In the past several years, we’ve noticed an alarming trend where companies add Security responsibilities to their Environment, Health and Safety (EHS) departments/positions. Before we get too far into this post, we want to say that we have the utmost respect for people in EHS positions. The work they do is invaluable. Brand reputation management, employee safety, regulatory compliance, environmental sustainability and many other areas are influenced by their efforts. For multinational companies with a variety of brands, global facilities and a disparate workforce, the workload EHS professionals handle is daunting.
And that brings us to the point of this post. EHS has enough to do! But what Pinkerton Director Daniel Alabre has seen recently is that they are being given even more to do…a lot more. “As corporate threats, such as active shooters and cyber-attacks, have risen in the past decade, companies are scrambling to find people to shore up their security protocols and processes. Too many times, it’s given to the EHS teams who have little or no experience creating corporate-wide security plans.”
What does EHS do?
According to the National Association for Environmental Management,“[EHS]involves creating a systematic approach to managing waste, complying with environmental regulations, or reducing the company’s carbon footprint. Successful EHS programs also include measures to address ergonomics, air quality, and other aspects of workplace safety that could affect the health and well-being of employees.”
Some EHS activities can include environmental regulation compliance, sustainability practice implementation, workplace accident prevention, emergency preparedness and eliminating hazards that could result in injuries. Based on that very broad description, it would seem that adding “Security” to the EHS role makes sense. And, it allows executives to feel like they have addressed potential risks by assigning the responsibility of mitigating the risks to people within their companies. However…
Checking the box is not enough
With mounting pressure on the C-Suite to have formalized security plans and procedures that anticipate threats and mitigate risks, it is not enough to give this responsibility to EHS and “check the box” that it is handled. “What happens is that security is folded into the EHS position with the belief that their work is closely enough related and relevant,” says Alabre. “But often the people have no security training, don’t have a security or military or police force background, and have to make it up on the fly."
Alabre says that one main reason given for why companies would add Security to EHS is cost. “They figure they can kill two birds with one stone,” says Alabre. “But that’s shortsighted. In the long run, they aren’t likely to have security protocols developed by risk management professionals. That could create future issues and bigger costs.”
Lawsuit prevention is not the same as risk management
“EHS professionals wear a lot of hats but one major area of concern is preventing lawsuits and government fines across a wide range of areas,” explains Alabre. “Environmental mishaps, workers compensation claims, and health code and OSHA violations are a just of few areas where they work to prevent legal actions. However, that’s not the same as managing risks that have a different type of impact.”
As we’ve written about several times previously, performing a comprehensive risk assessment that takes a holistic approach to security is critical, especially in today’s increasingly connected global business climate. So while there is certainly some overlap between EHS and risk management/security, each has its own discipline that requires a high level of professional experience. “An EHS team would not likely have access to a global network of security professionals who are constantly gathering intelligence that could influence business decisions such as where to open a new facility or whether or not an executive team should travel to a certain destination,” says Alabre. “Understanding the threats companies face, the probability of risk and creating plans to mitigate those risks should be handled by teams that have done it before, not an add-on to someone’s job responsibilities.”
For certain, EHS and Security teams should work closely together, not in silos. Being aware of the issues facing each is critical so that plans that incorporate disciplines from both areas are applied, creating a safe and secure environment.