Integral safety & security management system

The new vision of security and safety by Eduardo Reyes

Safety and Security is taking an increasingly leading role in society and in organizations, has ceased to be the “necessary evil” that only generated costs without contributing to the profitability of the company, its importance is such, that today there are at least 3 types of security in all organizations: occupational safety, patrimonial security and operational safety, although two others can be added: health safety derived from the recent pandemic of SARS-CoV-2 and cybersecurity for those companies that manage their processes with computer systems (which today are the majority).

Highly specialized industries such as aeronautic, food and nuclear have very particular safety and security systems that are also added to the previous ones. Can we imagine how complicated is for an organization to manage so many security systems? What are the differences and similarities between one type of safety/security and another? What is the relationship between them?

How can a change in one type of safety/security in others impact me? Imagine that each type of security is a piece of puzzle and that we do not know how to clear each one to put it together, the answer to this dilemma is the integration of all types of safety and security in a single management system called: Integral Safety and Security Management System.

Until recently, the only experience in terms of integration of management systems was that of ISO 9001 Quality Management Systems, ISO 14001 Environmental Management System and ISO 45001 Occupational Safety and Health Management System, but there was nothing about how to integrate all safety and security systems into a single management system. The experience in integrating the three management systems mentioned above has laid a firm foundation for integrating all types of safety and security, however, the process must be reversed, In other words, all types of safety and security should first be integrated into a single management system and once this system is mature, integrate it with other systems such as quality and environmental systems.

The key to integrating any management system is the following:

1. Process-based approach- All processes must be documented.
2. Risk-based thinking- Any activity within the organisation must be assessed in terms of its risk.
3. Follow the Deming cycle or continuous improvement cycle- Plan, Do, Verify and Act.
4. Having the ISO High Level Structure (International Organization for Standarization):
   
   • Organizational context.
   • Leadership.
   • Planning.
   • Support.
   • Operation.
   • Performance Evaluation.
   • Continuous Improvement.

The task is not easy, because bringing any system to the ISO High Level Structure requires knowledge and experience from the staff who lead the process and resources from the organization, however, the incentive is great, consultants specialized in integrating management systems such as Integrated Compliance Solutions, estimates that the savings are 30 to 50% in operating costs in companies that have their systems tegrated. The benefits include:

1. Saving in material, human and financial resources due to not duplicating functions.
2. Reduction of workload and documentation, increasing staff productivity.
3. Clear instructions with the consequent mitigation of costs resulting from misinterpretation errors by the person executing them.
4. Efficient communication between the various safety and security areas.
5. Mitigation of sanctions by authorities and trading partners.
6. Increased confidence of authorities, customers and other interested parties, which may attract more revenue to the company.
7. More profitable, safe and secure organizations.
8. Policies aligned with each other.
9. Comprehensive risk management that facilitates strategic decision-making.
10. Facilitates the certification process of various organisations such as ISO, CTPAT, AEO, BASC, TAPA, etc.

But not everything is honey on leaflets, the integration process can take 10 to 24 months depending mainly on the following factors:

1. Size of the organization in terms of the number of employees, production plants, distribution centers, bases of operation, etc.
2. Level of maturity of the organization that have a direct relation with the safety and security culture of its collaborators, which can be determined with the help of the document AENOR (Spanish Association of Standardization and Certification) UNE 66177:2005: Management systems: A guide for the integration of management systems.
3. Lack of interest in management systems by managers.
4. Resistance to change by the leaders of the various security and safety areas.
5. Lack of accompaniment and follow-up of the person responsible for the integration process.
6. Unmotivated and uncommitted work teams.
7. Low awareness of the importance of management models.
8. Lack of knowledge and little experience in management processes.
9. Misperception that management processes increase workloads
10. Difficulty in choosing the level of integration appropriate to the maturity level of the organisation.

The integration of security and safety systems involves:

1. Establish a comprehensive safety and security policy instead of having 3 or 4 different, fully aligned to the mission and vision of the organization and the corporate objectives of the same.
2. To define objectives together, especially in those processes that impact on more than one type of safety and security, aligned with the corporate objectives of the company and the comprehensive security policy.
3. Incorporate topics common to all types of safety and security into staff training programmes, optimizing training times and increasing their productivity.
4. The assessment of risks jointly, identifying in a collegiate manner those hazards and threats that impact on more than one type of safety and security using the same risk assessment methodology.
5. The preparation of first part audits in conjunction with approved criteria, identifying those tasks that impact on more than one type of safety and security to be evaluated under the same criteria and quantifying the result of the audit at a level of risk of the process, area and organisation as a whole.
6. The definition of common performance indicators in processes that impact more than one type of safety and security.
7. The definition of competency-based job profiles, so that safety and security personnel have a comprehensive view not only of their specialty, but of the rest of the safety and security areas in order to estimate the impact of their processes on the rest of the system.
8. Continuous improvement through frequent review of system performance by senior management through a Comprehensive Safety and Security Committee, to be able to have visibility of the advances of the system and of the collegiate establishment of strategies of mitigation of the diverse risks in each of the areas of safety and security and its impact on the others.

Today, thanks to the principle of synergy where the whole is greater than the sum of its parts, safety and security has to be seen as a holistic process in which the administration by silos falls more and more into obsolescence and unproductivity, the leaders of the various safety and security areas must be open to change, in effect, the integration of safety and security systems will not be welcome at the outset, as some will think that they will lose power or level of influence within the organisation, putting their work at risk, this is not the case, and we must work to make leaders aware first of all of the benefits of the system, this is one of the main challenges to be overcome, since we must count on their support for the success of the process.

Another very important factor is the commitment of senior management, the CEO is responsible for the management system and the allocation of resources for its integration. The costs associated with the integration of management systems in general are not onerous, on the contrary, many times when duplicating functions also duplicate resources and in that sense from the integration process can already start to have savings and be visible, its effect is almost immediate. What effectively increases and greatly during the integration process is the workload, the task of reviewing in detail each procedure in each safety and security area and establishing a correspondence matrix to define the relationship of a procedure with other safety/security systems, is time-consuming and tiring. This is the most complicated part of the process, however, once the system is integrated and mature, the workload of the staff is substantially reduced by being more productive. Raising awareness of an enterprise’s operating staff of the benefits of an integrated management system may not be as clear to them, it is advisable to use awareness strategies such as reducing the risk of suffering an accident at work or having savings derived from the implementation of the system, will have greater profits at the end of the year, undoubtedly, arguments like the previous ones, are the ones that generate the greatest impact on staff, we must design strategies that aim effectively, to show the benefit of integration based on their priorities.

Let us not be afraid to implement a Comprehensive Safety and Security Management System, let us be open to changes and see the benefits of the company and our area in the short, medium and long term, let us be creative and disruptive, because today it is the only way to survive our competition in a globalized world that in terms of safety and security, It needs to effectively anticipate new hazards and threats and to deal with them with intelligence and clear strategies that allow us to be safer and more secure but also more profitable.

Author’s profile:
Eduardo Reyes is an Aeronautical Engineer and holds a Master’s degree in Strategic Management and Innovation Management. He has held management positions in safety and security areas of the most important companies in the aeronautical sector such as Aeromexico, Aerounion, Serviseg and currently the Pacific Airport Group. He is teacher of the National Polytechnic Institute in Mexico and author of the book: “Integral Safety and Security in Companies. Integral Safety and Security Management System” published by Alfaomega.