At the Frontline: A Q&A with Unisys Director of Corporate Security Eileen Wieber

Unisys' Eileen Wieber discusses enterprise-wise operations, crisis management, and explaining ROI to corporate executives


Wieber: Today's environment is a very difficult one, to say the least. Our employees are the most important assets we have and we do have a global presence. Having a global presence, we do have staff to assist our employees overseas and we use our local teams to advise and escort employees. We offer travel advisories to all employees globally. Any employee traveling to what is deemed a high-risk area is given both oral and written briefings on the area they are visiting. We also provide things such as emergency evacuation procedures, local contacts, third party emergency response providers, and accommodations for added insurance when required.

SIW: What kind of crisis management plan have you developed, and can you give our readers some pointers or questions to ask when they are developing their own crisis management plans?

Wieber: Crisis management plans are kept very close to the vest, so I'm unable to share details. I believe our plans reflect best business practices in the industry. The plans are always live documents; they are constantly reviewed and updated.

Some things to consider when creating a crisis management plan are the following:

The crisis can be tiered based on pre-determined parameters such as business impact, employee impact, location and size of facility. These things can be scaled and then tiered for appropriate response.

A team needs to be created regionally and/or locally and the team may differ based on the severity of the crisis, or which tier it falls into.

The team should include members from different disciplines within the company in order to have a well-rounded approach to the response. It should include representatives from general counsel, security, facilities, human resources, communications, finance, IT and possibly the operating unit affected. Each discipline will have their roles and responsibilities for the crisis predefined.

It is also suggested that -- on a predetermined basis -- the crisis management team be challenged with a crisis "table-top" exercise to work through so they know how to handle a real crisis, should it ever occur.

We also have created an automated system ? designed inside our company through our IT group -- called FINS, which stands for Facility Incident Notification System. We have created a database for global contacts in the event that we would have an incident at one of our facilities. All 450 facilities are covered under this system with contacts from all the different disciplines in the database specified to each and every facility. If a FINS alert is issued, all the appropriate contacts are simultaneously contacted via a pager or text message to their cell phone, and the team gathers and quickly discusses resolution.

SIW: With 450 facilities and operations to secure, what are you doing to develop an enterprise-wide solution to security?

Wieber: The roll-out of security standards and programs has been risk driven. The ideal situation is to get involved at a new facility from the beginning, including the location selection process. Communication has been the key factor; security directors should be letting management know what standard practices are and where to go to with questions. We cannot communicate enough in this area.

One way we have communicated is by the creation of a security/safety course that all employees will be required to take. It was initially required by employees in a limited number of countries, however, we plan on finishing the global rollout in 2005.

We have also put into place an approval process so that anywhere in the world, if a purchase is made regarding security it will come to my office for approval. This allows for visibility as to what different locations may be attempting to do with their own security. By knowing this, we can then advise them on whether their approach is meeting corporate standards.

We have categorized our sites based on parameters such as geography, business operations, size of facility, etc. and the parameters are scaled to come up with a final rating. The rating determines what minimum security requirements are necessary at that particular facility. All facilities have been rated and the high-risk facilities have been given priority for security audits and assessments. The sites are then audited to determine if they indeed have what is required.

The bottom line is communication, communication, communication. A consistent flow of communication keeps us successful in global management. We have come a long way, but we still have some work to be done.