Redefining FM’s parameters: the increasing security considerations

By the very nature of their profession, facilities managers need to master several disciplines and co-ordinate a whole range of business support services. The role now habitually includes the management of security, significantly redefining the FM’s key concerns and considerations.

Anthony Pearlgood (chairman of the British Security Industry Association’s Information Destruction Section), Brian Sims (media solutions manager, UBM Live Security and Fire Portfolio, the organisers of IFSEC International) and Mike Gillespie (managing director, Advent IM Ltd) discuss the increasing security functions for the practising FM and the key factors and considerations around security service procurement, proficient, long-term security management and the key risks and threats affecting today’s business landscape.

Managing ‘pure security’

Given that facilities managers are now being tasked with procuring and specifying security solutions on a regular basis, basic knowledge and skills are being demanded for what you might call ‘incisive management’.

Mike Gillespie explains: “In the world of physical security, there are so many areas where expertise is required that an FM either needs to have a good understanding of security in the round, have a competent security manager available or have access to a multi-disciplinary team of experts. It has, however, been our experience that in some GB pound 100 million-plus businesses, security may still be the responsibility of an FM who has very little understanding of detailed security planning.”

To aid the lone FM professional that will not have access to such an inclusive team, Brian Sims suggests that, in addition to attending IFSEC International 2012 for its comprehensive educational programme, scanning educational literature such as the BIFM’s ‘Good Practice Guide to Security Management for Facilities Managers’ would be a positive way to develop knowledge in this area.

“Written by Mike Bluestone, the chairman of The Security Institute, topics covered in this document include regulation by the Security Industry Authority, traditional and emerging threats, risk management and key physical premises security. The procurement of security contractors and equipment is also very well addressed.”

Multi-service procurement

While educating FM professionals is one suggestion, the argument to outsource FM support services is one that continues to rear its head, particularly with the growing inclination for multi-service procurement and subsequent contract management.

Anthony Pearlgood believes that, due to the tough economic conditions at present, organisations are seeing less people in FM teams and cost savings being flagged as an extremely high priority.

Pearlgood says: “If services are being provided as bundled packages people will acquire them, as this type of solution will allow for reduced administration costs and can make it simpler and cheaper for a number of people.”

However, he adds: “The move towards bundled security is fairly controversial and has cultivated a negative view in certain quarters, perhaps taking security out of context. I would recommend security shredding of confidential data, for example, is taken in isolation because of the repercussions where data breaches are concerned.”

Pearlgood continues: “In the past, there was little-to-no enforcement, but new legislation such as the Data Breach Notification Act will see major financial penalties for data breaches and all data breach information passed on to the Information Commissioner for investigation.”

The attraction of multi-service approaches to procurement for FMs is that they can outsource many of their necessary business functions to one supplier. Brian Sims says: “To coin a well-worn phrase, it’s a ‘one-stop shop’ approach to procurement which inevitably cuts down on paperwork and business process. Additionally, costs can be reduced if the buyer is purchasing from one provider rather than a series of solutions developers. Put simply, the larger the contract, the greater the economies of scale.”

Sims continues: “The multi-service route to management means every one of those services that may be described as ‘non-core’ – but which are so very important in terms of supporting the core objectives of the host business – may be integrated and aligned.”

Mike Gillespie adds: “It may also offer the opportunity to transfer the risk to the contractor. The external provision of FM services, including security, allows organisations to simply manage the issues.”

Dilution of the selection process

The disadvantage to the multi-service approach, according to Pearlgood, is the diluting of the selection process. “Some providers may operate without the correct accreditation or the right standards,” he suggests.

“Additionally, suppliers may be judged in line with a company that provides a completely different service, such as a carpet cleaning company or a shredding service. In this instance it’s implying that FMs are considered as a ‘Jack-of-all-Trades’. The core difference is if a carpet doesn’t get cleaned then it doesn’t get cleaned, whereas if data is not disposed of appropriately a data breach could occur and cause major problems for the business.”

Sims continues: “From a logistical point of view, issues might also arise if the FM has to outsource one or two functions within that multi-service management package. Ultimately, there will be many ‘specialisms’ sitting under the umbrella of the multi-service contract and this may well necessitate additional training or self-learning on the part of the facilities manager.”

Furthermore, Gillespie maintains that there are also plenty of examples where the client feels short-changed by the services received. He states: “While the advice of a professional security consultant may seem expensive, if properly directed they can save an organisation thousands of pounds in the procurement of unnecessary products, services or equipment that they may be persuaded by a supplier to buy.”

Influencing the purchasing process

When obtaining appropriate security solutions, the relationship between FM and procurement is often challenging, particularly as anecdotal evidence suggests that many IT professionals are now often in charge of the budgetary purse strings when it comes to physical security.

As a result, it seems that many FMs have to take a stand and actively ensure they have the opportunity to influence the purchasing process.

“FMs and security managers are in the same boat here,” comments Sims. “If the client organisation’s operational structure dictates that purchasing of security requirements is co-ordinated through either IT or the Procurement Department – or both – then, put simply, the FM professional has to make their voice heard.”

Sims goes on to state: “Security products must always be selected because they are necessary to satisfy the host organisation’s requirements on a cost-effective basis rather than because they are solutions the salesperson wishes the company to purchase.”

He adds: “It has often been said that there’s a case for the incumbent facilities/security professional in the larger companies operational across the UK to have a seat on the Board of Directors on the basis that this is the only way in which they’ll truly influence the physical spend on – and overarching interest in – operational management encompassing both general facilities and security.”

Continuing the theme, Sims explains: “Either way, security and facilities managers must show that they are ‘business savvy’ and an integral part of the host organisation. They must demonstrate their undoubted worth on a continual basis, proving that they are absolutely key to the daily functioning of the business at hand and must be viewed as such.”

Gillespie interjects, adding: “The problem with IT professionals managing the physical domain is that they do not have the relevant level of competence to understand what’s required. There are too many disparate elements within physical security, and that’s why it should always be approached by a physical security professional.”

Furthering this argument, Gillespie comments: “Perhaps the most effective solution is to employ a competent professional consultant to advise on the requirement, ideally one that is product independent and therefore offers nothing but Best Practice advice. It’s likely that, by following this simple rule, the right protective measures will be procured and subsequently installed.”

According to Anthony Pearlgood, BSIA members are not finding that IT professionals are controlling budgets. In fact, they feel budgets still sit with the facilities services team.

“Where they will see overlaps is when data destruction’s involved,” outlines Pearlgood, “notably in terms of hardware and software. While IT Departments may be more au fait with software compliances and breaches, etc, the FM will generally have the lion’s share over the influence of the contract.”

Key risks and threats at play

Addressing the significant number of risks and threats to today’s business landscape, Gillespie states: “The economic environment means that all businesses are looking to derive more from less. This means that the FM must try to achieve greater levels of service with fewer resources.”

He continues: “Security is always an important function that can be put under the microscope when there doesn’t appear to be any current security issues. However, it’s likely that the reason there are no current security issues is because the security regime is working.”

Stressing that no responsible FM can afford to ignore the potential danger to employees, the loss of essential assets and the overall financial impact that some of today’s threats – such as terrorism – could bring, Sims adds: “Although computer fraud, Intellectual Property theft and ID theft will not necessarily fall under the remit of the practising FM, it’s nonetheless worth their while to be up-to-speed on such threats.”

“People have become more security conscious,” maintains Pearlgood. “Tougher security and data management often becomes a significant concern in a recession. Identity fraud, for example, can be down to something as simple as inappropriate trash handling, and evidence has shown that criminals are being paid per document received where details can be used falsely and money can be extracted. Legislation and enforcement surrounding data protection are examples of how this business threat can be reduced and ultimately prevented.”

“Terrorism remains a concern and is likely to become more acute as we draw closer to the 2012 Olympic and Paralympic Games,” continues Gillespie, “but there are many other areas to consider regarding business security. Perhaps the most important aspect to get right is a good understanding of the threats.”

Summing up, Sims concludes by suggesting that FMs develop a basic threat matrix and risk assessment, draft avoidance procedures as well as planning objectives and obtain senior management ‘buy-in’ for that work.

“They also need to develop a disaster recovery and business continuity plan incorporating any lessons learned from recent incidents. Furthermore, the importance of establishing links with local police and other emergency services can never be understated.”

For further information on IFSEC International 2012’s educational features visit the official website, follow IFSEC on Twitter (@IFSEC) and/or join the dedicated LinkedIn group