Online security lapse

Since the events of 9/11 and more recently 7/7, security has moved up the
corporate agenda. The threat of a terrorist attack­ particularly for accountancy
practices operating in Central London ­ is now very real and businesses
operating around the UK have been taking steps to reduce their vulnerability.

Changes have also taken place in the security industry. Earlier this year,
the Security Industry Authority
(SIA) introduced licensing for contracted-out security officers working in the
security, public space surveillance CCTV, close protection and ‘cash and
valuables in transit’ sectors.

Front-line staff now have to undergo a four day training programme, pass
formal examinations and go through a strict vetting process to obtain a license.

In addition, it is now a criminal offence for any security company to supply
officers which operate without a license and for individual officer to work
without one.

Key failures

So what’s the problem? Well, while licensing has undoubtedly improved standards,
it fails to tackle some of the key issues with regard to the recruitment of a
security provider and, more importantly, the ongoing monitoring of that team’s
site performance.

Let me ask you a few questions. Firstly, how did your current security
provider win their contract? Did they win it on price? Did they have a more
impressive performance record than the competition and if so, how did you know?
Is their performance independently checked on-site on a regular basis and if so
how many times do they fail to perform? How many contracts have they lost
because of poor performance?

If you’re honest you probably don’t know the answers to these questions and
neither does anyone else.

Why? Because licensing and industry kitemarks don’t tell you the one vital
thing you need to know. How the security team at your site performs day in, day
Industry accreditations don’t enable you to compare the performance of one
security company with another, making the purchasing process unsophisticated and
haphazard at best.

Licensing has also had one unexpected downside. In some cases, senior
management teams have believed (incorrectly) that the appointment of a licensed
external security team has to all intents and purposes absolved them of any duty
of care with regard to on-site security. This is not the case.

It is still the direct responsibility of senior management to provide
protection and security at all times to both a practice’s employees and its
property. The management team can discharge its duty of care to some degree by,
for example, outsourcing of manned security to a specialist third party, but its
responsibilities do not end with the employment of such a contractor.

There always remains an obligation to independently and regularly test the
effectiveness of an outsourced security service in order for senior management
to meet its responsibilities and ensure it satisfies its duty of care.

So, let me ask you a few more questions. How is your security team
performing, right now? How will you know how they perform at 8pm next Friday
evening or on the afternoon of Christmas Day?
If you don’t know the answers to these questions, you’re not alone but hopefully
the neglected link in the whole security process is clear – the provision of
ongoing performance monitoring via independently conducted on-site audits.

Testing, testing

Audits should be conducted to test security at your offices at all times of the
night and day, 365 days a year (even on Christmas day).
They should include a site penetration exercise (can the auditor gain access
easily?), detailed discussion with security officers selected at random, (what
issues are effecting their ability to do their job and their motivation to do
so?), an examination of operational documentation and verification that all
operatives have a valid SIA license.
Audits will also highlight areas for improvement. In short, independent on-site
audits are the only way to realistically assess the performance of your
practice’s security team on an ongoing basis and to ensure your security
provider is the best available.

Seven ways to improve your manned security

Don’t appoint a security company on price – security officers are often
poorly paid and this is one area where you get what you pay for.

Ask potential security providers when the performance of their officers was
last tested, independently and on site (and if appropriate ask for copies of the
Make sure your existing security team is independently audited on a regular
basis –we have some shocking examples of how easy it can be to enter premises.
I’ve even entered a building by showing a badge with the name and photograph of
Catherine Zeta-Jones!

Always act on audit findings to address shortfalls in performance and
potential areas of weakness. A failure to do so could be construed as negligent
if the worst happens.

Check that each member of the team that will be / is working on your site has
a valid SIA license.
Make sure your security provider is a member of the Approved Contractor Scheme
(ACS). Run by the SIA, the scheme permits security companies to have a
significant percentage of its employees going through the ‘licensing pipeline’.

This means that if a licensed officer leaves the company, he/she can be
replaced much more easily. Companies outside the ACS will seriously struggle to
provide immediate replacements.

Encourage your security provider to reward officers for performance – this
technique has of course been used by many leading financial institutions to
motivate officers and improve the service they provide.

Terry O’Neil is managing director of The Security Watchdog

Related reading