Security Technology Executive

MAY-JUN 2018

Issue link: https://securitytechnologyexecutive.epubxp.com/i/994589

Contents of this Issue

Navigation

Page 24 of 79

www. SecurityInfoWatch.com • May/June 2018 • SECURIT Y TECHNOLOGY E XECUTIVE 25 accountability, management, leadership and involve- ment. When successfully implemented, its benefits cannot be overstated. At the highest level, the strategy should specify Security Policy (Operations, Assets and Personnel, Information Technology), Industry-Specific Guide- lines (Continuous Business Security Improvement) Global Best Practices and Repeatable Practices such as protecting personnel, product, facilities, modes of transportation, and emergency response. The approach should be applied throughout, not- withstanding that the various players in the overall logistics system - company operations, 3PLs, etc. - will need to mirror and enact the strategy through- out their own logistics systems. A company may not necessarily have direct control over its trans- portation providers' actions, but TSS provides the framework for roles, responsibilities, methods of performance measurement, process ownership and accountability, irrespective of the transfer of title or ultimate liability. This unified approach can have the effect of re-ori- entating the company/alliance partner relationships in a mutually beneficial way, especially since the best alliance partners emphasize both their global expertise in supply chain management and proactive security measures as important differentiating quali- ties. Partner relationships can offer a wide range of specialized security solutions to customers who may not have access to in-house resources. As part of TSS, visioning of operations and systems is an essential tool used to understand and visualize complex processes, determine their functions and dependencies and identify weaknesses that need to be addressed. In practice, oversight by persons unfamiliar with a specific activity or process may be better able to identify needed security improvements or question the relevance and effectiveness of a well-intentioned protective approach. Visioning needs to take place in regular sessions to forge an understanding of current security risks and their planned or actual countermeasures. Business Impact Analysis (BIA) A Business Impact Analysis (BIA) is a useful approach that is used to identify issues that could have the most impact on continuing operations. There are various definitions of the BIA process. BIA is generally aligned to risk assessment within the broader concept of Business Continuity Plan- ning. The BIA approach is used to develop a hier- archy of possible outcomes and to quantify their impact on both the organization and its ongoing operations. In a dynamic environment, in which business activities are subject to change and adapta- tion, the process will need to be an ongoing mission. In the security context, BIA is the process by which all aspects of an operation are examined to assess the possible outcome and impact of each identified risk. Since activities are based on the interface between physical and electronically- driven actions, a complete understanding of both, along with their dependencies is a necessity. The BIA may be less concerned with the likelihood or occurrence of a potentially damaging event or activity, but instead focuses on a possible impact that could damage dependencies or the organiza- tion itself. Once the risks have been identified and quanti- fied, steps can be taken to manage them down to an acceptable level to better insulate continuing operations. From the physical and technology perspective, protective measures have reached a level of sophis- tication and maturity that could not have been foreseen just a few short years ago. Previously, the protection of shipments largely relied on human actions such as reporting to attest to the ongoing security status of vehicles, loads, seals. But in some cases, innovation and applied technology has had the effect of distancing protective measures from human oversig ht. Automated communicat ion systems report anomalies alongside global loca- tion tracking with a high degree of accuracy, but human involvement to monitor, assess and respond to reports remains essential. Conclusion The development of supply chain protection plans, such as the Total Security Strategy, are useful for identifying existing supply chain weaknesses and enhancing protection for each function, process and the logistics system as a whole. The various TSS components mentioned are some of many that can be used to visualize and assess potential outcomes, and to develop policy, guidelines, proce- dures and emergency plans. Given the overall costs of product theft, diversion, damage, counterfeit or substitution, and the risk to human life that can accompany criminal acts, a protective supply chain security policy should be one of a company's core directives. Such an approach should gain senior management buy-in that will permit the company and its providers to take leadership roles and drive effective security solutions. Sources: "A Risk Management Approach to Business Continuity" - Julia Graham & David Kaye, "Logistics & Transportation Security" - Maria G. Burns. About the Author: Christopher Hagon is the Co-O wner and President, Incident Management Group Inc. He is a former police superintendent with London's Metropolitan Police and a personal protection officer to senior members of Britain's Royal Family. Other past assignments include Director of Corporate Securit y for Miami-based Ryder System. In 1995 Hagon co-founded Incident Management Group, Inc., a consultancy that prov ides a wide spectrum of proactive and response ser v ices to corporate A merica.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2018