Why incur the cost of security consultants?
Why would any entity engage a Security Consultant? Why pay fees for people you probably believe that you don’t need? What can a consultant tell you about your security when you have an entire department running security for your facility? How can there possibly be any ROI on having a consultant look at your security when it is already costing the company monies and producing no revenue?
Reasonable questions and beliefs? They are just some of the many objections that are typically raised when the topic of utilizing a security consultant surfaces in the Executive Suite.
From considerable experience in the field, you may want to consider the following perspective when the question of using security consultants next appears:
SVA (Security Vulnerability Assessment):
Conducting a qualified SVA is not only a mandatory requirement for new security legislation, current and pending, but is also sound due diligence before upgrading or replacing existing security systems and measures.
An SVA, if carried-out correctly will provide an up-to-date Threat Analysis, indicating the Credible Threat Level for the entity or facility, etc. In today’s environment of increasing violence, crime, theft, collusion to conspire, fraud, industrial sabotage, data tampering, and a host of other criminal practices, not to mention the ever present threat of terrorism of one type or another, an active shooter situation and Government legislation that is intent on improving security everywhere, it is essential that an entity protect itself against a credible threat level.
It should be noted that the level of security, required in countering a serious “state-sponsored terrorist” situation, is significantly greater than that required to protect against a lesser criminal situation (most companies are not looking to overspend based on overstated threat concerns when it can be avoided). Conversely, if the credible threat is of a serious nature, a well-executed SVA provides a professional and qualified analysis that will form the core documentation in applications for assistance in the form of State and Federal grants, as well as private sources available for that purpose.
A further benefit of an SVA is the Identification of Critical Assets.
One of the accepted facts of security is that it is logistically and financially difficult, if not impossible, to protect every possible asset, and thus it is necessary to prioritize in order of importance, all assets commencing with those considered most critical. As an example, in a college situation, this starts with students, faculty, staff, visitors, etc. This allows an organization or college facility to apportion available resources and funds for critical assets which most affect the college, and without which, the operation of the college would become untenable.
In other types of organization and facility, critical assets will be measured differently.
Perhaps the most valuable benefit of an SVA is the Provision of Sound and Viable Security Recommendations.
An SVA Report will provide recommendations put together by seasoned and experienced consultants together with key input from an existing management team that will encompass the following:
- Security improvements and/or upgrades,
- Recommendations with respect to mitigation,
- A timetable of implementation utilizing a phased approach,
- Estimated costs incorporating cost-effective technology
- Proven security measures.
An important advantage in having an outside team of experienced consultants carry-out an SVA assignment is their ability to be neutral in determining situations and levels of risk attributed to a facility. Furthermore, the consultant team will also take into account such aspects as current and pending legislation, accepted standards and practices within the security industry, proven security measures at other similar sites, and where applicable necessary mitigation.
Success in terms of a professional SVA can be defined as properly identifying the facility’s credible threat level, identifying real as opposed to imagined vulnerabilities, the ability to utilize existing security systems and measures in addition to new security recommendations within a cost-effective security plan and one which addresses not only security and safety issues, but which also significantly reduces the risk of liability, particularly possible negligent liability.
Security consulting success can also be measured by the identification of credible vulnerabilities. It is all-too-easy to put together a list of “what if” situations that a facility should protect itself against when in fact there is no real basis for such concerns. From experience, it has been found that credible serious vulnerabilities were often missed and many expressed vulnerabilities were overstated, and in a number of cases were unfounded and purely imaginary.
Success in security consulting is also measured in the application of Cost-Effective Security Solutions. Again from experience, far too many companies and organizations are “sold” security systems which are ineffective, inappropriate, fail to operate as claimed, very costly and are based on “what can we sell the customer” rather than what is required to provide an adequate level of protection for the facility. (See paper on “What is an Adequate Level of Security”.)
A seasoned and independent security consultant will analyze the respective requirements appropriate for a facility and then recommend proven systems and measures matching those requirements at optimum cost and at the same time allowing for future changes in technology, as well as changes that are likely to occur with the facility itself.
Providing such security solutions referred to above will also be based on considerable experience and expertise on the part of the consultant team (my firm utilizes consultants with not less than 25 years of such experience and is part of a security network providing a variety of individual expertise to meet virtually all situations).
It should also be noted that arriving at a proven, cost-effective and optimum solution to a given set of requirements will include the creation of Design Criteria (the reasoning as to why the security solution is based on the design systems selected and why the various types of security devices have been positioned within and around the facility), as well as the identification of the actual security problems as opposed to the symptoms.
Identifying Real Security Problems Versus Symptoms is achieved by consultant professionals with bonafide and very substantial experience and expertise.
A successful assignment can also be measured in sleeping soundly at night, knowing that your organization and facility will not be subject to any alleged Negligent Liability in the event of a security incident, or that your improved and possibly upgraded security systems and measures will be able to handle a reasonable level of corporate growth and change at minimal cost. The ability to handle change also applies to New Security Issues such as “Home Grown” terrorists or an Active Shooter situation with ISIS links.
There are many ways to measure a successful security assignment carried-out by professional consultants, but ultimately it is always necessary to remember that there is no substitute for experience and proficiency when it comes to security, and any security system has to work 100% without exception, has to provide an adequate level of protection in keeping with the specific facility and with accepted industry standards and practice, and most of all has to work as designed.
That is the true measure of a successful security consulting assignment.