I bet almost every security professional has heard these words spoken. What is the answer? That’s where policies come into play. The best security systems are not the most technologically advanced nor the most expensive ones; they are the ones that influence the behavior of system users in a manner that reinforces safety and security of the facility. A security system cannot stand alone – it requires training and procedures/policies to reinforce the behaviors the system is deriving.
Consider some responses to above – a new badge is printed and issued and the existing badge is disabled; the employee is given a temporary ID badge but it is not an access card and is required to piggyback his/her way through the facility; the employee is given a temporary access card and told to return it at days end or first thing the next business day, existing badge is left activated; the employee is told to return home and retrieve the badge or do not come to work.
All four of these responses have repercussions: wasted money on a new badge and reinforced poor behavior, encouraged piggybacking and not using their own access card, opened a security vulnerability having two badges issued to one staffer or allowing one staff member to have two badges one being unaccounted for and lastly, costing the business money in lost labor. An organization’s badge policy says a great deal about how the organization perceives its security program, and even more importantly tells the employee population where security falls in the priorities of running the business.
What your organization says and does regarding security matters because these actions contribute to defining the organizational culture. In cases where culture is already affirmed and ingrained across the employee population, the security program should as much as possible reflect and reinforce that culture. When this occurs compliance with the security program often is very high. Some organizations are even making security awareness training and program compliance part of employee reviews.
I have often stated to prospective clients that our role is to inform on what is possible – describe technologies and applications that are within reach – and then help design solutions that support the policies and procedures of their security program. This is a process that takes time; demonstrating then listening and designing. Find organizations that are similar to yours, engage them to discover best practices and great ideas that help make facilities safer and more conducive to productivity and employee satisfaction. Your security program is a meaningful part of this effort.