As a company involved in global operations, Wilh. Wilhelmsen Group (WW) must manage increasingly complex sets of risks to maintain a sustainable business. In acknowledgement of this fact, and in order to strengthen security preparedness even further, Wilh. Wilhelmsen ASA resolved to pool security competence, experience and resources across the entire group.

Through clear leadership and direction from the owners, along with broad communication, information sharing and extensive involvement at all levels, WW has implemented a holistic, layered security structure for its global business network. A common security policy and supporting security guidelines have been developed to establish coherent and efficient security practices, which apply to all operating companies. The policy and guidelines are supported by each company, region and business unit and are based on the organization’s core values, with the aim of building a “security culture” through direct daily involvement from all managers and employees.

The human element, which also relates to awareness, is the organization’s most important security resource. This resource can only be maintained and improved through communication, education, training and testing. Sometimes, the human element stands alone when managing risks. Awareness, detection and determination of threats and risks, as well as alertness and taking action, are all key ingredients for security. Predictive profiling is important, since detecting threats and assessing risks starts long before any harmful incident happens. Empowered, trained and aware colleagues will contribute to the layered framework as a force multiplier unequalled by any other technology investment. Therefore, all employees should be provided with the skills and tools for detecting and reacting to threats and risks, long before any real losses occur.

To achieve requisite security awareness, and to support security implementation and work in the group, a decision was made to develop and implement adequate security training, and make it available to all staff. The aim is that all individuals should have:

• knowledge of the Corporate Governing Security Documentation, security principles and core requirements to all individuals.
• understanding of the importance of individual contribution to the layered framework and procedures.
• understanding of principals of detecting, avoiding, preventing and reacting to threats and risks.
• understanding of general awareness, with focus on abnormal situations or behaviour, and how to avoid situations and behaviour, which may imply unacceptable risks; if incidents do occur, all individuals should be aware of general reporting procedures.

To reach the employees, it was assessed that the most feasible methodology was to use e-learning and the web to generate interest and understanding. An e-learning program was developed and thoroughly tested by a project group, with representatives from the parent companies, subsidiary companies and Mintra.

The Individual Security Awareness (ISA) e-learning program is designed to provide all employees with basic knowledge and awareness of the need for appropriate security measures, the motivation to apply them, and their individual responsibility. The program is interactive, with simple scenarios that get users to reflect about own security behaviour and attitudes before they receive feedback. ISA consists of 6 individual modules and emphasises the following topics:

1. Individual Security Awareness - An Introduction
2. Information Security
3. Travel Security
4. Personal Security
5. Security of Facilities
6. External and Internal Communication

In 2008, the ISA e-learning program was made available to all subsidiary companies, which chose various implementation methods.

In April 2008, the WW Group launched a global, WW branded ISA program to 4000 individuals through the LMS - WW Academy Learning Gateway. The first module of the WW ISA program, which presents a general approach to risk and security, and why it is important, is introduced by the CEO of the WW Group. As of the end of June 2008, a total of approx. 2500 modules have been accomplished by WW employees worldwide.

To evaluate if the program is having the desired effect on daily security awareness and behaviour, an academic research project was launched simultaneously with the WW ISA launch. Two surveys have been conducted, and a third and final survey will be conducted later in 2008. Based on data from the surveys, scientific analyses will hopefully indicate whether ISA is an adequate and effective tool for supporting individual security awareness and competence in a global and complex organization. The research project will also be helpful with regard to improvements and implementations of future activities, by supporting balanced and risk based security across the group.

Article by: Tor Langrud, Group Security Officer, Wilh. Wilhelmsen