Securing Keys, Assets & People - Blog

ROI Series: 6-Step Security Solution Purchasing Process

Written by Jay Palter | May 8, 2018

To help businesses as they head into budget planning, Real Time Networks has produced a new guide for getting maximum value from new physical security capital purchases.

This guide was compiled with insight from security professionals in the law enforcement, technology, and hospitality sectors. It details best practices for financially responsible security purchasing and how to calculate your organization’s unique ROI for each technology. It lays out a standard process for not only finding security systems that will generate the greatest long term financial impact, but also for building a strong business case to secure funding.

Here we give a preview of our experts’ process. The complete guide is available for download here.

6 Steps to Maximize Value from Security Solution Purchases

1) Gather the Right People 

Perspectives from beyond the security team often bring valuable insight to the purchasing process. Make sure to include representatives from every team that will be involved in the new system’s deployment, from the teams that will use the system, as well as those strongly impacted by its use.

For example, since most modern security systems run over network infrastructure, your IT department or IT service provider should have representation in the search process. And depending on how they’re used at your business, security systems may also have customer service or other operational uses. Such as a video surveillance system at a hotel or casino. Representatives from those operational teams should also have a say.

2) Research Potential Products

While security providers can give you a range of useful information, it is important to gather data important to your organization on your own. Experts recommend doing this using a few different sources for each product or service provider under consideration. These include:

  • Opinions from security professionals both in and outside of your industry
  • Existing customers of prospective service providers
  • Product data sheets
  • IT data sheets

3) Determine Expected Life Cycle of Technology

The length of a security system’s expected life cycle has tax implications, so it’s important to estimate an effective life cycle up front for the technologies you’re considering. Fortunately, the IRS in the United States and the CRA in Canada publish guidance for this. While they can vary by industry, security systems typically have a depreciated life cycle between 5 and 15 years. When it comes to business planning this is an awfully wide range, which is why it may be important to involve your finance department early on in the process so that tax liabilities are properly understood.

4) Translate Security Threats into Business Risks

Presenting technical security threats alone does not make a business case for a capital security expenditure. To maximize your proposal’s chances of getting funded they must be re-framed as risks to the entire organization.

How you carry out this step is going to vary greatly from organization to organization, but there are several basic approaches that work.

Approach #1: Executive Straw Poll

Seek input from your executive team about the remediation costs of various security incidents that the proposed purchase mitigates. Get multiple estimates on what each incident would cost the organization as a whole.

Approach #2: Calculate Costs of Downtime

This applies most to sectors were security systems deliver a core business service. Such as in hospitality where guest safety is essential. Or corrections, where securing inmates is an organization’s core function. Total the losses for not being able to deliver your core services. Include lost revenue, mitigation costs, compliance penalties, and estimate future losses from reputation damage.

Approach #3: Identify Regulatory Needs

Organizations in regulated industries are required to maintain certain security and operational thresholds. Identify the total costs for failing to meet your business’s regulatory obligations. Or research average annual penalties in your industry.

Many regulations include physical security provisions, or other requirements that automated security technologies can help address. State gaming codes require casinos to have physical safeguards for keys and other assets. Sarbanes-Oxley (SOX) financial regulations mandate “adequate safeguards” for financial assets and records, which often necessitate physical measures.

5) Calculate Total Cost of Ownership

This is calculated as the sum of the costs to purchase, install, operate, and maintain a security system.

Including other stakeholders makes this calculation much easier to complete as you get a broader perspective on a new technology’s impact on your organization. IT and physical plant teams especially can identify secondary costs not immediately apparent to a security team.

6) Calculate Return on Investment

Once your business risks are defined and your is TCO calculated, determining your ROI for a technology purchase will be straightforward.

And remember, when presenting your business case your ROI calculations will take center stage, but they must still be supported by concrete evidence for how the system will reduce security incidents and realize an actual return.

Compiling all this is a time-consuming process, but the outcome, a security system confirmed to give you the greatest long term value, makes it worthwhile.

 

Download the full guide from our ROI series: 6-Step Security Solution Purchasing Process: