PER005
Everyone in the organisation contributes to its security culture. Organisational culture has a direct impact on security. Even with the best security processes and tools your organisation will still be at risk if people have a poor attitude toward security.
The following steps will help to create a positive and sustainable security culture and reduce the personnel security risks facing your organisation.
The chief executive and senior team must be committed to effective security practices and procedures. Building an effective personnel security culture means getting everyone on board. Responsibilities for personnel security extend throughout your organisation and your chief executive holds overall responsibility for protective security.
Your chief security officer is responsible for protective security policy, oversight of protective security practices and evaluation activities that inform ongoing improvements.
People are much more likely to engage in your security culture if they understand the credible security risks that face your organisation. Increased awareness will help people understand that they have important security responsibilities and know what those responsibilities are.
Everyone needs access to clear policies and procedures that:
Provide people with access to support, such as a confidential employee assistance programme. Encourage them to report and deal with personal issues before they become a serious problem.
Managers need tools and policies to identify, support, and manage people who display concerning behaviour to do with security, poor performance, or unacceptable conduct.
People who raise legitimate security concerns should be encouraged and seen as good corporate citizens rather than troublemakers.
Reporting emerging concerns or near misses should be treated as a way of helping colleagues who might be at risk, rather than getting them into trouble.