Security Vendors: Leveraging Partnerships and Reducing Risk

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae

In thinking of the pandemic, we are reminded that you should not wait for a crisis to make a plan. Stretching the adage further, the start of a crisis is not the time to be meeting your vendor’s leadership team for the first time to compare notes. This is especially true with your security providers. Successfully navigating through a crisis, each with its own unique challenges, requires leveraging established relationships to ensure stability during uncertain times. And as for posing unique challenges, the COVID-19 pandemic is in a class all its own.

With work from home the new norm in many corporate settings, the need for security and safety in the workplace remains paramount. Reduced building occupancy does not diminish overall risk, and instead presents its own set of challenges to manage. Whether it is monitoring fire or intrusion alarms, the array of security tools we deploy during “normal” times remain fundamental as we protect our essential on-site personnel and property. The good news is that many essential security functions,includingretrieving access reports to facilitate contact tracing,running a 24/7 operations center, or tracking threats can be done remotely and efficiently. Success relies ona continuity plan that leverages matured relationships with critical vendors.

"Investing in and nurturing a strong partnership where your security vendor feels like a valued part of the team is integral to success, especially during times of crisis when you need to pivot quickly"

The COVID-19 pandemic has been instructive. As a base line, business continuity plans must consider the criticality of third-party security services to ensure uninterrupted coverage, and the continuity manager, to achieve true resiliency, must understand fully the security function and process. The pandemic has hammered this lesson home.Asa security leader, it is incumbent upon you to ensure your team is positioned to execute on the physical security continuity plan. This takes, in part, understanding your vendor’s capabilities and their continuity plans. Your vendor’s vulnerabilities become your operational vulnerabilities. For example, just as you may be operating with reduced on-site staff during a crisis, your security vendor is likely operating under the same restrictions. That said, other than providing you with requisite security coverage, is your vendor able to provide and sustain other support functions necessary to address risk? For instance, if your 24 x 7 security control or operations center is primarily staffed with contractors, do they have the capability to go remote? Do critical security contractor staff have access to systems and equipment to facilitate remote operation in a loss of facility scenario? These are the questions that must be answered before the crisis to ensure continuity of business.

The inability to deliver on critical security services such as threat monitoring and response during times of crisis amounts to a business disruption. You must enable your security vendor by providing workaround strategies such as remote work support, just as you do for employees. Doing so will ensure you meet the needs of the business, as well as meet employee security and safety expectations.

Setting yourself up for success goes beyond the four corners of a supplier contract. Investing in and nurturing a strong partnership where your security vendor feels like a valued part of the teamis integral to success, especially during times of crisis when you need to pivot quickly. A strategic partnership, based on mutual respect and aligned goals, is foundational to vendor relationship management and a pathway to promoting safety and security.

Read Also

Embracing the Next Generation of Asset Security with AI and IoT

Embracing the Next Generation of Asset Security with AI and IoT

Matthieu Le Taillandier, General Manager for Western Europe at STANLEY Security, now part of Securitas
What Exactly is Non-Financial Risk?

What Exactly is Non-Financial Risk?

Gus Ortega, Head of Operational Risk Management at Voya Financial
#Keeping It REAL With Your Security Vendors#

#Keeping It REAL With Your Security Vendors#

Robert Pace, VP/CISO, Invitation Homes
Security For IT/OT Convergence

Security For IT/OT Convergence

Christopher Nichols, Director OT/ IT Resiliency & Support, Stanley Black & Decker
Security Architecture In Theory And In Practice: Why Security Should Be Considered Among The Main Pillars Of The Organization's Enterprise Architectur

Security Architecture In Theory And In Practice: Why Security...

Marco Morana, Head of Security Architecture,JPMorgan Chase & Co.
Fighting Fraud is a Combination of Effective Preventive Systems, Use of Skillful Staff and Employee Awareness

Fighting Fraud is a Combination of Effective Preventive Systems,...

Kim Siren, Head of Fraud Management at OP Financial Group