Over the past month, as the extent of the impact of COVID-19 became known, corporate security teams became very busy working on continuity plans, assisting in the move to remote, and keeping sites secure in the face of additional (and particularly in healthcare – extreme) disruption. Here are three projects that corporate security teams should undertake to contribute to an organization’s overall business continuity plans.
1. Process Documentation and Refinement
Think about how critical processes and workflows are documented. Are they up to date? How accessible are they to the rest of your team or key stakeholders?
Many companies, including Resolver, use company wikis to help make updating process documents easier. Wikis can be kept open for anyone to update or at least visible to the rest of the organization so that employees can point out discrepancies or errors. Due to the flexible nature of wikis, it is also helpful to be able to track all the changes that are being made in case an improper change has been made.
Documented process greatly helps with onboarding and improves the clarity between teams thereby improving collaboration. In the time of a crisis, having a clear place to go to see what should happen is a lifesaver. Things you may want to include:
- Process flows
- Role and job descriptions
- System manuals
- Standard Operating Procedures
2. Data Audit and Clean Up
There are a lot of causes for poor data quality including lack of front-line training, inconsistent naming conventions, overly complex or unintuitive systems, and lack of time or oversight. No matter how you get there, everyone can benefit from better quality data.
Think about whether or not there are ways to streamline the number of system fields and incident categories your system has. If you don’t need to capture all this information and the data doesn’t help your team make better decisions, then think about removing some of these fields. We’ve found that the more information you ask for from the person responsible for inputting the data, the less diligently it will be recorded. If you can’t answer the question “what do we use this data for?”, then you should think about simplifying.
3. Analytics & Reporting
Most in-application reporting is great for day-to-day work, but even some of the best security solutions are not designed for extensive data exploration. Spreadsheets and pivot tables are helpful, but it’s almost always best to use a purpose-built BI (business intelligence) solution to help you understand all your data.
Some data points that security teams should be examining include see how incident volumes vary by region, location, or even time of day. See if you can find correlations between location and incident types and then find think about ways to mitigate the issue. If you track any activities, see if there is a correlation between activity and incident levels. If you do site audits, is there a correlation between audit scores and incident numbers? What about by reporter? Is there a difference between the number of incidents reported by people that should have roughly the same numbers? Particularly, if you notice that there is a big difference in the mundane incident types, like slip and falls, that may highlight a data entry gap.