Step Up Your Profile

Dec 1, 2006 12:00 PM, By Michael Fickes

“It didn't make sense for their business,” he says. “We did a survey with human resources that looked for drug use trends in the business. Were absenteeism rates higher among some groups of employees than others? No. There were no incidents of suspected drug use reported. There were no cases of drugs even coming up in conversations with human resource managers. There were no signs of drug use in the workplace, such as employees using the parking lot next to the cafeteria during lunchtime and coming back in smelling like drugs.

“We also evaluated our hiring practices, which included background investigations, and finally, we talked to drug screening companies,” McQuate says. The cost would have been $25 per drug test. Company managers told McQuate that fewer than 5 percent of pre-employment drug screens come back positive. “Certainly testing included some deterrent value. As a security director, it seemed to me that drug testing was a good idea. But the business case simply didn't support it, so I recommended against it,” he says.

At his next job, with ModusLink Corp., a supply chain and warehousing company based in Waltham, Mass., McQuate offered a different opinion on drug testing. ModusLink had begun pre-employment drug testing shortly before McQuate arrived. His first assignment was to determine if it was a good idea. Taking a cue from his experience at Genuity, McQuate ran a survey and discovered that accidents on the floor of the company's 25 warehouses had been reduced since the program started. Reports of suspicions about drug use had also declined. “By looking at the business case for this company, you would come to an entirely different conclusion — that pre-employment drug testing is worth it,” he says.

Security directors should perceive their responsibilities in terms of managing strategic risks, says Lynn Mattice, vice president and chief security officer for Natick, Mass.-based Boston Scientific, Mattice insists that the responsibilities of corporate security go far beyond physical security and cover a range of topics and dynamics that affect a company. “What we do is manage risk,” says Mattice, who also serves on the Board of Advisors of the CSO Executive Council.

Boston Scientific is the world's largest manufacturer of a category of medical and surgical devices designed to be less invasive than traditional devices. Managing risk at Boston Scientific does not mean managing access control and CCTV systems. Instead, it means managing outsourced companies that install, maintain and monitor access control and CCTV systems.

“My entire staff is outsourced,” Mattice says. “Everything from access control, video, alarms, our programmers, investigators and physical security specialists — all are outsourced. I don't spend time doing tactical things. I work on strategy.”

For example, Boston Scientific typically delivers its products via air cargo. Mattice has always worried about what happens when an earthquake in California or a hurricane in Louisiana closes airports. Working with other senior executives, Mattice has figured out alternative delivery systems using ground transportation companies and even drawing on consignment inventories in hospitals located in regions with air transportation problems.

On Sept. 11, 2001, the federal government grounded air traffic everywhere in the country and caused economic dislocation throughout the commercial world. Boston Scientific, however, was delivering product on the ground within eight hours.

When Boston Scientific brought an innovative new stent to market, Mattice and other senior executives decided to deviate from conventional manufacturing business plans. “Typically, manufacturers centralize operations,” Mattice says. “One kind of manufacturing will be handled at one site. But with our stent, we didn't want to put all our eggs in one basket. So we built redundant manufacturing facilities in different parts of the world: one facility is in Ireland, and another is in Minneapolis. This way if something happens to one plant, we're not out of business.”

Mattice decides what risks to manage by conducting what he calls Process-Assets-Resources or PAR reviews that categorize every company process, asset and resource as critical, priority or desirable.

“Critical elements are those that you absolutely have to have to keep the business running,” Mattice says. “You can limp along without priority items for a short period, but you need to get those back up to operate at peak efficiency. Desirable items are nice, but you don't have to have them to run the business.”

A PAR review is one way to structure and define the responsibilities of a modern security department. At the very least, it promotes the kind of strategic risk management thinking with which Mattice has built his department at Boston Scientific.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue