Security Concept of Operations

Print Friendly, PDF & Email

There are two types of Concept of Operations documents (abbreviated CONOPS, or ConOps):

  • Organizational Concept of Operations: a document describing leadership’s intended way of operating the organization or a part of it.
  • System Concept of Operations: a document describing what the system will do (not how it will do it) and why (rationale).

More detail distinguishing between the two type of documents is provided in Annex A and Annex B of the ISO/IEC/IEEE 29148:2011(E) standard, Systems and software engineering — Life cycle processes — Requirements engineering.

Important Note: You do not need to have or study the IEEE 29148 standard in order to effectively understand and develop ConOps documents of great value.

Concept of Operations Documents for Security

ConOps documents are widely used in the military, governmental services and other fields.

We are applying them to security, and so we distinguish between the two types of documents like this:

  • A Security Concept of Operations (Security ConOps) is a statement in words or graphics that clearly and concisely expresses what security leadership intends a security department or a function of the department to accomplish and how that will be accomplished using available resources or planned resources, in language that the security stakeholders can understand.
  • A Security System Concept of Operations (Security System ConOps or just System ConOps) is a statement in words or graphics that clearly and concisely expresses what each function of the system will do (not how it will do it) and why that function is needed (its rationale).

    It is a user-oriented document that describes system characteristics of the to-be-delivered system from the user's viewpoint. This document can document focus on all the necessary requirements specifically from the user's point of view, and can use vocabulary and illustration tools that are familiar to the user's experience and knowledge base.

Security ConOps: a Flexible Tool

Security ConOps documents (the organizational perspective) are not technical documents like System ConOps documents are. You don’t need a technical background to write one. You just need to understand what leadership (whether that is you or your boss) intends one or more security functions to do.

Then you can work out how it will be done using existing, planned or to-be-requested resources.

Security ConOps documents have a scope, which can be large or small. That’s where the flexibility comes in.

For example, let’s say you have a secure parking area (such as required by C-TPAT regulations) for international shipping and receiving, and you have a staffed security booth to log vehicle traffic, verify shipper documents, and inspect truck trailer seals. You can write a Security ConOps with “Security Parking Control Booth” as its scope. A larger scope would be “Security Monitoring Center Operations”. Another example is “Annual Corproate Event Security Operations”.

These are operational documents that management can approve. Once approved, they provide you with operational requirements to fulfill, and related responsibilities and authorities for you and the personnel who will carry out operations.

For example, a Security ConOps document can name policy, procedure, port order, task order, job aid or other types of specific organizational documents that will establish the organizational framework needed for the function to be performed by the assigned personnel.

Security ConOps documents are a very important part of a documented security program.

System ConOps: an Indispensable Tool

Technology—by itself—does nothing. The people and process parts of the picture are also required. However, the security industry has a tradition of starting with technology first, and fitting the people and process parts on afterwards. That is why many security projects don’t reach a fully operational state until well after the projects are declared “complete”.

Sound technology projects start with a System Concept of Operations that has all three parts. You can use a Concept of Operations to guide your people-process-technology deployment so that you get the greatest operational capability for your investment. This is critically important for Security Operations Centers and PSIM deployments.

To obtain an outline or template for either type of Security ConOps document, contact RBCS at 949-831-6788 today.