Providing Service to Improve Security
AT ONE LARGE manufacturing facility, employees were required to wear and display a badge while in the building. But if employees forgot their badges, they were allowed to check out a temporary badge for the day. The company’s proprietary security officers became frustrated with this situation. The officers argued that there should be repercussions for employees who forgot their badges.
Some officers thought that employees should be forced to retrieve their permanent badge from home. It was expected that such a tough policy would lead to tighter security and greater compliance with policy.
The security manager decided to test that theory. He enacted a policy requiring that all employees had to have their permanent ID badges to enter the facility. The results were surprising. Making the process more difficult did not improve compliance. Instead, employees who forgot their badges began sneaking into the facility to avoid having to go back home and retrieve their IDs.
As a consequence, many employees with no identification were now wandering the halls, making security’s job much more difficult and jeopardizing the integrity of the facility in the process. It turned out that, by making it relatively easy to get a temporary badge, security could ensure that employees checked in and got an ID of some sort. Also, the interaction necessary to get the badge allowed security staff to tell employees why bringing and wearing their badge was an important aspect of maintaining the overall security of the company.
This is a clear example of how a service-based approach can add value to the security function. By looking at the process from a customer perspective, security can better meet the needs of the employees while still maintaining the security of the organization.
The time and effort required to implement a service-based security model will vary greatly from one organization to the next depending on the staff’s willingness to accept change. The following steps will help smooth the transition. They include: setting clear expectations, explaining policy thoroughly, making officers aware of corporate culture, and conducting training.
Expectations. Because security is so often viewed from an enforcement perspective, an officer’s perception of what the job entails does not always match up with a service approach. Frequently, even simple definitions must be refined to ensure that both parties understand the expectation clearly. For example, simply telling a security officer to be professional can be misinterpreted. Some security officers, especially those with a law enforcement background, tend to interpret the word “professional” to mean military or police-like. However, a businessperson is likely to define the word to mean being courteous and businesslike.
This difference in expectations can result in frustration on the part of both the management team and security staff. It may also increase animosity if management feels that directions are not being followed while staff members feel they are being reprimanded for doing what they were told.
Once expectations are established, they must be monitored, managed, and adjusted as theories are put into action. Many times, expectations established in the planning phases of an operation do not fit neatly into real-world operations. Officers must be able to notify management when policies are not meeting service-oriented goals, and they must be at liberty to propose solutions to those problems.
For example, in one organization, a new patrol procedure was implemented by management. While on paper there seemed to be adequate time for a security officer to make a complete round and return in time to provide relief for the next officer to begin, this did not work. Issues such as travel time between locations and the need to secure areas within the facility took longer than originally planned, causing delays at almost every transition.
The security staff tasked with implementing the new procedures quickly realized this and was able to bring it to management’s attention. Security officers were able to suggest a different order for locking down some areas and moving administrative tasks to slower times of the day. These adjustments made it possible for the security officers to complete the rounds in the time allotted, and that facilitated a smooth transition to the next shift.
By focusing on service, the officers were able to adjust their expectations to meet the challenges of the new situation. For this to work, however, security staff had to be comfortable providing feedback on the new processes, and management had to be willing to receive and analyze the feedback and either make adjustments or explain why adjustments would not be made.
Explanations. In order to enforce policies, security officers must not only know what the policies are, they must know the reason behind them as well. If ever questioned about why a rule exists or why an employee or guest must follow a policy, the officer should be able to answer intelligently.
For example, a security officer might need to tell an employee who has plugged an MP3 player into a company computer that this is a violation of corporate policy. The employee might ask why. Instead of responding with “because it is company policy,” the security officer should be equipped to address the underlying question, because that will help the employee want to adhere to the policy in the future. So the officer might explain that MP3 players and other removable media can contain viruses or malware that could infect the corporate network.
Culture. Security personnel can better serve the customer if they understand the culture in which the business operates. When officers fail to understand the culture, security can be relegated to outsider status instead of being seen as part of the business team.
For example, the culture at many high-tech companies is informal, and the executive staff prefers to be treated like other employees, while at financial companies, the culture is often more formal and rigid. It is inadvisable for a security officer to say “Good morning, Bob” to an executive if the rest of the company only refers to him as “Mr. Smith.” Conversely, even the most patient executive at an informal company is going to eventually tire of reminding security staff that he is “Fred,” not “Sir” or “Mr. Jones.”
Another key component is for security to understand the business and its objectives. How an officer interacts with customers should depend not only on organizational culture but also on the type of business the organization conducts. Security officers need to understand that it might be common for an engineer or Web designer to be in the office at 3 a.m. to work on an idea that came to him or her in the middle of the night. However, security should know that it might be suspicious for someone in finance to arrive at that time of the night. Without understanding the business, security might not provide adequate service to the engineer or might not pay enough attention to the odd behavior of that finance person.
Training. Training helps foster service-oriented security. Training does not necessarily have to be complex or labor-intensive, nor does it have to be specific to security. Perhaps security officers could be asked to attend a class on business writing instead of, or as a supplement to, a class on report writing. This type of training broadens the officer’s horizons and helps him or her see that the security team is part of the business function.
Training should also include instruction on the effect of security functions on the organization. For example, if a report writing class is held, the training should include a module about what happens after the incident report is written. Training should demonstrate how the report will travel throughout the organization and who will see it along the way—a vice president, the CEO, legal counsel. With this in mind, officers will be more inclined to produce a quality product that will represent them well outside of the department.
Training efforts should not be limited to classroom activities. Some of the most effective and least costly training that can be provided are tabletop exercises and spot training by supervisors.
Spot training can be as simple as a supervisor posing a scenario-based question to security officers and helping guide them through the correct response. An example of this would be the supervisor asking a security officer to explain the badge policy or how to handle another situation one of them might encounter at their current post. This type of training requires very few resources and allows the officers to visualize how a situation will affect them in the performance of their job rather than how things should be done in theory.
Because of the nature of security, the enforcement element will always be present. However, by looking at situations from a customer perspective, security staff can better align their services with their company culture and customer expectations.
Ken Sousa, CPP, is physical security manager for L-3 Communications, Systems West, in Salt Lake City, Utah. He is a member of ASIS International.