Building a Strategic Security Plan

Don’t you love it when a plan comes together?

When facing myriad evolving risks, security managers are forced to make tough choices on the fly. However, by having a strategic or master plan in place ahead of a crisis, professionals can manage risk and reduce the potentially overwhelming effects of incident response while improving buy-in and support.

In this short interview, Bernard Scaglione, founder and principal at The Secure Hospital, shared some of the key points of strategic security management planning with Security Management.
Want to learn more about this topic? Check out Scaglione’s GSX+ session, Strategic Planning: Managing the Chaos, Not Reacting to It, available on-demand 21–25 September at GSX+.

Security Management: What is the value of a strategic or master plan in a security management program?

Bernard Scaglione: A strategic plan helps security management define direction and focus organizational resources. Strategic planning is the process of documenting and establishing the direction of the organization by assessing its current state comparing it to the future state. It provides strategic direction and goals so that the security department can function with more efficiency and effectiveness. It allows for C-suite buy-in so that the security department can continue to grow and develop.

What are three common mistakes or pitfalls when developing a strategic plan?

Many people think that creating a strategic plan is an easy process, taking very little time or effort to create. In reality, the opposite is true. Creating a strategic plan takes dedicated resources and personnel to complete. It is a team approach, requiring the input of administration and key stakeholders. The good news is: it will pay off in dividends once implemented.

Many also feel that once the plan is complete, the work is done. The plan then ends up on a shelf—only referenced when purchasing equipment or requesting more staff. In reality, the plan is an active and changing document that needs to be reviewed annually or when a significant event occurs within the organization.

Developing a strategic plan is data-centric, requiring the gathering and analysis of large amounts of data to help in the proper development of strategic goals. This part of the strategic plan process is not always completed because of its complexity. It is important as part of the creative process to gather at least one full year of data and analyze it to determine trends and patterns. Done correctly, a minimum of two years of data should be gathered so that the developed patterns or trends are statistically significant and point the security department in the right direction.

How can a strategic plan help reinforce organizational resiliency?

Strategic planning helps to identify all potential threats and risks within the organization and provides a path to minimize those risks. It also allows the security department to change or shift gears when an adverse event occurs. Enabling the security department to quickly and efficiently adjust to changes within the organization. The plan lays out an operational structure designed to minimize threats and provides a plan to respond to those risks.

What else should GSX+ attendees look forward to learning in your session?

Strategic plans are not commonly used in the security field but are a useful tool in providing direction and growth. ASIS members should strongly consider viewing this session to learn more about strategic planning to see if it is something that would assist them in creating a more effective security operation.