A positive work environment that enables and drives a strong security culture helps to reinforce positive security behaviour, empowers staff to act consistently with security policies and procedures, and encourages them to demonstrate positive security behaviours confidently and willingly.
Your work environment should make positive security behaviours easy, effective and an enabler of—not a hindrance to—daily tasks. Your security culture is only as positive as your work environment.
Clear and consistent policies, processes, and procedures
Security culture should be organised, systematic and embedded into the day-to-day activities of your organisation and its people. Security expectations should be written into corporate policy and procedures, including those without a primary security focus. This includes employee manuals, codes of conduct and standard operating procedures. Anywhere staff routinely consult organisational information is a potential vehicle for reinforcing key security messaging. In addition to being accessible, security information should always be easy to understand, concise, simple to follow and readily accessible to all staff – including new employees and those who need to refresh their understanding.
Ways to include security information:
- Include a security section in any document where staff read corporate information, even outside of your security exposition. This reinforces key messages and reminds staff that security is part of the fabric of your organisation and the aviation sector; not an optional extra.
- Consider operational or frontline staff without access to routine security updates and develop alternate and reliable ways to ensure they are receiving the information they need. This might mean delivering physical copies of communications or speaking to staff in person.
- Use plain language to communicate security messages. Make sure procedures are concise, easy to follow, are not open to interpretation and are not contradictory. Review documents to ensure they are complete, clear, and easy to grasp.
- Seek and incorporate feedback from staff to ensure that security instructions are complete and clear, and that there is no confusion or misunderstanding as to how security measures must be applied.
Provide the resources required to meet security goals
Achieving necessary security outcomes requires resources. This might be equipment, technology, time, space or personnel. A positive security culture is enhanced by your staff seeing investment being made in their work environment to enable strong security performance. Staff who are operating with inadequate resources, technology or equipment to effectively undertake their responsibilities may not feel supported by their workplace. Ensuring the appropriate resources are applied to security challenges is vital to ensuring your staff and the public remain safe and secure.
To ensure the correct resources are in place:
- Identify and prioritise the most important resources to achieve security outcomes in your organisation. These might be additional screening equipment, extra staff or updated computer systems or technology. It may also mean allowing a few extra minutes to implement security related measures.
- Seek feedback from operational staff on what can be done in your workplace to enable positive security behaviours, including consulting on what resources or tools they may need to do their jobs more effectively. There may be simple fixes that have positive impacts on achieving security goals and reducing vulnerabilities.
Display important security messaging in prominent places
Posting meaningful security messaging within physical and virtual work environments is an important way of reminding staff about key measures and embedding security into your organisation’s culture. This highlights security as fundamental to the way you do business. Placing reminders of policies, procedures or advice in prominent places keeps security front and centre for your staff so that it becomes a core value in how they conduct their duties.
You might consider:
- Posting key security messages in high traffic locations such as in corridors or bathrooms. Regular reminders can embed good practice and remind staff of what to do during a security incident.
- Placing security communications in appropriate and relevant locations to the messages you are trying to get across. For instance, include a notice on a doorway that an Airport Identity Card needs to be displayed in a certain area, or to check that a secure door has closed before departing the area.
- Regular rotation of security messages on a notice board.
- How technology can help with displaying security reminders. This can include an electronic roster in a breakroom that staff look at every day, pop-up messages on computer systems, or changing system backgrounds/lock-screens to include relevant security messages.
- Using concise, relevant, and accurate language on security prompts, or using catchy phrases and slogans (such as ‘See it, Hear it, Report it’) to communicate key messages.
- As part of your security management, be aware of the security breaches or incidents that occur most frequently in your workplace. Target your security messages to improve performance in these areas, and then track what works best for your organisation.
Encourage staff engagement and measure staff performance
Engaged staff are more likely to promote strong security behaviours and embed security within the culture of your organisation. Staff who are involved in security decisions are more likely to champion and actively promote positive security behaviours. There are many ways to include staff in decision-making and encourage participation in security processes, raising overall performance, and entrenching security as part of the way all your staff do business. Measuring the performance of your staff against expected security behaviours can provide practical incentives to perform well, and track improvements in security practice and understanding.
Ways to encourage your staff:
- Set up a suggestion box to allow staff the opportunity to suggest ways in which security could be improved. Incentivise contributions by offering rewards for ideas that are implemented within the organisation, encouraging the natural thought-leaders in your organisation.
- Consult staff when security decisions might impact their work. They may have ideas that can benefit the whole organisation by providing improved security outcomes in more efficient or
cost-effective ways.
- Document expected security behaviours within appraisals and performance development plans for all staff. This provides a measurable way to ensure staff are performing in line with requirements and expectations. Provide feedback on their security behaviours, including recognition for positive actions to incentivise repeat performance, and constructive feedback where security behaviours fall short.
- Promote positive security behaviour through a rewards and recognition programme and highlight organisational successes in corporate communications. Track organisational performance and provide concrete rewards to reflect measurable performance. This can encourage staff to strive to reach security goals and encourage security to be part of regular performance discussions. Recognition can be as simple as writing a ‘thank you’ message or email.
Assess your positive work environment [PDF 77 KB]