Security Leadership: 5 Steps to Unleash Your Organization’s Security Potential | 2022-06-26

Editor’s Note: Achieving and sustaining an injury-free workplace requires strong leadership. In this monthly column, experts from global consulting firm DEKRA share their insights on what leaders need to know to guide their organizations towards security excellence.

Security professionals face many hazards and exposures beyond their organization’s ability to manage them.

Modern approaches to safety management address this challenge by incorporating some aspects of risk management as part of the safety management system. This approach allows for more focus on high-risk activities and can improve safety performance by aligning activities in proportion to the severity of risk exposure.

An effective risk-based approach to security management not only aligns organizational direction and resources to tasks that address high-risk activities, but also creates a culture of risk awareness. With heightened vigilance across the organization, security professionals identify and respond to early warning signals when risk is not being properly managed.

Some of the main approaches that support risk management frameworks are ISO 31000, “Guidelines for risk management”, and the Center for Chemical Process Safety guidelines for risk-based process safety.

Here are five steps you can take when implementing a risk management approach:

1. Develop targeted business plans based on risk.
Create a risk register that identifies and analyzes exposures and risks in your organization. Your facilities already have this information, which can be collected and leveraged, including process hazard analysis, job safety analysis, audit reports, incident reports and investigations, as well as as insurance company inspection reports. Once the information is collected, conduct reviews with various stakeholders to confirm the accuracy of the information and establish buy-in.

2. Anticipate points of failure and manage appropriate safeguards.
Identify the essential safeguards you have in place to control the hazards identified in Step 1. These safeguards will be a combination of engineering and administrative controls. In addition to providing an opportunity to assess the effectiveness of controls, this analysis will identify critical controls that need to be governed and regularly audited. You will also be able to identify specific hazards with insufficient controls that require further attention and improvement.

3. Spot small deviations early and react appropriately.
In the January 2021 issue of Safety+Health, I pointed out that the goal of high-reliability security is to improve identification and response to early warning signals. Early indications of weak – or inadequate – hazard control should be reported, analyzed and addressed. This is an essential part of establishing a culture of risk awareness, from management to the front line. When most major incidents are investigated, we find that dozens, if not hundreds, of early warning signals preceded the major event. If any of these had been addressed, the severity (or occurrence) of the event would have been significantly reduced (or avoided). We need to create a culture that regularly identifies and responds to these opportunities.

4. Improve operational discipline through the reliability of human performance.
All of our risk control systems – both technical and administrative – rely on human performance and are subject to the challenges of human error. As we strive to ensure actions are done right the first time, we must incorporate modern views of human performance reliability into our safety programs. More importantly, we must recognize that there are many risk factors that affect even our top performers. In the August 2019 issue of S+Hmy colleague Rajni Walia presents the key factors to improve the reliability of human performance.

5. Develop effective in-process measures to assess performance.
Governance of your risk-based security management approach is an important aspect of ensuring that the approach remains effective. Although effective risk management practices will produce a long-term and sustainable reduction in traditional lagging metrics, it is critical to identify additional in-process metrics that track system performance. These measures should include an analysis of the extent to which audit findings, incidents and near-misses align with the organization’s risk and control registers, and should track the effectiveness of signal reporting. early warning.

The good news is that most organizations already have some form of evidence for the first two steps. The remaining three steps can help you establish an effective risk management approach.

An essential aspect of becoming a high-reliability security organization is ensuring that risks are effectively identified; controls are properly managed; and that the organizational culture encompasses identifying, reporting and responding to early warning signals. Take the time to explore how modern risk management approaches can unlock your organization’s security potential.

This article represents the views of the author and should not be construed as an endorsement by the National Security Council.

Mike Snyder is vice president of operational risk management for DEKRA North America’s process safety practice (dekra.us). As an expert occupational and process safety leader with extensive experience in the chemical and municipal risk management industry, he guides organizations in pragmatic and cost-effective risk management decision-making.

Aubrey L. Morgan