Q. We are discussing establishing a GSOC to support our company and security organization. Since this is new to us, could you supply some fundamental considerations we should be thinking about?
A. First, the best scenario is to have your CSO drive the strategy. If the CSO is not driving the strategy, you will need to provide him or her with the detailed data needed to support the project.
The first step in our process was gaining a full understanding of the current delivery of security services related to GSOC within the company. My previous company had three regional dispatch centers, more than 25 standalone sites, and more than 40 sites with UL security alarm requirements. It was critical to understand the equipment, processes, and procedures of each one to plan a consolidation into our new GSOC. We performed site visits and documented our findings. We were looking for proven practices regarding technology, staffing, design/layout, and services provided.
Next, I would suggest trying to benchmark with peer companies. With the help of the SEC, we sent out what were to be the first surveys that supported the establishment of the GSOC Best Practices Group. These surveys provided us with the data needed to select specific GSOCs that would be good to visit and learn from. We looked for proven practices to help us to establish a GSOC that would be the best for us based on our needs.
The next step is to create a business plan. We teamed up with our finance team to get this accomplished. You will likely need a business plan in your organization to secure the capital needed to build the GSOC. Make sure you communicate and acquire approvals at the highest levels of the company. This will help you build support for the project along the way.
The projected Return on Investment (ROI) was critical to getting the support we needed. We worked very closely with our Finance department to ensure the project was tracked using the company's standard financial tools. With the consolidation activities, we reduced headcount as well as footprint, creating a very strong business case, and the project was approved. By communicating the benefits of a GSOC with company executives, we made the decision a risk decision. The question became, “How could we not have a GSOC…?”
You will need to consider the best location for your GSOC and back-up GSOC. We engaged subject matter expertise from our business continuity team as well as our Real Estate team to evaluate locations based on weighted criteria to give us an unbiased selection. We narrowed down the list and selected the sites. Factors we considered:
- Potential for natural disasters, such as earthquakes
- Company owned property vs. leased property
- Space availability
- Construction costs
- Wage rates
- Preference for right-to-work locations
- Availability of skilled workforce in the area
Last but not least, you should consider what you want your program structure to look like. We established a program structure that allowed us to project manage the various aspects of the project. To do this we created specific teams with specific roles. We had a Consolidation Team responsible for all the above steps as well as design, staffing, and construction reviews. The Technology Team was responsible for all the technologies associated with the GSOC. Our Concept of Operations Team worked out the procedures and notification processes. Lastly, we had a People Team that helped with placement opportunities and training for those impacted by the consolidations.
Editor’s Note: Learn more About the SEC’s Global Security Operations Center (GSOC) Best Practices Group
Answer provided by Neil Johnston, Subject Matter Expert Faculty, Security Executive Council