GSOC Group Answers Leadership Questions with Peer Benchmarking

Return to Program Best Practices
Since 2015, the SEC’s Next Generation GSOC Group (previously called the GSOC Best Practices Group), has provided a trusted, peer-based network for sharing ideas, needs, challenges and opportunities for operational excellence.

Member organizations – of which there are now more than 75 across a wide range of industries - are all planning to either launch or repurpose a security operations center (SOC) or global security operations center (GSOC). They use the group to compare GSOC services, people, internal awareness, and technology. One way they do this is by requesting fellow members respond to brief surveys on topics that are pertinent to their plans.

Dean Correia, SEC Emeritus Faculty, Business Continuity, and former Director of Corporate Security for Walmart Canada Corp, helps lead the working group. "The GSOC Group’s hunger for real-time benchmarking has increased significantly," he says. "We will have completed 27 surveys in the last 13 months by the end of May 2022 compared to 11 surveys in the previous 13-month period."

It’s possible that this bump in activity is coming in part from increased executive interest in GSOCs since the onset of the COVID-19 pandemic, when they continually leveraged their capabilities to better predict impacts and protect assets and people. Many companies that have consistently and clearly communicated the value of the GSOC since that time have managed to hold onto those gains. And ongoing threats and events such as Hurricane Ian continue to give GSOCs the opportunity to show their value and protect the enterprise and its people.

GSOC Group members sometimes request surveys that deal with current threats and concerns such as hurricane Ian. Many of the surveys members have requested revolve around security solutions and integration, and other requests touch on management, policy, and strategic issues.

One from this year simply asks which vendors other participants are using for travel risk services, and what types of features they most value in the chosen solutions. Another asks about visitor management system providers, then continues with questions on visitor verification and pre-registration requirements (41% mandate visitor registration; most others recommend it), as well as integration with access control (35% have visitor management integrated with access control; 64% do not).

The charts below show the results of a series of questions about active shooter training. Eighty-eight percent of participant companies had an active shooter awareness program. Only 33% report that all employees are required to take active shooter training, and only 4% report that all contractors are required to take it. Responses sometimes depended on how many U.S.-based employees there were, and some specified that certain but not all positions had such requirements.

charts comparing various elements of active shooter programs

Another recent survey begins with a question about whether other members use case management platforms in common with other functions (50% do not, 50% do with at least some other functions), then goes on to ask about automation and how different function owners collaborate to analyze collected data. And yet another requests information about whether peer organizations have introduced their risk management groups and insurance brokers to the GSOC’s operational risk oversight capabilities (32% have), and what kinds of insurance premium discounts may have resulted.

When asked about video surveillance retention, participants reported a range of requirements and motivations. Agency and industry standards were most frequently the primary basis for retention standards, followed by government and regulatory requirements. The largest response group kept entry and exit point video for 15-20 days, and video of critical areas for 91-120 days.

chart comparing various video retention bases.

chart comparing video retention lengths for facility entry/exit points.

chart comparing video retention lengths for critical areas.

"Members use these survey results to answer leadership’s questions quickly and effectively and help frame future GSOC considerations," explains Correia. "Members are inundated with data, and they truly need research to make informed decisions about future people, process, and technology strategy. Research provides situational awareness of the current risk landscape."

Click here for more information on the Next Generation GSOC Group. If you believe your organization could benefit from participation, contact us.
Return to Program Best Practices