Identifying and Defining Security Stakeholders

Jan. 27, 2009

Lean is the systematic elimination of waste from all aspects of an organization’s administration and operations, where waste is viewed as any application or loss of resources that does not lead directly to value that is important to the customer and that the customer is willing to pay for. That means both what the customer wants and when the customer wants it.

We can view Security’s customers from two perspectives: the roles and responsibilities that they have, and the security benefits they receive. The roles and responsibilities aspect is important because it determines how we should communicate to our various security customers, based on enabling and influencing them to perform their roles in security, even if that role is a simple one, such as using an access card to gain entry to the facility. It is also important because fulfilling their roles and responsibilities as employees, managers, contractors or partners is the way that security’s customers “pay for” the security that they receive. If they do not see or understand the value of security or are not happy about how much they have to pay for it (i.e. how much trouble they have to go through for security), they may choose to bypass security, such as by tailgating to enter the facility.

While some individuals in our organization pay for security by allocating or approving security project funding, the majority of individuals pay for security by fulfilling their roles and responsibilities, and that is critical to establishing sound security throughout the organization. Due to the importance of the roles that our personnel play in security as well as the benefits security provides to them, we refer to the security’s customers as stakeholders.

Security Stakeholders Exercise
In last month’s column we started with the creation of a personal Lean Journal, and a first exercise of identifying the security stakeholders. Why perform this exercise? There are many benefits for security staff and officers as well as for security managers and directors who perform it. It helps to start with a small group first and then expand out using the results of the first exercise to refine your efforts. Begin at the highest level of security and work down, such as the headquarters or regional level for large organizations, and security manager, staff, supervisors and officers at the site level. Here are some of the benefits of this exercise:

• Transfers knowledge and insights from more experienced personnel.
• Shares knowledge between shifts and functions.
• Can reveal security value not immediately apparent to security personnel.
• Expands security personnel awareness of the value of their jobs.
• Increases sensitivity of security personnel to security stakeholders’ concerns.
• Provides a check on the effectiveness and scope of security personnel training.
• Helps to reinforce the common purpose and build camaraderie.

In last month’s column we presented these questions for identifying security stakeholders:

1. Who depends on security performing its functions?
     4 What Security functions is the stakeholder dependent on and why?
     4 What are their expectations of Security?
   4 How do they rate Security’s performance (in general terms)?

2. Who has a role in the performance of security functions?
   4 What role in security does the stakeholder perform and why?
   4 How do you enable them to perform that role?
   4 How do you influence their performance?

In one stakeholder exercise, a security officer summed up these questions as:

• What do they expect of us?
• What do we expect of them?

A helpful approach is to have an initial briefing in a small group (6 to 10 people) and begin considering and answering these questions. Then have the participants go off on their own to finish answering them, and follow up by submitting their answers in writing. These can be reviewed as a group, either by sharing printed material or by reading selected portions of the responses.

It is important to realize that this exercise is a developmental one. By that, I mean that it has the effect of expanding the awareness of the participants and in many cases changing their thinking in ways that will positively affect their job performance and their interactions with security stakeholders. It also orients the thinking of security personnel. Do not be surprised if you continue to get feedback for weeks after the initial exercise. Be sure also to capture those insights when expressed verbally and ad hoc.

Next month’s column will provide some example feedback from the stakeholders exercise. If you would like to contribute your insights or suggestions, please email them to me at [email protected].
  
Derrick Wright, CPP, is the security manager for Baxter Healthcare, Cherry Hill, N.J. With more than 19 years of progressively higher management experience in a highly regulated pharmaceutical manufacturing environment, he has built a converged security program that focuses on top-of-mind business issues as well as technology interoperability to support improved business processes. Derrick is a member of the Security Executive Council and the Convergence Council of the Open Security Exchange (OSE), where he provides insight and direction for working group activities.