A Success Story: Mapping Risks and Resources

Written by
Corporate Security Advisors
Published on
August 23, 2024

Mapping Risks and Resources to the Healthcare Environment

A world-renowned international healthcare system was facing an increase in risks, significant growth plans and a need to better allocate limited resources. Like many organizations, the Security Department, was dealing with staff turnover, legacy decisions around resources and executive leadership questions about their strategy and leadership.  

Corporate Security Advisors was engaged to assess the existing state of the security organization and collaboratively develop a forward-looking strategy that addressed the healthcare system’s business model and future growth. Of particular importance was the need to identify security risks, prioritize them, and map the necessary controls to address those risks.  This was critical to determine the optimal use of resources, ensure fiscal responsibility, and effectively manage those risks.

Our Solution

CSA worked closely with security leadership to develop a security risk framework that would be comprehensive in scope, standardized, defensible and scalable across the growing business enterprise.

The initial phase focused on identifying security risks and defining which were in scope for the security management program. This involved a thorough review of both internal and external data sources and developing an understanding of the client’s compliance requirements. Defining the scope of the security management program was critical to ensure that the framework would cover all relevant risks.

Once risks were identified, CSA conducted a detailed analysis to prioritize the risks before any controls were determined. This effort was grounded in data, aligned to the organization’s enterprise risk management system, and calibrated based on risk committee input. The input from the risk committee was crucial to fine-tune the prioritization process, ensuring that the most critical risks were addressed first.

A key component of the framework was the inclusion of a governance process. This required participation from organizational leadership in discussions and decision-making regarding risk, and helped drive consensus on how risk should be managed, which controls are appropriate, and what costs may be supported.

After reaching agreement on how to treat each identified security risk, a series of controls – e.g. technology, staffing, processes, training, and communication - was mapped to each risk. The organization then decided on the appropriate controls based on cost considerations and overall effectiveness. In addition, documented controls were evaluated for their performance in addressing risk. This approach provided the organization with a consistent and documented process that weighed the organization’s risk and financial tolerance, added objectivity, provided consensus and prioritized resources. It served as a natural extension of existing business practices and remained durable in the face of a changing risk environment.

Our Approach

Security Assessment

Our assessment included an in-depth review of existing risks, security capabilities and current financial investments in controls. We identified the need for a comprehensive risk framework to enable leadership alignment on key decisions, whether these were staffing, technology, or policy related. Working in collaboration with security leadership, we designed a process that was appropriate for their organization and iterative in nature to adapt to future needs.

Impact

CSA understands that a business has many drivers, security being only one of them. That’s why our focus is “The Business of Security.” Too often, businesses do not know how value is generated from security investments. We guided the client in defining and articulating the value generated by a security organization that is business-focused, risk-based, and intelligence-led. This approach aligns security closely to the organization's overall business objectives. The result is a security program that the client now views as a potential differentiator in the competitive healthcare landscape, positively impacting their current state and future growth.

Download ButtonVideo thumbnail

Speak to a Security Expert

Enter your information below to speak to a security expert on our team.

* Required Field
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Resources and insight

Related articles

Browse, read and learn about our related security resources and services.

Image representing resource topic
Case Study

A Success Story: Recruiting a Security Leadership Team

A major healthcare system needed to recruit eleven top security executives to build a leadership team capable of supporting its complex environment.
Image representing resource topic
Case Study

A Success Story: Mapping Risks and Resources

A world-renowned international healthcare system was facing an increase in risks, significant growth plans and a need to better allocate limited resources. Like many organizations, the Security Department, was dealing with staff turnover, legacy decisions around resources and executive leadership questions about their strategy and leadership.
Image representing resource topic
Case Study

A Success Story: Transforming the Healthcare Security Environment

A large non-profit healthcare system, struggling with a rise in physical assaults on staff, turned to Corporate Security Advisors (CSA) for help. The urgent need was to boost confidence in the organization’s police and security programs while maintaining a welcoming atmosphere for everyone.