This is part 2 of a series that will help schools understand the fundamentals of EsRM and how it can help their approach to safety and security.
As promised, here is another installment of our security risk management for schools series. Please refer to the original article found here for an overview on the concepts associated with Enterprise Security Risk Management (ESRM) and how it relates to schools. For the purposes of simplicity and proper nomenclature, we will speak about ESRM in terms of SRM for schools and nonprofits. This article will cover the first step of the 10 step guideline: 1) Develop infrastructure to support SRM. Further installments will be released this year but feel free to contact us at Alpha Recon to talk more about the approach, maturing models, and our Auxilium product for school risk management.
As a quick refresher, ESRM is a theoretical construct, application and approach to risk management that emphasizes cost effectiveness, holistic (non-siloed) involvement by the entire organization, real time understanding of multivariate threats as they impact the goals and viability of an organization. It’s the combination of all impacts, positive and negative, that will contribute to the success or failure of an organization. It’s not a collection of departments or individual security approaches, it’s a core competency of the business or organization that is attempting to operate and thrive in a very uncertain world.
Following the SRM principles is essential for schools to optimize security and risk management resources, ensuring our children are safe and feel safe, which is the optimal return on investment. Given my experience in risk management models, intelligence operations, and various threat assessment approaches, it’s clear that schools must think of security in terms of risk management in order to evolve the practice. There are many challenges and hurdles that can prevent the adoption of security risk management, but in developing an infrastructure to support it, those challenges and hurdles are easily overcome
Developing infrastructure to support SRM
Before SRM can be successfully implemented in institutions of education, the culture must change. The personnel responsible for security must first evolve their way of thinking, and be able to adapt to changes to what they think about security. The view and perceived value of security must change along with the practice of security with a risk management context. There are significant differences in budgets, personnel, and bureaucracy between K-12, private, college, and universities, but there are commonalities between them all. Here is a simple guide and list to help get started. Remember that SRM is a set of principles to follow and there is no perfect approach. Following these principles will help you on your way to having a more strategic security risk management program.
- Personnel trained in risk management must play a lead role and make most of the strategic and operational decisions about security and risk management approaches.
- Security must be a value add and not a cost center
- The Board, or equivalent, must adhere and support SRM principles and expect strategic reports and updates from practitioners charged with the protection and management of students.
- The organization must be prepared to utilize technology and not be afraid of its detractors.
- The organization must make decisions that are data and intelligence driven.
- Every student, staff, security guard, and first responder must be part of the risk management program.
- Security and risk management personnel should work and communicate across departments, silos, and operations. Communication and responsibilities MUST be well defined in different environments.
- Key Performance Indexes and goals must be set and tracked on a regular basis
- Costs and budgets should be reviewed regularly as well as the efficacy of current approaches, solutions, and risk/security operations.
This list is not all inclusive but covers many aspects of the necessary bedrock that should accompany a school organization trying to move to a more strategic SRM approach. Significant planning and conversation should occur at Board, teacher, administration, parent, first responder, and student levels to maximize effectiveness and buy-in. There will be difficult conversations. There will be hurt feelings and those that feel that they are not being considered. Those historically responsible for important duties might find themselves in different or more diminished roles. It requires strong leadership and innovation to truly disrupt the status quo and more traditional approaches to school safety and security.
Thinking about the items on the above list, will help your organization set the tone and the ensure your risk management program starts down the right path with the right support. The most important support infrastructure needed to implement SRM is human capital and development of culture. Until responsibilities and the right people are put into the right positions, most efforts to enact SRM will lose effectiveness. A resistance to metric and data driven solutions will also lead to overspending and blind risk management approaches that fail to deliver the outcomes your organization hopes for. If you would like to receive some consulting support on the above, please contact Alpha Recon. Please read our next installment in which we cover the development of goals and expected outcomes for your organization’s SRM program. Without goals, metrics, and a destination, it’s hard, if not impossible, to be successful with your security or risk management programs.
If you would like to get on the mailing list for free webinars and more information on an SRM approach to school safety and security, please sign up here. If you’d like to see a demo of our SRM software for school risk management, please contact us here.
