Self-assessment is an important part of ensuring that the security culture of the organization is strong and identifying areas for improvement. When we think about self-assessment, we typically think about the data collection phase (surveys, interviews, etc.). The data collection phase of the self-assessment, however, is only one stage of a multi-stage process of self-assessment laid out by the IAEA.
The organization must first decide to carry out an initial or subsequent self-assessment and commit to that process, a decision that shows they value the importance of nuclear security culture.
Before carrying out the self-assessment, the management should build commitment for the process among personnel. They can accomplish this by showing that they value the self-assessment process and by making the purpose and procedure clear to all employees. Self-assessments often fail because personnel either do not think they are important or useful or because they do not understand how the data will be used. At this stage it is also important to project the message that confidentiality will be ensured for all participants.
A self-assessment team should be assigned to oversee the assessment, and this team should consist of individuals from various departments and potentially even an independent expert whose role is to advise the team, reduce bias, and share skills for conducting a successful assessment.
The self-assessment team should work with senior management to develop a self-assessment plan, which should identify the focus of the self-assessment. The team should then select security culture indicators from the list developed by the IAEA (or develop their own indicators) to be included in the self-assessment.
The data collection process for the self-assessment should include:
This process includes both non-interactive methods (surveys, document reviews, observation) and interactive methods (interviews with individuals and group discussions) to assess the state of the organization's culture. Combining the two methods gives a fuller picture of the organization's culture through providing both qualitative as well as quantitative information.
The self-assessment team should analyze and consolidate the results from the surveys, interviews, document reviews, and observations. This phase of the process is crucial to understanding the root causes behind discrepancies or apparent deficiencies identified in the data.
The three-tiered outcome model is a simple system for identifying weaknesses and strengths for the nuclear security culture indicators. Green signifies good performance, yellow signals areas that could be improved, and red indicates serious problems that must be addressed directly.
The self-assessment team communicates the security culture profile to the management of the organization and submits a final report. The management then develops a plan to address the root causes of any weaknesses identified in the report.
Page 30 / 43