Q. I'm responsible for physical security and investigations and want to better understand how to monitor our performance in these responsibilities. I believe metrics may be a solid way to do this. Where do I find sources of data for this effort and how should I build the framework for the program?
A. Sample a few key senior executives on what metrics might be of interest to them; discuss this with your general auditor colleague and see what metrics the CFO or others are presenting on a routine basis. Make sure you are gathering incident and case data accurately. Some examples to track are: cost trends, comparing number of incidents this time period vs. several prior, losses vs. recoveries, polling your customers for satisfaction with your department, and last consider plotting incidents and more serious cases for common vulnerabilities.
Answer provided by George Campbell, Security Executive Council Emeritus Facuty.