In their statement, ASIS International was direct and to the point, reminding us that “…ESRM is both a philosophy and a management system that recognizes that security issues should not be stove-piped. It is a risk-based approach to holistically managing the varied security risks in an organization through the application of globally established and accepted risk principles.”
Go holistic or go home
While security disciplines have their specific concerns and realities, the organization as a whole and the threats from all sides need to be considered to properly manage risk. In fact, when security issues are viewed in silos, the overall security program is only as strong as the weakest silo.
This new ASIS initiative will hopefully help in countering a trend in certain security service segments where commoditization has been diminishing the overall value of the security program. When a security program is considered holistically, price for service cannot be the only factor determining vendor selection because such an approach only weakens parts of the overall program, and thus creates an exploitable link. One could argue that this approach is typically taken when “non-security” people have too much influence on the purchase decision.
Data beats back commoditization
To counteract commoditization, security departments must have data at their fingertips on how they impact the business as a whole. In keeping with an ESRM approach, this data requirement covers all aspects of the security program, including silos that have not been seen traditionally as key contributors to an overall security program, such as security guard service companies (arguably the most commoditized silo of them all!).Considering how much security workforce technology has evolved (TrackTik comes to mind), adopting such a platform to support data-driven SLAs, KPIs, and the TRA process as a whole should be a natural step in the ESRM approach. (Another option is choosing a guard company that uses such a platform at all service locations.) The power of the analytics modules of the leading platforms allows frontline security staff to contribute in a direct, measurable manner to the ESRM process. The data they generate often reveal threats affecting multiple disciplines—another great reason to get rid of the stovepipe!
Security becomes a strategic concern
Considering the abundance of cameras—body-worn, handheld, and traditional—chances are that any security incident caught on camera will be distributed through traditional and social media channels. Furthermore, with security garnering the sort of attention that it does globally, the C-suite relies increasingly on its security leadership for consideration of the big picture, brand impact, and business continuity. With the creation of board-level committees focused on risk and governance, security oversight has evolved from a purely operational concern to a strategic business one.Given a global economy bringing threats from many sources and security incidents impacting the business as a whole, the need for an ESRM approach becomes imperative. If security leadership wishes to continue contributing proactively to the protection of corporate value, then all security disciplines must speak the language of business—namely data, data, data, and data trends.
Are you responsible for reporting the metrics of your security program to senior management? Are you running a security company and wondering how to optimize your service offering? If so, then please reach out to us at [email protected].