Top 5 reasons to validate your security program

Dec. 7, 2015
Taking a look at the bigger picture can help you realize potential areas of improvement

The security measures you invest in are not final solutions. The appropriateness of your security measures, as well as the effectiveness of your entire security program, must be continuously monitored and validated.

—Bob Hayes, Workplace Security Playbook, Chapter 3

Why Bother?

As one security practitioner said to me: “I already know what my security program is about. My company has already approved it, and we’re doing a good job with it. Why should I bother ‘validating’ our program? I don’t really have anything to prove to anyone. I just have to show up and do my job. It seems like a lot of bother for not much gain.” This is why I hate the word “validate.” It just makes the wrong impression.

What Makes a Valid Security Program?

We hear a lot about monitoring security programs, and there are books about that, but we hear next to nothing about validating them.

There are many synonyms for “valid,” and here are some that apply: accepted, authoritative, defensible, effective, justifiable, official, proven, qualified, relevant, robust, substantiated, successful, viable, well-supported and well-founded. You could say that these are key attributes of a sound security program.

The trouble is that “validate” is a horrible word to use, because that word in itself conveys nothing about the value of any actual validation exercise. But I can’t find a better word, so we’ll use it.

Five Reasons

Here is what practitioners have said about validating their security programs. By validating your program, you will:

  • Learn the true strengths and weaknesses of your program
  • Be able to better articulate the value of your program
  • Know how to increase the stability of your operations and reduce your stress
  • Be a more effective security advocate
  • Be a better mentor to your people

There are more benefits, of course, but these are the ones most commonly reported.

Why It Works

This may seem like an awful lot of benefit for performing a “validation” and it is. The reason that it gets such great results is because you already know a lot about your program, security and your organization. In performing the validation, you get to connect more dots. You get to see around corners that daily activities keep you too busy to see. Your “bigger picture” gets sharper, and you gain greater insight into how to accomplish the things you want to achieve.

A validation provides official “thinking time” in which you get to examine your role and the role of your security program from perspectives that shine a new light on situations, relationships, opportunities and possibilities that just weren’t obvious before. It’s a great first step in increasing the effectiveness and efficiency of your security program.

The nicest thing about it is that you get to do what you often want to do but normally never have the time to do: stop and think for a bit. However, in this case it is guided thinking that is focused on specific results. Each validation perspective is designed to help clear off your windshield, put a little more air in your tires, sharpen your rear view mirror, add some power to your engine, and give you more control from the driver’s seat you are already in.

So let’s get started with "How to Validate Your Security Program: Part one."

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (, a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (

Follow him on LinkedIn:

Follow him on Twitter: @RayBernardRBCS.

(Image courtesy Frazao)
Whatever your program’s history is, and whatever improvements you have in mind, reviewing the current situation helps ensure that all steps going forward are well-placed steps. More importantly, it provides a baseline against which you can evaluate your managerial and supervisory role and the burden that role places upon you operationally. If the burden is excessive, that must be corrected before you embark on any significant improvements. Going forward, security program improvements must be designed to make your job easier.