Robin Stearns - SB 553
Greetings, Peers, and Friends,
I trust this newsletter article finds you all well.
The governor of California, Governor Newsom, ratified (on September 30, 2023) Senate Bill 553, which requires all employers with 10 or more employees to create, integrate, and manage a Workplace Violence Prevention Plan (WVPP) effective July 1, 2024. This bill's objective is to create a safe working environment for all personnel.
Here are some of the key requirements outlined in the law:
1. Violent Incident Log:
Employers must maintain a register of all episodes of violence that occur within the office space as part of the WVPP. This data management requirement is essential to monitoring potential safety hazards and taking corrective action to prevent recurrences.
2. Training on Workplace Violence Hazards:
Under the WVPP, employees must receive initial training on the written WVPP, helping them recognize and manage workplace violence threats. This acquired knowledge will enable employees to be active participants in their safety and the WVPP overall.
3. Periodic Plan Reviews:
To ensure its ongoing functionality and suitability, regular reviews of the WVPP are compulsory. These reviews enable the WVPP to evolve as the threat landscape at your company evolves.
To explore SB 553 more deeply, I reached out to workplace violence prevention expert Robin Stearns of Pacific Resilience Group . Drawing on extensive experience in the public and private sector, Robin shared her perspective of the new law, her experiences building security teams and programs, and some best practices for delivering impact in today’s challenging security environment.
Question: As a security expert, I'm curious to know your methods for building and managing top-notch security teams.
This is a question that is near and dear to my heart. I’ve been lucky in my career to work with great people to build amazing global security teams. Building successful security teams requires a multi-pronged approach, and I focus on four key elements:
1. Cultivating a Supportive Culture:
- Transparency from the start: During interviews, I openly discuss our team culture, emphasizing trust, collaboration, and mutual support. This ensures potential team members understand and embrace our values from the beginning.
- Prioritizing well-being: A healthy team culture fosters individual well-being. I strive to create a safe space where everyone feels comfortable seeking help and maintaining a healthy work-life balance. I don’t just talk about a healthy work-life balance though, I model it. This is crucial, especially given the demanding nature of security work.
2. Ensuring Clear Objectives:
- Defining our mission: A clear mission statement sets the direction and motivates the team. Regularly revisiting this statement in meetings keeps everyone focused and aligned. When I lead team meetings I always start with our mission statement and priorities.The minute teams lose sight of their mission they feel lost / demotivated and it’s incredibly hard to get them refocused.
- Setting concrete goals: Transparent, clearly defined goals are essential. They should be measurable, with targets that are achievable but still ambitious. With clear objectives, everyone understands their individual and collective responsibilities towards our overall mission.
3. Empowering Team Members:
- Granting autonomy: Once trust and clarity are established, I empower team members with the autonomy. This fosters creative problem-solving and ownership of their work. Micromanagement will only stifle creativity.?
- Fostering trust and support: By creating a supportive environment, I encourage team members to come to me when they need help. Building trust ensures they feel comfortable seeking guidance and are confident in my support.
4. Recognizing and Rewarding:
- Timely appreciation: Never miss an opportunity to express appreciation or publicly recognize someone on your team. Celebrate individual and team successes regularly. Recognizing and rewarding achievements, both individual and team-based, is crucial. This motivates the team, reinforces positive behavior, and fosters a culture of appreciation. When someone has done a great job, make it a part of the team culture to send an email to their manager or pass out whatever official kudos is supported by your organization. At Google we had peer and spot bonuses. In my opinion, if you were not giving them out regularly, you weren’t doing your job as a leader.
These four elements flow together as a cycle. Successful teams don’t happen by accident. They require constant maintenance. By consistently revisiting and refining these four elements, it is possible to maintain a healthy, motivated, and effective security team.
Question: Additionally, I'm interested in learning about your approach to establishing effective security policies and programs. Could you give any examples of successful collaborations with stakeholders that have resulted in enhanced safety and security measures?
My approach to establishing security policies and programs is to design, empower and fortify. First you have to design policies and programs that make sense for your company. Well written and comprehensive policies are not just a prerequisite, they are the simplest and most cost effective way to enhance security.?
领英推荐
Next, you have to empower employees through practical, engaging training that gives them a sense of agency and control. Employees who are trained properly on security policies take an active role in their own safety - inside and outside the workplace - and this enhances the safety of the organization overall. Every employee can be a security champion.
Policies define what security means for your company. Training empowers employees and builds a strong security culture. From this foundation, the next step is to understand your company’s critical risk areas, and fortify them. As a leader, you must make choices about where to invest scarce resources. By understanding your company’s unique business, geography and culture, you can effectively deploy resources where they are most needed. Make sure your company is the strongest where the impact of a security incident would be most severe.
Question: I'm also interested in hearing about your utilization of data-driven decision-making in your security initiatives. Have you encountered any key challenges in your role as a global security leader, and if so, how did you overcome them?
In a best case scenario, programs should be built from the ground up with data in mind. That means capturing structured data not only about cases and incidents, but also “operational health” metrics like turnaround time and closure rate. This kind of data is critical in two ways. First, it can directly inform decisions about safety and security within the context of a case or incident. Past incident and case data, taken in aggregate, has significant predictive value and helps reduce the recency and availability biases that lead to bad outcomes. Second, data allows you to prove the value and impact of your program, and when needed helps make compelling pitches for additional resources.??
There are many challenges to leveraging data: institutional traditionalism, data entry burdens, competing data models, and more. The most difficult barrier to robust data management, however, is convincing leadership to commit the necessary resources to it. Sophisticated data management does not happen naturally. It requires expertise and maintenance. Understandably, it can be difficult to sell security leaders on the long term benefits of hiring a data scientist if, for example, a campus security manager role is unfilled. In these cases, it can be useful to show a “proof of concept” on how data could transform your program, highlighting case studies and lessons learned from even rudimentary data collection.
Question: I would love to gain insights from you on the importance of innovation in improving security practices.
I’ve spent the majority of my career in tech which means innovation is in everything that I do. Starting Pacific Resilience Group was about innovation. The risks businesses face are increasing in complexity, and the security profession must evolve to keep pace.?
You have to be innovative with headcount, data management and threat detection / mitigation. AI is on everyone’s mind at the moment. Real innovation with AI does not come from task replacement alone, but by using bandwidth freed up by task replacement to facilitate increased complexity and volume of work. If, for example, a Large Language Model can turn hard drives full of written reports into structured data, the lessons you learn and apply from that structured data will be the real innovation.?
Question: How do you measure the efficacy and triumph of your security programs?
Three words I live by: “Impact, not effort.”
Proving impact in security programs can be difficult. Often success is something not happening, and that is inherently hard to measure. But that doesn’t relieve us of the duty to try. Too often security programs default to what I call “activity metrics” or other measures of effort. Of course it is useful and necessary to track activity, but what really matters is connecting that activity to impact. For example, if you increased rounds by guard force on campus, how did that impact theft, disruption, or other safety metrics??
Beyond a focus on impact metrics, I look at how effectively a program sets and meets stakeholder expectations. Stakeholders - quite rightly - will often drive requirements, but it’s also important to encourage them to think big about what ideal support would look like. Stakeholders typically don’t have time to think about the range of possible support they could receive and it is easy to default to the status quo. We work with stakeholders to set ambitious goals, and keep regular touchpoints with progress against those goals. How we make progress in the eyes of our stakeholders says a lot about the impact we’ve had.
Question: Could you talk a little about the SB-553 Occupational Safety: Workplace Violence: Restraining Orders and Workplace Violence Prevention Plan? Do you think this kind of program should be applied globally?
I absolutely love what SB 553 is doing to protect the workplace. We have to empower employers and employees to take an active role in the safety of the workplace. Gone are the days where employees can be unaware of the dangers associated with their jobs. Because of SB 553 employees will now understand what to do and where to go to report a concern.?
The area of SB 553 that pertains to restraining orders won’t be in effect until 2025 and I know there are a lot of questions around this. Ultimately, restraining orders can be a good thing but they aren’t a force field. You have to weigh the pros and cons but know that a restraining order is a piece of paper. Sometimes people of concern follow them and sometimes they don’t.
Bills like SB 553 are already being crafted around the US. New York might be the next state to have a version of California’s SB 553 and other states are discussing following their example. I am advising my clients with 10 or more employees in CA and a global presence to apply SB 553 globally.
Question: ASIS International is a global association for security professionals. How can you leverage networking via ASIS International?
Many people think of networking in the context of career growth and job opportunities. It certainly is central to that, and I would recommend to anyone looking for new roles to leverage the incredible connections that ASIS offers. That said, there’s so much more to networking and to engaging with peers. Networks allow you to benchmark and pressure test your programs. They help inspire innovation and uncover best practices. They help build not only role related knowledge but also leadership skills. With so much to offer, I encourage everyone - not just those exploring new roles - to build their professional network. And if you work in security, ASIS is a great place to start.
Please share this newsletter with your peers and friends.
Warm regards,
Abraham Desantiago.
Email: [email protected]
WhatsApp / Telegram: +58 412 605 5084
My book La transformación de la seguridad: Una guía para líderes emergentes en la era digital (Spanish Edition) https://a.co/d/2xCVwUL