- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Accurate data is the lifeblood of pharmacological research. To develop new treatments and interventions, scientists must carefully gather and record information, conduct experiments, document results, and analyze findings from multiple approaches. Incomplete or imprecise reporting can mean the difference between a medical miracle and a multimillion-dollar misfire.
Until recently, however, the security department at one Bay Area biotechnology company didn’t share the company’s commitment to data. Specifically, its incident management system wasn’t recording or processing enough information to help the business. But after switching incident management systems and reconsidering its approach to data gathering, security has become a business enabler. It accomplishes that by reducing policy violations that sap time and resources, documenting benefits added by security patrol activity, and quantifying business cost and value of security staff time.
Although it has facilities around the world, the biotech company lacked a formalized security program until 2017. Incident management was not part of the firm’s genetic makeup. Until then, incidents were handled in an ad hoc fashion. One staff member’s security incident requiring documentation and follow up was another staffer’s nonissue. And when an incident was reported, no parameters existed that guided how to classify the incident, what information should be captured, or what should be included in a narrative description. Security personnel couldn’t easily retrieve incidents, identify trends, or analyze data.
After about two years of using an incident documentation system that still didn’t give the team the visibility and consistency they needed, the security team decided to invest in its own solution. Flexibility, ease of use, and scalability were considered indispensable. Security needed a tool that could perform officer dispatches and that could be tailored to its specific needs. An optimal solution would incorporate site assessments and enable the company to audit its threat management, business continuity, and resilience functions. The biotech chose a suite of software tools by Resolver.
Installation and the requested customizations went smoothly, but the software presented a learning curve. Whereas the guard service provider’s incident reports contained 2 mandatory fields to complete, the Resolver incident management module had more than 15. “That was a double edged sword,” says the security manager. Security staff now needed to accurately and more completely document every incident, including all parties involved, location, type of incident, actions by the officer, final disposition, and so on. “While valuable, it was initially difficult for the team,” the security manager says. “They were not used to capturing multiple data points.”
In the past, officers dispatched to a scene would document an event with handwritten notes. Now all that data had to be entered into the system, in a particular way, requiring officers to be comfortable with data entry. The security manager worked with their internal training coordinator to create videos showing officers how to fill out reports, maneuver through the various fields and pull-down menus, and otherwise navigate the software. “They went from basically having nothing to having a full-fledged case management system that all started with the dispatching module,” the security manager says.
From early baby steps, security is now getting into full stride with the system’s capabilities. For example, previously audit reports were traditionally not cross-referenced with dispatching. Now the team uses an automatic scheduling feature to make sure that audits are completed.
In addition, activities once done by hand or e-mail have migrated to the software. Whenever an employee would leave from the company, HR would send security an email request to deactivate that person’s ID badge. Now these requests are entered beforehand into the Resolver software; the Security team is reminded to deactivate the badge at a prescheduled time and relevant parties receive an email documenting that action.
Not surprisingly, a renewed focus on documenting incidents has yielded an increase in reported events. In just six months, the company has recorded a 110% increase in the incidents that it documented compared to the entire prior year.
“We’ve seen a significant emphasis on reporting and documentation because of the ease of use of the system,” the security manager says. So staff are reporting more activity and reporting that activity in a more complete way. “And we put better parameters around what to report,” the security manager continues. “I can go back in and look to see whether something should be escalated.”
In just six months, the company has recorded a 110% increase in the incidents that it documented compared to the entire prior year.
When he finds such incidents, he reviews them with the security team, so they better understand what factors call for a deeper look. Conversely, he can inform them when something has been improperly elevated. The combination allows for a more efficient use of resources and enables security to tailor its efforts to activities that free company staff to innovate and generate value. For example, regular tailgating might distract scientists’ focus on their research to worry about the integrity of their work area or the possibility of an unauthorized person getting access to their data.
In fact, the improved reporting has clarified the two major areas of concern to executive leadership: transient activity and staff policy violations. The former includes trespassing, panhandling, and accosting staff. The latter include tailgating, card lending, and dodging the thermal screening system upon entering the facility.
Regarding the transients, the campus is next to a train station and a shelter, both of which attract the homeless. Security’s working hypothesis about transient activity was that it corresponded to certain times of day, such as when the shelter distributed food.
Analyzing the data from the reports, however, security learned that no pattern existed. Moreover, although they suspected that the same five or ten transients caused most of the incidents, it turned out that the trespassers were different every time.
Security has trained its officers to be aware of the campus boundaries and to respect when transients are on public property or are briefly passing through the campus without posing a threat. Officers respectfully move these people along if they loiter or confront staff. “The ones we see here are generally very compliant and don’t get physically/verbally aggressive,” the manager says. “We treat them with respect.”
Though at least half the campus staff has worked on site throughout the Coronavirus pandemic, the gradual return to work of other employees has increased policy violations. And policy enforcement has fallen upon security.
Facilities have been reconfigured to include thermal entry screening, unidirectional routes, limited-capacity elevators, social distancing requirements, and other pandemic-friendly adjustments. Staff with high temperature sometimes violate policy by failing to report their status to security or by skipping the readers altogether. Other staff ignore the six-foot distancing rule. The company recently introduced a technology, using ID badges and card readers, whereby security is notified when people get too close to each other. This data can be analyzed for hot spots, crowded times of day, and frequent violators.
Now security can wield that data to show executive management how it is adding value. “We can clearly give a benchmark and say, ‘We have X number of policy violations over the last quarter, and we generally know what they are,’” says the manager. He can then ask senior leaders whether they want more specificity on violations.
Senior management also focuses on security patrol activity, including frequency, duration, and dispatch. They see efficient and effective use of security resources as a business enabler because it gives staff peace of mind.
Security can assign data to the value it brings because it can now better display its metrics and account for staff time. “I can now actually say, ‘My officer is doing three patrols a day averaging 25 minutes and completes X number of patrols during a shift,’” the manager says. He has a better sense of what staff spend their days doing, such as how many incidents they are responding to, how many services they are providing, and what the average response time is. That data can be presented to leadership as a business enabler.
Coronavirus protocols gave security the opportunity to show even greater value. Staff used their interpersonal, frontline experience to support their counterparts in IT and HR, such as to talk to staff when ignored pedestrian directional signs in the facility.
The incident management system also ensures a historical record for the company. “The incident exists long after I’m gone, in kind of perpetuity,” the manager says. “It allows anyone to come in later and look at what I did at that time and, hopefully, drive that narrative without me being available.”
Just as the company enables people with rare genetic diseases to live productive lives, security performs the same function for the biotech’s staff, who are doing groundbreaking medical research and innovating tomorrow’s breakthrough therapies. “I might not be able to actually develop a product or service,” says the manager. “But I can enable someone else to deliver that service more securely, more safely, and hopefully, more efficiently.” And that means people suffering from a rare disorder who depend on the company can themselves feel more safe and secure. And they now do it via the rigorous collection and analysis of data that fuels the biotech’s whole enterprise.
Fill out this form and a member of our team will contact you shortly