Imagine trying to launch a workplace violence prevention program without talking to Human Resources. Or starting a GSOC without bringing in IT.
There are some collaborations that are essential to effective security risk management. Significant initiatives that require active ongoing participation from other business functions need an extra level of buy-in, justification, and socialization. They also need strong documentation that formally defines the responsibilities and interdependencies of all parties.
A concept of operations is a good vehicle for accomplishing that and more.
Concept of operations (ConOps) has been primarily used in systems engineering and in government and military applications. Its purpose is to describe a complex proposed system or initiative in a clear and concise way for all stakeholders.
By applying a corporate security lens to a traditional ConOps, security leaders can use this framework not only to describe their proposed initiatives but to build consensus and collaborative strength for the proposal. The SEC has assisted security leaders with ConOps for critical incident management, workplace violence prevention programs, global security operations centers, and more.
A corporate security ConOps may include:
- A statement of the goals and objectives of the proposed initiative, including measurable results.
- A description of the relevant threats and risks and how they are addressed by the program.
- Applicable standards and policies.
- A description of the current state, including constraints and limitations and documentation of dependencies, stakeholders, and critical processes.
- A clear statement of responsibilities and authorities.
- A description of the anticipated future state requirements, including cost considerations, staffing, training, and physical security strategy.
- Proposed success measures and reporting metrics.
- A schedule for implementation, testing, and review.
(More here:
Faculty Advisor: Concept of Operations and Why It Should Be In Your Toolkit)
Engaging those stakeholders from other functions at the start of the ConOps process is key to the success of the process and the initiative. Leave preconceived notions and expectations at the door and seek to truly listen and learn from these partners. Ask them to explain what their resources are and what their understanding of the problem is. Find out how much they typically engage in addressing the risks and threats at hand.
Educate as you learn, to build a common understanding of the issues, each stakeholder’s capabilities, and the potential capability and value of the initiative or program you’re proposing. Below are some basic steps to follow.
- Introduce the proposed initiative to the leaders of relevant functions, asking for information and feedback from all parties.
- Develop formal partnership plan and shared language.
- Draft a list of current and future critical dependencies for the initiative, with expectations.
- Distribute draft to those identified functions with a clear request for feedback and further conversation.
- Work with other parties to fine tune the results, and develop a revised plan based on their input.
- Finalize and formalize the ConOps with sign-off from all parties.
This process of collaborating on and socializing your proposed plan, within the formal structure of the ConOps, brings benefits beyond just the initiative at hand. It creates relationships that can streamline communication and collaboration on future issues, from approaching emerging risks to managing critical incidents. And, if done right, it creates advocates for corporate security across the organization.
This article developed with input from Managing Director Bob Hayes, EVP and Chief Knowledge Strategist Kathleen Kotwica, Director of Tier 1 Leader Services & Projects Elizabeth Lancaster-Brisson, and Emeritus Faculty George Campbell, Dan Sauvageau, and Tom Bello.
Next Steps
The Security Executive Council consists of successful former leaders of security programs that are well experienced with ConOps and we can assist you with yours.
Contact us to discuss your specific situation.