Determining Operations Excellence in Security
Created by George Campbell, Security Executive Council Emeritus Faculty member.
Since the 1980s, businesses have developed formal ways of gauging, monitoring and pursuing excellence in manufacturing and operations, including the disciplines of Six Sigma, Kaizen, Operations Excellence and Total Quality Management. Delivering excellence in products and services is a common sense, accepted business objective. But what is â€śexcellenceâ€ť in security?
Unfortunately, the answer to that question is elusive. There is no shared definition of excellence, quality or other key performance measures that would facilitate common, cross-industry benchmarks for security.
While forward-thinking security leadership has pursued excellence along with the business, they have had to do so in a vacuum, according to Jay Beighley, AVP for Nationwide Corporate Security. â€śWe have pursued operational excellence in the security division for some time,â€ť he says. â€śMost leaders have initiatives or efforts around continuous improvement or excellence, but defining excellence across the industry and creating a repeatable process has been lacking in our field. My goal is to create a process that can be implemented in any industry so the security division can demonstrate value and align performance with company objectives.â€ť
Beighley is one of several security leaders who hope to work together to develop a framework for operations excellence in security and a set of tools to apply toward that goal. The details of the initiative were released in a paper entitled Driving Excellence in Enterprise Security.
â€śOperational Excellence has for some time been the focus and concern of the business units that make up our corporations,â€ť says John McClurg, VP and CSO at Dell Global Security. â€śOur claim â€“ that we are business men and women who happen to have acquired an expertise in matters of security â€“ resonates more authoritatively when other business leaders witness our Security organizations embracing initiatives whose core elements reflect their traditional pursuits of excellence. This provides concrete evidence of how our Security (Business Assurance) functions have become inextricably enmeshed in every aspect of their business operations.â€ť
Influence and credibility are only a few of many benefits of developing an operations excellence framework for security, says Tom Mahlik, Director of Global Security Services for the Intelligence and Information Systems division of Raytheon Company. â€śThe OE program consists of a wide-ranging application of tools and processes focused on refreshing and optimizing the work environment,â€ť he says. â€śIt achieves highly sought-after clarity and alignment of the function to the businessâ€¦ It reconfirms, or in some cases, redefines and inspires employeesâ€™ commitment and accountability to maximize customer value (internal and external). OE informs on ways to adapt and then reconnect the security business model â€“ preventing, protecting and assuring â€“ to the bottom line. Without an ongoing OE program, significant operational gaps may go undetected leading to missed opportunities and inefficiencies.â€ť
Thus far, our group of interested security leaders has begun considering a series of questions that will help us to establish a baseline for operations excellence in security:
â€˘ What is excellence?
â€˘ Is the security program effectively aligned with its customers?
â€˘ Is a â€śbest practiceâ€ť equal to excellence in that practice?
â€˘ What is the relationship of risk management to operations excellence?
â€˘ Where is value in the excellence equation?
â€˘ If a security process or activity lacks established performance measures, can excellence be achieved in that process or activity?
How would you answer these questions? If your organization values operations excellence in other functions, give some thought to engaging your security function in operations excellence as well.
This article was previously published in print as "What Is Excellence?"
Contact us at: contact @secleader.com.
A .PDF file of this article is available below.
Copyright Security Executive Council. Last Updated: June 6, 2017