Today's business risk environment has become increasingly more severe and complex both domestically and globally.

The management of that risk is a fundamental requirement of business. Boards of Directors, shareholders, key stakeholders, as well as the public, correctly expect organizations to identify and anticipate areas of vulnerability and set in place a cohesive strategy across all functions to mitigate, reduce and eliminate these risks.

In addition, there is an expectation that management will respond flawlessly to those events and incidents that threaten the assets of the organization. A proactive strategy for reduction and mitigation of loss risk ultimately provides a positive impact to profitability.

In 2001 ASIS International established the Commission on Guidelines. One of the early projects identified as critical to our industry was the development of the Chief Security Officer (CSO) Guideline.

This needed to be a forward strategic model for organizations to use in the creation of a “C” level position having governance responsibility to identify and anticipate areas of risk; then set in place a cohesive strategy across all functions to mitigate or reduce these risks.

To aid in the guides development I pulled together a working committee of 23 senior level corporate security executives representing a broad cross section of industries.

Several of the members are or have served in their organizations CSO role as it is defined within this guide. The others team members were selected because of their significant experience leading their organization’s traditional security function, IT security program or as with one member, serving as the senior most human resources officer for a large multinational.

The model CSO function profile provides a guide for organizations to define the scope of their protection program at the 30,000 foot level. It recommends the position provide governance support with respect to security loss issues within the follows risk area:

• Human Resources and Intellectual Assets
• Ethics & Reputation
• Financial Assets
• IT Systems
• Transportation, Distribution and Supply Chain
• Legal Regulatory & General Counsel
• Physical & Premises

and, if appropriate for the individual organization, Environmental, Health and Safety (EH&S)

This model also provided a wide range of potential processes and services that the CSO could provide to aid in addressing these risks.

A further review of this model will highlight the interdependence between the suggested processes and risk areas and risk areas and processes. That is to say that each risk area’s security related potential loss issues are interchangeable among the others and are subsets of each other.

In addition, all of the suggested processes and services are also interwoven within all of the risk areas.By design these are broad topics, thereby allowing for the organizations to expand upon and customize their CSO programs.

It was strongly felt that for the purposes of this guideline, operational details and issues of direct verses functional ownership need to be decided within individual organizations.

These issues will be and should be, based on the individual organization’s culture, business model and organizational structure. It is imperative that the program be directly aligned with an in support of the business objectives of organization.

This approach also applies to reporting relationships. We strongly recommend that the position report to a senior level executive that will allow for strong liaison with the Board of Directors and its operating committees.

This need not be the CEO or COO, however, it is imperative that whom ever the position reports to, that it send a signal throughout the organization of not only senior leaderships commitment and support, but also the legitimacy of the security program.

The guideline also offers recommendations on required skill sets, key responsibilities and accountabilities, key competencies and suggested experience and educational background.

In addition, a model job description was developed, and is included in the guideline, for use by organizations establishing such a position.

A copy of this guideline in a PDF format is available for download at no charge via the ASIS International website at:http://www.asisonline.org/guidelines/guidelines.htm

Author Information - Jerry J. Brennan

Managing Director

In 1997, Mr. Brennan founded SMR Group’s Security Management Resources, Inc. and Security Jobs Network, Inc. companies. Previous to this, Jerry enjoyed a 25-year career in domestic and international security, loss prevention, and emergency preparedness roles. He directed and managed programs for Panduit Corp., a private multi-national electronic component manufacturing firm; Chicago Board Options Exchange (CBOE); Mobil Oil Corporation; and served as a resident advisor to the Director General of the Royal Commission for Jubail, Saudi Arabia, the world's largest industrial city.

Before his career in the private sector, Jerry spent four years with the US Marine Corps in the US and Vietnam, served as a police officer in Northern California, and then subsequently spent several years in Europe with the US Army’s Criminal Investigations Division working closely with various international authorities.

Jerry has also served in numerous leadership roles for a variety of professional organizations and has been regularly quoted in industry trade publications and the general news media. His current organizational affiliations include ASIS International, Association of Certified Fraud Examiners, the Energy Security Council, the National Cargo Security Council, and the Society for Human Resource Management. In 1987, Mr. Brennan was awarded the Certified Protection Professional (CPP) by examination and is currently a member of ASIS International’s Commission on Guidelines.

Search the site

Search Query

Search Query