“Sales, Human Resources, and Customer Service uniquely impact COI security at different phases of the inventory or production cycle. One effect of SSP interaction with support departments can be the bridging of ‘silos’ within some organizations.”He also notes that communications with the emergency response community is necessary to answer some of the questions posed in the SSP. This communication “exchange contributes to a more thorough understanding of the challenges first responders face specific to the facility's COI”. This is another positive aspect of the SSP process. I urge all readers interested in the CFATS process to go back and read all three postings from these security professionals. I’m sure that these are not the only opinions out there on efficacy of the SSP process. I (and my reader presumably) want to hear about problems and challenges that facilities are having in their completion of the SSP. Those observations may lead to improvements in the methodology.
Tuesday, March 16, 2010
3 Reader Comments 03-15-10 SSP Experience
I got three different responses to my earlier post about Dick Sem’s thoughts on the SSP process. The first came from a long-time reader Edward Clark, the second from another security consultant that has apparently been reading the blog for a while, Jim Lupachinno. Finally Dick had a gracious response and new comment. All three comments are appended to the end of that blog post and are well worth reading. Both Ed and Jim had generally favorable comments about the SSP process, with both noting, however, that improvements can obviously be made to the program. Ed notes that CFATS “does allow the skilled security analyst [emphasis added] to assess the risk and implement appropriate mitigation strategies”. Dick acknowledges that, but notes that many facilities do not have such a person on staff and are attempting to complete the SSP using someone in-house without significant security training like the EH&S Manager. Jim emphasizes that the SSP process draws information from a number of different disciplines within the covered organization. He notes that: