Lean Security: Achieving Sustainable Results

Only a few companies achieve sustainable results by permanently and completely transforming themselves. Many companies practice lean, but never truly internalize it as part of their basic code. Your lean transformation journey must begin with an understanding and acknowledgment of lean’s true principles. It is the only way to drive behavior and set in motion the process for true change. Your beliefs will drive your behaviors; your behaviors will drive your actions; and your actions will generate results.
The beautiful thing about lean is that it’s really common-sense stuff. When you really dissect it, the key principles of lean should be what all of us are about.

What is Security’s Job?
The job of security is to reduce security risks to acceptable levels at an acceptable cost, in a manner har­monious with the business. Lean Security is a highly effective set of tools and a way of thinking that can help you do just that within your security function.

Establish Standardized Processes and Procedures
The establishment of standardized processes and procedures is the greatest key to creating consistent performance. It is only when the process is stable that you can begin the creative progression of continuous improvement. The work of developing standards begins early in a lean implementation and is a common thread throughout the development of lean operations. The creation of standardized processes is based on defining, clarifying (making visual), and consistently using the methods that will ensure the best possible results.

Standardization is not applied as a standalone element at specific intervals. Rather, it is part of the ongoing activity of identifying problems, establishing effective methods and defining the way those methods are to be performed. And it is driven by people, not done to people. People doing the work understand it in sufficient detail to make the biggest contributions to standardization.

Standardization is a Waste Elimination Tool
Developing standardized work is the first step. It not only provides a standard way of doing the task, but the process of doing the analysis will reveal the waste that should be eliminated as part of developing the standardized work.

When standard work is developed and security personnel are properly trained, regular audits are needed to check on whether the standards are being followed — and if not, why. Security personnel should be encouraged to suggest changes that will improve the process and be reflected in revisions to the standardized work.

Once standards are developed, the standard condition should be visibly displayed (where possible) so deviations from the standard will be obvious. Visual indicators become powerful tools only when used for visual control, showing the contrast between the standard and the actual situation. Following the standard as defined “clears the clouds” and improves flow and overall performance.
Companies that successfully implement lean place a high importance on the use of visual controls to support the adherence to standards. Make it visual!

Reflect and Learn from the Process
Begin by “walking the flow” with your current state map in hand. If you have begun implementing improvements and have established some defined connections, you have created standards as well. Begin to envision the future state and to draw the defined connections on a future state map.

A New Standard Requires a Learning Period
It is not uncommon to see a slight drop in performance as people adjust to the new method. Do not rush to “go back to the old way.” Continue observing to ensure that the method is being followed as planned and that any minor adjustments are made immediately.

If you would like to contribute your insights or suggestions, please email them to me at Derrick_Wright@Baxter.Com

Derrick Wright, CPP, is the security manager for Baxter Healthcare, Cherry Hill, N.J. With more than 19 years of progressively higher management experience in a highly regulated pharmaceutical manufacturing environment, he has built a converged security program that focuses on top-of-mind business issues as well as technology interoperability to support improved business processes. Derrick is a member of the Security Executive Council and the Convergence Council of the Open Security Exchange (OSE), where he provides insight and direction for working group activities.