Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

Guide to Understanding the Benefits of Integrated Safety and Security Management

Noggin

Security Management Software

Updated July 13, 2023

Breaking down the siloes between Safety and Security helps firms maintain duty of care

By now, safety and security managers have each built strong portfolios in the enterprise. Indeed, reporting hierarchies often reflect the importance the C-suite places on topline safety and security priorities, objectives like keeping employees safe at work or mitigating threats to facilities and people. In turn, businesses of all shapes and sizes, in all vertical markets, have implemented standalone safety and security management systems to pursue those objectives.

Initially, the siloing seemed justified, at least on a theoretical level. After all, safety managers primarily focus on the unintentional, non-malicious threats to people, process, systems, and the environment caused by human error. Conversely, security managers focus on intentional, malicious threats to physical assets and people perpetrated by intentional human actorsi

But the practical, on-the-ground siloing of Safety and Security programs has had major implications, both for the organization’s ability to prevent loss and to maintain its duty of care obligations to employees. The two objectives are very much linked, as should be the policies, procedures, and tools to achieve them. 

Not convinced? Take the example of healthcare workers. Across the globe, healthcare workers face significant risks of intentional, occupational violence, whether they’re operating in hospitals, smaller clinics, residential treatment facilities, community care settings, or in the field. In the U.S. alone, a staggering 25 percent of fatalities in the sector are due to assaults and other violent actsii.

The threat of workplace violence, as described, is clearly malicious, the provenance of Security. But the loss risk is of abiding interest to Safety, as well – just consider the litany of audits of OHS risk in the industry completed by Safety regulators. It is the Safety team that must maintain the organization’s legally-mandated duty of care obligations to its employees, a requirement to ensure (so far as is reasonably practicable) that the workplace is free of recognized hazards causing or likely to cause death or serious physical harm. But maintaining duty of care requires Safety teams to identify, understand, and control security risks. What’s more, once security risks become incidents, too, they cascade into major safety events, which again compromise an organization’s duty of care. 

And this is the case across all industries, especially sectors like construction, retail, and education that have elevated risk of violent security threats. The only question remains, though: are siloed structures sufficient to prevent major safety and security loss and maintain duty of care? Careful research says no. And so, this guide lays out an alternative approach, detailing the benefits of integrated safety and security management and specifying the precise software capabilities teams should look for to achieve their loss prevention goals and mitigate compliance risk. 

 

 

The practical benefits of integrating safety and security management

Integrated safety and security management broadens the spectrum of threats that Safety and Security teams must tackle to all threats and hazards classified as probable (based on risk-based planning) to cause injury, illness, property damage, business disruption, or environmental impact. Integrated safety and security management technology itself enables those different teams (be they Safety and Security or others) to conduct varied activities in a uniform, consistent manner, an approach that continually protects all elements of the enterprise from internal and external threats.

Why isn’t that possible with siloed management systems? Well, standalone systems that have been implemented at different times, by different teams following different directives don’t communicate well with each other – if at all. This lack of interoperability is especially pronounced in safety and security, where disparate safety and security management systems (often locked apart from each other) aren’t set up to share relevant information, despite the demonstrated fact that security threats cascade into safety incidents (and vice versa). 

One effect is specific to organizations who’ve built security operations centers (SOCs). During critical security incidents (impacting safety), SOC practitioners receive a surfeit of data from different sources, including Safety. That wouldn’t be bad in and of itself. But the non-interoperable technologies that security practitioners use don’t provide a cohesive means of viewing all of that information, let alone making sense of it. So, despite the upfront investment in proactive protective security strategies and structures, an organization without an integrated safety and security system will still see the risk of duplications and redundancies grow, which slows down incident response – all challenges the development of the SOC was meant to overcome in the first place. 

Security organizations who haven’t built SOCs aren’t immune from the siloing effects of safety and security technologies, either; further, those organizations often yield to the temptation to procure individual point solutions, each solving a discrete challenge. Without an end-to-end, enterprise-grade interoperable system, though, practitioners respond to safety threats that trigger security crises (e.g. fire and explosion) with limited situational awareness, because of the degraded flow of knowledge. As practitioners know all too well, operating with limited situational awareness only extends out incident response times and heightens the potential for losses. On the other hand, integrated information management (via safety and security interoperability) eliminates potential redundancies and improves response efficiency. 

What’s more, an integrated platform cuts down on the overhead (cost and personnel-wise) of ensuring that separate point solutions keep communicating with each other. The fact is they often don’t; data connectors break down, leaving response teams in the lurch. 

What can fit under the banner of integrated safety and security

  • Security management
  • Environmental, health and safety management
  • Crisis and crisis information management
  • Emergency management
  • Business continuity management
  • Incident management
  • Case management
  • Dispatch/resource management
  • Risk management
  • Governance, risk management and compliance (GRC)

Incident types that cross the boundaries of safety and security

  • Bomb threat
  • Breach of License Conditions
  • Chemical Spill
  • Compliance Breach
  • Environmental Incident
  • Fire / explosion
  • Fuel Spill
  • Hazardous materials incident
  • Waste management
  • Medical emergency
  • Near Miss
  • Severe weather - all hazards
  • Uncontrolled Air Emission
  • Vehicle Incident
  • Water Release
  • And many, many more

Key considerations for an integrated safety and security management platform

Now that we’ve rehearsed the important benefits of integrated safety and security management, it’s well worth asking what should you be looking for when procuring an integrated safety and security platform? Here’s a list of the key capabilities to effectively manage the safety and security incidents, risks, and hazards across your enterprise: 

  • Maintain duty of care.

    By their nature, physical security threats compromise legally-mandated work safety protections. Remember, protective security measures must comply with WHS regulations, tooiii

    And that’s why an integrated security management tool should offer safety (and safety risk) functionality as well as the ability to integrate seamlessly with existing mass notification tools (often a component of duty of care). Some features to consider: best practice safety forms for the most common incident types, e.g. bomb threat, fire/explosion, hazardous materials, industrial action, vehicle incident etc. 

    Similarly, safety and security threats have important overlaps with crisis management, emergency management, and business continuity. Either type of incident can cascade into larger, critical events, which usually necessitate coordinated, cross-functional interventions. So too do extreme weather events, natural disasters, and other corporate crises and emergencies. Those incidents, which don’t break down neatly along the malicious/ non malicious binary, also impact an employer’s workplace safety obligations, not to mention the viability of company facilities. 

    Integrated safety and security technology should, therefore, let teams prepare for, respond to, and recover from all threats and hazards liable to cause injury, illness, property damage, business disruption, and environmental impact. 

  • Protect all assets, physical and human.

    Security teams know that threats in their space pose grave danger to assets. But assets aren’t just physical. They’re human, as well –hence the need to integrate processes and strategies with Safety teams. To put the need in relief:
    every year, an estimated 2 million workers report as victims of workplace violence in the U.S. aloneiv. Some sectors are disproportionately represented, too: retail workers suffered over 2,500 injuries and 127 deaths in just one year;
    in the financial sector, the numbers were 1,100 injuries and 37 deathsv.

    That’s why integrated safety and security management software has to make people and physical assets more secure. A leading solution will enable Safety and Security teams to visualize the location of incidents, risks, people, and other
    assets using fully integrated mapping features; so too will situational awareness dashboards for monitoring operations, facilities, and people.

    On the task management front, functionality to quickly dispatch staff to respond to any event also keeps employees and customer safer. The same goes for robust workflows to automate, guide users through, and/or enforce business
    process through a designed series of tasks or actions with a logical flow, decision point, and outcome. 

    The capabilities in question must be user friendly, whether the user is an executive, frontline manager, auditor, dispatcher, patrol officer, contractor (see below). For frontline workers, like security patrol, the ability to easily capture rich logs for patrols, shift-changes, parking infringements, lost and found property, security escorts, and other activities will be of vital importance and offer residual safety benefits for all employees, customers, and the wider public. 

Which users matter to your safety and security efforts? All of them.

Make sure your integrated safety and security management system offers dashboard templates for any type of user. That way they can see what’s right for them.

  • Aspect/Impact Register
  • Asset
  • Auditor
  • Claims
  • Contractor
  • EHS Executive
  • EHS Management
  • EHS Overview
  • Event dashboard templates
  • Executive
  • General user
  • Hazard management
  • HAZMAT Register
  • Incident Collaborator
  • Incident Manager
  • Incident triage
  • Injury management
  • Investigation
  •  Job Safety Analysis
  • Risk Compliance Register
  • Safety engagements
  • Safety meetings
  • Site Manager
  • Supervisor
  • Worker

  • Assess risks. Control hazards

    Maintaining safety and security poses an important operational risk to the organization, as safety and security incidents themselves have massive spillover effects to all segments of the business. 

    Yet, most security management solutions on the market don’t treat every aspect of security, including risks and hazards. Conversely, safety management solutions often don’t provide much more than just analytics, shortchanging
    teams when they need to come up with policies, processes, and procedures to control identified hazards. Not just teams, the ability of senior leaders to make informed decision is also undercut, as they’re unable to relate incident data to underlying risks to the organization.

    The right integrated safety and security management system should, therefore, enable the cross-listing of hazard information (e.g. people, assets, and risk data) with the resulting incident. This capability lets teams relate incidents, risks, and hazards to their organization’s structures, buildings, sites, equipment, materials, and other assets, giving managers the requisite history and intelligence they need to trigger necessary changes and more easily identify where risk controls failed to achieve desired outcomes.

Further, a flexible, safety and security platform should also conduct facility and event risk and threat assessments, as well as track post-assessment security controls and risk mitigation actions. Risk and control functionality should
also enable the recording of any kind of risk or control using flexible types, forms, and fields, as well as provide flexible support for multiple different types of risk matrices and scoring methods. Other must-have capabilities include:

  • Assess and assign risk ratings either manually or automatically based on assessment scorecard calculations and lookups
  • Apply preventative or reactive controls to your risks, and track control status, such as implementation or effectiveness
  • Use actions, plans, and checklists to track the treatment of risks and the implementation of controls
  • Use assessments to guide stakeholders through the risk assessment process or scorecard, and track risk or control review cycles
What’s more, the need for comprehensive investigation often comes out of a thorough risk assessment. Integrated safety and security management software should facilitate initiating and tracking investigations using best-practice standard methodologies, including ICAM and Five Why. 

 

Efficient incident response. Improved collaboration.

Risk management is important. But integrated safety and security technology still needs to account for when safety and security risks become full-blown incidents. How? Incident response and reporting functionality has to be integrated into the same flexible solution.

Indeed, the right integrated solution will also ease the incident management burden on frontline workers (like dispatchers), by enabling planned, controlled, and automated incident response to any situation, no matter the incident. For Security teams, in particular, the technology will also integrate with existing PSIM and SOAR platforms (among other systems). Automatic tasking and dispatching of staff also make incident response more efficient; so too does the ability to assign actions to
individual roles manually or automate, according to the incident in question.

Additionally, team collaboration during a response drives efficiency and increases speed. Facilitate better team collaboration during a safety and security incident with in-built communications for email, SMS, broadcasts, alerts, reminders, and app notifications.

Incident response doesn’t end the safety and security risk life cycle, though. Evaluation remains a critical component, as teams shouldn’t neglect the important lessons learned from the response. To that end, integrated safety and security management software must enable teams to action their tasks from incident “lessons learned” and related risk reviews – even just observations and near misses. Those efforts help teams achieve continual improvement when it comes to processes and procedures.

  • Control and distribute up-to-date documents. Leave an auditable trail.

    The nuances of safety and security risk management policy generate tons of documentation: not just the policies themselves, but also documented accountabilities, roles, and responsibilities, registers and records, and also safe work method statements and procedures.

    As managers know all too well, that documentation must be carefully tracked: tasks, checklists, and corrective actions must be set against it. Otherwise, the evidentiary (and potential audit) trail goes fallow. What’s more, management won’t be made aware of organizational performance; and teams can’t effectively demonstrate continuous improvement. 

    Providing the evidence of proactive safety protocols requires integrated technology that tracks and manages all information, including key documents, tasks, checklists, and corrective actions, in one single source of truth.

    Keeping effective track of safety and security management information isn’t enough, though. The integrated system should also display that information where it’s needed, via flexible dashboards, analytics, and reporting that meets the needs of all relevant stakeholders.
  • But scales to all operations, adapts to organizational change.
    Of course, Safety and Security teams do more than tackle critical incidents. There’re also a number of routine business-as-usual operations they engage in on a daily basis, i.e. patrols, checks, inspections, investigations, and business-as-usual logging and reporting. The right, integrated solution should bring demonstrable efficiencies to those operations, as well: scaling up to meet extraordinary incidents but also back down for more routine operations.

    Further, vendors shouldn’t just be software providers. Find a technology partner that offers demonstrable, safety and security expertise, as well. What will you get: best-practice workflows out of the box that are great repositories of sector-specific knowledge in handling actions, assets, incidents, lessons learned, hazards, investigations, and exercises.

    The added know-how will prove invaluable. An integrated safety and security platform including a library of useful, pre-configured, best-practice templates, forms, dashboards, workflows, lists, and data feeds, relevant for different types of
    users (see more below), can only help Safety and Security teams make the most of their solution quicker, with no extra technical resources required. But the solution should also be easily configurable, adapting to an organization’s core
    needs as those needs change. 

No matter what team you’re on, loss prevention is a difficult business – now more than ever with the onslaught of threats to people and property. It certainly doesn’t help when redundant safety and security systems are closed off one from the
other. Luckily, technology innovators in the field have built leading safety and security platforms, eliminating redundancies and improving response efficiency. These platforms provide teams with all the information and tools they need to break
down the siloes and effectively manage, incidents, risks, and hazards across the enterprise, helping employers uphold their duty of care requirements and stay on the right side of regulators. 

Citations

i. Sabarathinam Chockalingam et al: Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. Available at https://www.researchgate.net/publication/318315890_Integrated_Safety_and_Security_Risk_Assessment_Methods_A_Survey_of_Key_ Characteristics_and_Applications. 

ii. Occupational Safety and Health Administration: Guidelines for Preventing Workplace Violence for Healthcare and Social Services Workers. Available at https://www.osha.gov/Publications/osha3148.pdf

iii. Protective Security Requirements. Available at https://www.protectivesecurity.govt.nz/physical-security/management-protocol-for-the-physicalsecurity/meet-the-mandatory-requirements-for-physical-security/

iv. National Safety Council: Is Your Workplace Prone to Violence? Available at https://www.nsc.org/work-safety/safety-topics/workplace-violence. 

v. Ibid.

 

New call-to-action