- Corporate Security
- Governance, Risk and Compliance
- Information Security
Petter Melau is no stranger to technology projects. His role as Corporate Manager within the 600 person IT department means that when it comes to strategic security related projects, he and his team have been around the block a few times.
Petter has been with BHSF for 10 years and leads a team of seven Project Managers on the Business Solutions & Support Team. This team is, among other things, responsible for management of security related IT projects. Their operation has two core priorities; selection and implementation of new systems or upgrade and support of existing systems.
There was a realization internally that BHSF’s existing incident management system was not going to cover the needs of the security department. BHSF is organized into nine different entities and each entity has its own security department. Each entity security department, along with departments such as Emergency Preparedness, Risk Management, Audit & Compliance, Insurance, Privacy, and HR & IT have representation on the BHSF Security Council, where initiatives like these are coordinated. The ‘stakeholders’ for security had a number of requirements that needed to be met; and Petter’s team was tasked with leading this group to make sure they went through the correct process to select, justify, and implement such a system.
The BHSF project team captured common requirements across the different entities. These were:
BHSF was working with an incumbent system for their security related incident management needs. However, while this application was effective for other parts of the organization, it could not support their needs as it related to dispatch, investigation, integration, and future mobility requirements. As such, it was eliminated from the evaluation.
Petter, along with Frank Lago from the Business Solutions & Support Team, started to work with the business stakeholders to evaluate alternative vendors. BHSF has a sophisticated IT department; they have defined process and methodology for selection of new systems. Of the nine different entities in the enterprise — hospitals, urgent care, etc.— each had security requirements and needed input and consultation. The goal was a common platform for all of the entities.
BHSF went through an RFP process. They found potential partners through industry shows and consulted IT analysts. They narrowed down the list to two finalists. As part of their due diligence process, they conducted reference calls, and “went deep down in technology” as Petter would say, mapping out the infrastructure and reviewing product demonstrations. They presented their recommendation— Perspective—along with their internal ROI justification, before seeking final approval.
As a final step in the process, the BHSF project team created an Internal ROI justification document. The consensus among the Security Council was that they needed a reliable, easy-to-use, not laborintensive, cost effective application, allowing for growth and compliance within BHSF.
The savings of having this unified system could be significant over time, however as an immediate consequence, the quality of safety and security associated with Baptist Health South Florida would be greatly appreciated through:
The implementation process took approximately six months, starting with a kick-off in January. The kick-off involved: planning, building out the system, testing, and system training.
The end user training was performed by Petter’s team in a phased approach, entity by entity. BHSF had 300 users to train across a number of facilities and entities. With each entity having its own security department, there was a specific sensitivity to the change management aspect of the rollout.
Each Security Officer received a four-hour class. The security department leadership had a full day class, which touched on other aspects of the software, such as reporting.
BHSF sees about 1500 activities per week. These activities get reported by “SECOM”, a centralized command and control center that is staffed 24/7/365. When an activity occurs, a SECOM Communication Officer coordinates the response with onsite Security Officers.
Some of these activities close out without being escalated. Other activities, based on pre-determined categories, queue up an auto-generated assignment within Perspective for onsite Security to generate a detailed Incident report. Of the 1,500 activities per week, approximately 100 become incidents.
With Perspective, the level of reporting is much more standardized. Utilizing SOP’s with Activities ensures a standardized response, and through pre-established workflow it ensures a standardized level of incident report writing. This forces the issue of creating a report and ensures that data is captured about each incident. This is essential for analyzing metrics down the line.
In a recent example of how Perspective has helped policy enforcement, Petter refers to the latest Ebola scare: “Ebola was obviously a huge issue in the U.S. We had a defined procedure to track Ebola alerts. Incidents would get escalated to a task team. We reported any related activity in Perspective”.
“We are constantly receiving feedback from our security leadership and are meeting monthly with our Perspective workgroup for follow up. The feedback is uniformly positive. They are getting timely access to data, reports and trends”. One particular benefit centered on reporting and visibility is in relation to communicating what security does for the organization. “We’ve been able to justify our Full-time Equivalents and hiring recommendations. We have key metrics like the number of interactions per officer, per entity. We can see the trends graphically down to the hour of the day so that we make smarter staffing and scheduling decisions”.
In terms of advice, Petter immediately turns to the product training and roll out. “This took a big toll on us internally. While Perspective is easy to use, training 300 people who may not be comfortable with software was not a small task. Maybe we would have done it differently”. Petter would also suggest doing the integrations upfront.
Next steps with Perspective include integrations to BHSF’s Risk Management system, Access Control system, and Video Surveillance system. Baptist also has a pilot program beginning that will equip officers with mobile devices for incident and activity tracking.