The new role created by the ASIS special committee, which will be reviewed by ANSI, will allow the CSO to handle an organization's overall security strategies and programs.
A fraternal greeting from Puerto Rico to all colleagues and readers of this column! It is a pleasure to share again with you.
by Héctor R. Torres PhD, MBA, CPP, CFE
In this edition, we will talk about the new role and approach of the Corporate Security Officer or chief security officer (CSO).
Many global or multinational corporations have a CSO, who directs an organization's security operations at a strategic and corporate level; however, that is not the norm for other companies, rather because of a lack of knowledge of the role of corporate security or because they do not understand the need to create the position of the CSO.
To begin with, we must ask ourselves: what is a CSO and what is the need to define this position in the corporate security of an organization in the twenty-first century?
Background
The risks associated with business environments have increased in terms of their severity and complexity. Effective management of these risks is a fundamental requirement for today's business. Boards of directors, shareholders and the general public expect organizations to identify and anticipate such risks as well as establish a comprehensive strategy to reduce and mitigate them. Additionally, there is an expectation that organizational management will respond effectively to events and incidents that pose a threat to the organization's assets.
A proactive strategy to mitigate loss risks is a responsibility of an organization's top management. To deal with them and assume this managerial responsibility, the need arises for a managerial position of security at a higher level for the development of a strategic plan, and the protection of the assets of the organization at the domestic and global level. From this need results the creation of the concept of the CSO.
Joint work of ASIS with ANSI
A special committee was recently established at the American Society for Industrial Security-International (ASIS). This committee has the unique task of creating a new standard for the Corporate Security Officer for global or multinational organizations. The new standard is intended to define and establish the position of the security manager at the level of an executive vice president, with a direct reporting line to the president of the corporation.
The focus of this position would be a more strategic one with a greater role in decision-making at the executive level within the organization. For the CSO model to be a true standard it has to be ratified by an organization that certifies the standard. For this purpose, ASIS presented the CSO project to work on and certify it to the American National Standards Institute, ANSI. The Institute oversees the creation, promulgation and use of thousands of standards and guidelines that directly affect enterprises in almost all business sectors. ANSI is also actively involved in the accreditation of programs that assess compliance with globally established management standards such as ISO 9000 (Quality) and ISO 14000 (Environment).
After a few months of collaboration between the ASIS CSO Committee and ANSI, the Committee's work has begun to bear fruit. The Committee has developed a proposal that defines a CSO and the basic functions of the position. Once approved by ASIS and ANSI, the proposal will establish the role, responsibilities and functions of the CSO in business organizations.
Role and functions of the CSO
The ASIS/ANSI proposal defines the CSO as a senior executive responsible for identifying, developing, implementing, and managing an organization's overall security strategies and programs. The CSO's responsibilities set out in the proposal include:
•In cooperation with the executive committee of the organization, he leads the development of effective strategies for the study and mitigation of risks (domestic and global). Handles critical incidents, maintains continuity of operations, and protects organizational assets.
• Directs managers in identifying, developing, implementing and managing the processes, practices and policies of the organization to reduce risks, respond to critical incidents, limit exposure and legal liability in IT and financial risks, physical, employee and reputational.
• Studies and incorporates advanced technology solutions and innovative security management techniques for the protection of assets, tangible and intangible of the organization. Establishes appropriate risk standards and controls.•Develops liaison and relationships with the high hierarchy of law enforcement and intelligence agencies and with counterparts internationally. •Coordinates and implements the security programs of facilities, operations and organizational activities to ensure the protection of executives, managers, employees, customers, shareholders, visitors, etc., ensuring the optimal use of personnel and safety equipment.
The responsibilities of a CSO are similar to a corporate security director, but the responsibilities of a CSO are more strategic in their context.
It is for this reason that the proposal recommends that the CSO be at the level of executive vice president with a direct reporting line to the CEO (Chief Executive Officer) or the president of the organization. Thanks to this ASIS initiative and the joint work with ANSI, the CSO position is established as an option within the corporate security management function for global or multinational organizations.
I invite you to continue to share your ideas and concerns of the world and security management. A hug and see you next time!
*If you wish you can write to the author at the email [email protected]
