“We need to order an expander for this thing,” the Command Center Operator told me as I reviewed the updated Standard Operating Procedures (SOPs). In front of me was a massive desktop display with dozens of plastic sheets holding endless pages of SOPs for our security team. The rainbow of colors, each representing a different incident type – from natural disaster to replacing a lost badge – was as extravagant as it was intimidating.
As the Training Supervisor, I was responsible for keeping the information up-to-date and usable for the officers. Everything from the order of the sections to how the documents were written had to be done to make it easy to use and understand. Seconds matter when our operators are responding to incidents. Many of our more senior operators knew much of the information by heart; however, this was a critical source of information for new operators being trained or for uncommon events.
Mastering the SOPs was typically the area that took the longest. There was a lot of information to absorb, and even reading all the documents was a huge undertaking, let alone understanding and using them. This was the greatest obstacle to getting a new operator fully trained and proficient.
SOPs ensure consistency and uniformity in security operations, minimizing errors, miscommunication, and security coverage gaps. They facilitate effective incident response by providing step-by-step procedures for swift and efficient actions.
They enhance decision-making and crisis management capabilities by taking the guesswork out of the response. They effectively guide operators in assessing situations, determining actions, and escalating incidents.
In essence, SOPs are the lifeblood of any effective security operations program. If developed properly, anyone should be able to sit down at your operation and leverage your SOPs as a guide to handle the applicable situation.
The challenge becomes managing your SOPs: How do you ensure everyone has the correct version of your SOPs? The ideal approach is a single document location that is the source of truth for your SOPs. This is often a physical copy of the files or a digital file location on a shared drive. However, if this location is outside of your security operations management platform, you must take additional steps to reference your SOPs during an active incident, which can cost your operators precious response time.
By incorporating your SOPs within the HiveWatch® GSOC Operating System (OS), security operations teams reap the benefits of a centralized, up-to-date, and easily accessible location, improving efficiency and response times while accessing the SOPs within the same platform they use to manage security incidents. Not having to leave the platform to review the applicable SOPs creates multiple operational efficiencies. Two valuable benefits are limiting the need to context-switch from various software tools or screens and reducing the time required to train new officers.
Limit context switching. In security operations, context switching stops work in one task and picks it back up after performing a different task. In this example, we refer to an operator engaged in an active incident having to stop their work to locate and reference the applicable SOP in a different system or a physical location outside their security incident management tool. This action wastes time and requires mental effort to re-engage the incident response activity.
Increase training effectiveness. The time it takes to train new hires is a critical metric I measured as a Security Director. Taking someone from zero to capable is no easy task, and typically GSOC positions can be some of the most complex positions to train - the various data points and information being monitored and the protocols for response to different situations and multiple locations can be overwhelming. Having the tools needed to train an operator within the same system to monitor your operation will significantly decrease the time to onboard new personnel and increase your training effectiveness.
This feature allows you to upload your SOPs directly into the HiveWatch® GSOC OS platform. It creates a centralized repository for your security documentation, and the SOPs can be connected to specific event types. This allows operators to reference the relevant SOPs while responding to an incident without leaving the HiveWatch platform.
When a security operator is using the HiveWatch® GSOC OS and an incident is created in the platform – such as an incident of tailgating – embedded SOPs allow the operator to click on the associated SOP for tailgating. The next steps are provided, guiding the operator step-by-step through the SOP in real-time within the platform so they aren’t having to leave the single pane of view where the incident is unfolding.
So many times, operators are fielding numerous incidents each day, which can lead to decision fatigue – and in some cases, decision paralysis – that can happen if operators are managing high-intensity incidents. The benefit of built-in SOPs, then, is that instead of thinking through all of the tasks that are necessary to respond to an incident, the paralysis doesn’t take over and they’re able to take each step to respond effectively.
An added benefit of having built-in SOPs is closing out an incident. In the case of an act of vandalism – such as a broken window or door – embedded SOPs can lead an operator through what happens after an incident occurs. In this case, it might trigger the identification for the need of a guard that can be posted at an open window or door until maintenance can be performed.
"While no two incidents are the same, the SOP provides operators with guardrails that help them have the confidence to know they’re acting quickly and effectively. Embedded SOPs help security leaders know that the proper response is at the forefront."
Ready to see how it works? Book a demo with our team and we’ll take you through the process.