The security program strives for continuous improvement and to be self-sustaining, self-governing and self-moderating in line with Six Sigma principles. Use of Six Sigma is an example of the value of reaching outside the security “comfort zone” to consult with people who have business degrees or who are quality professionals.
“By definition, continuous improvement means that the job is never really done,” Charlow says. “We never stop striving to be better than we were yesterday. If you don’t embrace that mindset, it is hard to keep improving.”
Emphasizing processes over individuals and striving for consistency are strategies to eliminate the negative impact of human-element variables. “Leadership is important, but predictability and sustainability and consistency are critical to what we have accomplished,” Charlow says. “It is not dependent on a single person filling out a form every day — it is a system that drives people and becomes a predictable model for future outcomes.”
Support from the Top
Charlow acknowledges the contributions and support of Lawrence and Schlehr. “You have to be able to define the business plan at the C-level and help them understand,” Charlow says. “It is important that security be driven from the top down. You can have the most passionate security leader in your business, but the chief executive also must see the importance and criticality of it.”
Management should routinely consult with security for guidance on the front-end of a business decision to avoid negative consequences on the back end, he adds. Equally as important, Charlow says security organizations should look inward and seek to achieve consistency in all operations.
“Let’s not criticize each other — let’s figure out a program that can enable our environment,” Schlehr says. “Let’s sweep our own porch…this kind of work is more a calling than a job.”
Bob Hayes is Managing Director of the Security Executive Council. He has more than 25 years of experience in security, including 8 years as the CSO at Georgia Pacific and 9 years as security operations manager at 3M. The Security Executive Council is aproblem-solving research and services organization focused on helping businesses effectively manage and mitigate risk. To learn more, visit www.securityexecutivecouncil.com/ste.