The SMT Forum

The Case Against The Motion

(Security management could become part of an overall, facilities management-based operation where there is no dedicated security manager on site)

Michael Jasper
(head of risk, The British Library)

“FIRST OF ALL, I MUST STATE THAT DEBATES such as this are what the industry really needs.

“The theme for my presentation is ‘Changing World, Changing Role’. The security industry has changed for the good over the last 20 years or so. When we look at the world in which we all currently live, and the expectations placed upon security practitioners, it’s obvious that we need to become more customer-focused and encompass wider areas. Harbouring this ‘silo’ mentality, which we’ve adopted for years, needs to change. Our remit needs to be a good deal broader.

“If you were to travel back in time 20 years and look at the industry as it was then, quite often the managerial positions were populated by ex-services personnel or police officers. It’s good for the industry that this traditional route has begun to change, except for a few specialist areas where such experience is more than useful.

“We now find ourselves in an era where customer service is king. Both our internal and external customers are looking for more from their security management teams. They want a value-added service. Certainly, for the smaller and medium-sized companies they cannot afford to have one person with a sole responsibility for security. Having a manager with a wider remit makes sense for many reasons, not just financial ones. Security managers don’t want to be ruled by the financial imperative, but unfortunately they are. That’s the market we’re in.

“Only last night I was browsing the Internet, and looked at a few recruitment web sites (although I hasten to add I’m not looking to move from The British Library!). SSR’s site is interesting, in particular some of the security management roles they’re currently advertising. I also checked out the ASIS web site, and tried to find out what they feel are the core skills for a security manager. What is a security manager these days? What exactly do they do in practical terms?

“Well, we’ve said that the security manager’s remit has changed over the past two decades. Security management as a discipline no longer involves simply looking after the company’s security contract or the in-house team. ASIS feels the key attributes needed by today’s managers are high quality analytical skills, management competencies, an ability to anticipate, influence and assist the organisation to assess (and rapidly adjust to) on-site conditions. Looking at the recruitment web sites, again we’re conronted by ‘good communication skills, and being able to evaluate and monitor.’

“When you look at most of the advertisements, and strip away the pure security element, it probably represents about 25% of the job. The remainder is more general management skills that all senior managers need. Quite often you’ll find those skills in abundance in the facilities management role. Thus we can no longer have a silo mentality. We need to be broader and anticipate better the needs of our customers. Having the role of security management on its own isn’t working for numerous reasons.

“When we visit exhibitions like Securex, as security managers we don’t necessarily go along to look at all the technical aspects. We can ask consultants to do that for us.

“There’s now a great deal of flexibility in the security manager’s role, and if we’re ever to be truly represented in an organisation at the highest level we cannot hope that is going to happen if we remain outside of the overall facilities role.”

Bob Holmwood
(principal security consultant, Buro Happold ITAC)

“WITHIN SECURITY WE’VE NEVER REALLY defined the role of ‘security manager’ with any sort of clarity. Within facilities management, however, there is a clear definition for what a facilities manager actually does. What you’re really concerned with is the security strategy. The security policy, which outlines management support to the security function. Then you need to think about the procedures that sit alongside that. Then there’s the security measures to be put in place, such as CCTV, access control and perimeter protection.

“On top of that is security guarding on site, business continuity planning and risk management. Crisis and incident management planning need to be considered, so too disaster recovery procedures, information security and network security. Within facilities management, this is defined as the role for security.

“How do facilities professionals mitigate all of this and fulfil a security remit? They outsource. They can outsource strategy, policy and procedures. They can outsource all of the physical security needs, and of course the guarding function. If we were to outsource all of this, though, some commentators might say: ‘That’s fine, but what about dealing with the day-to-day issues?’

“Again, let’s look at facilities management for the answer. I’m sure many security managers report to a head of facilities. Facilities managers have a single expense if they choose to outsource. It makes budgeting much easier if the company isn’t tied-in to a single security manager. If you outsource you’ll be buying a specialist skills set. You go to a business continuity planner and you’ll receive a comprehensive business continuity plan. If you source your guarding from a reputable contractor, they’ll send you a team.

“You buy an objective and unbiased opinion. In many respects, as Michael stated, a security manager operates with tunnel vision. They just look at their own domain. They’re in the silo. For a company who buys in security expertise the benefits are there. The consultants who come in will have worked for many organisations, and have vast experiences of many different scenarios. They can bring new ideas to the party. Not only that, the development of similar in-house skills is expensive. While the in-house security manager’s away being trained and educated, they’re not completing the day-to-day tasks.

“On a day-to-day basis, how would the general facilities manager cope with security issues? They’ll have an intimate knowledge of the site and the essential services. If we’re talking security then we’re talking business continuity. The facilities manager will be qualified in contract management, which is essentially what’s required when you’re dealing with manned security. They can put the KPIs and SLAs in place. Quality control can be managed by facilities professionals. They’re trained in exactly that.

“If you need any proof that facilities managers can fulfil the security role then look no further than the extensive Case Study on 30 St Mary Axe in the October edition of SMT (‘Reach for the Sky’, pp18-26). Everything that I’ve said has been successfully brought together at Swiss Re, where the client is very happy with the security system on site.”

Stuart Lowden
(managing director, Wilson James)

“I’D LIKE TO APPROACH THIS TOPIC FROM A slightly different angle, in terms of where the security professional fits within the future business scenario and in relation to risk management in particular.

“What about the current trends and challenges? You’d think, given the terrorist threat that faces us all, that security would be at the top of the agenda and that the in-house security professional would never be better regarded. Yet in the UK, budget pressures have slowly but surely begun to drive security professionals out of the market. What has happened is that some key services have been contracted out to facilities management services providers. Ultimately, we’ve seen the security manager begin to lose some status.

“There has been a perception that there’s now a reduced need for security specialists, but why? Security managers have allowed themselves to become pigeon-holed, offering a limited field of expertise. They’ve taken a low profile within business to such an extent that, in many cases, security isn’t viewed as a key activity. The profession has also been hampered by people who have come into the industry from the services or police and have done just enough to get by.

“Thus when organisations have come to review security, Health and Safety and business continuity, they’ve wondered where they can save money. They make the security manager redundant, and the remit is assumed by a facilities manager or someone of a similar ilk. It’s an easy solution and a soft saving, but it’s a solution that security managers have created for themselves. The single discipline approach does not work in this context for every company. Certain operations have to have specialists, of course.

“Security management needs to become part of the facilities management operation but in its own right. I don’t agree with the idea that the facilities manager should assume sole responsibility for security, but I do believe that the security professional should have a vital role to play as a member of the facilities management team. The future lies in us being able to show that a security professional can be a vital part of the business.

“Security professionals must embrace those other risk challenges. The issues of Health and Safety, fire protection, IT security and business continuity, for example. They then take on a greater responsibility and deliver an holistic risk management function to the organisation.

“We constantly hear that security is a Boardroom issue, but ultimately it’s never a focal point. It’s seen as a specialist field governed by someone who’s not a security specialist themselves. They might be head of administration or Human Resources. Unless we do something about the current situation then security practitioners will never sit on the company’s Board of Directors.

“There are two career paths we might offer the manager of the future. There’s the specialist in the silo... and there’s a role for them. Alternatively, we can broaden the skills base and adopt a multi-discipline approach. There are certainly not enough specialist roles to go around. Therefore, taking the silo-style of management to an extreme means that we’ll limit the available opportunities for pure security roles.”

The Case For The Motion

(Security management must remain a distinctly separate discipline in its own right)

Mike Bluestone
(principal consultant, Integra Security Solutions)

“To BEGIN WITH, WE MUST ACKNOWLEDGE that there are many shining examples of where managers other than security practitioners carry out day-to-day security functions very successfully. However, this debate isn’t about that. It’s about whether or not security management should remain a separate discipline in its own right.

“It’s interesting to note that in many established and well-regarded professions like the law and medicine, practitioners will refer to specialists in the field by specialist names. For example, GPs refer to heart surgeons. The security sector is no different in this respect. There’ll always be a need for dedicated security practitioners to provide the missing evidence in what’s an increasingly sophisticated working environment. One in which their advice can impact greatly on the economy and the state.

“For their part, facilities managers – in the main, because of course there’ll be exceptions – can have day-to-day responsibility for the implementation of security policy. However, security policy is not solely concerned with physical security. It’s also concerned with intellectual security. Information, corporate secrets and ‘know how’.

“In most corporate environments, whether you’re talking about the public or private sector, the setting of corporate policy is determined at Board level. Facilities managers and similar ‘multi-taskers’ are unlikely to be privy to those decisions, and I say that without wishing to demean the role of facilities managers in any way.

“Business managers operating in whatever sector desire the immediate and focused resource of a true security professional. Someone who can advise them about Board level issues. Not just an implementer. That’s reflected in the salaries now being offered which would have been unthinkable even ten years ago. Then there’s the advent of licensing. Security managers may well be included in the Security Industry Authority’s remit at some point. The concept of the industry’s managers all coming from the Armed Services and the police is changing. While we cannot fail to recognise the contribution of those who have gone before, the demands of today’s business concerns require security practitioners to be highly professional. Organisations like The Security Institute are working hard to help security practitioners achieve recognition and validation by reference to their core activity. In other words, security management.

“If a company is targeted then there’s a major crisis management responsibility, and it’s the experienced and dedicated security manager who’s best equipped to deal with that. After all, they’ve spent much of their professional lives planning for such occasions.

“Dedicated security practitioners are often on call 24/7. They enjoy the complete trust of senior corporate management, and can work alongside planning and credit risk managers with no problem whatsoever.

“In the majority of cases, facilities managers aren’t the primary budget holders. They’re the recipients of them. Senior security managers are exposed to the strategic decisions of senior management, and can therefore influence those policies and strategies from the outset. Having a facilities manager doing the job is a compromise. The experience of a security manager is an asset to which every corporate organisation must aspire.”

Chris Smith
(head of regional security EMEA, HSBC Bank)

“SHOULD SECURITY MANAGEMENT REMAIN A separate discipline? We need to set that in context. Stuart talked about companies in the FTSE 100 Index. My context is all of those operations that are highly critical to the national interest, such as finance houses, communications companies and the utilities. Also, this has nothing to do with security managers believing they are better than their colleagues in the facilities or other sectors.

“From my perspective, security management is all about the evaluation of risk. None of us have tried to define ‘security’ today. Indeed, there is no single definition in existence. If it’s concerned with protecting the assets of the organisation, you’re talking about managing risk. What is the security risk? How do we evaluate that risk? It may be concerned with the realisation of an internal or external threat. The degree of vulnerability to which the organisation is exposed.

“Having looked at the threats, completed their analysis and evaluated all scenarios, the security manager would put a plan in place. That plan would involve a series of protective ‘layers’. How many security officers do you need? Should they be in-house or contract? That’s just one consideration, but the officer team constitutes the primary layer of protection. Then there’ll be CCTV and access control. If the security plan is the preserve of the security manager, which it should be, then those officers must report to the security manager and not a general facilities manager.

“There’s a definition of facilities management put forward by the International Facilities Management Association. It states: ‘Facilities management is defined as the practice of co-ordinating the physical workplace and the people who work for the organisation.’

“For as long as I’ve been a security manager I don’t think I’ve ever been in a silo! At it’s heart, the security function is there to protect. Facilities management has a multiple remit. Multi-tasking is fine, but only if it’s conducted within a defined area.

“Facilities managers are enthusiastic practitioners in their own right and will often enrol on security training courses, but they’re not dedicated to the topic of security. I’m totally focused on security and security alone.”

Erez Sharoni
(general manager of UniSecure at The University of Hertfordshire)

“FIRST OF ALL, I’M NOT OPPOSED TO CHANGE in the industry. I thought our ‘opponents’ today might convince me that security could become part of a wider function, but I’m happy to say that I was wrong!

“Chris just spoke about professionalism. If you look around Earls Court 2 today the exhibition stands at Securex reflect the diversity of the industry. There’s CCTV manufacturers, access solutions providers, representatives from the Security Industry Authority and the BSIA. What we’re talking about is someone who needs to know about all of this in depth in order to advise the Board at the company for whom he or she works.

“It’s nice that, in principle, you can outsource procedures. Now, an organisation changes on a regular basis. Events can make an organisation re-evaluate the way in which it operates. National events. Regional events. Local events. Say there’s an accusation of stealing in your workplace. You need to have covert surveillance up-and-running almost immediately to prove the accusation. Facilities managers might have meetings about parking, safety issues, contract catering. Can they really down tools and attend to that security event quickly enough?

“We’re also talking about constant liaison with other agencies here, which is very, very important. What about the police? You need to speak to them so that you know what risks are current in the vicinity of your company. The police tend to ‘move’ crime from left to right at the moment. As a security manager you need to assess the degree of threat, not on a monthly basis but on a daily basis. You must advise the Board of ways to prevent or deal with specific situations. You need to hold a budget so that if there is a problem you can do something ‘right here, right now’.

“Security management simply has to be a separate discipline with a separate line of enquiry to the Board. The security manager should not sit under the estates department. Security is vital to the core activity of so many businesses. Businesses which are subject to constant change due to economic or other pressures forced upon them.

“That being the case, there simply has to be a dedicated person in place who can readily administer the security function.”

The Panel at The SMT Forum

Host: Brian Sims
Brian Sims has edited SMT since December 2000. He holds a BA (Hons) degree in Human Geography from The University of Liverpool, and is an associate member of TSI.

Chairman: Bill Wyllie
Currently vice-president and head of European security at the MBNA Bank Europe, Bill is also vice chairman of TSI, and honorary president of ASIS International’s Chapter 208.

Michael Jasper
Michael Jasper is head of risk management at The British Library, where he holds a corporate responsibility for business continuity, security and Health and Safety.

Bob Holmwood
Bob joined Buro Happold ITAC as principal security consultant earlier this year to offer business continuity and event response planning dimensions to major master plans.

Stuart Lowden
Stuart Lowden is the md of manned security solutions provider Wilson James. He’s the holder of a Bachelor of Commerce degree in Business Studies and a trained accountant.

Mike Bluestone
Mike Bluestone is the principal consultant at Integra Security Solutions. He’s a Fellow of the International Institute of Security and an active member of the Fraud Advisory Panel.

Chris Smith
Chris has spent 22 years in the corporate security sector, and is currently head of regional security for Europe, the Middle East and Africa at HSBC Bank plc.

Erez Sharoni
Erez Sharoni is general manager of UniSecure at The University of Hertfordshire. A member of JSIC, Erez provides a safe and secure environment for 20,000 students.