The Expanding Role of the Corporate Operations Center: 10 Best Practices

October 11, 2017
Chris Hurst

For many Americans, it’s been a devastating week, month — or even year. The world seems unhinged.

‍Photo Credit: http://abcnews.go.com/

For many Americans, it’s been a devastating week, month — or even year. The world seems unhinged. CharlottesvilleHoustonSouth FloridaPuerto RicoSaint LouisLas Vegas. Sonoma County . The US is obviously not alone. Mexico CityZimbabwePeruMyanmarChina. The barrage of news — of shootings, protests, hurricanes, floods and fires — feels relentless.

In this context, we’re seeing many firms fully engage in response. Amidst the stories of devastation, it’s common to find corporate security, HR, and travel teams taking heroic actions to care for their people.

And as they emerge from the crisis at hand, more firms are assessing how they can improve their response in the future. Our interviews with corporate security teams reveal the common need for faster alerts — which can provide notifications and warnings. Better processes can ensure the right people are informed. More firms are acting now, in advance of the next crisis. From managing supply chain risk to ensuring business continuity to providing travel risk management (or better, people risk management) firms are preparing for physical risks.

In particular, we’re seeing a spike in the number of firms developing and expanding operations centers. The model varies with the risk profile of the firm: for some, an unmanned Emergency Operations Center (EOC) is sufficient, ready to be staffed in a crisis. For others, a virtual platform is better — a Virtual Operation Center (VSOC). Many larger firms with assets, supply chain nodes, and employees abroad choose to staff a Global Security Operations Center (GSOC).

10 Best Practices from the Army

‍Photo Credit: http://www.arcic.army.mil/

The military provides useful principles regarding developing information dissemination plans and responses. Over the past several weeks, we’ve interviewed fellow veterans and gathered best practices for corporate security teams desiring to get the most from their operations centers.

1. In a crisis, one person is in charge.

There should be one person that everyone knows is “the boss” — the crisis manager. The person should *not* be tasked with minutiae, so he/she is free and ready to handle emergencies.

This designated crisis manager must be prepared to provide guidance to others. He/she must be where the buck stops.

2. Develop information dissemination plans before the crisis.

The fundamental purpose of an operations center is to support the crisis manager in making decisions about rapidly changing events with incomplete or conflicting information. Further, it must keep key actors informed of both the current understanding of the situation, and the decision that crisis manager makes.

To do this, an operations center must collect, filter, analyze, and distribute information — simultaneously and in as close to real time as possible.

Modern operations centers must deal with widely distributed nodes in an information network — from suppliers, employees, and contractors on the ground, to intel vendors— often transmitting asynchronously, through different media, and with varying types of data. Strong ops centers have formal processes in place for filtering and distributing information.

In other words, you need a standardized procedure for each node to collect information, filter the information, pass it up or across the chain, and receive needed information back.

3. Recognize friction points in information flows, and address them.

As information moves through the system, however, it will almost certainly suffer some degradation through summarization, translation error, user error, lack of timeliness, contradiction by other pieces of information, or other issues.

Great ops centers have mechanisms that minimize information loss as it moves through that transmission system.

“I saw this in practice in the Army, where formalized data structures like the 5- paragraph order and principles like Commander’s Intent ensured everyone in the system knew what information needed to be sent, which node it had to go to, how it had to be formatted, and how to turn that information into action.” — Army Infantry veteran

4. Build shortcuts for critical information when speed is required.

More information is not always better. During our interviews, many security and analysis teams expressed feeling like they’re drowning in information. Additionally, collecting the wrong types of information or inaccurate information can lead to the wrong decision. The time spent wading through unfiltered volumes of information can lead to no decision.

For severe incidents, there needs to be a shortcut through the system that allows for critical information to make it to the right people as quickly as possible. It is imperative to identify the critical information required to understand a situation early, and eliminate the “noise” created by other information.

While I was training at the DMZ, North Korea launched rocket artillery into the Sea of Japan. This was a typical provocation given the time of year and didn’t pose any direct threat to us, but it garnered global media attention and highlighted the fact that regional tensions were escalating. This information made it to our unit’s senior leadership piecemeal and without the context necessary for them to make an informed decision at once. While we had excellent processes in place to handle things like an injury to a Soldier, we had to re-assess how we delivered this type of information.

5. Develop time estimates in advance.

If driving routes for evacuation or response are important for your plan, develop time estimates before the crisis. Decisions for response are faster and easier when important variables — like time estimates — are available during the decision-making conversation. These early estimates are useful in identifying critical information requirements.

“The more I knew up front, the less I had to find out when the crap hit the fan!

6. De-silo critical functions in advance.

As you develop and integrate the physical (or virtual) intel and operations space for your operations center, also make plans to integrate the functional space accountable for response. For many firms, that’s Operations, HR, Travel, Corporate Communications, and Security — working in concert. Don’t wait for a “Puerto Rico” event to determine who those key players are. At a minimum, set up the call in advance to go over basic responsibilities.

(For more about de-silo’ing, check out our recent article here: https://medium.com/stabilitas/de-siloing-risk-4b19e76f285f).

7. Information plans should include clear lines of communication, verbally and electronically.

Layout the operations center so that people who need to talk a lot are next to each other, not across the room.

Information requirements need to have an “owner”. Speed dial is a good thing. Make sure it’s easy to call the people you need to talk to, and that everyone knows who to call for certain types of information.

8. Design workflows and develop training to address your weakest users.

Your system will only perform as well as its weakest user. Two good ways to address this challenge are system design and training. A well-designed system makes it easy to use in both routine and extreme operations. By “system” we mean the technology and people and processes supporting your operations center. For more about building an integrated system, please see our recent blog here: https://medium.com/stabilitas/the-threat-intelligence-ecosystem-9c8a94dcf6c7.

Second, frequent, challenging training ensures that users can manage information and decisions correctly. This training needs to cover routine, foreseeable extreme, and occasionally bizarre circumstances (the bizarre helps keep user’s adaptive to new scenarios, but it should not be a focus).

“During a training exercise, we had a new radio operator in the TOC. He knew how to use some systems but was minimally trained on at least one, which happened to be a critical data visualization tool. Initial reports concerning a unit location were not accurately moved from radio to this data visualization platform, which created a great deal of uncertainty for other supporting units and interrupted supply operations for that unit for almost a full day.”

9. Rehearse. Rehearse. Rehearse.

In the military, we called these “TOC battle drills.” Everyone should know how to handle regular occurrences and they should be rehearsed on a regular basis.

10. Keep it clean.

Keeping the main desks organized and clean of clutter sets a tone of efficiency for the Operations Center. It also calms people in emergencies.

This is just the tip of the iceberg. If you’re a veteran with operations center experience and want to contribute, please let us know. Write us at info@stabilitas.io.

Learn more about AI-driven tech for GSOCs at https://stabilitas.io/

The Science of Security

Stay up to date with the latest news and insights from the Stabilitas security intelligence network.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.