SAP Reference Model For Transforming Public Security
The functions of government which are responsible for citizen security and safety, is often termed Public Security or Homeland Security, in recent years governments have increasingly focused upon ways of increasing security and safety for their citizens, communities, businesses and visitors. At the same time growth in volumes of trade, travel, mobility as well as use of technology and the economics of such have placed greater challenges upon those tasked with ensuring our safety and security. Today, these officials often find that the problem can often be too much data and information with too few resources to deal with the increasing day to day demands and expectations of the public.
It is with this backdrop that public security organizations are looking to transformational programmes for the achievement of improved levels of security and operational performance whilst at the same time delivering an improved level of service to citizens, at an investment level which delivers best public return upon investment. When we looked at the public security segment, we recognized that there was a better way to contextualize the public security challenges and so we went about identifying a model upon which this would act a reference point for core processes and competencies and then which would be underpinned by solutions, technologies and architectures. Even though many of those involved within SAP reference model approach had worked as officials within the public security area for many years, all thought it important to engage with clients, partners and officials so that we could better align the model within current thinking.
In building the reference model we at first looked at the key functional areas of what we knew as the public security cluster, namely agencies with functions centred around Intelligence . Law enforcement & 1st Response, Border Protection & Immigration, Justice & Offender Mgt as well as Disaster & Crisis Management. When we looked at these key public security functions, there were clear overlaps in terms of their joint operations, the need to work collaboratively together and the need to share information in a way which provided assurance, compliance and security.
One of the key themes around this was the highly complex governance and compliance framework within which those agencies needed to operate, releasing selective information to key personnel quickly, whilst ensuring security, privacy, compliance and auditability all met the standards of their own governance and information assurance regime.
As all these agencies will for the long term have their own processes, systems and priorities, however when we looked at the overall reference model it had to take account of a public security architecture which provided for data, information and intelligence sharing at one level but also the ability to deliver an enterprise services architecture which enabled many communities of officials or departments to take and end to end process view and orchestrate their activities in a way which delivered optimal operational performance.
For example an identification event, alerting the relevant agencies, who then make a decision on their current intelligence picture and real time resource availability, who then co-ordinate a response from several agencies in near real time to arrest or carry our surveillance on that individual which ultimately leads to an arrest and court case. During that end to end process various services from different agencies, various intelligence and information would have been acquired and would need to be processed, various lines of enquiry may have also been generated and need follow up or investigation and certain types of skills and resources may have been needed, being selected on the context of availability and geographical location. In short an overall public security services architecture and business process platform was needed within the reference model to enable orchestration of processes, exchange of master data, broker XML information exchange, to unify and simplify user security and access to information, to enable business processes to be managed across agencies and to enable best of breed or existing solutions and technologies to be integrated, for example GIS, Visualisation or recognition technologies such as face, number plate, fingerprint, iris etc.
Overaching the reference model was the need to have a framework for mobility, accessibility, security and interoperability. So at a functional level we identified the need for public security agencies to have the ability to operate within different situations, offline and online, forms or direct user interface access, access through third party solutions or devices, ability to operate within a federated security environments which span domains and even accessible as a web service to other agency systems.
Then within the core components of the reference model we identified 5 competency areas that the organizations needed to focus on in order to deliver greater operational returns, those were namely;-
Identity Resolution – Covering the processes around identification of the entity subject to the data, information, intelligence, case, border event, operation etc. Normally this would be a person, group, document, piece of property or location centric and may involve multiple roles for the entity, for example a person could be a citizen, suspect, victim, witness, official, traveler, customer, trader, casualty, complainant, associate, supplier, etc. When we looked at all those agencies identification of the person, group, package, piece of evidence or location was critical to effective performance of organization. Equally reducing duplication, improving data quality, using single identity many times, improving collaboration/sharing, reducing process time for verification at border point etc were all key elements for achieving operational excellence in this area.
Intelligence, Risk & Threat Management – Strategies for many of these agencies have been moving over time to intelligence or risk led models whereby their organizational strategy, configuration and resources are focused in a much more scientific way using a more holistic analysis of the risk, threat or security situation, the term often used in Law Enforcement has been Intelligence Led Policing. It is this in mind that led us to identify the key processes around this area and combine this with identity resolution to create greater synergy. If do not know who the traveler entering our border is and I cannot link them to any intelligence I cannot judge their threat status and so my options are limited.
Investigative Case Management – Increasingly we found that organizations are wanting to manage the complete case process, not just from a document or output to another agency perspective but all aspects of the case. For example police investigations may involve thousands of lines of enquiry, the recording of key decisions and reviews, may involve many thousands of exhibits and pieces of evidence, may require very precise steps or actions to be taken at each stage, may have many witnesses, suspects and victims to manage throughout the process. There may also be many officers working on the case, there could be thousands of documents associated with investigation and there will also be the need to track and trace costs and services completed as part of the investigation. Often several paper based systems have been used for some elements of this butincreasingly we are seeing the need for a holistic approach to the investigative process with good practice being brought into the process to develop consistency and standardization in order to deliver performance improvement.
Command & Control – Traditionally this competency has been seen as a pure call capture and near real time dispatching process for patrols or units. Increasingly we are seeing the need to not only collaborate across agencies in near real time, for example when there is a terrorist attack but equally importantly the command and control function needs to manage a much broader range of processes, for example complete analytical picture, mass casualty management or consequence management e.g. communities, business, lessons learned, reconstruction, victim/casualty support. This broader range of competencies or functional components is where new approaches and innovation can play a key role in delivering operational improvement.
Operational Resource Management – At one time officials tended to view operational processes separately from generic business functions such as the management of human resources, finances, procurement, assets, etc. The view being that the real time management of operations was a much more dynamic set of activities which needed to be flexible, responsive, adaptable and needed to be very fast. Over time this distinction has diminished with more and more recognition being given to the need for a complete real time resource picture being provided, so geo-location, status, task, skills, equipment, costs and proximity to situation/event all being vital to make best decisions and achieve best outcomes. Our virtual team is already using this model within our public security eco-system to enable transformational thinking and operational performance improvement to break the traditional paradigm. My view is that this reference model will deliver operational improvements within public security that enables agencies to gain greater awareness of current security and safety landscape, increase preparedness for potential threats or acts, improve responsiveness to citizens, communities and businesses in terms of service delivery and finally to deliver an enhanced level of resilience and capability for recovery.
Marc Von Der Linden – IBU, SAP Public Security & Thomas Kunert EMEA – Public Security have been part of our global team conceptualising the reference model with myself.