Do you have visibility into all the incidents that take place across your organization? While you’re likely aware of the major incidents that cause business disruptions, the seemingly minor incidents could be leading indicators of something more severe, such as:
The challenge is getting all of these incidents captured in a timely manner so that they can be reviewed and managed by the security team. When your security team is already strapped for resources, how do you ensure that all incidents are reported?
This is where the value of an incident submission portal comes into play. By better engaging the business, you can capture incidents without putting more strain on your security resources. Even if you’re unable to address each and every submission, you’re still getting a full picture of all the incidents impacting the business and can prioritize and report on them accordingly.
There are 5 key considerations for launching an incident submission portal.
The first step is to clearly articulate who you are targeting with the portal and the types incidents that you are trying to collect. Is this going to be a tool for employees to report theft? For the public at a university or campus report suspicious behavior? The key in this is to start small. Don’t look to collect every incident from every audience.
In a perfect world, we would always know who was submitting an incident, but there are tradeoffs that need to be balanced as you choose whether or not your portal will be anonymous. A few things to consider:
If your goal is to see everything, then anonymous is the way to go. If you need to go back to people for more information, you should work to credential your users (this can be made straight-forward with employees through SSO connections.)
Once you decide on the type of portal that you are deploying, you can pick a technology that will get you there.
If you are using an Incident Management Software solution, there is more than likely a portal option. Particularly for portals that require credentials (non-anonymous) this will be the easiest and most cost-effective option. Vendor supplied portals also provide the benefit of being directly tied into your incident and investigative system.
Many organizations have an internal intranet that is used to communicate with employees and other stakeholders. Intranet administrators should be able to create a form for incident submission there. Once created, rollout is relatively straightforward if the audience is already using the portal. The major downside is the dependence on the intranet product owners (usually IT) to get the system up and running.
If neither of above is in place, a simple portal can be built on products like Google Sheets or Microsoft SharePoint. Portals should be simple, so it is likely that someone in-house has something that will work. The main drawback to these solutions is that they are disconnected, so added data entry and adoption can be tricky.
Technology is not the make or break for portals. We’ve seen all the above work perfectly well. What matters more is overall user adoption and rollout. There are several best practices that you can employ in your technology choice that will enable you to improve portal adoption.
You don’t want to have to overly train people how to use the portal. There is a natural trade off in technology between simplicity and depth of data. In this case, go for something simple. We recommend keeping the number of fields to around five.
If you can, it’s best to build something dynamic. If different types of incidents require different information, have your user select the type first and then have the form only display what is relevant to that specific type of incident. Asking people to skip irrelevant fields is a common cause of poor-quality data or low completion rates.
While you may be tracking 100 incident categories, you shouldn’t present that to your users. Give them a small list to select from. Or, just give them a text box to describe what happened and have the security team triage it on the admin side. Don’t expect a broad audience to know your nomenclature. If you want them to report a stolen laptop just ask the pertinent details (when, where, what etc.)
It takes more work to code an incident from free form text but if you want the best quality data, this is your best bet. To ensure that the users think of all the relevant details, try using simple language to ask the questions that you would ask if you were to receive a call about the incident:
Once the data is in the portal, your trained security professionals can better code the incidents to meet your reporting requirements.
A perfectly designed portal is rendered useless if no one knows that it’s there. Giving people a separate login to an incident specific portal is unlikely to work. It is best to use existing credentials via something like single sign-on and to have the links be available where people already do their work. A link in the intranet is often best practice. Incident reporting isn’t usually a regular part of a non-security person’s job, so making it available in a place that they can easily access will definitely improve adoption.
Beyond that, you will need to communicate where this is and why it’s important. You will need a good communication plan that includes various ways of telling the team where to find the form and why it’s critical for them to participate.
Getting this right will dramatically increase your situational awareness, but it’s also going to create more work. You will want to try to automate the triage and response process as much as possible. Perhaps, there are incidents that you just want to track and not respond to? You can automate a response to the sender for those types of incidents. Being prepared is important. If you ask people to report more frequently, but they feel that there is no impact because it hasn’t been addressed, they will feel disempowered and stop submitting.
In the long run seeing the full picture will save the business time and money even if it takes more time up front. Data is at the heart of the security profession. Having accurate and timely data drives the situational awareness needed to effectively respond to incidents and threats and provides the fuel for the analytics that help you deploy your resources (guards, cameras, policy etc.) to be the most effective. Portals are a great tool to ensure that you are getting the best quality data from your incidents.
Data is central to the security profession. Its role is to keep organizations safe and resilient. But, in order to do it well, security teams need access to timely and good quality data to ensure that they have the situational awareness required to do their jobs. Part of this is clearly defining how data will be captured, for example in a portal. But, getting the data is only step one. From there, security teams need to categorize and make sense of the data to turn it into actionable intelligence.
To help determine the best path to simplification, we asked members of Resolver’s Incident Management Implementation Team to provide their tips and tricks for getting the most out of security data.
It’s common that some security professionals spend more time cleaning up and correcting the data that was entered than they spend on any other aspect of their job. It’s safe to say report writing is usually the last thing anyone wants to do. In one implementation, Resolver customer’s front-line users had a lot of required fields to fill out, so when it came time to create the report, they did the bare minimum, so they quickly get it done and move on.
There is a high turnover rate in front-line users, and for the most part, security is not their primary function. As such, they are going to receive very little training on how to enter an incident. It’s often faster for users to take raw, but good, quality inputs from users and codify it themselves. To improve the quality of data, keep inputs to a minimum and use more simple language to ask questions about the who, what, where, when, and why, and to implement open narrative fields as much as possible.
Here are a few extra tips:
– Graeme Haggerty, Solution Consultant
This might seem simple, but it comes up often. Security teams capture data in one way, but then translate it into different categories when they report to management. Most often, this happens because the security team is trying to capture a much greater level of detail. While there may be good reasons for this, there is a tradeoff that the team should be aware of. When adding additional levels of granularity, be explicit about the value that this level of detail is going to provide and the anticipated business impact.
When thinking about the data to capture, start by thinking first of what the report will look like. If all 1,000 incidents aren’t going to be reported on (this isn’t a joke – this happens all the time!) then why put 1,000 incident categories into the system? If the data is going to be reported, why track it? Every bit of data entered into the system has a cost in effort and data quality. The more that is tracked and the more detail asked for, the more likely it is that users will make mistakes or skip sections all together.
– Melissa Davis, Solution Consultant
Ensure that alignment with the executive team on the specific definitions within the system. For example, tracking losses and recoveries can be very time consuming. It is extremely valuable data, but if the executive team does not agree with how losses are being measured, buy-in for business decisions will become much more challenging. Spending time to get aligned on what the numbers mean is very important and often overlooked.
– Dale Yushchyshyn, Solution Architect
Corporate security reporting is based on a combination of factors (incident type, severity, location, etc.) Often when we are migrating data from legacy systems we find that multiple factors have been jammed into a single field and that lookups and drop-down lists are overworked. This makes effective reporting nearly impossible.
This is common in legacy solutions because they are not very flexible and often needed to be worked around. Thankfully, this is no long the case for most modern systems. In newer solutions, users should be able to add fields and classifications to keep this separate.
Thinking about or currently implementing a new solution? We highly recommend taking some time to rethink the classification scheme (consultants can help!) to better map data to the desired reporting output.
-Jay Andrada, Solution Consultant
When it comes to security data one thing remains true, the cleaner the data, the more accurate the reporting. Without accurate reporting, security teams will struggle to make data-driven decisions that they are confident in.
Every year our team has a great time at GSX, but this year was extra special.
Last week, ASIS International hosted the 2019 GSX Conference in beautiful Chicago! GSX brings together security professionals from around the world for an amazing week of informative sessions, networking and insightful discussions. We had the pleasure of meeting thousands of people throughout the week at our booth. This year, we sent 29 Resolverites to Chicago so that we could network, speak to customers and potential prospects firsthand, and most importantly learn more about trends in the industry.
The experience on the conference floor was amazing. Every morning when the doors opened at 10:00 a.m. there was an obvious buzz in the air of people looking to learn more about the newest tools and services in the security industry. As busy attendees quickly moved around the show floor, the conversations started flowing.
At the Resolver booth specifically, people were drawn to learn more about what we meant by “Risk and Security Management Software” in the large banner at the front of our booth (accompanied by a smiling member of the Resolver team).
Whenever someone walked up and wanted to know more about who Resolver was and what we did, our team went into full swing. The simple version? Resolver enables security professionals to capture, manage and report on incidents. The reporting is where so much of the value comes in for security teams. We heard from countless people that although they understand that what they are doing every day is impacting the overall business, but they want a concrete, data-backed way to prove that. With Resolver, security teams are able to look at their incident data and measure success. Whether that’s reduced response time or identified areas of risk, without this data, they can’t make decisions that impact the bottom line.
Throughout the conference we were excited about the opportunity to really show off our security solution to attendees. Our security solution is made up of Incident and Investigations Management, Security Risk Management and Security Operations Management software. We got great feedback from current and prospective customers about how they are currently managing incidents and the benefits that they saw from implementing a solution like Resolver to not only automate but streamline their current processes. Several Resolverites (many that were actually present at GSX) are former security professionals and/or ASIS members – so much of what is built into our applications comes from the experience and best practices of actual security professionals.
And this showed. We heard from many of the people that we spoke to that Resolver really understood the inner workings of security teams and what mattered most to help them do their jobs better.
As a leader in security, it’s no wonder why thousands of people come to GSX to participate in the amazing sessions! A few of our Resolverites spent the week participating in the interactive sessions. Here are a few of their key takeaways:
GSX provides so many amazing opportunities to network and meet security professionals from around the world, and this year was no exception. ASIS does a great job of hosting fun events that bring the entire conference together to let loose, enjoy and meet new people. Our team especially enjoyed the 80’s night featuring Rick Springfield!
Perhaps the best part of GSX is getting to engage with our customers. We love hearing what you have to say about Resolver, and learn how you’re leveraging the solution to protect what matters most to your business. We left GSX on a high note. We’re inspired by the conversations we’ve had and can’t wait to show you what else we have in store.
When you think of airline security, you’re probably thinking of passenger security and customs line ups. While that’s a big part of keeping passengers safe, there is a much more in-depth network of security happening beneath the surface. Effective security doesn’t stop at the customer checkpoints; airports and airlines need to have an integrated process of guards and systems in place to ensure that they have full visibility into the day-to-day operations.
As an airline responsible for moving thousands of people every day, the JetBlue security team understands how important it is to have full visibility and insight into what’s happening at all of their locations at all times.
To learn more about how JetBlue protects thousands of people every day, we sat down with JetBlue’s Investigations Manager, Michael Ryan.
Michael’s role at JetBlue is extensive. He serves as an Investigations Manager as well as a Manager of Blue Watch, the company’s 24/7 security command center. Blue Watch is at the center of JetBlue’s security, working closely with virtually every other department in the company to disseminate security related information and serve as a liaison between front line crew members, law enforcement agencies, and internal stakeholders. Michael also oversees the hotel security assessment program, ensuring that crew members are safe and secure at all times. With this vast role, it’s imperative for Michael to have visibility into the many aspects of the organization that he oversees.
But when he first joined JetBlue, that wasn’t the story. He found that the security department didn’t have a solid foundation for data intake and retention and in order for their team to build a proactive analytics program, they needed help from Resolver.
With a priority on monitoring potential risk, JetBlue now uses Resolver’s software to pull data from a variety of sources to analyze what’s happening and anticipate trends. In this way, Michael stresses that “JetBlue’s security program has now become “proactive” rather than “reactive,” as the data compiled in Resolver is used to develop baselines, produce quarterly reports, and effectively deploy resources to counter emerging trends first seen in the data.”
Over time, Michael has overseen the development of dashboards in Resolver that can accurately illustrate trends in key metrics such as pilferage, suspicious travel, fraud schemes, and a variety of compliance issues involving government agencies like the TSA and U.S. Customs and Border Protection. As they have been able to continuously optimize their security program using Resolver, Michael has been able to hire more employees at the Blue Watch desk and continue to improve the company’s investigations and security teams.
Approximately 11,000 to 12,000 incidents are logged each year using Resolver. These incidents can come from a variety of sources, including in-flight crew reports, emails, or even phone calls.
One of the biggest issues facing any airline is pilferage, which can include the theft of luggage and the consequent brand damage.
“By using Resolver, we’ve been able to reduce incidents of pilferage by as much as 30% within the past decade, with a roughly 10% reduction coming over the past three years alone.”
Michael credits both the software and the support team at Resolver for helping to improve processes and effectiveness of the JetBlue security team.
“Resolver is super customizable and user-friendly. Since we’ve been able to tailor it to our exact needs, it’s very easy to onboard new employees with minimal training. Not to mention, the support team is always amazing.”
Resolver has helped the security team at JetBlue to facilitate data-driven decision making by removing information silos throughout the organization and providing highly configurable software that allows the team to gain actionable insights into risks and trends.
The global pharmaceutical market is worth approximately $934.8 billion and is estimated to reach over $1,170 billion in 2021, with locations spanning all continents. But with any global growth, so comes the growth of threats impacting the health of the industry.
For security professionals this means additional planning for a wide range of potential security scenarios and develop, implement and execute plans that align to the identified risks for each critical facility. A single pharmaceutical company can have presence in various countries spanning multiple continents – each with a different design and function. Corporate headquarters may be located on one continent with regional office buildings, manufacturing facilities, warehouses, distribution centers and research facilities spread across various locations. Each facility presents its own threats. Therefore, the security team must be prepared to protect the corporation’s assets with both proactive and reactionary plans.
In order to secure the pharmaceutical supply chain and reduce the influx of counterfeit drugs, it is critical to have a holistic brand protection and anti-counterfeit strategy that incorporates both internal and external stakeholders.
According to a study conducted by Pharma IQ, only 53% of respondents in the pharmaceutical industry state that their organization has a brand protection strategy in place. The more shocking piece of this was that 26% don’t have a brand protection strategy and/or plans to put one in place at all.
According to Pharmaceutical Outsourcing, “Counterfeiting is viewed as a serious public health menace promoted by criminals with little regard for the health and safety of patients which requires a combined public –private sector response.”
The counterfeit medicine market is more lucrative than the narcotics business with the World Health Organization estimating that counterfeiting costs the global pharma industry $75 billion USD a year. The Criminal Intelligence Service Canada says that “Most estimates range in the billions annually for global losses.”
With that in mind, it’s unsurprising that the majority of pharmaceutical companies believe that the illegal use of their brand name on these counterfeit products threatens the integrity of the company that they are trying to represent. As more pharmaceuticals are being sold via the internet, this concern is only getting worse.
Many companies are doing what they can to try and mitigate this risk. By joining organizations like the International Anti-Counterfeiting Coalition Inc. (IACC), a non-profit organization devoted to combating product counterfeiting and piracy, they are aiming to protect themselves against counterfeit incidents.
In addition to lost revenue, counterfeiting imposes other costs including increased costs to secure the supply chain, investments in anti-counterfeiting technologies, potential reputational damage and risk of liability. So, the question we have to ask the 53% of organizations that don’t have a brand protection strategy in place is…why not?
After prescription drugs leave manufacturing facilities, they generally go through a number of wholesale and retail drug distributors before ultimately reaching the local pharmacy or hospital.
Although the shipping and handling of the drugs takes place under secure, controlled and oftentimes regulated conditions, every step along the pharmaceutical supply chain presents an opportunity for tampering or distraction by criminals.
The U.S. Drug Supply Chain Security Act, for example, requires pharmaceutical firms to add serial numbers to all packages, which should aid in tracking drugs through the supply chain.
Some manufacturers have gone to great lengths to protect the pharmaceutical supply chain by introducing innovative security measures where they tag individual bottles of medication with small electromagnetic chips known as radio frequency identification (RFID) tags, which enable pharmaceutical manufacturers and wholesale distributors to more closely track products as they move throughout the distribution chain.
Every year hundreds of thousands of people die due to counterfeit drugs. Some counterfeits even include things like printer ink, paint and arsenic. No doubt these have devastating consequences to the person ingesting them and end up being costly to the brand that has been replicated.
For pharmaceutical companies, any of the above issues can severely damage its brand reputation. In order to protect their brand, companies have to:
As the counterfeit market continues to grow, security professionals need to look beyond traditional methods of securing the organization. They need full insight into all locations, both physical and online, that may be at high risk of incidents occurring. Security professionals in the pharmaceutical industry can’t rely on slow, out-of-date, inefficient tools when they are protecting something as critical as people’s health and safety.
For a security team to be successful, they need to be able to actively monitor, report and analyze data across multiple locations, time zones, and political climates in order to be both proactive and reactive to potential threats. To do so, they need a tool that gives them the ability to easily report incidents, review the data in a centralized location to make data-driven decisions on next steps.
Obtaining budget for this type of tool can be challenging. Security teams are asked to build the business case to prove the cost of what they are trying to protect and the ROI of investing in software to help do that. But while you’re busy protecting the organization, you don’t have time to research the true cost of a security failure, and in many cases, the real costs are not known or considered. A lack of understanding of security’s return on investment leads to a view that security is simply a cost, with limited positive contribution to the company’s net results.
Corporate Security teams across industries have the same struggle. How do you prove the value of what your team is doing when, if you’re doing your job right, the rest of the organization doesn’t know that you’re doing your job?
When a single incident can cause irreversible damage, it’s not enough to be reactive. Resolver helps reputable pharmaceutical companies like yours get clear insight into what’s happening organization-wide so you can be proactive in protecting your people, your brand, and the bottom line.
Following years of reports detailing incidents of violence committed against nurses in hospitals and health facilities, regulations instituted in California in recent years now mandate that health employers must have a workplace violence prevention plan in place and educate staff about the various aspects of the plan. With the 2014 passage of State Senate Bill No. 1299, California became the first state in the U.S. to institute such a law governing violence risk assessment in health facilities.
Although no on-site inspections are held to ensure compliance, the California Division of Occupational Safety and Health is in charge of hearing complaints over any violations and determining if fines should be levied. The possibility of fines makes it important that organizations affected by this law institute a quality workplace violence prevention program that can pass muster in the eyes of the state of California.
Nurses are generally on the receiving end of violence in hospitals and care centers, with over 20% of registered nurses and nursing students reporting that they have been physically assaulted on the job over a span of one year, according to the American Nurses Association (ANA). The forceable arrest of Utah nurse Alex Wubbels in July 2017 for following hospital protocol and not allowing police to draw blood from an unconscious patient led the ANA to begin the #EndNurseAbuse initiative, an effort to draw attention to and end workplace violence against nurses.
Such violence is not limited to the U.S., as there have been increasing cases of severe violence against nurses in Australia and worldwide. In a paper attempting to explain the violence occurring against nurses in healthcare facilities, researchers in the Israel Journal of Health Policy Research found that a staff reported a number of possible motivating factors, including staff, patient and visitor behavior, organizational conditions, and wait times. Work overload, pressure, fatigue, and frustration are all highlighted as likely factors contributing to the occurrence of violent behavior.
The law mandates a number of steps that hospitals and health facilities must now follow, from risk assessment procedures to staff training. In addition to hospitals that provide inpatient or outpatient care, the law also applies to intermediate care facilities, correctional treatment centers, and hospice facilities.
Specific safeguards that employers of such facilities must provide include personal protective equipment, training, and medical services. The law also requires these healthcare facilities to maintain a log detailing every incident of workplace violence.
Many of the training requirements are common-sense, such as instructing employees how to recognize situations that could potentially escalate to violence, teaching strategies to avoid physical harm, and the proper manner by which to report violent incidents within the organization. Training should also cover the resources available to employees during or after incidents involving violence.
Things become a bit more complicated when it comes to the actual procedures that the workplace violence prevention programs must include. According to the relevant subsection of the bill, procedures must be able to identify and evaluate environmental risk factors, patient-specific risk factors, and workplace violence hazards, among other requirements.
Post-incident response must include providing medical care and trauma counseling for any injured employees. In addition, a post-incident debriefing must be held as soon as possible with any staff involved in the incident in order to evaluate if the corrective measures included in the organization’s incident prevention plan were effectively implemented.
As mentioned earlier, the employer is now required to keep a violent incident log that tracks “every incident, post-incident response, and workplace violence injury investigation” undertaken in compliance with the new state law. Information for the log entries should come from employees involved and include a detailed description of the incident.
Incident reports should also include classifications of who committed the violence and the circumstances at the time of the incident. In addition, the location and style of the attack must be recorded, along with any consequences stemming from the incident.
California hospitals generally welcome this new regulation, although with some reservations about the vagueness of the law’s requirements and difficulty of enforcement. For example, since hospitals don’t employ doctors directly, it may be hard to ensure that all have received the appropriate training.
In any case, the California Hospital Association will continue to communicate with the California Division of Occupational Safety and Health to iron out any lingering concerns. Their success will in large part determine this law’s success on the national stage, as California Representative Ro Khanna has advanced a bill to the House Subcommittee on Health with similar language and requirements.
Resolver’s Incident and Investigations Management software helps organizations record, manage, and mitigate workplace incidents. It also allows healthcare organizations maintain a standardized record of all relevant incidents, but also identify trends and give you the information necessary to act early and prevent the escalation of violence incidents in the first place.
“Resolver knows what’s important for healthcare – the solution is fully customizable and allows me to report on what matters the most. It helps me provide a holistic view of our overall security operations to our stakeholders and make proactive data-driven decisions.”
– Mathieu Bissonnette, Manager Security and Parking Services, CHEO.
