How to Manage Security Halfway Around the World

Tips for managing security in a global company

In the same vein, partnering internally helps make security a corporatewide responsibility. That was not a goal easily achieved in the past, when security departments were siloed, with little integration among other business units. Today, more and more CSOs understand the need to proactively offer advice and help educate other business units about how security can add value and lower risks, says Brooks, noting that CSOs increasingly sit on working groups and committees with other execs. "That's also leveraging a relatively small security staff into a global company. By sitting on groups and committees they're educating the business unit decision makers on security and risk issues. That multiplies the staff throughout the company," says Brooks.

CSOs can also form partnerships with other companies in their local area. When 3M's regional security managers travel to subsidiaries abroad, "they set up benchmarking visits with peer companies in their area for the purpose of educating those [local] managers, sharing best practices and promoting liaison that helps solve common problems," says Schrimp. He cites benchmarking meetings in Brazil with six other multinational companies that resulted in an agreement to share information instantly by radio (using telephone as a backup) to report suspicious behavior in the companies' industrial locations. The companies also decided at the meeting to gather at a later date with civilian and military officials to discuss crime. "They formed kind of a neighborhood watch," he says.

Educate Your Global Security Staff

Training is a critical component of any global security program, especially given that many security managers in foreign locations come from nonsecurity functionsâ¬such as HR or engineeringâ¬and thus wear multiple hats.

One of the ways Schrimp trains his local security managers is by sending them to another country to learn at the side of a more experienced person. "We'll send that new person to the country where there's a best practice in place and let them learn from a colleague in a similar situation," he says.

Another way 3M does onsite training at global locations is through tabletop exercises in crisis management, which include business unit leaders.

The company also offers training at corporate headquarters, in St. Paul, Minn. Key security reps spend a few weeks learning about access control issues and infosecurity practices, and may team up with regional security managers to visit U.S. facilities similar to theirs.

Both Schrimp and Bommersbach encourage their security staffs to join or attend meetings of professional groups, such as ASIS or OSAC. "If we can heighten their awareness to particular risks and make them feel confident in fulfilling their duties, there's a good chance they will have a successful and sustainable security program," says Bommersbach.