Category Archives: safety

10 points to assess your company’s security culture

Do you know ten features that can be used to assess the culture within your organization?

Risk management has become an important part of the new ISO 9001-2015 standard. Therefore, I would like to pay attention to this topic. Currently not so much on the ISO norm itself but more on developing a culture of security within an organization. An organization is working from shared standards, values ​​and beliefs. This leads to a certain security culture within an institution or organization. The safety culture of an organization can be measured based on a number of aspects.

Recognize the statement: “We are not doing anything wrong, we always deliver good quality, why should we put time and effort in preventive safety measures?” In an organization where this is regularly said, there is a denial of security culture.In such organizations there is little to no investment in improving safety.

Do you recognize the following situation: Something in the organization goes wrong and the directly switch to a different method. The change is often abrupt and short-termed. Such a culture is called a reactive safety culture. An organization that makes many protocols and rules, where much information is gathered and where much reporting is done, is called a bureaucratic (calculated) security culture. In such culture, implementation hardly takes place, let alone evaluated.

But perhaps your organization has more the characteristics of a proactive security culture. Then there is a high priority for security, continuous investment in increasing security, implementation and evaluation. It is thought forward that information about possible bottlenecks is being broadly exchanged.

In a progressive security culture, security is fully integrated into each process and security forms a solid part of reflection and evaluation. As risk management in the new ISO standard is an important part, organizations will proceed to the development of a Security Management System (QMS). Before you get started it is important to recommend research, so you know in which fase your organization is.

A model has been developed that allows different cultures to be scored on ten objects. These items are:

  1. Priority and Responsibility of Security (How important is security in the different departments within an organization?)
  2. registering, evaluating and learning incidents (is there a reporting system, how is the reporting culture, what is being reported, what is being learned from the incident, are changes and incident actually implemented and evaluated?)
  3. resources used (how important are the equipment, materials and spaces with which / what is being worked in the context of safety?)
  4. communication on security (how is incidents communicated, are incidents organized widely discussed?)
  5. cooperation and security (how is cooperation in the different departments and between departments in the field of security?)
  6. personnel policy and safety (is employee-safety included, is the functioning of employees discussed when it comes to security in the performance interviews?)
  7. competence and safety (Is career development focused on the topic of safety?)
  8. compliance and compliance behavior (to what extent is someone responsible for unsafe situations?)
  9. Availability of customer / patient / customer information (Are there any rules regarding the provision of information to client / patient / customer? How is the knowledge and application of the rules in this area) 
  10. information security (how is confidential information about clients / patients / customers and others shielded for third parties? how is knowledge and application of the rules in this area?)

 

This article has been written by Jantina van Rossum of iConact.

Published by:

How To Spot Problems In Your Safety Culture

How to Spot Problems in Your Safety Culture

How important is customer safety within the organization if there is a denying security culture?

  • The employees involved will always be guilty if an incident has occurred.
  • Security is not seen as the responsibility of the organization, incidents are not preventable.
  • Employees and customers can meet someone in case of failure.

How important is the registration, evaluation and learning of incidents when there is a denial of safety culture?

These include aspects such as: if there is a reporting culture, what is being done with reports, and what is learned from the incidents.

  • In a department, incidents are rarely reported.
  • It is common to hide errors and nothing is learned from it.
  • Management and employees do not want any hassle and are going back to work as quickly as possible.

How important is equipment, materials and space in terms of safety?

  • Manufacturing is the only thing that counts, but rarely is money spent on safety (insufficient resources to work safely).
  • Materials and equipment are not structurally controlled.
  • Logistics processes are mainly aimed to optimize production. Safety does not play a part in this.

How is the communication about incidents (in terms of security culture) to the departments informed of each other’s reports?

  • Incidents are preferably not discussed. Everyone is talking in a negative sense about an incident with an emphasis on who is guilty.
  • Incidents are hardly discussed or not at all.
  • Customers are not informed about previous incidents.

How is the collaboration and collected feeling in the department?

  • It is everyone for themselves in the department.
  • There is a rigorous hierarchical structure.
  • Work consultation does not take place or hardly occurs.
  • Transfer between employees hardly takes place.

How is staff policy arranged to ensure optimal security?

  • The occupation in the department is variable. Usually there are insufficient employees and there are regular invasion forces.
  • Functional conversations do not take place.
  • New employees are not structurally incorporated.
  • Staff policy is rigid and rarely changes.

How is it done with the ability and safety?

  • Legally required education / training in the field of safety is available or unknown.
  • There is no control of participation of managers and staff in training / retraining.
  • Employees are already trained to do their work so why should they need more education / training?

How is the response culture and compliance behavior within the organization?

  • Nobody speaks to each other.
  • Many employees only work according to the rules when control takes place, otherwise they will ignore it and work according to their own insight and habit.
  • Audits are only used to point employees out on mistakes.
  • Protocols are there to comply with the rules from above.

How to handle customer information and how is the availability of customer information?

  • Within the department, there is little attention to the accuracy of customer information. This is often unavailable or unclear.
  • There is no attention to the accuracy and accessibility of protocols.
  • Information about incidents, malfunctions and equipment failures are not known.
  • Being aware of risk, regarding the use of customer information is hardly known to the management and the employees.

How is the information security?

  • Within the department there is no attention given to information security.
  • The rules and arrangements (such as privacy rules) are almost all unknown. There is no monitoring of the follow-up and the risks have not been brought to the attention of the employees.
  • Workplaces are (often) freely accessible, badges are often unsupported and passwords are on paper. Accounts are exchanged and / or shared, sometimes illegal software is used and unauthorized users have access to confidential information about customers or other interested parties.

This article has been written by Jantina van Rossum of iConact.

Published by: