Back


BY CRAIG LAWRENCE, CPP

THE EVENTS OF SEPTEMBER 11TH HAVE CHANGED THE WAY WE THINK ABOUT SECURITY AND THE MANNER IN WHICH WE PRIORITIZE BUSINESS CONCERNS. SECURITY IS NOW AT THE TOP OF THE PRIORITY LIST IN INDUSTRIES THAT HAD NEVER GIVEN IT MUCH CONSIDERATION. ONE KEY REASON FOR THIS CHANGE IS OBVIOUS: IN THE PAST, SECURITY WAS GENERALLY UTILIZED TO PROTECT AGAINST BURGLARY, PILFERAGE AND PROPERTY DAMAGE. NOW WE MUST BROADEN OUR DEFINITION OF SECURITY TO INCLUDE THE PROSPECT OF SABOTAGE, TAMPERING AND TERRORIST ACTS. THIS SHIFT IN THINKING IS BEING DRIVEN BY A PUBLIC THAT IS RAPIDLY BECOMING EDUCATED IN THE ENORMOUS SOCIAL CONSEQUENCES OF INADEQUATE PREPARATION. THIS HEIGHTENED CONCERN HAS ALREADY BEGUN TO MOBILIZE GOVERNMENT AGENCIES IN FORMING POLICY THAT WILL IMPACT PRIVATE BUSINESS. SECURITY IS NO LONGER JUST ABOUT ALARMS, LOCKS AND CAMERAS - THESE ARE ONLY TOOLS THAT CAN ASSIST US IN OUR OVERALL SECURITY PROGRAM. EFFECTIVE PREPARATION MEANS THE DEVELOPMENT OF A COMPREHENSIVE CORPORATE SECURITY PROGRAM, WHICH SERVES AS THE ORGANIZATION'S CORE DEFENSE AGAINST SECURITY THREATS AND RELATED ISSUES. TO MANAGERS UNFAMILIAR WITH THIS NEW REALITY, THE FIRST STEPS CAN SEEM DAUNTING.

IN THIS ARTICLE, WE WILL REVIEW THE BASIC ELEMENTS OF AN EFFECTIVE SECURITY PROGRAM. FIRST, WE WILL PROVIDE A GENERAL OVERVIEW OF THE TOPIC AND THE NEW THREATS THAT RECENT EVENTS HAVE BROUGHT TO OUR ATTENTION. THE SECOND SECTION DESCRIBES THE BASIC ELEMENTS OF A SECURITY PROGRAM. THE FINAL SECTION OUTLINES A FIVE-STEP ACTION PLAN WITH SOME PRACTICAL RECOMMENDATIONS ON HOW TO GET STARTED.

TODAY'S NEW WORLD

THE SEPTEMBER 11TH ATTACKS ON THE UNITED STATES WERE PERPETRATED BY TERRORISTS THAT TARGETED INDIVIDUAL SYMBOLS OF OUR COUNTRY'S INFRASTRUCTURE; THE WORLD TRADE TOWERS REPRESENTING OUR FINANCIAL INFRASTRUCTURE, AND THE PENTAGON REPRESENTING OUR MILITARY FORCES. THIS IS RELEVANT TO MANUFACTURING IN THAT ANY COMPANY CAN BE A POTENTIAL TARGET IN THAT WE REPRESENT THE DOMESTIC MARKET FOR WHATEVER INDUSTRY WE SERVE. THIS MAKES BUSINESSES VULNERABLE TO BEING TARGETED BY SEVERAL TYPES OF AGGRESSORS: TERRORISTS, SUBVERSIVES, CRIMINALS, PROTESTERS, ROGUE OR DISGRUNTLED EMPLOYEES OR OTHER INSIDERS.

THE FOOD INDUSTRY HAS BEEN IDENTIFIED BY GOVERNMENT AGENCIES AS A PARTICULARLY VULNERABLE TARGET BECAUSE OF THE OPPORTUNITY THAT FOOD PRODUCTS PROVIDE TO DISSEMINATE BIOLOGICAL, CHEMICAL, RADIOLOGICAL OR PHYSICAL AGENTS (E.G., BONE SLIVERS, METAL FILLINGS, GLASS FRAGMENTS) ACROSS A WIDE SEGMENT OF THE DOMESTIC POPULATION. SUCH AN ATTACK COULD BE CARRIED OUT BY A LONE INDIVIDUAL, WHO COULD BE FAR FROM THE SCENE OF THE ATTACK BY THE TIME IT IS DISCOVERED. BECAUSE OF THE SIGNIFICANT THREAT TO PUBLIC HEALTH AND SAFETY THAT LAX SECURITY REPRESENTS, THE FDA HAS RECOMMENDED THAT ALL COMPANIES INVOLVED IN THE FARM-TO-TABLE FOOD SYSTEM REVIEW THEIR CURRENT SECURITY PROGRAMS AND MAKE APPROPRIATE IMPROVEMENTS.

IN A RECENT FOOD SECURITY CONFERENCE SPONSORED BY THE AMERICAN INSTITUTE OF BAKING, THE FDA AND THE USDA, THE GOVERNMENT'S CONCERNS WERE CLEARLY NOT LIMITED TO FOOD MANUFACTURERS. THEY WERE FAR BROADER AND ENCOMPASSED ALL BUSINESSES ON WHICH THE FOOD INDUSTRY DEPENDS, SUCH AS TRANSPORT, PACKAGING, SERVICE AND SUPPORT. THE BOTTOM LINE IS THAT SECURITY NEEDS TO TAKE AN INCREASINGLY IMPORTANT ROLE IN THOSE BUSINESSES WHOSE PRODUCTS AND SERVICES HAVE THE POTENTIAL FOR ADVERSELY IMPACTING A SIGNIFICANT PORTION OF THE PUBLIC. SUCH A DEFINITION EXCLUDES VERY FEW BUSINESSES. ADD TO THIS EQUATION THE POTENTIAL OF AN INDIVIDUAL COMPANY BECOMING INVOLVED IN A REAL OR REPORTED INCIDENT, WHETHER OR NOT THE PUBLIC IS IMPACTED, CAN OFTEN MEAN THE DEATH OF THE COMPANY.

GIVEN THE CURRENT THREATS, HOW DIFFICULT WOULD IT BE FOR SOMEONE TO COMMIT AN ACT OF TAMPERING OR SABOTAGE WITHIN YOUR FACILITY? HOW HARD WOULD IT BE FOR AN OUTSIDER TO PENETRATE YOUR PRODUCTION AREAS WITH MINIMAL KNOWLEDGE OF YOUR OPERATION? UNFORTUNATELY, THE ANSWER FOR MOST OF US IS THAT IT WOULD BE RELATIVELY EASY. DO CONTRACTORS, TEMPORARY HELP, OR DELIVERY PERSONNEL HAVE FREE ACCESS TO YOUR PRODUCTION AREAS? ARE THERE UNLOCKED AND UNMONITORED DOORS LEADING INTO YOUR FACILITY? ARE EMPLOYEE ENTRANCES MONITORED AND EMPLOYEES RESTRICTED TO ONLY THOSE AREAS NECESSARY TO CARRY OUT THEIR JOB RESPONSIBILITIES? ALL OF THESE ISSUES ARE SUBJECTS THAT NEED TO BE ADDRESSED IN YOUR COMPANY'S CORPORATE SECURITY PROGRAM. A CORPORATE SECURITY PROGRAM IS A COMPREHENSIVE SET OF POLICIES AND PROCEDURES COMBINED WITH THE USE OF SECURITY EQUIPMENT AND/OR STAFF THAT ADDRESSES CURRENT AND FUTURE SECURITY PROBLEMS AND THREATS.

THE CORPORATE SECURITY PROGRAM

THE FOLLOWING THREE ELEMENTS FORM THE BASIC BUILDING BLOCKS OF THE PROGRAM. EACH IS FOLLOWED BY A BRIEF EXPLANATION.

PHYSICAL SECURITYPROCEDURAL SECURITYPERSONNEL SECURITY PHYSICAL SECURITY
THIS MEANS THE ACTUAL PHYSICAL STATE OF YOUR FACILITY. THIS COVERS THE STATUS OF WINDOWS, DOORS, ALARMS, LOCK & KEY SYSTEMS, ALARM SYSTEMS, AND THE STORAGE OF VALUABLE ASSETS AND INFORMATION. THIS ELEMENT ALSO COVERS ANY EXISTING SECURITY EQUIPMENT SUCH AS CCTV CAMERA SYSTEMS, ACCESS CONTROL SYSTEMS AND OTHER SECURITY EQUIPMENT.

PROCEDURAL SECURITY
THESE ARE YOUR COMPANY'S SECURITY POLICIES AND PROCEDURES. THIS SHOULD TAKE THE FORM OF A SECURITY HANDBOOK, OR IT COULD BE INCORPORATED INTO THE COMPANY'S EXISTING EMPLOYEE HANDBOOK. AS WITH ANY POLICIES AND PROCEDURES HANDBOOK, THERE SHOULD BE A SECTION THAT EXPLAINS THE DISCIPLINARY STRUCTURE FOR VIOLATIONS OF COMPANY POLICY.

PERSONNEL SECURITY
THIS IS THE METHOD USED TO SCREEN WHO COMES THROUGH YOUR COMPANY'S FRONT DOOR, AS WELL AS RESTRICT THE ACCESS THAT EXISTING EMPLOYEES HAVE TO SENSITIVE AREAS AND INFORMATION. PRE-EMPLOYMENT BACKGROUND CHECKS, DRUG TESTING, ACCESS CONTROL AND INCIDENT/POST-ACCIDENT INVESTIGATIONS ARE ALL EXAMPLES OF PERSONNEL SECURITY. THIS ELEMENT IS CRUCIAL TO THE CONTINUING INTEGRITY OF THE SECURITY PROGRAM.

THE FIVE STEP ACTION PLAN

IT IS NECESSARY TO CREATE AN ACTION PLAN FOR THE DEVELOPMENT AND IMPLEMENTATION OF YOUR CORPORATE SECURITY PROGRAM. THE FOLLOWING ARE THE MINIMUM RECOMMENDED STEPS THAT SHOULD BE INCLUDED IN YOUR ACTION PLAN:

1) DESIGNATE A PROJECT COORDINATOR. IF YOUR COMPANY HAS AN IN-HOUSE SECURITY DIRECTOR OR MANAGER, THEN NATURALLY THIS PROJECT SHOULD FALL UNDER THEIR RESPONSIBILITY. IF NOT, FACILITY MANAGERS OR HR MANAGERS GENERALLY MAKE EXCELLENT CANDIDATES, BECAUSE THEY ARE MORE FAMILIAR WITH THE INTRICACIES OF IMPLEMENTING NEW PROCEDURES. IT IS NOT A GOOD IDEA TO SLUFF OFF THE PROJECT ON AN OVERWORKED MAINTENANCE MANAGER OR PRODUCTION EXECUTIVE. IN FACT, PUTTING A PROJECT SUCH AS THIS ONE IN THE HANDS OF AN EXECUTIVE IN CHARGE OF OPERATIONS OR PRODUCTION COULD RESULT IN A CONFLICT OF INTEREST. THE RESPONSIBILITY OF SECURITY SHOULD BE GIVEN TO SOMEONE THAT IS SOMEWHAT REMOVED FROM MANUFACTURING AND PRODUCTIVITY ISSUES, TO MAINTAIN A FRESH UNBIASED PERSPECTIVE. THE PROJECT COORDINATOR SHOULD REPORT DIRECTLY TO TOP MANAGEMENT.

2) ASSESS SECURITY VULNERABILITIES. A COMPREHENSIVE SECURITY VULNERABILITY ASSESSMENT REPORT SHOULD BE CONDUCTED AT EACH OF THE COMPANY'S FACILITIES. THIS REPORT SHOULD A) INCLUDE A COMPREHENSIVE EVALUATION OF THE COMPANY'S CURRENT SECURITY STRUCTURE, B) RATE THE LEVEL OF RISK EACH VULNERABILITY REPRESENTS, AND C) MAKE RECOMMENDATIONS COVERING THE THREE MAIN ELEMENTS OF A CORPORATE SECURITY PROGRAM. IF YOUR COMPANY HAS AN IN-HOUSE SECURITY DIRECTOR OR MANAGER WITH EXPERTISE IN CONDUCTING SECURITY SURVEYS OR RISK ASSESSMENTS, THEN THIS RESOURCE SHOULD BE UTILIZED. IF NOT, A REPUTABLE SECURITY CONSULTING OR INVESTIGATIVE FIRM SHOULD BE UTILIZED. WHEN EVALUATING AN OUTSIDE CONSULTANT FOR THIS PURPOSE, LOOK FOR BOARD CERTIFICATIONS SUCH AS CPP (CERTIFIED PROTECTION PROFESSIONAL) OR AFFILIATIONS WITH A.S.I.S. (AMERICAN SOCIETY FOR INDUSTRIAL SECURITY) SUCH CREDENTIALS INDICATE AN ESTABLISHED STANDARD OF PROFESSIONALISM WITHIN THE INDUSTRY. BEWARE OF SECURITY COMPANIES THAT SELL GUARD SERVICES AND / OR ALARM SYSTEMS THAT OFFER A SECURITY VULNERABILITY ASSESSMENT FOR LITTLE OR NO MONEY. THEIR AGENDA MAYBE DIFFERENT FROM YOURS, AND YOU COULD VERY WELL END UP WITH A REPORT THAT IS NOTHING MORE THAN A SALES PITCH FOR THEIR SERVICES OR EQUIPMENT.

3) EVALUATE PROCEDURAL RECOMMENDATIONS. AFTER REVIEWING THE SECURITY VULNERABILITY ASSESSMENT REPORT, THE FIRST STEP SHOULD BE IMPLEMENTATION OF PROCEDURAL RECOMMENDATIONS. THESE CHANGES GENERALLY REQUIRE NO CAPITAL EXPENDITURE AND CAN MAKE AN IMMEDIATE IMPROVEMENT IN REDUCING THE LEVEL OF RISK TO WHICH THE COMPANY IS EXPOSED. IN ADDITION, THEY WILL SET THE TONE FOR THE CHANGE IN CORPORATE CULTURE THAT THE NEW SECURITY PROGRAM WILL REQUIRE. ONCE ALL PROCEDURAL RECOMMENDATIONS HAVE BEEN REVIEWED BY THE PROJECT COORDINATOR AND COMPANY EXECUTIVES, IT SHOULD BE DECIDED WHICH PROCEDURES WILL BE IMPLEMENTED AND HOW. THE NEW PROCEDURES SHOULD THEN BE DOCUMENTED IN WRITING AND INCORPORATED INTO COMPANY POLICY, SO THAT EMPLOYEES ARE HELD ACCOUNTABLE FOR FOLLOWING THE PROCEDURES. AN EXPERIENCED SECURITY CONSULTING RESOURCE CAN BE EXTREMELY HELPFUL IN DRAFTING POLICY LANGUAGE.

4) EVALUATE CAPITAL EXPENDITURES FOR UPGRADES AND EQUIPMENT PURCHASES. AFTER REVIEWING RECOMMENDATIONS FOR SECURITY UPGRADES AND EQUIPMENT PURCHASES WITH THE PROJECT COORDINATOR, COMPANY EXECUTIVES AND THE FACILITIES MANAGER, YOU SHOULD DETERMINE WHICH UPGRADES ARE RELATIVELY ECONOMICAL AND / OR COULD BE DONE IN-HOUSE. PROCEEDING WITH THOSE CHANGES FIRST CAN MAKE AN IMMEDIATE IMPROVEMENT IN REDUCING THE LEVEL OF RISK TO WHICH THE COMPANY IS EXPOSED. THERE ARE A GREAT NUMBER OF ELECTRONIC SECURITY SYSTEMS AND PRODUCTS, FROM BASIC CLOSED CIRCUIT TELEVISION TO SOPHISTICATED ACCESS CONTROL SYSTEMS. THE EXPENSE OF SUCH SYSTEMS CAN VARY FROM MODERATE TO EXTREMELY EXPENSIVE. IT IS THEREFORE IMPORTANT TO ESTABLISH A SET OF CRITERIA THAT TIE INTO COMPANY OBJECTIVES, WHICH MAY BE USED TO EVALUATE ALTERNATIVE APPROACHES. THE BEST APPROACH WILL GENERALLY INVOLVE A CONSULTING RESOURCE, WHO CAN HELP DEFINE THE DECISION PROCESS. IT IS GENERALLY A GOOD IDEA TO USE AN INDEPENDENT RESOURCE THAT DOES NOT HAVE A BUSINESS CONNECTION TO A HARDWARE VENDOR, BUT RATHER CAN BE USED TO ESTABLISH A SYSTEM DESIGN THAT CAN BE PUT OUT TO BID. THEY CAN THEN DIRECT YOU TO REPUTABLE VENDORS AND CONTRACTORS OF SECURITY EQUIPMENT AND SERVICES. IF APPROPRIATE, THEY CAN EVEN SUPERVISE THE IMPLEMENTATION PROCESS FROM BIDDING TO INSTALLATION.

5) FACILITATE THE COOPERATION OF MANAGERS AND EMPLOYEES. WHEN IMPLEMENTING NEW POLICIES AND PROCEDURES, OR ANY TYPE OF OPERATIONAL CHANGE, IT IS IMPORTANT TO FACILITATE THE COOPERATION OF YOUR MIDDLE MANAGEMENT AND STAFF. MIDDLE MANAGERS MUST BE ENLISTED TO HELP YOU IDENTIFY PROBLEMS AND HOT SPOTS WITHIN THE OPERATION, AND WILL ULTIMATELY BE RESPONSIBLE FOR ENFORCING NEW SECURITY POLICIES & PROCEDURES. IT IS IMPORTANT TO GIVE THEM ADVANCE NOTICE OF COMING CHANGES AND GAIN THEIR COOPERATION EARLY. EMPLOYEES ARE YOUR MOST VALUABLE SET OF EYES AND EARS, AND SHOULD BE ENCOURAGED TO REPORT SUSPICIOUS OR UNUSUAL BEHAVIOR OR INCIDENTS. IT SHOULD BE MADE CLEAR TO ALL ASSOCIATES THAT NEW SECURITY CHANGES DO NOT REFLECT A DISTRUST OF THE WORKFORCE, BUT RATHER PROACTIVE MEASURES TO ENSURE JOB STABILITY AND THE CONTINUED SUCCESS OF THE COMPANY BY PROTECTING THE PUBLIC THAT IT SERVES.

CONCLUSION

THE FIVE STEPS DESCRIBED ABOVE REPRESENT A GENERAL OUTLINE FOR THE IMPLEMENTATION OF A CORPORATE SECURITY PROGRAM. HOWEVER, MAKE NO MISTAKE ABOUT IT- JUST LIKE ANY OTHER SUCCESSFUL CORPORATE INITIATIVE, A SECURITY PROGRAM IS MEANT TO PROVIDE A STRUCTURE AND A MODEL FOR CONTINUING IMPROVEMENT, WHICH MUST ULTIMATELY BE TAKEN OVER AND MAINTAINED BY MANAGEMENT. EFFECTIVE SECURITY MEANS CONSISTENCY AND VIGILANCE. SINCE 9/11, COMPANIES ARE REALIZING THAT THE PUBLIC THEY SERVE WILL DEMAND EVER-HIGHER ASSURANCES OF SAFETY AND THAT SECURITY PROGRAMS MUST CONSTANTLY EVOLVE TO KEEP PACE WITH NEWLY EMERGING THREATS AND ISSUES. COMPANIES THAT IGNORE THIS NEW REALITY DO SO AT THEIR OWN PERIL. ?

CRAIG LAWRENCE, CPP, CAS IS A BOARD CERTIFIED PROTECTION PROFESSIONAL, A CERTIFIED ANTI-TERRORISM SPECIALIST, AND THE DIRECTOR OF OPERATIONS AT UNITED RISK PARTNERS, A GLOBAL RISK MANAGEMENT FIRM HEADQUARTERED IN ELK GROVE VILLAGE, ILLINOIS. HE CAN BE CONTACTED AT (847)593-9995 , OR VIA E-MAIL AT: CLAWRENCE@UNITEDRISKPARTNERS.COM