What is a Best Practice, and Should You Deploy Them?

Almost everyone has heard the term “best practice.” While the term has become ubiquitous in recent years, the first record of its use was around 1927. But what does that term really mean? Webster’s Dictionary defines it as: “A procedure that has been shown by research and experience to produce optimal results and that is established or proposed as a standard suitable for widespread adoption.” Since everyone seems to cite Wikipedia as a source these days, it goes a step further and defines it as follows: “A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements. Best practices are used to maintain quality as an alternative to mandatory legislated standards and can be based on self-assessment or benchmarking. Best practice is a feature of accredited management standards such as ISO9000 and ISO 14001.”

So, who decides something is a “Best Practice?” There are myriad standards established by bodies such as the International Standards Organization (ISO), American National Standards Institute (ANSI), National Fire Prevention Association (NFPA) and Underwriters Lab (UL), to name just a few. There are also guidelines and templates that are established by government entities such as the National Institute of Standards (NIST) and the National Industrial Security Program (NISP) which are many times then backed by regulatory bodies which enforce compliance. Additionally, industry associations frequently work with their members to benchmark proven methods that they identify as best practices within their particular sector.

There is a lot of debate in the legal community about deployment of best practices these days. Liability cases involving the deployment of best practices have been steadily increasing. The legal arguments against best practices primarily surround the applicability of a best practice to particular circumstances. There are also a number of legal cases on the misapplication of a best practice citing that an alternative approach or method may have prevented some event or loss from occurring. As a result, many corporate legal departments abhor the use of even the term “best practices” within their enterprise.

A number of enterprises have moved to utilizing terms like proven practice, good practice or smart practice which apparently carries less legal liability exposure and is, therefore, more palatable to the corporate lawyers. Benchmarking with other organizations and examining research on proven methods that increase productivity, quality, safety and security provide insights into ways to manage effectively. At the end of the day, what really matters is deploying processes that make the most sense for the unique environment, culture and operational needs of your enterprise. There are no cookie cutter answers to solve the issues and mitigate the risks your enterprise faces. That’s where your brain power comes in to assess, adapt and find creative solutions for your enterprise.

If you have a proven good or smart practice that you are willing to share, please send it on to me.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.