Over-the-top security controls can do more harm than good.
Is the bureaucracy of security making us all less secure? That is a question I find myself asking increasingly as layer after layer of bureaucracy in the form of forms, protocols and additional steps makes quoting, receiving orders, building product and then shipping and invoicing more cumbersome and time-consuming.
Don't get me wrong: I believe in quality and security, especially in the world we are living in and with the cyber-reliant environment we must utilize to communicate and share data among people and businesses. Increasingly, however, some measures that are intended to increase security instead have the effect of wasting time, adding cost and extending lead times to deliver much-needed product.
To wit: A customer requested a quotation for a few spare parts from a previous production run. To obtain the quote required logging on a "secure" website to download the RFQ and then uploading the completed quotation through the same web portal. The customer then sent an email notification that there was an order, again logging on the website to download the purchase order. In this case, the customer's quality clauses required both a new FAI and Source inspection. To comply, it required logging on the same web portal – twice. After Source took place, it required two more times of logging on the website to download documentation to ship. After shipping, once again it was necessary to log on the site to invoice. I added up the number of hours required to do the extra steps for this order and found it took longer to "process" the quotation, order and shipment than it did to produce the product in the first place! Had this part been technology-rich I might understand; however, this order was for pieces of shim stock!
It has not always been this way. A great example is the development of the P-51 Mustang. For younger readers, this was not a Ford automobile but a fighter aircraft, considered among the greatest fighter planes of its era. Back in World War II, a time where the need for security was as important as it is today, a team came together and in 30 days designed the P-51. A purchase order was placed, and 102 days later, the prototype was tested. After 44 more days, the plane was coming off production lines and successfully in service. That is 176 days from concept to being in service! How could it happen so fast? Clearly, with a war on, there was a pressing need, combined with a heightened sense of urgency by all. I suspect, however, there was also much less unnecessary paperwork and bureaucratic documentation. Time spent on anything unnecessary meant added time or delays in accomplishing the more important tasks.
Fighter planes of today are far more complex than those of 80 years ago, but my guess is that today the fastest a plane could go from concept to being successfully in service would be closer to 176 months, if even that fast. It should not take as long as it now does for more basic items to go through the quote/procurement/manufacture/ship/invoice processes, however. There is a real opportunity for improvement for companies to streamline the security and quality bureaucracy to be globally competitive technologically – and more importantly – in time to market.
More importantly, it is applying the appropriate inspection and security needed for different types of products, technologies and end-uses. One size does not fit all, and more is not always better. Some may want to simplify security protocols by making all components, all parts and all items for an end-product require the same levels of security. It appears a healthy dose of common sense is needed in many situations to simplify the basic and expedite the ability to respond and deliver.
Going back to my first example, is it necessary or does it provide any real value to require a Source inspector to go on site to inspect a shim? Or is the product it is going into more secure because such a basic part being inspected onsite. I later learned that this company made a blanket decision that all components of all types that go into a particular program require Source inspection. This one-size-fits-all decision will most likely cost critical time-to-market for the product and undoubtedly add significant and unnecessary cost to the end-product.
As technology advances, products become more complex all while the competitive tensions throughout the world heighten, so the need to be cognizant of preserving security and assuring quality is necessary. All should equally strive to be prudent when applying security protocols and inspection processes, however. Consider the part, component or processes' actual potential for security risk and then apply the appropriate level to the situation. Again, consider how much quality documentation is appropriate for each specific item. Clearly highly sensitive circuitry requires far more thorough quality review and levels of inspection, as well as greater security protocols, than a shim, washer or screw.
The goal should be to quickly develop and deliver high-quality product while doing so with the appropriate level of security. By investing some time to determine the appropriate levels of security differentiate the needed quality requirements will save time and money for all companies, departments and people involved.