Nothing is more basic than effectively communicating.

May 8, 2013

Nothing is more basic than effectively communicating. You can develop world class policies, procedures and processes, but they must be effectively communicated. If no one has received any training on their individual roles, responsibilities and accountabilities relative to those guidelines, then those controls and systems are destined to fail.

The quality, frequency and effectiveness of training and awareness programs are key review elements utilized by many of the regulatory agencies, including OSHA, FDA, DOE, DOD, DHS, FAA, etc. We would be remiss not to mention that you do not want to forget about regulations that can really come back and bite you, such as FCPA. The United States Federal Sentencing Guidelines also utilize a similar assessment of an organization’s training programs as part of the calculations utilized when determining the level and severity of sentences handed down by Federal courts. Of course, we can’t forget civil liability involved in legal actions. These civil actions typically result from instances where a company’s products or processes are linked to illness, injury or death of consumers, company employees, contractors and supply chain partners.

There are numerous formats and methodologies that can be utilized to develop and deliver training and awareness programs. These programs have evolved rapidly over the years. The most effective method of training used to be – some say it still is – direct one-on-one training. The other types of on-the-job methods involved watching and learning from someone that had mastered the process, or mere trial-and-error. Today’s computer-savvy society thrives in an environment where online training is delivered through Web-based interactive serious gaming for education programs. Obviously, the key to any training or awareness program is how well individuals are able to grasp the information being presented, retain that information and then act upon any requirements for which they are individually or collectively accountable or responsible.

How many of you have witnessed, or have been the recipient (victim) of, the fire-hose delivery of important information during the on-boarding process (many HR departments call it “New Hire Orientation”)? This “check the box” mentality is frequently deployed by HR departments that are being measured on how quickly they are able to assimilate a new hire into the workforce. Further complicating things, many HR organizations have turned to internal subject matter experts (SME) to participate in “New Hire Orientation” to deliver key information relating to specific requirements that fall under the oversight of each SME’s organization. Once “New Hire Orientation” is completed, HR organizations typically leave it up to the hiring manager to sort out any issues and provide any enhanced training. But the hiring manager probably went through a similar “New Hire Orientation” and may not have any greater grasp on many of the key policies or changes made to the company’s policies, procedures and processes over the years.

Many companies do little, if anything, relative to providing any level of training to temporary help personnel, on-site service providers, or other vendors that are allowed access to a company’s facility without an escort being required. With companies in-sourcing more and more services and functions, it is vital to address this important area of insider risk. When providing guidance to non-employees, it is important to engage your legal department in developing focused and targeted training and awareness materials to avoid co-employment issues arising later.

The most effective approach to training and awareness that we have seen are programs that approach it in a holistic manner. Training and awareness programs aren’t like Ron Popeil’s famous “Set it and forget it” rotisserie infomercial. Effective training programs are both on-going and frequently updated to remain current and relevant. Consider requiring the passing of a test before allowing access to computer systems; utilizing changing awareness messages on screen savers; deploying quarterly or semi-annual training on key company policies, ethical standards and regulatory requirements to retain access to computer systems and/or physical security access control systems. In other words, BE CREATIVE and KEEP IT FRESH!!!!

About the Authors:

Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Prior to founding SMR in 1997, Brennan enjoyed a 26-year career in domestic and international enterprise risk and security roles.

Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. He has more than 35 years of experience heading these programs at the executive level of three major multinational corporations and one mid-cap company in diverse industries.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Communicate, Communicate, Communicate

Nothing is more basic than effectively communicating.

Recent Articles by Lynn Mattice

How Security Leaders Can Gain a Seat at the Table

How to Develop an In-Depth Understanding of the Business

How to Research Your Enterprise's Unique Risks

How Connected Are You to the Business?

Here We Go Again! ERM vs. ESRM

Security Magazine

2020 November

Communicate, Communicate, Communicate

Nothing is more basic than effectively communicating.

Recent Articles by Lynn Mattice

Related Articles

Related Products

Related Events

Report Abusive Comment