Operational Policy Making for Professional Security: Practical Policy Skills for the Public and Private Sector
By Allen Sondej
4/5
()
About this ebook
Operational Policy Making for Professional Security: Practical Policy Skills for the Public and Private Sector is a clear, concise, and practical resource for drafting effective, legally defensible security policies.
Presented in a clear, step-by-step style that can be tailored to fit the smallest organization to the largest, the book offers the strategies needed for reducing risk through solid policy construction. It is the first book available that provides a step-by-step guide to basic security policy construction, along with helpful hints on how to draft a document that conveys exactly what is intended.
The book explores common policy creation pitfalls and how to avoid them, outlining proven methods for implementing and disseminating effective policies throughout any organization.
Discussing the core security and safety policies that no organization should operate without, the book covers common types of policies, along with the pros and cons of different policy-making methodologies. It is a one-stop reference on functional security policy-making for organizational leaders.
- User-friendly resource that guides readers through the entire policy-making process
- Explores real-world solutions to common security policy issues
- Outlines legally defensible policy suggestions
- Provides analytical tools for assessing policies to ensure they are effective and lawful
- Illustrates key concepts with case studies, and offers an appendix with samples that support concepts explored in each chapter
Related to Operational Policy Making for Professional Security
Related ebooks
Security Metrics Management: Measuring the Effectiveness and Efficiency of a Security Program Rating: 0 out of 5 stars0 ratingsPhysical Security Strategy and Process Playbook Rating: 0 out of 5 stars0 ratingsEffective Physical Security Rating: 3 out of 5 stars3/5Strategic Security Management: A Risk Assessment Guide for Decision Makers Rating: 5 out of 5 stars5/5Security Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsSecurity Risk Assessment: Managing Physical and Operational Security Rating: 5 out of 5 stars5/5Conflict Management for Security Professionals Rating: 4 out of 5 stars4/5Keeping Religious Institutions Secure Rating: 0 out of 5 stars0 ratingsThe Art and Science of Security: Practical Security Applications for Team Leaders and Managers Rating: 5 out of 5 stars5/5Measures and Metrics in Corporate Security Rating: 0 out of 5 stars0 ratingsBecoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/5Workplace Violence: Planning for Prevention and Response Rating: 0 out of 5 stars0 ratingsCorporate Security Management: Challenges, Risks, and Strategies Rating: 5 out of 5 stars5/5The Chief Security Officer’s Handbook: Leading Your Team into the Future Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Effective Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsInsider Threat: Prevention, Detection, Mitigation, and Deterrence Rating: 5 out of 5 stars5/5Business Continuity from Preparedness to Recovery: A Standards-Based Approach Rating: 0 out of 5 stars0 ratingsInternational Security Programs Benchmark Report: Research Report Rating: 3 out of 5 stars3/5Security Leader Insights for Business Continuity: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsBusiness Continuity Planning: A Step-by-Step Guide With Planning Forms Rating: 0 out of 5 stars0 ratingsData Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratingsFISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsCrime Prevention Through Environmental Design Rating: 0 out of 5 stars0 ratingsWorkplace Security Playbook: The New Manager's Guide to Security Risk Rating: 0 out of 5 stars0 ratingsNine Practices of the Successful Security Leader: Research Report Rating: 0 out of 5 stars0 ratingsSecurity Careers: Skills, Compensation, and Career Paths Rating: 0 out of 5 stars0 ratingsSecurity Operations Management Rating: 0 out of 5 stars0 ratingsSecurity Science: The Theory and Practice of Security Rating: 0 out of 5 stars0 ratingsSecurity Consulting Rating: 4 out of 5 stars4/5
Business For You
The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Carol Dweck's Mindset The New Psychology of Success: Summary and Analysis Rating: 4 out of 5 stars4/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Real Artists Don't Starve: Timeless Strategies for Thriving in the New Creative Age Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5
Reviews for Operational Policy Making for Professional Security
1 rating0 reviews
Book preview
Operational Policy Making for Professional Security - Allen Sondej
you.
Chapter 1
Theory and Organization
Theory and Organization, provides the theoretical foundation for policy making and is the longest chapter. It provides an academic structure using selected organizational and policy theories in a practical manner. This chapter is not intended to be a peer-reviewed work, but is meant to give a practical understanding of the basics of these theories.
Keywords
Due diligence; Organization; Structure; Employee discretion; Rational Choice Theory; Multiple Streams Theory; Sensemaking; Simple structure; Machine bureaucracy; Professional bureaucracy; Divisionalized form; and Adhocracy
There are many books available that cover policy and practically all of them deal with either public policy or foreign policy. Most books deal with theory; this book is not one of them. This book is designed to be functional through a focus on internal regulation and direction of organizations through strategic and functional policy. This book is about the practice. The intent is to provide a resource that assists leaders in positively impacting their own organizational effectiveness.
To simplify matters, in this book the elements of policy are bifurcated into two types, strategic and operational. The practical goal of this book is to provide a resource that focuses on operational policy. Organizational leaders must have a skill set that allows them to transfer the goals and missions of organizations to action. The action occurs at the grassroots level; it does not occur in the board room or in executive staff meetings. The goals are carried out by the operational staff and this is where a policy system has the greatest impact. I hope practitioners of all levels will be able to apply the information in this book regardless of their experience or skill level.
This book is written largely from my background as a policy executive in law enforcement and from my experiences as a leader in best practices and accountability in law enforcement. I combine this with my legal education and experience as an attorney, which gives me a unique perspective on the drafting of directives and liability issues. My experiences as a university professor, teaching policy at all levels, has also been an opportunity to perform academic research. The degree program I teach in is intended for professionals, which gives me access to practitioners in the security field. As the president of a law enforcement accreditation organization devoted to best practices and accountability, I have significant policy-making experience.
Although this book is not one that is steeped in policy theory, there are many theories and resources that are applicable. It is not my intention to detail every applicable theory, only those that I feel are supportive to the goal of the book. It is my experience that policy writers are less concerned with the underlying theory and more concerned with the application. But in any endeavor, a strong foundation is needed, therefore it is important to provide some theoretical background to the policy process. This chapter will examine some foundational theories and tenets of policy.
Policy Development
The practice of policy making and drafting policy instruments calls into play a great many disciplines. One has to have a working knowledge of strategy, tactics, and the law and an understanding of human and organizational behavior, as well as the concepts of sensing and communicating. It takes years to amass these skill sets and it is often accomplished through trial and error. It is often time consuming and requires a certain level of understanding of the operation, the organization itself, and the threats and opportunities facing the organization. It is not uncommon for organizations to simply buy boilerplate policy manuals that are produced by reputable organizations, including law firms. Why bother learning a whole new skill set when one can just buy canned policies off the Internet? The first reason is the lack of flexibility. Using canned policies only works for your organization as it is; Boilerplate policies do not self-adjust to changes in the organization. This means that unless someone in the organization has a policy skill set, any changes to the directives may not be effective. The second reason is that using canned policies is a limited choice in that they may not be viewed as due diligence. A fixed set of policies can meet the needs of most organizations most of the time. But no organization is exactly like another and the world is not static. Even if you buy canned policies, someone in the organization has to be able to adapt these to fit individual organizational requirements. This requires a policy skill set. When it comes to operational policies, the adage there is no need to reinvent the wheel
is a slippery slope. Each organization is different and their operational policies require tailoring. This is called due diligence in the legal world, which means you did the reasonable level of investigation and work to produce the product – you do have to reinvent the wheel. Think of it this way: Which looks better – an off-the-rack suit or a personally tailored one?
Policy is often driven by the industry or background of the writer. Lawyers, managers, subject matter experts, and employees all write policy. For example, many attorneys are involved in drafting policy implements, but these tend to be very legalistic. They also tend to be wordy and highly risk adverse. Lawyers tend to write in a highly technical manner, but effective operational policy must be simple and concise. Having lawyers as the primary authors of directives can be problematic as the writers often lack a true operational understanding of the nuts and bolts of the processes of the organization. Operational policies designed primarily to be legally defensible tend to be one dimensional. While great for the legal defense of policy, they can serve to undermine the necessary day-to-day actions of an organization.
There are other groups that can be stakeholders in the development of operational policy. Having subject matter experts design operational policy allows for the inclusion of the subtle everyday aspects of accomplishing the organizational mission. The drawback is that these employees tend to be mission focused and can create directives that are geared to effectiveness in accomplishing the mission but lack controls that mitigate liability. Organizational managers are often the point people for drafting organizational policy and can be competent at doing so. They understand the operation and have a vested interest in limiting liability as they share in it. The drawback is that managers are focused on efficiency and sometimes are influenced by performance and output imperatives. This can undermine both the legal concerns, such as negligence, and the operational effectiveness concerns. Aside from lawyers, managers, and subject matter experts, employees are sometimes involved in the process through committees or labor unions. Employees tend to have an interest in workplace safety and employee benefits. This role can be perceived as self-serving but looking out for yourself is not necessarily a bad thing. The downside to employees driving operational policy is that sometimes efficiency and legal aspects can suffer. In addition, an employee centric policy system can undermine management.
As you can see, each group brings strengths and weaknesses to the policy development table. No one group is the best choice for producing operational policy; the goal is to engage all parties. If each group has a seat at the table, then all of the positive aspects that they possess can be leveraged. A healthy policy system encompasses the concerns of efficiency, operational effectiveness, legal defense and liability mitigation, and employee welfare and morale. The formation of organizational policy must be inclusive.
Theoretical Policy Foundations
Public Policy
Although public policy studies are not directly on point, they do provide context for the understanding of internal organizational policy. A discussion on how and why public policy is made will shed some light on how internal organization policy is made. Public policy decisions are broad and made at high levels of government that affect the nation and can trickle down to the average person or organization. A good example of a public policy is the tax exempt status of religious institutions.
Tax Exemption as a Public Policy
It is because religious organizations are considered charitable and thus a benefit to society that they are given tax exempt status. Identifying a religious organization for special tax treatment brings up one of the issues with public policy as opposed to what I call operational policy. It is not unreasonable to say that religious-based tax exemption is controversial and has borne examples of abuse. This is because a public policy is the execution of a grand strategy. Grand strategy at the national or state level is the prioritizing of resources and efforts to achieve a political goal. Much as the name implies, grand strategy paints in broad brush strokes, with finer policy adjustments left to agencies in government to develop. For example, the Internal Revenue Service produces the fine-point rules dealing with religious group tax exemptions. Although it is important to recognize that public policy decisions are massive in context and implementation, there are parallels for the private sector. Examining public policy can be instructive as the policy-making process for smaller nonpublic organizations is much the same. Unlike public policy, whose success can often be a matter of public perception, functional policy success is easily quantifiable through lawsuits, physical harm, and bankruptcy.
Policy as a Colloquialism
The study of policy is confusing and sometimes contradictory and it is practically always discussed in terms of public policy. The characteristics and theories of public policy can be extrapolated to provide data and processes that work in the organizational context of this book. Given that most work on the topic is done in the academic discipline, it is important to recognize that policy, as a unique field of study simply, does not exist. That lion share of policy study is in the public policy area. Even in academia, this study is fragmented and dispersed among the various academic disciplines. Furthermore, it has been noted by policy researchers that in its study, there is no central question or problem guiding research (Smith & Larimer, 2013). There are arguments that policy study, public policy or otherwise, is a not science at all. Some researchers have dismissed policy making as an art form, even simply describing it as a persuasion.
In other works, policy making has been categorized as a mood more than a science. It has been identified as a loosely organized body of precepts and positions rather than a tightly integrated body of systematic knowledge – more art and craft than genuine science
(Moran, Rein, & Goodin, 2010). The academic research community struggles to agree on exactly what policy is. Does it mean strictly public policy? Does it mean policy as it relates to politics and governance? Is it just foreign policy? Or is policy a tool for management? Based on the evidence and the many different disciplines of policy, the answer has to be yes; policy encompasses all of these. The disagreement is more fundamental than theoretical disagreements; it goes right to the very word itself. No one can even agree on what the word policy means. It would seem that the use of the word policy has the same functional impact as the word aloha. It means many things and is used in the vocabulary accordingly.
The word policy itself has multiple definitions as well as multiple interpretations of those definitions. It is also commonly used in an exceedingly broad manner. It is just one of those words that is used to the point of defying the common definitions. The problem with this is that without a clear understanding of exactly what the term policy means, the resulting work product cannot be uniform. It can be complicated when using the term in an organizational setting. How does an employee distinguish between policy as an organizational goal and policy as the way things must be done? The simple fact is that words mean things and using words has consequences. Incorrect interpretation of the meaning of policy can affect efficiency or effectiveness. What’s worse is that they carry a disproportionate weight in legal proceedings. In a trial, the words used will be thoroughly scrutinized and can result in adverse outcomes for an organization.
An effective organizational leader must know not only how to work in policy but how to employ words effectively. To that end and to simplify the task of making the policy skills readily applicable, I have coined terms to describe the elements of policy. These terms are used to bring a basic level of clarity and identification to the language of policy. These terms are not accepted by anyone in academia or otherwise as universal definitions. I have coined them from the standpoint of common sense out of necessity to have at least workable definitions for the target audience of this book. They may not be perfect, but we have to start somewhere. This concept and the following terms will be repeated throughout the book.
Directive: A directive is the formal written document that is used to carry out the strategic policy, also known as the goals of the organization. Directives come in various forms, depending on the level of discretion permitted. They include rules, orders, procedures, and protocols.
Operational policy: Operational policy is the term I employ to compensate for the colloquial use of the term policy when people really mean directives. Directives are rules, procedures, plans, budgets, and so forth. Operational policy is focused on the day-to-day, tasks involved in reaching the strategic policy. In the public sector, this means the delivery of services on behalf of the public; in the private sector, it means organizational profitability. Operational policy is essential to accomplishing the strategic policy without lawsuits.
Policy system: A policy system is a set of principles or procedures that lead to the accomplishment of a goal. It includes both strategic policy and operational policy. Supporting functions include training, supervision, and discipline.
Policy making: Policy making pertains to the determination of organization goals and ideals. The end product is the setting of strategic policy or an organizational goal. For example, the chief executive officer, in consultation with the board of directors, has introduced a strategic policy of selling 1 million mallets in China this year. In this example the goal of selling 1 million mallets is clear. The specific sales goal is what the organizational decision maker has set as the strategic policy. Aside from strategic policy, policy making also involves deciding on how the organization plans on meeting their goals. This is known as operational policy. Operational policy includes: rules, orders, procedures, and other sources of organizational direction.
Policy drafting: Policy drafting pertains to the development and committing to writing the formal organizational directives that are used to carry out organizational goals. This is operational policy making.
Strategic policy: Strategic policy involves those policy decisions and tools that are end results oriented. This is operating in the context of the big picture. A strategic policy is defining the goals of an organization; it is not concerned with the processes of reaching the goals. Strategic policy in a police department would be to protect and serve.
Policy Confusion
If you surveyed the public on what policy is, you would likely get any number of responses. This is understandable as the academic discipline of policy study is full of contradiction and competing theories. Most people think they know what policy is and believe it is straightforward, dry, and dull. It is no wonder; if one were to search Google, it would return several choices. For example, Merriam-Webster.com (http://www.merriam-webster.com/dictionary/policy) defines policy as:
■ Prudence or wisdom in the management of affairs
■ Management or procedure based primarily on material interest
■ A definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions
■ A high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body
Whereas Dictionary.com (http://dictionary.reference.com/browse/policy) defines policy as:
■ Definite course of action adopted for the sake of expediency, facility, etc.: We have a new company policy.
■ A course of action adopted and pursued by a government, ruler, political party, etc.: our nation’s foreign policy.
■ Action or procedure conforming to or considered with reference to prudence or expediency: It was good policy to