As a security consultant, Angus Darroch-Warren is often asked to support procurement teams with their selection of service providers, whether they be fencing contractors, integrators, CCTV installers, security guarding companies or other specialists in areas such as Hostile Vehicle Mitigation or blast mitigation. It’s a procedure that can raise serious issues with regards to our business sector, and notably so in terms of the way in which security practitioners present themselves to other sectors and, indeed, how some are often unable to demonstrate the tangible value they, as security professionals, can bring to their peers within the business or organisation.
To be precise, I find such exercises very useful from two perspectives. Firstly, I’m there to do a job and ensure that my client reaches a decision based on facts and proven methodologies and that the solution chosen is effective and fit for purpose, meeting regulatory and compliance requirements and reducing risk to an acceptable level that’s in line with the organisation’s risk appetite. It must also be cost-effective, bringing a sound return on investment and a payback that meets the requirements of the Finance Department.
Secondly, and slightly facetiously, I’m there to use the experience as a time for gathering information and identifying scenarios that will be useful for me in my other role (that of a trainer and developer of training programmes for our international client base).
Let’s take both of these perspectives and see where they interconnect (or not).
Focusing attention on procurement
With regard to procurement exercises, on one occasion I was involved in the outsourcing of an in-house security team to a contracted one. Having ‘done the math’, the savings for the client would be in the region of £600,000. Savings that would be re-invested in a technology solution bringing together the various security systems such as perimeter intrusion detection and access control.
Along with the corporate security manager and procurement team, I had scored various tender submissions using the required template and then invited the Top Four companies to present their solutions and show how they would bring ‘added value’ to the contract.
The service providers involved comprised national and local companies and had specifically been told to bring to the meeting the management team who would be directly involved with the contract and its management, particularly so the proposed contract manager.
Part of the tender package required the bidders to demonstrate how they ensured Continuing Professional Development for operational and managerial personnel. It was interesting to read how they all had in-house training departments that ensured Security Industry Authority (SIA) compliance and provided additional items such as modules on customer service, conflict management and other soft skills.
During one of the ‘beauty parades’, a regional manager was asked about his qualifications given that the bid documents had waxed lyrical regarding the company’s internal development and ‘high flyer’ programmes. The manager proudly stated that he had his SIA qualification and ‘ILM Level 5’, but his real personal development was ‘on the job’ having worked in the security sector for 12 years following an exemplary military career with the Royal Logistic Corps. The contract manager who was to be assigned to the contract was also asked about his qualifications and, slightly embarrassed, was unable to think of any.
Proposed methodology for the contract
The proposed methodology for implementing the contract was discussed and the bidder stated that it would conduct a security risk assessment of the facility and, from that, make recommendations as to the number of security personnel required and the steps to take with regard to mitigating the identified threats and associated risks. The regional manager stated that he would conduct the security risk assessment in tandem with the contract manager and then report back to the client.
As they had identified similar contracts within the same sector in their bid package, it wasn’t unreasonable to ask them what they perceived to be the strategic risks to the site. There was a little bit of shuffling of papers at this point and then it was suggested that theft may be an issue as well as fire. I asked if they were familiar with the contents of PAS 96:2017. They were not.
I then asked the bidders about the proposed security risk assessment (as the retained security consultant it seemed a good idea not to replicate the work I had conducted over the previous eight years when retained by the client) and who would conduct it. The regional manager said it was his role and that he would conduct the assessment process along with the proposed contract manager. Given his SIA licence training and the ‘ILM Level 5’, I enquired as to his experience and qualifications to complete the risk assessment for my client. He had no formal qualification and used the ‘template that Health and Safety give me’. When asked about potentially using the Operational Requirement process, this was met with a number of blank faces.
In an attempt to salvage what was becoming a bit of a train wreck, the sales manager added that they would also use a well-known security consultant (one who holds a PhD in security and risk) and that he would support the security risk assessment. Helpfully, I offered to give this external resource a call after the meeting as he and I were discussing the Register of Chartered Security Professionals and the Register of Security Experts and Specialists at the time.
Serious issues raised
The purpose of this little anecdote is not to belittle the security guarding sector. Rather, I feel it raises serious issues with regards to our sector, and notably so in terms of the the way in which we present ourselves to other sectors and how we’re often unable to demonstrate the value we, as security professionals, can bring to our peers within our business or organisation.
In the example above, surprisingly the bidder mentioned was not successful. However, imagine how different it could have been had they offered to conduct a security assessment based on a recognised framework and transacted by a manager who held a recognised qualification?
Whether it’s the Certified Protection Professional (CPP), the Physical Security Professional (PSP) or even the newly-launched Associate Protection Professional (APP) from ASIS, an accredited security surveying course from an established provider or a security management qualification from The Security Institute, the knowledge these courses bring to the understanding of the core principles of security risk mitigation, physical and technical security is essential for the development of individual professionals and, indeed, the profession itself.
Yes, there are many very good individuals who have previous careers that prepare them well for the private sector, whether those previous careers have been spent in the military or the civilian police. Yet, increasingly we need to recognise that there are those entering the security sector as a career choice, completing undergraduate degrees and working their way up the (slightly rickety) career ladder that exists. Alternatively, security is being added to the portfolios of those professionals in other sectors, such as facilities management.
Given the range of backgrounds and skill sets that exist, let’s not be afraid to recognise where we need to develop, perhaps engage with the mentoring programmes that are provided by the professional associations and conduct a personal ‘training needs analysis’ that ensures the learning of new skills or the development of existing knowledge.
Bringing value to security projects
While often much maligned as providing little useful advice for the payment of exorbitant fees, consultants do bring value to projects as long as they have the necessary experience and background to do so. The majority of security managers seem reluctant to outsource or consult other specialists out of fear that the organisation will doubt their own knowledge and ability. Reports written by external resources should be part of the ‘homework’ for the security practitioner – reading and understanding the analysis, the basis for recommendations and technical specifications. This is part of our education as security professionals. You will soon be seen as the ‘in-house SME’ who will bring value to security planning and project implementation.
Let’s not forget, either, that one of the traits of being a profession is that the sector practitioners within have ‘specialised knowledge’ and show a commitment to self-development as well as keeping up-to-date with the latest trends such that they can provide the best possible service to their clients. Without up-to-date knowledge and skills, ‘security’ will continue to be seen as a cost to an organisation and not the ‘business enabler’ that we know it to be.
You may be wondering what happened to the contract manager who was lost for words? At the end of the meeting, he raised his hand politely and then said: ‘I have my SIA badge and ILM Level 3’. We welcomed him on a security management course the following month.
Angus Darroch-Warren BA (Hons) MSc PSP CSyP FSyI is Senior Consultant and Group Director at the Linx International Group