The Corporate Security Network’s core thesis is that the impact of security on business performance and staff output continues to be inadequately understood, both across industry sectors and internationally.
By investing management attention on the contribution of security to business performance, shareholder value can be increased for the operation as a whole.
Benefits of membership
Membership of the Corporate Security Network is select. In the first year, members have included ADT, Barclays Capital, BT Property, Cancer Research (UK), GSK, Lloyds TSB, PricewaterhouseCoopers and Reliance Security Services. In addition to the intrinsic networking benefits of being members, these organisations have also benefited from privileged access to leading practitioners at exclusive discussion seminars.
Those practitioners have included:
- Peter Hermitage (former chairman of the Security Industry Authority), who gave his views on the impact of licensing and the implications for security managers;
- John Wilson of the National Extremism Tactical Co-ordination Unit who described his organisation’s work, the issues arising from extremism and its potential impact on the business community;
- Derek Smith (Legion Group) – current chairman of the British Standards Institution’s Security Screening and Vetting Committee – covered the latest developments on standards and Best Practice in relation to staff vetting and pre-employment screening;
- Caroline Demoulpied (of Equinox Security Management) offered a contractor’s perspective on private sector security;
- Tom Robinson from SDA Protec gave a demonstration of innovative digital IP video capture solutions;
- Professor Martin Gill (director) and Dr Tim Pascoe from Perpetuity Research and Consultancy International spoke about new and innovative research work concentrating on offender profiling and risk analysis;
- Paul Bartlett – chairman of the Office Productivity Network – presented current thinking on the future of flexible/agile working, the progressive trend for its implementation and the impacts on security;
- Malcolm Brown (head of CCTV at Perpetuity) gave an update on current research, and examples of good and poor implementation;
- Terry Cocks – general secretary of the Designing Out Crime Association, and a Metropolitan Police officer – provided a police view on the benefits of information exchange, better design and improved management.
How organisations manage risk
As well as accessing these first class seminars, members also selected and guided a major research project on the organisational management of risk. The work served to illustrate the breadth of risk now covered by leading facilities managers.
For example, the terrorist threat encompasses collateral damage, and impacts on managers’ ability to operate their buildings. It affects business continuity. Then there’s IT sabotage. In a similar vein, extremist groups can target individuals, make plans to assault executives, damage premises and intimidate visitors. An impact on the brand is possible.
In terms of information security, any policies put in place have to be balanced with operational business needs. Burglary, vandalism and theft are always a possibility. Staff vetting and screening is another area. Illegal workers need to be pinpointed – if a company is penetrated by organised crime then severe reputational damage may result.
Penetration vulnerabilities in relation to access control must be mitigated, while client confidentiality must always be at the top of the information protection agenda. Flexible workers are an issue, so too fraud. The latter may be low risk, but the potential for organised crime threats exists nonetheless.
The project showed that different sectors manage security and risk in a totally different way. Two models were assessed, namely central and business unit control. In the former grouping, security tends to be policy and strategy-led, with direction from the centre for mandatory actions. In the second grouping, facilities management tends to be operational and led by group and individual business units.
Risk analysis and modelling
Some organisations use risk modelling while others undertake very little risk analysis (other than physical surveys). One company studied uses an assessment profile-based model to identify which locations are most at risk. Being aware of the threat, knowing where it is and what the impact on the business would be if it materialised are the key issues for them.
This variability in risk management is also reflected in how information is used in risk assessments. Some practitioners manage risk and are led by qualitative data. Others are led by quantitative data. The former approach tends to provide reactive solutions, the latter defensive solutions. Some business sectors share data, while others do not.
Another finding of the research was the apparent lack of interaction and contact between physical security management and IT. That separation can extend right up to Board level. A typical division of responsibilities is physical, IT, fraud and business continuity. The advantage to Corporate Security Network members is the fact that some of them can see they share common problems. Others, armed with answers, were prepared to disclose them to other Network members.
Year One: a success… what next?
The Corporate Security Network’s first year has been a huge success. Members have built on their own Continuing Professional Development. They have also learned of the variety of risk management approaches.
What next? We will again be offering our half-day seminars for members on key security themes. Future issues to be discussed include internal communication for security awareness, relations with Human Resources and what we might learn from offenders.
We will also be carrying out research – guided by members – on areas such as the impact of infiltration by organised crime on major businesses.