Do you know ten features that can be used to assess the culture within your organization?
Risk management has become an important part of the new ISO 9001-2015 standard. Therefore, I would like to pay attention to this topic. Currently not so much on the ISO norm itself but more on developing a culture of security within an organization. An organization is working from shared standards, values and beliefs. This leads to a certain security culture within an institution or organization. The safety culture of an organization can be measured based on a number of aspects.
Recognize the statement: “We are not doing anything wrong, we always deliver good quality, why should we put time and effort in preventive safety measures?” In an organization where this is regularly said, there is a denial of security culture.In such organizations there is little to no investment in improving safety.
Do you recognize the following situation: Something in the organization goes wrong and the directly switch to a different method. The change is often abrupt and short-termed. Such a culture is called a reactive safety culture. An organization that makes many protocols and rules, where much information is gathered and where much reporting is done, is called a bureaucratic (calculated) security culture. In such culture, implementation hardly takes place, let alone evaluated.
But perhaps your organization has more the characteristics of a proactive security culture. Then there is a high priority for security, continuous investment in increasing security, implementation and evaluation. It is thought forward that information about possible bottlenecks is being broadly exchanged.
In a progressive security culture, security is fully integrated into each process and security forms a solid part of reflection and evaluation. As risk management in the new ISO standard is an important part, organizations will proceed to the development of a Security Management System (QMS). Before you get started it is important to recommend research, so you know in which fase your organization is.
A model has been developed that allows different cultures to be scored on ten objects. These items are:
- Priority and Responsibility of Security (How important is security in the different departments within an organization?)
- registering, evaluating and learning incidents (is there a reporting system, how is the reporting culture, what is being reported, what is being learned from the incident, are changes and incident actually implemented and evaluated?)
- resources used (how important are the equipment, materials and spaces with which / what is being worked in the context of safety?)
- communication on security (how is incidents communicated, are incidents organized widely discussed?)
- cooperation and security (how is cooperation in the different departments and between departments in the field of security?)
- personnel policy and safety (is employee-safety included, is the functioning of employees discussed when it comes to security in the performance interviews?)
- competence and safety (Is career development focused on the topic of safety?)
- compliance and compliance behavior (to what extent is someone responsible for unsafe situations?)
- Availability of customer / patient / customer information (Are there any rules regarding the provision of information to client / patient / customer? How is the knowledge and application of the rules in this area)
- information security (how is confidential information about clients / patients / customers and others shielded for third parties? how is knowledge and application of the rules in this area?)
This article has been written by Jantina van Rossum of iConact.