Lean Security

Getting lean on security operations


How do I begin?

Here are two immediate steps to begin your Lean Security Operations journey:
1. Create a Lean Journal. This can be a paper journal book or a Word document. In it, record your initial thoughts and questions about what has been presented in this column, the July article and the two online sidebar columns (SecurityInfoWatch.com/STandDextras).
2. Perform a Stakeholders Exercise. To think about customer value, you have to know who your customer is. Security’s customers are the security stakeholders. To identify the stakeholders ask these two questions:
• Who depends on Security performing its functions? This is the first category of stakeholders — people who depend on critical assets (including critical business processes) that are protected by Security. Employees as a general class are dependent on having a safe and occupiable facility. For each type of stakeholder, answer these questions:
• What Security functions is the stakeholder dependent on and why?
• What are their expectations of Security?
• How do they rate Security’s performance (in general terms)?
• Who has a role in the performance of security functions? This is the second category of stakeholders — it will include security staff; management decision-makers senior to security; non-security personnel (employees, contractors and visitors); heads of business units, divisions and departments. It is a responsibility of all managers to see that the people in their charge follow security policies and procedures that apply to them. What role in security does the stakeholder perform and why? How do you enable them to perform that role? How do you influence their performance?
Record the answers and your thoughts in your Lean Journal. Next month will examine how Security’s customers “pay for” security, and how this differs from the typical customer role in Lean Manufacturing.

Derrick Wright, CPP, is the security manager for Baxter Healthcare, Cherry Hill, N.J. With more than 19 years of progressively higher management experience in a highly regulated pharmaceutical manufacturing environment, he has built a converged security program that focuses on top-of-mind business issues as well as technology interoperability to support improved business processes. Derrick is a member of the Security Executive Council and the Convergence Council of the Open Security Exchange (OSE), where he provides insight and direction for working group activities.