Operational Policy Making for Professional Security: Practical Policy Skills for the Public and Private Sector is a clear, concise, and practical resource for drafting effective, legally defensible security policies.
Presented in a clear, step-by-step style that can be tailored to fit the smallest organization to the largest, the book offers the strategies needed for reducing risk through solid policy construction. It is the first book available that provides a step-by-step guide to basic security policy construction, along with helpful hints on how to draft a document that conveys exactly what is intended.
The book explores common policy creation pitfalls and how to avoid them, outlining proven methods for implementing and disseminating effective policies throughout any organization.
Discussing the core security and safety policies that no organization should operate without, the book covers common types of policies, along with the pros and cons of different policy-making methodologies. It is a one-stop reference on functional security policy-making for organizational leaders.
- User-friendly resource that guides readers through the entire policy-making process
- Explores real-world solutions to common security policy issues
- Outlines legally defensible policy suggestions
- Provides analytical tools for assessing policies to ensure they are effective and lawful
- Illustrates key concepts with case studies, and offers an appendix with samples that support concepts explored in each chapter
Preface Acknowledgements Chapter One: Theory and Organization Chapter Two: Why bother? Chapter Three: Basic Training Chapter Four: Incoming! Chapter Five: The Organizational setting Chapter Six: The Analytical Process for Policy Makers Chapter Seven: Policy Influences Chapter Eight: Surprise? Chapter Nine: Policy Construction Chapter Ten: Training, Communication and Effective Policy Chapter Eleven: Policy and Supervision Chapter Twelve: Core Security Policies Chapter Thirteen: Policy and Budget
Theory and Organization
Theory and Organization, provides the theoretical foundation for policy making and is the longest chapter. It provides an academic structure using selected organizational and policy theories in a practical manner. This chapter is not intended to be a peer-reviewed work, but is meant to give a practical understanding of the basics of these theories.
Due diligence; Organization; Structure; Employee discretion; Rational Choice Theory; Multiple Streams Theory; Sensemaking; Simple structure; Machine bureaucracy; Professional bureaucracy; Divisionalized form; and Adhocracy
There are many books available that cover policy and practically all of them deal with either public policy or foreign policy. Most books deal with theory; this book is not one of them. This book is designed to be functional through a focus on internal regulation and direction of organizations through strategic and functional policy. This book is about the practice. The intent is to provide a resource that assists leaders in positively impacting their own organizational effectiveness.
To simplify matters, in this book the elements of policy are bifurcated into two types, strategic and operational. The practical goal of this book is to provide a resource that focuses on operational policy. Organizational leaders must have a skill set that allows them to transfer the goals and missions of organizations to action. The action occurs at the grassroots level; it does not occur in the board room or in executive staff meetings. The goals are carried out by the operational staff and this is where a policy system has the greatest impact. I hope practitioners of all levels will be able to apply the information in this book regardless of their experience or skill level.
This book is written largely from my background as a policy executive in law enforcement and from my experiences as a leader in best practices and accountability in law enforcement. I combine this with my legal education and experience as an attorney, which gives me a unique perspective on the drafting of directives and liability issues. My experiences as a university professor, teaching policy at all levels, has also been an opportunity to perform academic research. The degree program I teach in is intended for professionals, which gives me access to practitioners in the security field. As the president of a law enforcement accreditation organization devoted to best practices and accountability, I have significant policy-making experience.
Although this book is not one that is steeped in policy theory, there are many theories and resources that are applicable. It is not my intention to detail every applicable theory, only those that I feel are supportive to the goal of the book. It is my experience that policy writers are less concerned with the underlying theory and more concerned with the application. But in any endeavor, a strong foundation is needed, therefore it is important to provide some theoretical background to the policy process. This chapter will examine some foundational theories and tenets of policy.
The practice of policy making and drafting policy instruments calls into play a great many disciplines. One has to have a working knowledge of strategy, tactics, and the law and an understanding of human and organizational behavior, as well as the concepts of sensing and communicating. It takes years to amass these skill sets and it is often accomplished through trial and error. It is often time consuming and requires a certain level of understanding of the operation, the organization itself, and the threats and opportunities facing the organization. It is not uncommon for organizations to simply buy boilerplate policy manuals that are produced by reputable organizations, including law firms. Why bother learning a whole new skill set when one can just buy canned policies off the Internet? The first reason is the lack of flexibility. Using canned policies only works for your organization as it is; Boilerplate policies do not self-adjust to changes in the organization. This means that unless someone in the organization has a policy skill set, any changes to the directives may not be effective. The second reason is that using canned policies is a limited choice in that they may not be viewed as due diligence. A fixed set of policies can meet the needs of most organizations most of the time. But no organization is exactly like another and the world is not static. Even if you buy canned policies, someone in the organization has to be able to adapt these to fit individual organizational requirements. This requires a policy skill set. When it comes to operational policies, the adage "there is no need to reinvent the wheel" is a slippery slope. Each organization is different and their operational policies require tailoring. This is called due diligence in the legal world, which means you did the reasonable level of investigation and work to produce the product - you do have to reinvent the wheel. Think of it this way: Which looks better - an off-the-rack suit or a personally tailored one?
Policy is often driven by the industry or background of the writer. Lawyers, managers, subject matter experts, and employees all write policy. For example, many attorneys are involved in drafting policy implements, but these tend to be very legalistic. They also tend to be wordy and highly risk adverse. Lawyers tend to write in a highly technical manner, but effective operational policy must be simple and concise. Having lawyers as the primary authors of directives can be problematic as the writers often lack a true operational understanding of the nuts and bolts of the processes of the organization. Operational policies designed primarily to be legally defensible tend to be one dimensional. While great for the legal defense of policy, they can serve to undermine the necessary day-to-day actions of an organization.
There are other groups that can be stakeholders in the development of operational policy. Having subject matter experts design operational policy allows for the inclusion of the subtle everyday aspects of accomplishing the organizational mission. The drawback is that these employees tend to be mission focused and can create directives that are geared to effectiveness in accomplishing the mission but lack controls that mitigate liability. Organizational managers are often the point people for drafting organizational policy and can be competent at doing so. They understand the operation and have a vested interest in limiting liability as they share in it. The drawback is that managers are focused on efficiency and sometimes are influenced by performance and output imperatives. This can undermine both the legal concerns, such as negligence, and the operational effectiveness concerns. Aside from lawyers, managers, and subject matter experts, employees are sometimes involved in the process through committees or labor unions. Employees tend to have an interest in workplace safety and employee benefits. This role can be perceived as self-serving but looking out for yourself is not necessarily a bad thing. The downside to employees driving operational policy is that sometimes efficiency and legal aspects can suffer. In addition, an employee centric policy system can undermine management.
As you can see, each group brings strengths and weaknesses to the policy development table. No one group is the best choice for producing operational policy; the goal is to engage all parties. If each group has a seat at the table, then all of the positive aspects that they possess can be leveraged. A healthy policy system encompasses the concerns of efficiency, operational effectiveness, legal defense and liability mitigation, and employee welfare and morale. The formation of organizational policy must be inclusive.
Theoretical Policy Foundations
Although public policy studies are not directly on point, they do provide context for the understanding of internal organizational policy. A discussion on how and why public policy is made will shed some light on how internal organization policy is made. Public policy decisions are broad and made at high levels of government that affect the nation and can trickle down to the average person or organization. A good example of a public policy is the tax exempt status of religious institutions.
Tax Exemption as a Public Policy
It is because religious organizations are considered charitable and thus a benefit to society that they are given tax exempt status. Identifying a religious organization for special tax treatment brings up one of the issues with public policy as opposed to what I call operational policy. It is not unreasonable to say that religious-based tax exemption is controversial and has borne examples of abuse. This is because a public policy is the execution of a grand strategy. Grand strategy at the national or state level is the prioritizing of resources and efforts to achieve a political goal. Much as the name implies, grand strategy paints in broad brush strokes, with finer policy adjustments left to agencies in government to develop. For example, the Internal Revenue Service produces the fine-point rules dealing with religious group tax exemptions. Although it is important to recognize that public policy decisions are massive in context and implementation, there are parallels for the private sector. Examining public policy can be instructive as the policy-making process for smaller nonpublic organizations is much the same. Unlike public policy, whose success can often be a matter of public perception, functional...