How important is a security program?
The first role of any organization’s leadership is the protection of the organization. In higher education, reputation is an institution’s greatest asset. Reputation attracts the talent – students, faculty/staff, business collaboration, and academic and non-academic recruitment. Reputation also attracts the resources – research, innovation, donors/investors, and funding. As security consultants, we have seen organizations fall because their leadership did not understand the criticality to protect the organization.
Organizations often report that a security program is a “cost center”. This completely misses the connection between the protection of critical assets and the organization’s stability, sustainability, and prosperity. Security is a mindset, a philosophy that is woven into all aspects of the organization’s fabric. This is not possible unless leadership champions it at the top. Without leadership support (emotionally and financially) and the alignment of security protocols that support the strategy and long term vision of the organization, leaders are failing to protect their organizations.
Last week, ED presented its intention to fine Penn State $2,397,500 based on violations of the Clery Act. Over the next months, legal and industry experts will discuss the merits and implications of the ED findings and assessment. It’s notable that ED specifically fined Penn State for what it believes was its “Lack of Administrative Capability”. ED wrote this section of the letter specifically for institutions participating in any Title IV HEA program, but it applies to any organization. It goes back to the role of an organization’s leadership: to protect the organization. ED was very clear in its determination that:
…the University delegated nearly all responsibilities to the PSUPD, without providing sufficient funding or arranging for training, for many years, to support PSUPD compliance efforts.
The University did not have sufficient staff to ensure compliance with the Clery Act, and did not have a system of checks and balances to ensure compliance.
Hopefully Penn State will be a sentinel moment for the leaders and trustees of not only institutions of higher learning but any organization that has critical assets that support their competitive advantage. Threats to our organizations come in many forms to include compliance, insider threat, espionage, cyber, criminal acts, and many others. An effective security program begin at the top of any organization. As such, it should become a part of the organization’s mission aligned with its business plan.
$2,397,500 is a lot of money for even the largest organization. However, the real costs include human cost, reputation, compliance, lawsuits/legal, confidence, donations, investments, talent recruitment, morale and other costs.
Prevention or Mitigation: Which you prefer?
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.