We have long since passed the point when executive management had to be made aware of the need to establish and maintain a secure environment in the workplace. It is now universally understood that threats exist, and that organizations must take steps to reduce risk and create a safe space for personnel, students, visitors, customers and vendors.That said, it can still present a challenge to convince the C-Suite to fully account for and address all the changes required. New technology can be costly, and there may be some uncertainty as to whether it can fully remediate security shortfalls. Upper management may also be apprehensive about making significant changes that require personnel to learn and successfully adopt new skills. There may be other areas of concern as well.
To learn more about selling the C-Suite on physical security, we talked with two seasoned veterans of the security industry with specific and relevant experience. Their experience and wisdom provides a helpful step-by-step for getting buy-in.
Begin with Awareness
Since everyone in the organization now understands the need to be secure from harm, it’s vital to foster a higher awareness of the real need for additional technology and security products.
“Begin by making sure your staff is security-aware,” says Paul M. Schuster, Senior Corporal/Project Officer, Facilities Management, Dallas Police Department. “Employees should be trained to question non-ID visitors when they see them in the facility, rather than grant free access. If they come across unattended objects, they should notify an authority instead of leaving object inspections to others. Scenario pre-planning is also necessary to prepare all individuals to respond to an emergency situation. Relying on a phone call for assistance or supervisory direction delays an adequate response. Training for ‘unanticipated situations' is a continuous process.”
By making sure all employees are educated about security, you make them a part of the solution. You can expand beyond basic training to help them understand the need to limit the organization’s liability, as well as the reasoning behind implementing the technology for security layers including cameras, guards and security entrances. This will improve their engagement and increase the success of adoption.
When your staff has a better understanding of these needs, the awareness will filter up through executive management to the C-Suite as well.
One of the most critical points to communicate is the ROI of security technology. “You have to show a true return on investment”, says Rudy A. Wolter, CFE, CFSSP, CPP, Director, CSIS Global Chief Technology Officer for a Fortune 50 financial company. “Senior management understands the numbers. They may not connect numbers to risk, and that is up to you to show.”
Regarding ROI, Paul Schuster had this to say: “There is always a cheaper solution, but will it provide the necessary coverage, dependability, and features you really need? For example, digital cameras come in different resolutions, but is the resolution sufficient to zoom in or read a license plate? A camera on a roof may cover a large area, but it won’t do much good for facial recognition. Mechanical pan, tilt, zoom cameras seem like a good idea but they often are parked facing the wrong direction when there is an incident.”
When it comes to security entrances, technology can be classified by its ability to detect, deter or prevent tailgating. Other differentiators include throughput and the need to assign security officers to be present at the entry. These very specific features and benefits can communicate the ROI story to upper management.
A number of additional points should be communicated to the C-Suite to help make the case for implementing new physical security technology. Each of the following works to lessen concerns your CSO or CEO may have about deploying new security entrances or other products they may feel could have an adverse impact on the working environment.
Ease of Adoption for Personnel
C-Suite personnel are highly attuned to the effect that system-wide changes can have on other staff members. When recommending new security technology, “make sure to stress this is a ’non-impact’ on the employees”, says Wolter. “Anything that causes stress or a negative feeling of ‘big brother watching’ must be resolved quickly. This is not a police state, and their employees need to feel that they still have their freedom.”
Risk vs. Reward
The concept of risk vs. reward is closely related to the ROI conversation, but gives you another avenue to approach the issue of cost/benefit. Concrete examples and case histories can be highly useful in demonstrating the kinds of threat, risk and liability that the organization could be exposed to. Security technology providers and integrators/installers can be a valuable source of information here, as they have worked with hundreds or thousands of customers across every industry to solve their security problems.
Using actual examples is key, since according to Wolter, “You have to prove “risk versus reward.” If they do not see the risk – and it has to be real – the C-suite will believe you are overstating the facts and you lose credibility.”
Need for Training
Your case to the C-Suite will be even more compelling if you include a recognition of all factors to be considered. Personnel will need to be trained in working day-to-day in a different environment, so make it clear that you are accounting for this in your recommendation.
“Technology and our digital world have added complications to be addressed,” says Schuster. “Microprocessors have added capabilities we previously could not imagine; but microprocessors do act up. It is a misconception they are worry free. Therefore, staff should be trained to troubleshoot, even if it is nothing more than a reboot of the system. Otherwise the staff will just say ‘it’s broken’ and wait for someone else to fix the system.”
After the Installation
Finally, service, maintenance and upgrade considerations should be part of the senior management conversation from the beginning.
“Security technology changes and what you buy today won’t last forever,” says Schuster. “Likewise, the security threats may change, and your business model may change. Is there a plan for upgrades, or expansion? What will be the needs in 3 years, 5 years, or 10 years? Proper maintenance can extend the serviceability of equipment and should not be overlooked. Entrance access control may be the focus at your primary facility… what is the plan as you add other facilities? Will your access control system be adaptable to control remote facilities from a central location? The challenge is to avoid being short-sighted, or you risk making expenditures later that could have been avoided.”
The Bottom Line
Ultimately, it is in the interest of top management to maintain a safe and secure environment for their personnel, visitors and others who may be on the premises. By communicating the importance of new physical security technology in light of these values to the C-Suite, you can demonstrate the ability to solve some of what are, for virtually every organization, today’s most pressing issues.