Security implementation done right: 7 habits of highly successful security program managers


When it comes implementing security projects across an entire region, ICD understands what works and what doesn’t. This isn’t just because we have completed more than 4000 implementations across every industrialized country in the Asia-Pacific. It’s also because 99% of our customers are multinational companies and many of these companies have worked with us for more than 10 years. This means that we’ve been able to observe security program management practices of our customers over more than a decade, which has given us a great insight into how successful companies get regional project management right, as well as the mistakes that many companies make.

Here is a list of some of the best practices shared by companies that succeed at regional security program management:


Successful companies treat due diligence like a detective investigation

No one would deny that due diligence is important; obviously you need to check the capabilities of your supplier before they start working with them, but the most successful companies take things a step further.


They don't just meet the vendor’s sales representatives; they try to meet with the project managers, the engineers, the customer service team and the leadership. They don’t just visit sites where the vendor has completed projects; they open the security system control boxes and check the terminations of the wiring. They don’t just contact the references given by the vendor; they seek out other companies that have worked with a vendor through their own network of contacts. They don’t just try to understand a vendor’s capabilities; they try to understand their company culture and management practices. Is the company well-managed? Are their employees happy and stable?


Successful end users understand that the deeper they dig, the easier it is to assess the value proposition of each prospective vendor. This allows them to move beyond narrow assessments based on which vendor has the lowest service fee and helps them to understand which vendor will deliver value as a long term security partner.


Successful companies choose a single partner to support their regional security program

Many customers start out with multiple security vendors throughout a region, but most eventually see the benefit of working with a single regional partner. There are several major reasons for this.


First of all, you only have to explain your security strategy once, rather than ten times. A single partner can achieve a deeper understanding of your security objectives over time, especially if they are responsible for implementing security systems throughout an entire region, rather than just one or two locations.


Secondly, single regional partners allow end users to work directly with a single point of contact. This streamlines communications and saves a considerable amount of time for organizations managing regional projects.


Thirdly, working with a single regional partner enables significant long term cost savings, which brings us to the next habit:


Successful companies work with their security vendor to negotiate significant cost savings from manufacturers

Most companies will try to negotiate the price of the charge for their security partner’s services; after all, it is an obvious way to try and bring down costs. However, the most successful companies realize that a more effective way to bring down the costs of a security program is to leverage the relationship of the security partner and equipment manufacturers to negotiate fixed prices for a list of standard security products.


In this way, end users can enjoy discounted equipment prices for each of their regional sites, with prices that stay fixed for several years.


Successful companies are mindful of hidden costs

Every company wants to minimize project costs. Successful companies achieve this by factoring in hidden costs. Examples include: the time costs of not getting system design right the first time, the time costs of managing 10 vendors instead of one, unexpected tax regulations, variation in regional tax systems, withholding tax (and whether this is included in the vendor’s quote) and many more. Successful companies then work to minimize these hidden costs with the aid of efficient work processes and a robust knowledge of regional tax systems and price variation.


At the same time, successful companies do not simply focus on cost at the expense of all else; value for money is also a significant consideration, whether for equipment or services. Successful companies therefore seek to minimize costs while ensuring that the equipment and services they receive enable to meet their security objectives in full.


Successful companies work directly with their security partner for security projects. They do NOT outsource to a general contractor

Although it is tempting to streamline communications for regional project programs by working solely with the general contractor for each project tender, any company that is serious about security should not work with a general contractor for security implementation projects. The reason for this is that the security of your sites is not a priority for the general contractor. Not only are they not security specialists, but they also tend to focus on cost control above all else, so they are not concerned about whether security system installations truly guarantee the safety of your site.


Successful regional security programs depend on a direct line of communication from the security partner to the end user to ensure that all security objectives are fully understood and that systems are installed according to the desired requirements.


Successful companies ensure that internal decision maker roles for each project are clear to vendors and to their own employees

One of the major headaches of regional security project programs is that different stakeholders have different interpretations of client requirements. This is often because end users lack effective internal coordination between staff; different personnel based in separate locations will often be responsible for communicating with different vendors. This can lead to companies telling their security partner one thing and their general contractor another, with no objective way to determine the correct interpretation of their requirements.


Successful companies avoid by clarifying internal decision making roles and establishing clear communication channels with each of their vendors. Involving all parties in project kickoff meetings to confirm technical requirements can generally allow vendors to iron out their differences on up to 70% of the issues before the project even begins.


Successful companies plan carefully and employ effective control mechanisms to ensure successful implementations

As any project manager knows, planning is everything. Regional security project programs are no exception and successful companies will plan implementations carefully by defining security design standards for every site in detail, considering security needs for sites planned in the future and by outlining realistic implementation schedules. They then ensure successful implementations every time by employing a variety of control mechanisms that monitor progress and ensure maximum visibility of all project activities.


In this regard, successful companies hold their security partner to a very high standard of service. They demand regular updates in the form of daily update calls, fortnightly conference calls, and a variety of weekly, monthly and quarterly standardized project progress reports submitted in standardized formats for each project in the region covered by the program. In addition to standardized report templates, successful companies expect their security partner to provide a wide range of standardized documentation and work processes, including formal handover documents, standardized auditing and commissioning materials, system programming sheets and “internal handover” procedures.


As a result, the companies that employ highly standardized and formalized work processes are able to monitor progress objectively and efficiently, and are able to ensure successful security system implementations for each of their sites covered by a regional program.


For more tips on security, follow ICD on our LinkedIn Company Page.