|Starting the New Year On the Right Foot|
|By William Sturgeon|
When was the last time your organization did a comprehensive “Operational Review” of your security policies and procedures? While many organizations conduct paper reviews to satisfy oversight agencies, very few conduct actual “Operational Reviews” to assess “Operational Functionality” of the policies and procedures.
Throughout my career I have conducted numerous “Security Audits”. During many of these audits I found that many organizations had wonderfully written policies and procedures, but they were operationally impractical.
My definition of “Operational Review” is where the staff, first line supervisors, and management select security policies and assess them to determine the following:
For years I have been a strong proponent for “Operationally Functional” policies and procedure because policies and procedures are the administration’s mechanism for informing its people how it wants the security operation to function.
Ambiguous, vague, and/or wordy policies and procedures can leave large loopholes for “line staff” to interpret the “true” meaning of the policy, and what procedures they must follow. However, I admit that there may be situations where the line staff must use their own initiative to manage the situation. My concern is when the “line staff” has to employ their “own means” to fulfill their duties and responsibilities,. …. the “exception becomes the rule”.
When the “exception become the rule”, the administration really DOES NOT know what is going on within its security operations.
It is a new year, a fresh beginning therefore, take this opportunity to start “TODAY” to put together a team to conduct an “Operational Review” of your security policies and procedures. At the end of the process, all involved will have:
Policies and procedures are the written guidelines, approved by management, that instruct the staff on how to perform their duties and responsibilities. Insuring that the staff follows them is the job of management and supervisors.
Keeping security policies and procedures up-to-date and “relevant “ is not an easy job but one that must be done. The time to find out a security policy or procedure does not work or that the staff does not know how to implement it is not during an emergency!
I hope all of you have a Happy and Secure New Year!
Mt. Sturgeon is a decorated Vietnam veteran who served with the 101st Airborne Division.
Visit the Bill Sturgeon page
Other articles by Sturgeon:
IN CASE YOU MISSED IT