Corporate Security

How BHSF Manages 75,000 Security Related Activities Each Year with Resolver

Employees in IT
Security officers & personnel
Activities per week


Petter Melau is no stranger to technology projects. His role as Corporate Manager within the 600 person IT department means that when it comes to strategic security related projects, he and his team have been around the block a few times.

Petter has been with BHSF for 10 years and leads a team of seven Project Managers on the Business Solutions & Support Team. This team is, among other things, responsible for management of security related IT projects. Their operation has two core priorities; selection and implementation of new systems or upgrade and support of existing systems.

Incident Management in Focus

There was a realization internally that BHSF’s existing incident management system was not going to cover the needs of the security department. BHSF is organized into nine different entities and each entity has its own security department. Each entity  security department, along with departments such as Emergency Preparedness, Risk Management, Audit & Compliance, Insurance, Privacy, and HR & IT have representation on the BHSF Security Council, where initiatives like these are coordinated. The ‘stakeholders’ for security had a number of requirements that needed to be met; and Petter’s team was tasked with leading this group to make sure they went through the correct process to select, justify, and implement such a system.

Selection Process

Step 1: Define requirements

The BHSF project team captured common requirements across the different entities. These were:

  • Secure a platform to capture the security-centric aspect of incident reporting for risk management.
  • Standardize security incident reporting, recording, workflow, dispatching, and investigation management processes across all entities.
  • Intelligently action and query the data for trending, risk mitigation, and planning activities.
  • Use our knowledge about what is happening and where in order to deploy effective safeguards that reduce incidents and loss.
  • Effectively communicate with first responders involved in an event (police, fire, government agencies).

Step 2: Determine if incumbent system CAN support requirements

BHSF was working with an incumbent system for their security related incident management needs. However, while this application was effective for other parts of the organization, it could not support their needs as it related to dispatch, investigation, integration, and future mobility requirements. As such, it was eliminated from the evaluation.

Step 3: Start an RFP Process

Petter, along with Frank Lago from the Business Solutions & Support Team, started to work with the business stakeholders to evaluate alternative vendors. BHSF has a sophisticated IT department; they have defined process and methodology  for selection of new systems. Of the nine different entities in the enterprise — hospitals, urgent care, etc.— each had security requirements and needed input and consultation. The goal was a common platform for all of the entities.  

BHSF went through an RFP process. They found potential partners through industry shows and consulted IT analysts. They narrowed down the list to two finalists. As part of their due diligence process, they conducted reference calls, and “went deep down in technology” as Petter would say, mapping out the infrastructure and reviewing product demonstrations. They presented their recommendation— Resolver —along with their internal ROI justification, before seeking final approval.

Step 4: ROI Justification

As a final step in the process, the BHSF project team created an Internal ROI justification document. The consensus among the Security Council was that they needed a reliable, easy-to-use, not laborintensive, cost effective application, allowing for growth and compliance within BHSF.

The savings of having this unified system could be significant over time, however as an immediate consequence, the quality of safety and security associated with Baptist Health South Florida would be greatly appreciated through:

  • Better analysis of information and events, increasing their ability to develop security and response policies and procedures throughout BHSF.
  • Increased opportunities to educate individual departments or BHSF staff in general, depending on identified trends.
  • Increased interfaculty security collaboration which promotes transparency and a standardized response to issues that occur.
  • A reduced duplication of efforts with respect to similar or recurring incidents within the various entities. (This was made possible by Resolver’s ability to communicate with other applications being utilized, such as Fast pass, Prowatch and Lawson).
  • Reports to the Risk Management Department contain more security relevant data to properly categorize or identify trends that can result in decreased legal fees or settlements over time.
  • Enhanced privacy and compliance benefits by identifying trends via unified reporting.

Implementation Experience

The implementation process took approximately six months, starting with a kick-off in January. The kick-off involved: planning, building out the system, testing, and system training.

The end user training was performed by Petter’s team in a phased approach, entity by entity. BHSF had 300 users to train across a number of facilities and entities. With each entity having its own security department, there was a specific sensitivity to the change management aspect of the rollout.

Each Security Officer received a four-hour class. The security department leadership had a full day class, which touched on other aspects of the software, such as reporting.

How Resolver is Used

BHSF sees about 1500 activities per week. These activities get reported by “SECOM”, a centralized command and control center that is staffed 24/7/365. When an activity occurs, a SECOM Communication Officer coordinates the response with onsite Security Officers.

Some of these activities close out without being escalated. Other activities, based on pre-determined categories, queue up an auto-generated assignment within Resolver for onsite Security to generate a detailed Incident report. Of the 1,500 activities per week, approximately 100 become incidents.

Benefits & Results

With Resolver, the level of reporting is much more standardized. Utilizing SOP’s with Activities ensures a standardized response, and through pre-established workflow it ensures a standardized level of incident report writing. This forces the issue of creating a report and ensures that data is captured about each incident. This is essential for analyzing metrics down the line.

In a recent example of how Resolver has helped policy enforcement, Petter refers to the latest Ebola scare: “Ebola was obviously a huge issue in the U.S. We had a defined procedure to track Ebola alerts. Incidents would get escalated to a task team. We reported any related activity in Resolver”.

“We are constantly receiving feedback from our security leadership and are meeting monthly with our Resolver workgroup for follow up. The feedback is uniformly positive. They are getting timely access to data, reports and trends”. One particular benefit centered on reporting and visibility is in relation to communicating what security does for the organization. “We’ve been able to justify our Full-time Equivalents and hiring recommendations. We have key metrics like the number of interactions per officer, per entity. We can see the trends graphically down to the hour of the day so that we make smarter staffing and scheduling decisions”.

What Advice Would You Give Other Organizations?

In terms of advice, Petter immediately turns to the product training and roll out. “This took a big toll on us internally. While Resolver is easy to use, training 300 people who may not be comfortable with software was not a small task. Maybe we would have done it differently”. Petter would also suggest doing the integrations upfront.

What Does the Future Hold?

Next steps with Resolver include integrations to BHSF’s Risk Management system, Access Control system, and Video Surveillance system. Baptist also has a pilot program beginning that will equip officers with mobile devices for incident and activity tracking.

Request a Demo

Fill out this form and a member of our team will contact you shortly