Make sure to consider your organization’s needs and your corporate culture as you decide how to roll out your new program. In some organizations, you may need to take small steps instead of large strides based on the appetite for change in the organization or based on financial resources. In some situations, you may want to roll out the whole new program in a year, and in others you may want to begin instituting individual policies or implementing new systems one-by-one, to slowly build up to the bigger changes. Some executive teams may want to see immediate, short-term results. Test the temperature of the organization and set realistic goals. If you try to outpace the appetite for change in the business, you risk an early failure that will lose you the confidence of your management and your staff.
The Work Is Never Finished
Do not neglect to monitor and evaluate what is being done. Make sure what you have implemented is working by instituting performance metrics, conducting regular employee surveys and scheduling regular briefings with stakeholders.
Karl Perman is manager of corporate security programs for a large energy company and a member of the Security Executive Council community.
Marleah Blades is senior editor for the Security Executive Council, a risk mitigation research and services organization for senior security and risk executives from corporations and government agencies responsible for corporate and/or IT security programs. In partnership with its research arm, the Security Leadership Research Institute, the Council is dedicated to developing tools that help lower the cost of security programs, making program development more efficient and establishing security as a recognized value center. For more information about the Council, visit www.securityexecutivecouncil.com/?sourceCode=std.