“Why should I consider bringing an outside security team into my organization?” We get this question a lot. Most companies we talk with know that they have a skilled security team that handles issues with great professionalism. However, there are issues companies and organizations face to which, though they recognize them, they are ill-prepared to respond. Beyond that, there are unknown issues that can present a major problem for the future. It is within these two areas that partnering with an external agency can provide added value, perspective and expertise.
When issues are beyond experience
On a regular basis, companies are faced with new threats or challenges that they have become aware of but do not have the expertise to handle. That is when they need to know that bringing in an outside firm can bring perspective on a new issue. It is also the time when they need to engage with local and regional authorities to make sure they are also prepared for new situations. Pre-event planning with outside jurisdictions having authority in any variety of events is essential in “all-hazards” emergency response planning.
At a minimum, facility tours should be offered to all emergency response agencies in the respective jurisdictions. Waiting until there is an event is not the time for them to learn egress and ingress points, fire systems, population densities within the campus, on-site medical capabilities, confined spaces or other intricacies of a location. Whether in a high-rise, school campus or an industrial complex, past events have demonstrated that a predetermined entrance or response location for a medical response has provided rapid assistance to those in need. In addition, authorities should be invited to participate in functional and tabletop exercises.
Expansion is another reason companies consider an outside firm to bolster their security efforts. Entering new markets, whether foreign or domestic, creates new security challenges. Whether it is labor unions, political strife, supply chain issues, potential natural disasters, or other threats, companies may need input from a security firm that has worked in these new regions previously and can make recommendations based in on-the-ground experience.
Where a security company can really add value is in threat / risk analysis. Most companies, especially those with in-house security teams, are very aware of the major threats that face their operation. A security firm adds value to a security plan by knowing how those threats translate into real risks and how vulnerable the company is to them. Experience with other companies and a global perspective are key reasons bringing in an outside firm can benefit a company’s overall security.
What you don’t know can hurt you
Your security team knows your industry and has experience handling issues for your company. What an outside firm can help is with a proactive approach to anticipating new issues that your team may not even be aware exist. For example, before it happened for the first time, how many companies considered the risk of employees hacking into customer databases and selling information to would-be cyber criminals? Or, how many companies had to fall victim to supply chain crime rings before others started paying attention to their outside vendors and supply chains?
A security firm with a global operation experiences many threats that are localized at first but can, and many times do, become more widespread. Anticipating these trends before they become common occurrences is the advantage an outside security firm can bring to a company’s internal security team.
Integrating an outside firm with your internal security team
Not every internal security team will welcome “outsiders” with open arms. Clear communication and role definition in advance of implementation is critical. It is important that your teams know that the outside team is being brought in to enhance the operation, not replace them and not because they aren’t getting the job done.
We once worked with a company where our team was tasked with providing security at some facilities. Communication did not go out and it created a backlash because security managers at other facilities assumed they were going to be replaced and went to the plant managers with reasons to stop it. If the stakeholders were engaged with clear roles and responsibilities, the managers would have realized that it was not a company-wide initiative and that the “outside” managers were put in place to help them.
When integrating an outside security team into your organization, the following key elements should be considered:
Develop a Clear S.O.W. - when everyone knows the Scope of Work , they can provide input where they bring expertise and understand that there are areas where the team needs assistance. Getting everyone on the same page with clearly defined roles helps prevent uncertainty.
Upfront Communication - Transparency is a buzzword used a lot lately but, in this case it really does apply. There should be no doubt about why the outside firm is being engaged. In addition, the rules of engagement for all involved should be clearly understood so that everyone can focus on their responsibilities.
Create a Structure - Who reports to whom? How should issues be communicated? Who makes decisions on critical issues? Where does the buck stop? Especially when new teams are introduced into an established situation, people will be more comfortable when they know a structure is in place and they know where to go for answers.
Evaluate Often - Your team needs to know that the new team will be held to the same high standards you have set for them. Reviews should be conducted often so that you can assess how the outside firm is performing and, how your team is handling the change (yes, they should be evaluated too). In advance of these reviews, all involved should be informed that they will be conducted and on what basis they will be evaluated.
Every company, every situation is different. There is no universal signal that says it’s time to bring in an outside security firm. Each company must evaluate its threats, risks, how they are currently being handled and what resources are available. But there will always be things that companies fail to anticipate, so an initial consultation with an experienced firm that can produce a threat assessment is a good start.
Question for thought: What is the biggest challenge you’ve had with your company’s security this year?