Total security management
Total Security Management (TSM) is the business practice of developing and implementing comprehensive risk management and security practices for a firm’s entire value chain. This business process improvement strategy seeks to create added value for companies by managing security and resilience requirements as core business functions rather than as reactionary expenditures. TSM implementation involves a thorough evaluation of key internal and external stakeholders, distribution channels, and policies and procedures in terms of a firm’s level of preparedness for a variety of disruptive events.
TSM encourages companies to manage security initiatives as investments with a measurable return and seeks to transform security from a net cost to a net benefit. In applying TSM, the theory holds that companies may be able to realize cost savings, improve business processes, reduce theft, enhance asset management, increase brand equity and goodwill, and improve preparedness and resiliency.[1]
Formulation
The concept of Total Security Management was first introduced in the book Securing Global Transportation Networks: A Total Security Management Approach, published by McGraw Hill in 2006. This title was co-authored by Luke Ritter, J Michael Barrett, and Rosalyn Wilson, with the Foreword written by Governor Tom Ridge, the first U.S. Secretary of Homeland Security. According to Secretary Ridge, the book offers a, “comprehensive solution for approaching security in the context of sound business practices.”[2]
According to Dr. Kent N. Gourdin of the National Defense Transportation Association, "This book reflects the changing view of management regarding security. Still seen by many as both an additional cost and an impediment to good service, security is emerging as another competitive variable that firms can use to add customer value."[3]
The TSM approach built upon scholarly research on the issue that stressed the importance of security as a key component of the supply chain. An April 2004 report for the IBM Center for The Business of Government noted, "Just as a chain is no stronger than its weakest link, a supply chain is only as secure as its weakest link, which includes the suppliers, manufacturers, wholesalers, retailers, carriers, terminals, and governmental institutions that plan, manage, facilitate, and monitor the global movement of goods.[4] Additionally, the conclusions in a July 2006 Stanford Graduate School of Business report titled, “Supply Chain Security: Better Security Drives Business Value,” state that, “…when properly leveraged, investments in supply chain security may not only be offset to some extent by benefits…but, in fact,…can overall have a positive impact on a company’s bottom line.”[5]
Relation to Total Quality Management
The TSM name borrows from the management concept Total Quality Management (TQM), an approach made famous by the work of W. Edwards Deming. The TQM concept revolutionized the manner in which quality was perceived in industry, encouraging it to be integrated into the core business processes of a firm.[6]
In the Foreword to Securing Global Transportation Networks, Secretary Tom Ridge writes: "The paradigm that now exists in transportation security is similar to the paradigm that existed when the now revered Dr. W. Edwards Deming tried to convince the business world in the 1960s that quality mattered. The now well-accepted theory of Total Quality Management was not initially met with open arms in the United States. I suspect that there are many professionals in the transportation industry today who may not endorse security management as a core business function that can create value. My hope is that readers will embrace the concepts of the TSM approach offered within Securing Global Transportation Networks and act upon them."[7]
Companies employing TSM
A company using the TSM methodology is meant to be able to establish a framework of focus points, metrics and feedback loops in order to elevate risk management from a non-core objective to an essential business function. This process includes establishing and creating a compliance management plan, implementing operational processes, evaluating the effectiveness of those operational plans, making appropriate changes as necessary, sharing successful lessons learned with internal and external stakeholders, and pursuing continual, incremental improvement.[8]
Securing Global Transportation Networks details case studies of many large companies that benefited from the implementation of aspects of the TSM approach, including FedEx, Home Depot, Hutchison Port Holdings, Maersk, Procter & Gamble, and Target, amongst others.[9]
Criticism
Some suggest that the TSM approach, while containing merit, may be too complicated for companies to put into practice. “The difficulty of TSM is that it relies on a level of commitment and coordination that may be difficult to achieve…Reluctance to adopt TSM is not capitulation to mediocrity but rather an acceptance that the role that security plays within a company should not be any more than is needed. There are some useful ideas in the book, but the overall program may be too ambitious for many corporations to realistically consider,” writes Ross Johnson in a 2007 Security Management review.[10]
Other developments
On December 16, 2009, the U.S. Securities and Exchange Commission (SEC) approved Rule No. 33-9089, which went into effect on February 28, 2010. This rule requires companies to increase their reporting of risk management practices, including details about the manner in which risk oversight is administered. The ruling has generated increased interest in implementing the TSM approach to ensure compliance with the updated SEC guidelines.[11] In January 2010, ISO 28000 (ISO/PAS 28000 – Specification for security management systems for the supply chain) was updated to include an explicit reference to the Plan-Do-Check-Act model of quality management popularized by Deming.[12]
See also
- ISO 28000
- Enterprise Risk Management
- Process Management
- Risk Management
- Security Risk
- Supply Chain Security
- Total Quality Management
References
- ↑ Luke Ritter, J Michael Barrett, and Rosalyn Wilson, Securing Global Transportation Networks, 2007, "http://books.google.com/books?id=8LhHTuCjzzcC&printsec=frontcover&dq=securing+global+transportation+networks&cd=1#v=onepage&q&f=false", 5/5/10
- ↑ Luke Ritter, J Michael Barrett, and Rosalyn Wilson, Securing Global Transportation Networks, 2007, "http://books.google.com/books?id=8LhHTuCjzzcC&printsec=frontcover&dq=securing+global+transportation+networks&cd=1#v=onepage&q&f=false", 5/5/10
- ↑ Dr. Kent N. Gourdin, National Defense Transportation Association Book Review, 2007, "http://www.thefreelibrary.com/Securing+Global+Transportation+Networks-a0160265053", 5/5/10
- ↑ David J. Closs and Edmund F. McGarrell, Enhancing Security Throughout the Supply Chain, April 2004, "http://www.businessofgovernment.org/pdfs/closs_report.pdf", 5/5/10
- ↑ Barchi Peleg-Gillai, Gauri Bhat, and Lesley Sept, Innovators in Supply Chain Security: Better Security Drives Business Value, July 2006, "http://www.docstoc.com/docs/24441560/Innovators-in-Supply-Chain-Security-Better-Security-Drives-Business", 5/5/10
- ↑ Luke Ritter, J Michael Barrett, and Rosalyn Wilson, Securing Global Transportation Networks, 2007, "http://books.google.com/books?id=8LhHTuCjzzcC&printsec=frontcover&dq=securing+global+transportation+networks&cd=1#v=onepage&q&f=false", 5/5/10
- ↑ McGraw Hill, Book Release, October 2006, "http://www.manhattan-institute.org/securing_networks/", 5/5/10
- ↑ Luke Ritter, J Michael Barrett, and Rosalyn Wilson, Securing Global Transportation Networks, 2007, "http://books.google.com/books?id=8LhHTuCjzzcC&printsec=frontcover&dq=securing+global+transportation+networks&cd=1#v=onepage&q&f=false", 5/5/10
- ↑ McGraw Hill, Book Release, October 2006, "http://www.manhattan-institute.org/securing_networks/", 5/5/10
- ↑ Ross Johnson, Security Management: Book Review, October 2007, "http://www.securitymanagement.com/article/securing-global-transportation-networks-total-security-management-approach", 5/5/10
- ↑ Securities and Exchange Commission, Rule No. 33-9089, 2009, "http://www.sec.gov/rules/final/2009/33-9089.pdf", 5/5/10
- ↑ Continuity Compliance, ISO 28002 – What’s The Buzz About?, October 2009, "http://www.continuitycompliance.org/information/organizational-resiliency/iso-28002-whats-the-buzz-about/", 5/5/10