The Corporate Security Network’s core thesis is that the impact of security on business performance and staff output continues to be inadequately understood, both across industry sectors and internationally.
By investing management attention on the contribution of security to business performance, shareholder value can be increased for the operation as a whole.
Benefits of membership
Membership of the Corporate Security Network is select. In the first year, members have included ADT, Barclays Capital, BT Property, Cancer Research (UK), GSK, Lloyds TSB, PricewaterhouseCoopers and Reliance Security Services. In addition to the intrinsic networking benefits of being members, these organisations have also benefited from privileged access to leading practitioners at exclusive discussion seminars.
Those practitioners have included:
How organisations manage risk
As well as accessing these first class seminars, members also selected and guided a major research project on the organisational management of risk. The work served to illustrate the breadth of risk now covered by leading facilities managers.
For example, the terrorist threat encompasses collateral damage, and impacts on managers’ ability to operate their buildings. It affects business continuity. Then there’s IT sabotage. In a similar vein, extremist groups can target individuals, make plans to assault executives, damage premises and intimidate visitors. An impact on the brand is possible.
In terms of information security, any policies put in place have to be balanced with operational business needs. Burglary, vandalism and theft are always a possibility. Staff vetting and screening is another area. Illegal workers need to be pinpointed – if a company is penetrated by organised crime then severe reputational damage may result.
Penetration vulnerabilities in relation to access control must be mitigated, while client confidentiality must always be at the top of the information protection agenda. Flexible workers are an issue, so too fraud. The latter may be low risk, but the potential for organised crime threats exists nonetheless.
The project showed that different sectors manage security and risk in a totally different way. Two models were assessed, namely central and business unit control. In the former grouping, security tends to be policy and strategy-led, with direction from the centre for mandatory actions. In the second grouping, facilities management tends to be operational and led by group and individual business units.
Risk analysis and modelling
Some organisations use risk modelling while others undertake very little risk analysis (other than physical surveys). One company studied uses an assessment profile-based model to identify which locations are most at risk. Being aware of the threat, knowing where it is and what the impact on the business would be if it materialised are the key issues for them.
This variability in risk management is also reflected in how information is used in risk assessments. Some practitioners manage risk and are led by qualitative data. Others are led by quantitative data. The former approach tends to provide reactive solutions, the latter defensive solutions. Some business sectors share data, while others do not.
Another finding of the research was the apparent lack of interaction and contact between physical security management and IT. That separation can extend right up to Board level. A typical division of responsibilities is physical, IT, fraud and business continuity. The advantage to Corporate Security Network members is the fact that some of them can see they share common problems. Others, armed with answers, were prepared to disclose them to other Network members.
Year One: a success… what next?
The Corporate Security Network’s first year has been a huge success. Members have built on their own Continuing Professional Development. They have also learned of the variety of risk management approaches.
What next? We will again be offering our half-day seminars for members on key security themes. Future issues to be discussed include internal communication for security awareness, relations with Human Resources and what we might learn from offenders.
We will also be carrying out research – guided by members – on areas such as the impact of infiltration by organised crime on major businesses.
