Get Our Email Newsletter

Security Executive Council Developing a Maturity Model for Corporate Security

The Security Executive Council has released a series of abbreviated corporate security maturity assessments with the end goal of developing the first maturity model specific to corporate security.

Maturity models are commonly used in many industries and corporate functions, including IT, supply chain, HR, enterprise risk management, and marketing. However, no maturity model exists for corporate security.

“A maturity assessment defines where your program falls on a spectrum from reactive or informal to optimized,” said Kathleen Kotwica, SEC EVP and chief knowledge strategist. “The security domain indicators we use to construct the assessment (for example, governance and performance measurement) are based on years of research with hundreds of security practitioners. These assessments look at where security programs fall on a continuum and can help close the gap toward their desired state and consistency of performance.”

- Digital Partner -

It’s important to note that the SEC’s maturity assessments classify, rather than rank, program maturity. “An organization that gets a lower score on a maturity model assessment is not necessarily providing less effective security; a number of elements—including industry, corporate culture, and risk appetite—influence the level of security desired,” said Bob Hayes, managing director of the SEC. Instead, the assessments are a way to determine the function’s ability for continuous improvement.

“Capability is about proficiency, competence and the confirmed skills to execute essential tasks. Maturity is about reliability and indicates levels of acceptance and established practice,” said George Campbell, SEC emeritus faculty and former CSO of Fidelity Investments. “A mature process has proven practices that have consistently delivered valued results to the organization. Understanding the current levels of proficiency and acceptance of security processes within an organization should be an essential step in building and maintaining a Corporate Security business plan.”

The SEC’s initial corporate security maturity assessments focus on five security program areas: Access Control and Physical Security; Global Security Operations Center; Investigations; Threat Management and Safe and Secure Workplaces; and Uniformed Officer Services.

“The goal is to provide corporate security practitioners a tool that can be applied relatively quickly, but that retains enough of the core of the maturity model process to provide actionable results,” said Kotwica. “As the SEC gains input and feedback from our community, we will refine and adjust the assessments to increase the value they provide to security practitioners.”

Security leaders who take the assessments will receive both their maturity score and a summary report that outlines peer comparisons.

LP Solutions

The five assessments can be found at

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.


View All | Sponsor a Webinar


View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.