Security managers must also pay attention to regulatory compliance with voluntary, self-regulation, and statutory considerations (Options for the development of the security industry). Voluntary regulation is self-imposed and may include the establishment of a professional regulatory body. Self-regulation occurs where the regulated profession has a majority on the regulating body; for example, medical professionals regulating the medical industry. Legal regulation entails legal requirements that must be followed in order to practice or operate.
In Organizational resilience: Security, preparedness, and continuity management systems -- requirements with guidance for use (2009), a process approach is described for achieving effective security management. A process approach, according to this source, involves:
Understanding an organization's risk, security, preparedness, response, continuity, and recovery requirements
Establishing a policy and objectives to manage risks
Implementing and operating controls to manage an organizations' risks within the context of the organization's mission
Monitoring and reviewing the performance and effectiveness of the organizational resilience management system
Continual improvement based on objective measurement
Security managers must also be capable at invoking change when things simply aren't working the way they should. Professional practices for security managers seeking to improve security within their organizations (2005) advises the creation of a working group to quickly initiate needed change, "one month to settle the "big picture" in a realistic way and identify a strategy to follow." The working group should include security professionals as well as other stakeholders such as non-security employees and customers. Further, to increase uniformity and appropriateness of protection, it is useful to establish threat levels, high medium and low, based on the type of business activity, population...
To succeed in appropriate identification of these factors, security managers will have to master a process approach to security assessment and implementation and will need to work in the confines of regulatory requirements. Finally, security managers will have to acquire change management skills to understand what needs to change and how to change it.
Bibliography
Options for the development of the security industry. Security Management Bulletin No: 2. The Security Institute.
Organizational resilience: Security, preparedness, and continuity management systems -- requirements with guidance for use (2009, March 12). American National Standards Institute, Inc.
Professional practices for security managers seeking to improve security within their organizations (2004). Security Business Practices Reference, Volume 7. ASIS Council on Business Practices.
Professional practices for security managers seeking to improve security within their organizations (2005). Security Business Practices Reference, Volume 6. ASIS Council on Business Practices.
Rachel Briggs, R. And Edwards, C. The business of resilience. DEMOS.
Risk management and the role of security management (2009, January). Security Management Bulletin No: 4. The Security Institute.
Security management stage 1 (core skills). Security Operations Management. ARC Training.
The principles of security. Security Management Bulletin No: 3. The Security Institute.
The role of the security manager. Security Management Bulletin No: 3. The Security Institute.
