In my little more than a decade of healthcare security experience, I have seen many different reporting structures for healthcare security organizations. One of the most prevalent is the rolling up of security under the facilities management team. This organizational alignment seems like a convenient way to pull all of your functional areas that impact the physical environment together under the Director of Facilities. Still, this arrangement has some hazardous issues, and frankly, it is time for a divorce.
My first concern with the alignment of facilities and security is the general lack of respect for the vast differences in these two disciplines. We would not expect a Security leader to be easily able to take on the leadership of the physical plant and facility engineering functions, nor should we expect the Facilities leader to take on the leadership of security functions successfully. Neither have the experience or education to do the other’s job successfully and while there are some individual exceptions, in my experience, this is a broadly applicable rule.
Secondly, when someone is leading the security function of an organization without the proper experience or training, two key issues can emerge. First, those hired to serve as the organization’s security experts under the facilities leader will likely be less well-vetted in their security expertise. Second, the chain of command through the facility department tends to preclude the effective education of executive leaders. Neither of these issues is intentional or malicious, but they are a natural result of a lack of expertise associated with the function of security operations.
Finally, there is a natural conflict of interest between identified security and facility needs in many cases. Facility leaders work tirelessly to ensure their facility serves the needs of the organization, and rightly so. However, this can cause workarounds to physical security procedures to be implemented without proper vetting or risk analysis. If the organization’s security management function is not co-equal to the facilities management function, then all security needs will be subservient to facilities’ needs. This subservience can create an unnecessary liability issue for the organization.
In all, it is not my intention to lambast leaders of facilities departments across healthcare – I know I would fail miserably in their respective roles. By likewise, I see most facilities leaders as incompatible with my role. There is a need for healthcare to recognize the Security function as an equally relevant and critical function. Security leaders need direct access to executive leadership for that relevance to be legitimized.
What are your thoughts? Do you think security should be a standalone department? Or, do you think the alignment under facilities makes more sense? Join the conversation in the comments below, and don’t forget to like, follow and share to support the Proactive Security Blog.