I am 35,000 feet above the Arctic enroute to London, England, and the gentleman sitting next to me is watching the latest episode of Suits, a relatively new television show about the Legal profession. This reminds me of a recent discussion I had with the Corporate Security stakeholders at one of our larger enterprise customers and how their Legal Department wants to start using their Perspective system. Corporate Security championed our application and brought it into their organization, but now their Legal team is also interested in having access to consolidated incident reports and the ability to add specific information to an incident or case.
This is not typical but, for many companies, Legal (amongst other departments) is becoming more and more involved in the Incident Management process and has even started to own the budget for many Corporate Security teams. It is not hard to understand why this shift has happened, as the end result of many incidents can become huge litigation issues for an organization.
Incident Management, Case Management, Event Management and Investigation Management have become far-reaching terms that have multi-departmental influence and engagement. Whatever lexicons you use to describe incidents in your company, they can have various stakeholders, departments and owners responsible for them. Here are some of the old and new key stakeholders and their primary objective as it relates to the Incident Management lifecycle:
- Corporate Security – Protection of Assets and Reporting
- Health and Safety – Protection of Employees and Root Cause Analysis
- Ethics/Compliance – Quality Assurance and Policy Adherence
- Legal – Legal Impact and Potential Litigation
- Brand Protection – Prevention of Counterfeit Products and Related Losses
- IT/IS – Data and Information Protection
All of these departments have their own distinct needs and may favor a niche application that meets their unique requirements. However, many organizations today—like the large enterprise customer I referenced earlier—are finding common ground and business process overlap on a more regular basis. Where once incidents were solely owned and managed by Corporate Security, now incidents can impact and involve multiple departments, requiring their input. And, while there’s an old saying in the software industry that states, ‘you can’t be everything to everyone,’ that’s not entirely true anymore. If you have a flexible platform that can incorporate the key requirements when any of these groups need to be involved in the incident process, you can find common ground. The question then becomes… who has control of the project and the final say?
We certainly all dread the word ‘budget’, and when you have various departments coming together to solve a common problem that can be addressed through a shared application, the process can take months and sometimes years to resolve—this is the dilemma. The owners of the budget and/or those with the biggest budget typically win out, unless there are key issues that need to be addressed for a specific department and that department does a stellar job of showcasing their issues and why their number one choice should prevail.
In our experience, the best way for Corporate Security to maintain control of the Incident Management project is to help build the business case first and to ensure that your Corporate Security department is the champion of the project. Corporate Security can then expose the other departments to the solution and determine how they can all work together. Once unheard of in our industry, a knowledgeable power user familiar with the flexibility of our application can now be a catalyst for many departments to work jointly, turning the one-time dilemma of budget and separation of needs into an interdepartmental platform where incident data can be shared, analyzed, vetted and reported.
—Frank Kennedy, Director of Sales