On a recent Topo.ai webcast on reopening safely during the pandemic, the NFL’s Director of Intelligence Rob Gummer introduced a corporate security plan framework using the acronym SERIOUS.

While Rob presented it in the context of ongoing COVID-19 operations, the concepts apply to any corporate security plan. Not only does it contain important guiding principles, it is easily understood by non-security personnel and executives.

A SERIOUS plan is:

Safe
Effective
Repeatable
Inclusive
Official
Uniform
Sustainable

Hear Rob explain the concept in three minutes or continue reading below for more detailed insights.

Safe:
Any corporate security plan must prioritize the core mandate of defending life-safety. There will always be inherent risk with any industry or occupation, but the plan must attempt to minimize that risk as much as possible.

Employee safety is an important priority for any company, but especially critical for consumer-facing businesses. Failing to take reasonable safeguards to protect employees could damage a brand’s reputation.

Effective:
The tactics embodied in the plan must logically address the plan’s objectives.

One key challenge with COVID-19 has been the disease’s novelty: nascent science with researchers and clinicians learning in real time as the patient volume grew exponentially. Some mitigation tactics, such as hand-washing and social distancing, were immediately identified as effective. Others, such as widespread mask utilization, were not initially recommended but later encouraged.

Repeatable:
A plan should not rely on just one member of the security team. Anyone should be able to pick it up and execute it. This assumes that the plan is well-documented and easy to understand, and that employees are trained and have the capacity to carry out the plan alongside their other duties.

COVID-19 creates the risk that a given employee may become infected and need to quarantine – or care for an infected loved one. If that employee has a key responsibility in executing a plan, that employee must have a replacement. Turnover is also a constant possibility for every company.

Inclusive:
A corporate security plan must account for variables over which the GSOC does not have direct control. One limitation of some business continuity plans: they are limited to a single organization or business unit, but do not account for essential components such as business partners.

Many businesses do not function effectively or cannot be profitable without key vendors or partners. Each of these vendors or partners presents a potential risk that must addressed in your corporate security plan. For the NFL’s business: there are League employees, team employees (coaches, players, staff), stadium employees, plus other vendors. All must be considered as part of the COVID plan.

Official:
All key stakeholders and leaders must agree on the strategy and must commit to enacting and enforcing it. Continuing compliance with a risk mitigation strategy is a shared responsibility between the security team and other departments. In the case of a highly infectious disease, this joint accountability is crucial.

Uniform:
Security plans must be uniform across different business verticals. If one business unit starts to take a different approach, it creates the possibility of introducing risk and undermines the credibility and

The GSOC at many companies plays a crucial role in keeping the organization marching to the beat of the same drum. By providing risk data and identifying how the plan is functioning effectively, a skilled security team can guide operational decision making.

Sustainable:
Many risks have an indefinite timeline, so plans to address them must be sustainable through the crisis. Sustainability is not only a matter of having the necessary people and resources for the projected timeframe. Sustainability accounts for different scenarios that may unfold as part of a crisis or ongoing risk – and other threats that may arise during that time.

Companies did not plan for a global pandemic in 2020, and thus did not budget for it. Even companies with business continuity plans probably did not account for a true global crisis that impacted every person in every country. These plans often rely on the ability to shift operations to different regions or leverage an alternative supplier.

Risk mitigation strategies all have financial costs, and many have the potential to create operational disruptions (e.g., diminished facility capacity, longer waits to accommodate screening, non-compliant customers, etc.). These aspects must be considered over different possible timeframes.

For additional insights and guidance on a COVID-19 operating and reopening strategy, watch the webcast on demand.