If you believe your organization needs a qualified Security Manager, but your budget cannot support another salary, consider this alternative. Security Management Services International, Inc. (SMSI Inc.) is offering security management support services as an exclusive and unique service primarily to those clients who have availed themselves of a SMSI Inc. Security Assessment. SMSI fully understands that many enterprises cannot cost justify the hiring of a fulltime, qualified, security manager. Nevertheless this fact does not mean that most business enterprises do not need the expertise of a qualified security manager. Most enterprises need security expertise throughout the course of the year, but albeit, not on a daily bases. The validity assumption is supported by our extensive security litigation experience. The potential for liability claims against an organization that does not have security management expertise managing their security programs is greater than those organizations that maintain full time security management presence.

Alternatively, we will also offer this service to clients who have not contracted for a SMSI Security Review and Assessment. For those clients who wish to participate in our Security Management Support Program (SMSP) for at least one year, Security Management Services International, Inc. will perform an initial assessment at a 20% discounted fee.

Effective security programs must have two pervasive missions: the protection of property and the protection of people. The degree that any enterprise has a responsibility to protect property or people from a liability perspective varies from one industry to another. For example, those companies that provide third party warehousing in support of supply chain operations, bare responsibility when product go missing. The same logic applies to freight companies such as rail and trucking operations Businesses the serve the public such as shopping malls, parking structures, hospitals, daycare centers, hotels and schools (public & private) are all expected to maintain dynamic security operations.

Anecdotally, the odds of being sued for an inadequate security program are much higher for schools and those business enterprises such as hospitals, malls and high-rise buildings when there is an absence of in-house security management. However it is understandable that many business enterprises cannot justify the $100k to $200K+ salary that a well-qualified in-house security manger would demand. Our SMSP offers an effective alternative. The SMSI Inc. Security Management Support Program will protect your interests when dealing with those who provide security products and service such as contract security services. Additionally, our SMSP will continually monitor those security vendors by ensuring they live up to their commitments.

Many enterprises may not need a security manager on a daily basis, but a security professional will be needed several times throughout the year. Remember security is a situational discipline, meaning one size does not fit all. Additionally, security is a proactive discipline aimed at deterrence and prevention. This means that security programs are not amenable to universal solutions. Security programs must be promulgated on the basis of need, and that need may not be static. This means that security programs must be nimble by constantly adjusting to emerging changes in the threat environment. It is especially important that security programs achieve a reasonable standard of care for environments such as schools and healthcare facilities because of vulnerability exposure of the clients being served, patients and children. Adverse security events in schools and medical facilities are likely to be played on the six o’clock news nationwide.

SMSI, through its Security Management Support Program (SMSP) program is able to fill this void. This program will be customized to meet the needs of each client we serve. In many cases, a comprehensive security assessment may be required prior to the provision of Security Management Support services. If a security assessment is deemed advisable, SMSI Inc. will perform these services at a preferred rate for those clients who commit to a SMSP Contract.

If your organization presently has and in-house security manager who is light on experience, the SMSP will support that manager until such time he/she can function independently.

Security Management Support Services may include, but are not limited to:

• Security vendor selection & oversight
• Security design and project management
• Security Incident tracking and trend analysis (Remote monitoring & analysis)
• Professional guidance in the selection and application of security systems
  • Access management systems
  • Video surveillance systems
  • Lighting
  • The application of CPTED (Crime Prevention Through Environmental Design)
    • Lighting
    • Natural barrier usage
    • Signage
    • Landscape application
    • Housekeeping & Maintenance
    • Graffiti eradication programs
• Visitor control
• Management of Aggressive Behavior (MOAB®) training.
• Hiring and background checking protocols
• Asset protection programs
  • Inventory control audits
• Student, patient, guest & employee safety programs
• Crimecast data & reports
  • UCR Reports
• Staff crime prevention strategies
• Police liaison services
  • Community relations/crime prevention officer involvement
• Employment Bullying Mitigation
• Sexual deviancy awareness
• Overnight Building security
  • Alarm system design and supervision
  • Security lighting
  • Locking systems
  • Surveillance system
• Neighborhood Watch
• Gang sensitivity awareness
  • Graffiti awareness
• Workplace Drug detection and prevention
• Staff security awareness training
• Year round security awareness program
• In-persons visits to be determined on a need basis by SMSI security professionals
• Unrestricted Remote Management Support
  • Problem solving
  • Crisis management support
• Neighborhood outreach

Terms & Conditions

1. Four visits per year included in annual contract (Extra visits on per diem basis)
2. Reimbursement for reasonable and documented expenses
3. Unlimited remote support
4. Minimum of one year contract
   1. Initial retainer
   2. Monthly billing of balance
   3. Flat rate billing for visits in excess of four

All SMSI Inc. personnel will be Board Certified Protection Professionals and/or will be former law enforcement veterans. These professionals may also be Spanish bilingual. Remember, the cost of reaction is always three to four times the cost of mitigation.

For information, contact Bill Nesbitt, CPP: bill@smsiinc.com or call 805-499-3800.

Prison officers in New Zealand are appalled with their Corrections Department for saying stab vests are available after another prison officer was attacked at Rimutaka Prison last week.  

More than fifty prison officers have now contacted the Corrections Association in New Zealand, demanding stab vests or some sort of body armour, understanding that prisoners are volatile and unpredictable.

"I strongly believe we must understand better, and remind ourselves that we cannot change the aggressive behaviour of some prisoners” Robert Kaiser, CEO of UK based PPSS Group comments.

"There is simply no doubt that a prisoner consuming drugs, illegal substances or self made alcohol can become hostile and violent within a split of a second, regardless of the prison officers excellent communication skill and calm personality”.

"The ideas to create make shift weapons, e.g. sharpened table and bed frame legs, shanks made out of plastic, sharpened wood or pieces of mirror, and the idea of melting razor blades into tooth brushes and turning pens and pencils into weapon have not been developed out of 5 minutes of simple boredom.  These ideas have been developed following hours and hours of malicious thought processes, and even the very best prison officer can one day be on the receiving end of such thought process”.

A recent publication of the American Correctional Officer once claimed that 33.5% of all assaults in prisons and jails are committed by inmates against prison officers.

According to official statistics obtained by the Howard League for Penal Reform show that recorded assault incidents in prison in England and Wales have risen by 61 per cent between 2000 and 2009.

Based on this statistic prison officers at Hindley Young Offenders Institution, the largest child prison in Europe, are particularly affected with assaults on staff up by an astonishing 967 per cent.

We all will remember too well the outrageous attack on prison officers at the Frankland High Security Prison in March 2010, almost costing the lives of two prison officers, and have to accept the fact this is not a country specific problem, but rather a serious occupational hazard across all countries.

Robert Kaiser states: "The fact is that prison officers deal with some of the most dangerous, violent and unpredictable people in our society on a daily basis, and this is why I suggest they have the simple right to demand appropriate protection and the undivided attention and support from those charged with ensuring their welfare and personal safety”.

It is a rather interesting fact that a police officer who deals with dangerous criminal individuals for only a very few minutes every day is by law required to wear protective equipment… but the prison officer charged with supervising the same individual, potentially for a number of years, is not being issued with any type of protective clothing at all.

Robert Kaiser has been part of numerous discussions and consultancy meetings with prison and correctional facilities in several countries and fully understands all concerns: ”In every single of these meetings the ‘non-confrontational design’ question has always been the centre point of these sometimes very passionate discussions”.

"However, I always seem to come back to the same point, explaining that design and manufacturing capabilities have evolved so much over the past years. Concealable, thin and lightweight blunt trauma stab vests, extremely well suited for prison officers, are now available”.

It is without question, that covert stab vests and similar type of PPE (Personal Protective Equipment) will reduce the risk of workplace violence related injuries, and should this fact not be at least be worth starting an open minded discussion on the personal safety of prison officers?

---

PPSS Group is a UK based manufacturer of certified covert bullet proof vests, stab proof vests and the company behind Cut-Tex® PRO.  This groundbreaking fabric is one of the world's strongest cut resistant fabrics and is now being used to manufacture cut resistant clothing for police, military, prisons and private security firms all over the world.

Robert Kaiser, CEO of PPSS Group is globally respected expert in body armour and known for his passion for personal protection and personal safety.  He is frequently invited to speak in front of large audiences about the latest body armour developments within homeland security and domestic frontline services.  He is acting as body armour consultant for a number of organisations, associations, unions and government departments.

Conducting a security risk assessment utilizing an experienced security consultant can prove invaluable for your organization. Please review an article titled "Security Risk Assessment” at www.acesecurityconsultants.com for a detailed explanation of the Security Risk Process.

The following suggestions are intended in the selection process of a security expert being sought to evaluate and improve your security program and conduct a security risk assessment of your facility.

1. Review over-all security experience. How long has the expert worked in security management? Experience is the most important of all qualifications.
2. Is specific experience required? In my opinion a security consultant who meets the two key requirements (experience and certification) would be qualified to act as a security consultant in the vast majority of security assignments since objectives of security are essentially the same regardless of the organization.
3. Industry certification. The author recommends at minimum that a security consultant who is claiming broad based credentials possess the designation of Certified Protection Professional (CPP). Many of my peers believe that this certification is the highest designation that can be bestowed upon a security practitioner. It could be compared to the C.P.A. designation for an accountant.
4. Formal Education. While I believe education is important, I place experience and certification much higher in the selection process. There are many bright and experienced security consultants as well as CEO’s of major corporations who lack a college degree.
5. General liability insurance. A general liability policy should be in place to protect the consultant and consumer. If the consultant is other than a sole proprietor, some states may require a worker’s compensation policy.
6. Professional memberships. I recommend membership in the American Society for Industrial Security, International (A.S.I.S.) and the International Association of Professional Security Consultants (IAPSC). Both organizations are prestigious international security organizations which require membership to demonstrate education and experience prior to acceptance and both have elite certification programs to ensure that the security practitioner is qualified in their fields of expertise. These organizations also develop and share best practices.
7. Publications. While this credential is not crucial in the selection process, publications by the consultant may reflect his or her view points and thought process relative to a particular consulting project.
8. Customer and peer references. I would ask for references from recent customers to determine if the consultant was indeed able to enhance their existing security program via cost effective strategies.
9. Profit and Loss experience. While some of my peers may not think this important I consider P&L experience invaluable. Too many times security managers and experts see things from a one-sided perspective and are not able to properly balance risk and profit.
10. Interpersonal skill. Does the consultant possess the skill level needed to interact with employees and senior management and orchestrate the security risk assessment process?
    

Disclaimer: This article is written for general information purposes only and is not intended to be, and should not be used as, a primary source for making security decisions.

ABOUT THE AUTHOR:

Jim McGuffey, M.A., CPP, PSP, PCI Owner of A.C.E. Security Consultants has 35 years of security management experience. Prior to becoming a security consultant Jim served 3 years in the military, 8 years in law enforcement and 26 years in the armored car industry where he held senior positions of Area General Manager, District Manager and Regional Vice President. During his career Jim had responsibility for 70 high risk facilities, a large fleet of trucks and several thousand employees. Jim was awarded numerous national awards for producing leading results in safety, security, customer service, increasing sales and profit which are attested to by references from peers, supervisors and his management team on his LinkedIn Profile.

Jim has a B.A. Degree in Criminal Justice, an M.A. Degree in Management and is Board Certified in Security Management and Physical Security by the American Society for Industrial Security, International (A.S.I.S.) where he has been an active member since 1981.

Jim conducts security risk assessments for organizations and also conducts security risk assessment training. He has been retained as an expert witness in cases involving work place violence, death while in police custody, armored truck crashes, and armored car embezzlement cases. Jim is also called upon by financial investors from various parts of the world who invest in armored car companies to seek industry insight. He is active in his community and serves on several boards in leadership roles and also as a volunteer for organizations addressing homelessness, violence against women, drug and alcohol abuse, and prison ministries.

Please contact Jim at jimmcguffey@hargray.com or 215-460-7370 to learn how you can improve safety and security at your business with a security risk analysis or to assist in evaluating security and best practices that should exist at armored car facilities.

Certified Protection Professional (CPP®) - This certification designates individuals who have demonstrated competency in all areas constituting security management.

Physical Security Professional (PSP®) - The PSP® designation is the certification for those whose primary responsibility is to conduct threat surveys, design integrated security systems that include equipment, procedures and people, or install, operate and maintain those systems.

Professional Certified Investigator (PCI®) - Holders of the PCI® certification have demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation.

This article is intended as a basic over view of the cash-in-transit industry for customers, investors, security managers and others interested in the products and services provided by the cash-in-transit industry as well as some of the risks and challenges facing the industry.

The cash-in-transit industry which has been known for decades as the armored car business is now often thought of as a cash management business. The exact number of carriers operating in the U.S. constantly changes but it is estimated to be 55 to 65 carriers, with several large carriers dominating the majority of US markets, transporting, storing, processing and managing billions of dollars each year.

The U.S. economy and markets depend on the global distribution and management of these funds. Most carriers in the armored car industry provide a total cash management solution for their customers. Customers consist largely of financial and retail businesses but also include government agencies and any business requiring the protection, storage, distribution and management of valuables.

As recently as 15 years ago, upon entering an armored car facility you would have observed a garage area that consumed a substantial amount of space utilized for parking trucks. The next largest space was administrative and vaulting functions, with the smallest amount of space used for currency and coin processing operations. Space allocation would also vary depending on the climate since more space was allocated in colder climates for inside parking.

Space allocation changed as carriers began to realize the value in managing cash for their customers. Upon entering carrier locations today, while the garage still consumes substantial space, many facilities now support cash management systems and numerous teller stations. A few carriers maintain a large centrally located cash center with their Armored/ATM Branches located in a circular fashion surrounding the main cash center where cash is pick-up and dropped off daily.

When I started my career in the cash-in-transit industry nearly 30 years ago on the armored side of the business, armored car managers were responsible for starting up basic cash processing operations consisting of a single pocket currency counter and a fax machine to receive orders from financial institutions and send daily balance reports. With the evolution of technology and high speed processing equipment, this is no longer the case and managers with banking or other types of money processing backgrounds are often recruited to manage this product line.

Many financial and retail institutions outsource their currency and coin operations to carriers. This is a logical choice since carriers are transporting and storing these funds. Managing currency has grown tremendously with numerous carriers dedicating state-of-the art facilities entirely for currency processing and management of this profitable product line. Even those facilities offering mostly traditional transport services allocate substantially more space for currency and coin services.

The growth in this product line has created a significant ROI, resulting in the traditional armored product line in some cases, being sold as a loss leader to obtain more lucrative cash management business. I do not recommend this practice since the armored businesses still encompass the bulk of carrier revenue and diluting the traditional and larger pieces of the business can result in lack of proper evaluation and pricing risk experienced on the street.

Within a few years, some predict that the cash management product line will surpass the traditional armored businesses. Change and growth in cash management will be mostly driven by retailers seeking a more efficient method to handle cash from both a risk and service prospective.

Industry Products and Services:

Carriers use different terms to describe their products and services. One carrier may refer to the processing of currency as currency processing while another may refer to it as cash management. Transporting valuables in a truck may be referred to as cash-in-transit services, armored services, transport services, or by other descriptive terms.

Transportation or Cash-in-Transit involves picking up and taking valuables to designated points. This basic service still remains the largest revenue producer for most carriers even though cash management is closing the gap. Carriers utilize armored vans or trucks to transport valuables. Some carriers use vans when servicing ATM’s or carrying lighter loads but a van chassis does not support the weight of coin or heavy currency loads. The cardinal rule in the cash-in-transit business is to always get and give a receipt. Most crews consist of two people; however carriers should use three person crews when carrying higher liabilities aboard trucks or servicing locations in higher risk areas.

Cash Management/Currency Processing is the fastest growing and most sought after service provided by carriers. Cash management consists of verifying, reconciling, processing, forecasting, storing, and total management of customer cash and coin in a seamless and transparent manner for the customer.

Carriers experience the largest return on investment from this product for several reasons. Risk issues are better managed since supervisors are able to work closely with their tellers and CCTV systems are engaged in monitoring processes to ensure compliance. Unlike crews working on the trucks who must deal with traffic, accidents, robberies and other variables that substantially impact profits in a negative fashion, processing currency is done in a controlled environment under close supervision.

Coin Processing is out sourced by some carriers to other firms that specialize in processing coin. Coin service consists of storing, processing, packaging, distributing and managing coin contained and shipped in box, bag or other sealed containers.

Laxity and complacency when handing coin has resulted in the theft of substantial funds. In some cases coin is not discovered missing or reported as quickly as currency. As with any loss, the sooner it is reported and the investigation begins, the better the chance for recovery and resolution.

Audits similar to those recommended for currency should also be conducted periodically for coin. A walk through of a carrier’s facility can often reveal a carrier’s attitude regarding coin. If coin is left in areas unprotected by CCTV and other controls, a loss is certain to occur.

CCTV video should be maintained for a minimum of 90 days. Under most contracts, carriers are not responsible for losses reported after a certain period of time. However, customers have requested manifests for items that were delivered by a carrier more than a year earlier. Thanks to enhancements in digital video, storing and retrieving data is much easier today than in past years.

Storage of valuables normally goes hand-in-hand with transportation services. However, some customers store gold, silver, computer disks, nurse and other professional examinations, and other valuables. These valuable are stored for long periods of time without requiring transport services. To properly protect these valuables, a daily audit is required as well as other stringent controls.

Responsibility for vendor management of carriers should be rotated every few years since vendor managers tend to become too close to their carrier contacts which can create credibility issues on both sides. This closeness can also result in a lack of objectivity during a Request for Proposal for services.

The downside of changing vendor managers is that new managers may lack the experience gained by the former manager. However there are more upsides gained by changing managers and newer managers can spend sufficient time with the former manager prior to exchanging roles to gain adequate insight.

ATM Services are often provided in conjunction with traditional cash-in-transit service. Some carriers provide a full ATM service package to include the actual purchase and installation of the ATM, full maintenance service, cash replenishment, cash-processing and total management of all ATM funds. Servicing ATM’s by armored car crew members is extremely dangerous when the ATM units are located in an area exposed to customer traffic or other high risk areas and should be serviced by three person crews.

Electronic Safes are known by various brand names. These safes are primarily used by retail customers experiencing high turn-over and internal theft issues as well as spending significant time at the end of each shift reconciling receipts and cash. Even without theft issues, these safes can substantially reduce management downtime which can be better used by customers for growing and managing the business.

Most carriers partner with different safe manufacturers to offer a wide scope of services using these electronic safes which come in various sizes. The store clerk places bills into a bill validator located on the safe which verifies the bill by denomination. Coin is placed into a separate storage compartment as are checks.

These units provide shift reports and daily audit reports for the cash which can also be reviewed electronically via a web based system by an owner or manager to evaluate funds available, shrinkage issues, and other useful business purposes. These safes also dispense coin and provide some degree of currency counterfeit detection.

Properly managed and used in conjunction with a well managed CCTV system, the use of these safes can substantially reduce internal theft. A few customers reported that currency shrinkage was entirely eliminated. However, as with any security strategy, complacency can occur unless processes and systems are properly managed.

These safes are also used to provide provisional credit which means that customer assets can now earn interest at the time funds are deposited into the safe, depending on banking relationships and regulations.

Stationary Vaults are mostly located inside a mall lacking a bank. These vaults are used by store owners inside the mall. The vault provides customer change orders that are available during normal course of mall hours. Carriers can sell this service to retailers at a substantially less rate since the armored crew makes only one stop at the vault to gather the deposits and replenish expended coin and currency.

Customers benefit with reduced rates in addition to having the ability to withdraw change and make deposit drops without waiting on their carrier to arrive. This service has proven to be more in demand at locations without a nearby bank.

Virtual Vault Service utilizes a web based system. For banking locations with numerous branches, this service can help reduce cross-shipping charges from the Federal Reserve Bank. An example of cross shipping occurs when a bank ships to the Federal Reserve Bank $100,000 in tens while ordering 100,000 in tens at the same time. This web based system provides faster and more accurate processing and reporting and allows customers to review historical data to forecast cash needs which results in better management of funds.

This service also allows customers to capture new business wherever carrier trucks operate. An example of a need for this service is a bank headquartered in California which provides service for a retailer located in multiple states seeks to use a single carrier. Both the retailer and bank want to expand their relationship; however the bank is unable to add locations fast enough or lacks sufficient expansion capital. An agreement is reached with a carrier, usually within the same footprint as the retailer to provide cash management services and a solution for this logistical concern.

Funds are then picked up by the carrier and returned to the carrier’s facility for processing. Data is electronically transmitted to the banking relationship with seamless transparency for the customer.

Bar Encoding:

Substantial investments are required in bar encoding technology to reduce carrier risk and add value for customers. While bar encoding has been utilized by logistical companies for many years, this technology continues to be rolled out by some U.S. carriers. A few regional carriers pioneered this technology several years ahead of larger carriers, realizing the value it added for their customers.

When bar encoding is fully implemented, the system improves accuracy and eliminates hours of hand writing information onto manifests and again rewriting those same items that are returned to the carrier’s branch. The system captures information which is used for billing, saving substantial hours within the billing department while improving accuracy and making information more readily available carriers and customers.

In addition to increasing vault productivity and security enhancements another value added is referred to as proof of delivery (POD). Customers often call their carrier looking for proof of delivery for items. Prior to bar encoding, the carrier had to search through boxes of files looking for a manifest containing a customer’s signature for the item in question. While most requests are resolved by locating the manifest reflecting proof of delivery the search can take time, depending on the number of requests and the length of time that passed since the item was scheduled for delivery.

Carrier Due Diligence:

Regardless of upgrades in systems and technology, the three basic components that have always protected customers and carriers are integrity, financial strength and a solid cargo insurance policy. Reference to these basic protection factors can be found in Security Management Magazine (ASIS Publication) in articles that I wrote in 1993 and 2009.

Conducting due diligence when reviewing carriers financial capabilities and a having a thorough understanding of the carrier’s insurance policy are imperative in the selection process. Insurance must be adequate for size and scope of carrier operation. A carrier must maintain the financial strength to repay a large loss should for whatever reason the cargo policy fail to pay a customer claim.

A thorough due diligence process should apply to all carriers regardless of carrier size or reported financial strength. Customers should verify prompt repayment for loss situations with other customers of like size. Financial strength and a solid insurance policy may mean little to a customer, if the carrier has a history of failing to reimburse for losses. If a loss is clearly the responsibility of the carrier, many carriers will reimburse within 30 days.

In order to reduce insurance costs, carriers self insure for a certain dollar amount. This means that should the loss occur and it is less than the self insured amount, the carrier pays the loss. The same process applies to truck insurance in states where allowed. Carriers are banking on their ability to manage risk and if they are successful in this objective, insurance premiums are reduced substantially.

Training is essential to a carrier’s success. Training should consist of approximately 40 hours of classroom to include firearms, driving and basic security training since many new employees have never driven a large truck or handled a firearm. Carriers should require mandatory completion of classroom training followed by OJT training and on-going certification. Most carriers use training as a selling point to customers. The best way to ascertain that training is occurring is to ask the crews. Due diligence is especially important during economic downturns to ensure that crucial areas such as training are not curtailed.

Training is an important management function. Professional, on-going training programs implemented with qualified and quality instructors can improve employee retention, customer service, risk metrics and bottom-line profits.

When conducting a carrier facility tour, it pays to be observant. Pay attention to the equipment being used. Has the carrier invested in proper equipment to move coin or cash throughout the facility and for storage? Are employees in uniform? Is horseplay occurring? Is there a dual alarm system? Are cameras properly placed? If trucks are remaining in the garage, how do they look?

Some customers entrust substantial funds with carriers and these funds must be adequately protected. A prior check-list should be developed to ensure that contractual requirements are reviewed and are in full compliance.

Managing Risk:

Managing money, trucks and guns is about managing risk. It requires the ability to balance risk with profit. Managers must make safety and security equal to productivity. While some events are difficult to prevent, there are many actions that can be taken to reduce risk.

During my industry tenure I participated in numerous security audits and I strongly endorse unannounced and random security and cash audits. During a cash and coin audit, inventories are counted to make certain that all cash is present. These audits should occur in conjunction with other customers who maintain on site inventories at carrier locations.

This collective effort will help to ensure that an inventory is not moved from one side of the storage room to the other side just prior to an audit occurring. Failing to properly audit funds stored at carrier locations have resulted in very large losses with some of these losses remaining unpaid.

During audits, a review of policies is also conducted to ensure contractual compliance. While many facilities and cash rooms are monitored with new digital CCTV systems, some are not. Should customers request to review video during an investigation or incident, it is important that the system produce a clear viewing of the process involving the items in question. Customers who assume that carriers storing substantial amounts of money have state-of-art security systems in place may be in for a rude awakening if funds are missing.

Facilities should have back-up generators to support operations during power failures. A review of carrier back-up systems is an action that all customers should require as part of their Business Continuity Plan since a simple power outage can adversely impact customers if the carrier is unable to process and distribute cash.

Ascertain the type and condition of the back-up generator in place to ensure that it provides sufficient power to support the size and scope of operation occurring at the facility. I would also ask to review records reflecting the testing of the generator and inquire about back-up systems for computer data. Is computer data backed up nightly and if so where is it stored and what are the protective measures? What is the contingency plan should a major disruptive event occur?

There are many actions both carriers and vendors can take to protect their valuables. One of the most overlooked actions is ensuring the quality of the disposable plastic bags used to store and transport funds. Security was enhanced when the industry switched from cloth bags and lead seals to disposable plastic bags which are referred to as evident tamper resistant bags.

However, there are plastic bags in existence that can be easily compromised without leaving indications of such compromise. One issue occurs when a bag is compromised using cold or heat and then resealed without reflecting a marking such as "VOID” in the area where penetration or attempted penetration occurred. In this case, money is easily removed and the bag resealed without indication compromise.

Another issue occurs when a bag reflects a marking indicating that it has been compromised simply through the normal handling process of the bag without the bag actually being compromised. This is referred to as a false positive reading which leads to complacency by tellers.

There are other concerns such as the quality and thickness of the plastic which cause the bag to burst if the plastic is lacking in quality or thickness. As with any change in security practices, there should be a risk assessment conducted prior to a change. Please refer to my paper, The Security Risk Assessment.

Financial institutions entrust highly confidential information to carriers. This information must be protected and additional protection must be required for lap-tops that can be easily stolen or compromised if left unattended.

Crew Size and Low Wages and Few Benefits:

The last time many front-line crews enjoyed higher wages, better benefits and three person crews were when larger carriers were represented by the Teamsters in the early 80’s. It was in the early 80’s that carriers refused to honor existing contracts with the Teamsters at which time wages and benefits were substantially reduced and with few exceptions three-person crews became a thing of the past.

Pre-employment screening:

Reducing risk is best accomplished by hiring the right person. New candidates should undergo a criminal background check, motor vehicle check, credit check, past employment and other reference checks, drug testing and most of all and in my opinion the most overlooked is a thorough interview conducted by a seasoned interviewer trained to ask follow-up questions when deceptive responses are suspected. All carriers interview but some interviewers lack training. Carriers may elect to use polygraph and other honest tests in states that permit such tests.

This paper is not intended to discuss all areas that need to be reviewed but hopefully it provides insight into the importance of a thorough review process of an industry entrusted with billions of dollars.

Industry Concerns:

The industry requires leadership who understands the importance of balancing risk with profit. Leadership must be confident enough with their organization to sell the business at rates that support wage increases for their front-line people, improvements in technology and upgrades in security systems.

The industry cannot continue to increase responsibility of front-line crews while paying low wages that are nowhere close to being commensurate with level of risk and responsibility experienced daily.

Following large mergers and acquisitions in the 90’s, customers leveraged their size in markets, driving down already low transportation rates to the point that in my opinion will not support quality growth and sustain quality programs needed to manage a high risk business.

Handling cash is very costly, time consuming and presents significant risk for carriers and customers. The objective for carriers and manufacturers of industry equipment is to reduce cash handling and expedite credit for cash in transit so that it becomes a performing asset. The retail environment is the primary target for cash recycling equipment and applications to improve handling efficiencies and reduce risk. Some carriers are testing cash recycling units which are not much larger than an ATM via a pilot program in select retail stores but there are concerns to be worked out in the reconciliation process.

A recent threat to the industry is the attacks on cash-in-transit facilities. There have been 3 in the past year compared to few in previous years which are noted in my paper "Attacks on Armored Car Facilities.”

Carriers implementing technology to improve internal efficiencies and reduce handling fees while providing faster credit to customers will continue to gain an immense competitive advantage. The key to success has and will continue to be the investment in people, technology and equipment while balancing risk with profit.

Disclaimer: This article is written for general information purposes only and is not intended to be and should not be used as a primary source for making security or financial investment decisions.

ABOUT THE AUTHOR:

Jim McGuffey, M.A., CPP, PSP, PCI Owner of A.C.E. Security Consultants has 35 years of security management experience. Prior to becoming a security consultant Jim served 3 years in the military, 8 years in law enforcement and 26 years in the armored car industry where he held senior positions of Area General Manager, District Manager and Regional Vice President. During his career Jim had responsibility for 70 high risk facilities, a large fleet of trucks and several thousand employees. Jim was awarded numerous national awards for producing leading results in safety, security, customer service, increasing sales and profit which are attested to by references from peers, supervisors and his management team on his LinkedIn Profile.

Jim has a B.A. Degree in Criminal Justice, an M.A. Degree in Management and is Board Certified in Security Management and Physical Security by the American Society for Industrial Security, International (A.S.I.S.) where he has been an active member since 1981.

Jim conducts security risk assessments for organizations and also conducts security risk assessment training. He has been retained as an expert witness in cases involving work place violence, death while in police custody, armored truck crashes, and armored car embezzlement cases. Jim is also called upon by financial investors from various parts of the world who invest in armored car companies to seek industry insight. He is active in his community and serves on several boards in leadership roles and also as a volunteer for organizations addressing homelessness, violence against women, drug and alcohol abuse, and prison ministries.

Please contact Jim at jimmcguffey@hargray.com or 215-460-7370 to learn how you can improve safety and security at your business with a security risk analysis or to assist in evaluating security and best practices that should exist at armored car facilities.

Certified Protection Professional (CPP®) - This certification designates individuals who have demonstrated competency in all areas constituting security management.

Physical Security Professional (PSP®) - The PSP® designation is the certification for those whose primary responsibility is to conduct threat surveys, design integrated security systems that include equipment, procedures and people, or install, operate and maintain those systems.

Professional Certified Investigator (PCI®) - Holders of the PCI® certification have demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation.

Cash-in-Transit carriers like many businesses look for ways to improve profits. However, smart carriers don’t shortcut training to increase profit knowing that short-term profit gains mean little if there is a fatal truck crash due to a decision to reduce training for drivers.

Since carrier drivers and guards are largely unsupervised, training is crucial to ensure that front line team members are well versed in policies and procedures and organizational objectives prior to being assigned a route.

Training is an area that is sometimes viewed as expendable when increased profits are demanded or when staffing issues arise due to large pieces of new business starting or when the economy is good and hiring becomes difficult. The downturn of the economy in 2008 had a positive impact on employee retention which normally results in improved training and subsequent benefits of improved safety, security and customer service.

When staffing issues arise, front-line employees are sometimes placed on trucks and given a firearm without training resulting in substantial risks for carriers, customers and employees. Prior to driving an armored truck many newly hired drivers have never driven a truck of any type or fired a firearm.

Suggestions for sound training program:

1) Training must occur immediately after the employee is hired if the employee is being placed on board a truck. There can be no exceptions to this rule. There are situations where it may be necessary for an employee to have a few weeks under their belt to gain a better understanding of the business prior to training, but these exceptions are rare. Even in rare exceptions there must be some sort of basic indoctrination to basic policies, work environment and security and safety procedures. 2) Instructors must be qualified on the topics taught and represent the organization in a positive manner. Selecting the right trainer is crucial to the success of a training program. 3) Training must be documented and signed off by both the employee and the instructor and reviewed and audited by management. 4) A training record should be maintained separately from other documentation placed inside the employee’s personnel jacket. 4) Testing must occur to ensure that the employee has grasped the material covered. 5) Instructors should be rated by the employees being trained and these ratings reviewed by management and the instructor. 6) For certain functions such as driving or firearms training, the instructors must have certification such as Smith System or NRA certification which must be monitored to ensure renewal upon expiration of certification. 7) Documentation is crucial in training. When OSHA conducts a site inspection the inspector will ask to see training documentation. Documented training also helps management when reviewing employee performance to ensure that the employee has received adequate training. 8) Training must be on-going and tracked to make sure that it occurs in a timely fashion. 9) Organizational incidents both positive and negative should be studied and incorporated into future training programs to prevent reoccurrences and improve results.

The author suggests that customers review training programs that carriers often share in the sales process to ensure that these programs are an integral part of their business. One method to determine if training occurs is to ask an employee questions about their training program.

About the Author:

Jim McGuffey, M.A., CPP, PSP, PCI Owner of A.C.E. Security Consultants has 35 years of security management experience. Prior to becoming a security consultant Jim served 3 years in the military, 8 years in law enforcement and 26 years in the armored car industry where he held senior positions of Area General Manager, District Manager and Regional Vice President. During his career Jim had responsibility for 70 high risk facilities, a large fleet of trucks and several thousand employees. Jim was awarded numerous national awards for producing leading results in safety, security, customer service, increasing sales and profit which are attested to by references from peers, supervisors and his management team on his Linkedin Profile.

Jim has a B.A. Degree in Criminal Justice, an M.A. Degree in Management and is Board Certified in Security Management and Physical Security by the American Society for Industrial Security, International (A.S.I.S.) where he has been an active member since 1981.

Jim conducts security risk assessments for organizations and also conducts security risk assessment training. He has been retained as an expert witness in cases involving work place violence, death while in police custody, armored truck crashes, and armored car embezzlement cases. Jim is also called upon by financial investors from various parts of the world who invest in armored car companies to seek industry insight. He is active in his community and serves on several boards in leadership roles and also as a volunteer for organizations addressing homelessness, violence against women, drug and alcohol abuse, and prison ministries.

Please contact Jim at jimmcguffey@hargray.com or 215-460-7370 to learn how you can improve safety and security at your business with a security risk analysis or to assist in evaluating security and best practices that should exist at armored car facilities.

Certified Protection Professional (CPP®) - This certification designates individuals who have demonstrated competency in all areas constituting security management.

Physical Security Professional (PSP®) - The PSP® designation is the certification for those whose primary responsibility is to conduct threat surveys, design integrated security systems that include equipment, procedures and people, or install, operate and maintain those systems.

Professional Certified Investigator (PCI®) - Holders of the PCI® certification have demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation.

"In the world of executive protection it is of great importance to see how quickly you could become fully operational again after being shot from close range”, Robert Kaiser says after personally being shot, testing their new covert bullet proof vests.

A high definition video has now been made available on YouTube, highlighting the CEO of PPSS Body Armour being shot from approx 9 feet or 3 meters. View here

The shot was fired from a Glock 19 handgun, using 9x19mm FMJ 124gr ammunition.

Robert Kaiser is one of the very first men in this industry who has decided to ‘put his money where his mouth is’.

"I have seen many body armour companies making astonishing claims, so I decided to offer real physical evidence using live ammunition” he says.

Robert explained in great depth and personally ensured this video was not produced to create any type of tough guy image, and it should also not be seen a disregard to human life.

Having viewed the video, it is fair to say that all reasonable and necessary precautions have been taken prior to the production.  One of the country’s leading trauma nurse was present, paramedics were on stand by and an IV was prepared in order to infuse essential drugs in case something did go wrong.

PPSS Body Armour have now launched this ultra light and extremely thin NIJ Level IIIA+ bullet proof vest in order to offer executive and diplomatic security professionals the best possible concealable protection.

With a weight of only 1.65kg, a thickness of just 6.5mm and protective area of 0.28sqm, this new outstanding bullet proof vest certainly means business.

Made out of a high performance ballistic material, this new bullet proof vest also offers additional protection from Tokarev Ball 7.62 x 25mm and Makarov 9 x 18mm.

Waterproof and breathable Cordura® 180 and groundbreaking temperature controlling Outlast® space technology make this great body armour an ideal choice especially in hot and humid conditions.

A specially developed 0.85mm trauma liner provides extremely effective blunt trauma protection.

Please contact PPSS Group directly on +44 (0) 845 5193 953 email info@ppss-group.com or visit www.ppss-group.com

---

PPSS Group is a UK based company, specialised in the design, development and manufacturing of high performance bite and cut resistant clothing and body armour. PPSS Group is also the company behind Cut-Tex® PRO, a groundbreaking and one of the world’s strongest cut, tear and abrasion resistant fabrics, now being used to manufacture cut and bite resistant clothing for police, military, emergency services, prisons, mental health care and private security firms all over the world.

Robert Kaiser, CEO of PPSS Group is a globally respected expert in body armour and known for his passion for personal protection and personal safety.  He is frequently invited to speak in front of large audiences about the latest body armour developments within homeland security and domestic frontline services.  He is acting as a body armour consultant for a number of organisations, associations, unions and government departments.

There are a number of security consultants listed on this Website. Most of the security consultants that are members of Security Source Online are competent, well experienced and maintain a high degree of integrity. They bring a wide range of expertise to the clients they serve whether on the factory floor, a hospital, shopping center or in the courtroom.

The value of Security Consultants is that they are able to bring an objective point of view to the clients they serve. In order for them to bring objectivity to the table, security consultants should be independent professionals without ties to the vendor side of the industry. For those of you outside the security consulting world, you may be surprised to know there is a good deal of friendship and mutual respect among these professionals. You will find that most have several years of multifaceted experience prior to hanging out their shingle. Most security consultants hold the CPP designation, along with other certifications.

What benefits are derived through the use of Security Consultants?

As mentioned, the first benefit is objectivity. Many of the organizations we work with have experienced security professionals running their security programs, yet they avail themselves. One may question why an experienced security manager would go outside and hire a consultant. In almost all cases, the reason given is they are seeking a fresh objective perspective. Because experienced security consultants have worked for a variety of diverse clientele, they have a wide range of experience to call upon. They understand many vertical industries and they understand the need to ensure that each security programs is responsive to the situational environment at hand. This objectivity is also useful in helping clients choosing security vendors. Not all vendors are created equally and some vendors who may be strong in Peoria may not be so strong in Sacramento.

Because of their breadth of experience, security consultants have a good understanding what works and what doesn’t work. Their perspective is also buttressed by the fact they frequently communicate with one-another. This knowledge helps ensure to that scarce resources produce will optimal ROI for the clients they serve. They understand that most security programs most meet the corporate goal of management. Security consultants understand the need to ensure that each security program fits within the framework of the organization as determined by the C-Suite.

Finally, our role as security consultants is a positive one. The best security consultants do not come into an organization with the preconceived notion to find fault and with the intent to rebuild the security program in their own image. Rather our role is to come into an organization to discover what is right and what is working, and then determine how to make it better. This concept is generally referred to as positive consulting as opposed to coming to a project with the predisposition to find fault.

As we said at the onset, there are numerous security consultants here at Security Source Online. Most security consultants are driven, to one degree or another, by a certain sense of altruism. If you doubt this, contact some of the consultants on this website. You will find them forthcoming and willing to have a discussion on a wide range of concerns you may have. You will also find that of you raise an issue outside the realm of their expertise; they will refer you to one or more of their colleagues.

Security consultants provide comprehensive security assessment, provide security management support, develop security system RFPs, provide security designs as well as project management support. Many security consultants are active in the forensic area as court qualified expert witnesses.

I hope this topic evokes some discussion form our members and other interested parties. I hope we can elicit differing points of views from other consultants and well as the pros and cons from those who have used security consultants. All security professionals strive for excellence and forums like this advance that cause.

There is an evolving trend toward a middle ground between having no Security Manager and employing a fulltime Security Manager/Director. Every business or organization either cannot justify a fulltime security management position or they believe they cannot afford the cost of employing a fully qualified Security Manager. Some companies that use contract security services will pay extra for and onsite security supervisor as part of the total package being provided by the contracting guard company. To the extent this site manager is qualified to take on the role beyond that of supervising contract security officers is questionable and may present a conflict of interest. Yet, in the real world, when one inquiries "who is in charge of security?” the onsite supervisor is often named.
 
Stepping into this void is a number of fully qualified and certified security professionals who assume the role of Security Management Support. These professionals operate under contract to oversee and monitor all aspects of the security operations including oversight of guard force operations, physical security vendors and investigative services. They often write and oversee a wide range of RFPs and participate in the vendor selection process. The expertise provided by these professionals is at least equal to that of a fulltime security manager minus the expense of payroll, taxes and fringe benefits. Every enterprise does not require a fulltime security manager, but most enterprises require some security management expertise.
 
What is your opinion on this matter? Does this approach have merit? What are the pitfalls? What are the advantages? Are you familiar with this alternative approach?

"Too many paramedics and other frontline professionals are still opposed to wearing stab vests or other forms of body protection, due to simple misperception", says Robert Kaiser, CEO of UK based PPSS Group.

Many internal surveys, conducted by the UK's Ambulance Trusts concluded that stab vests are not wanted by their frontline staff.

Paramedics Body ArmourRobert Kaiser strongly believes this is simply due to 'technical and design misperceptions' of body armour.

"We have conducted a six months survey, questioning a number of paramedics within the UK how they feel about stab vests, and the result is absolutely clear".

"Of course, there will be people doubting the efficiency of our survey. Nevertheless, we strongly believe this survey shows once again, professionals require user friendly protection".

Based on the PPSS survey, 72.8% of those completing the survey stated "stab vests, which offer blunt trauma protection, should be issued to ALL Paramedics".

87.7% also confirmed that "paramedics should be issued with their OWN INDIVIDUAL stab vest".

55.6% mentioned they were not aware of the latest available advances in covert stab vests, e.g. thickness, weight, concealability and wearability.

"Many of these professionals still believe stab vests are 6kg heavy, one inch thick, bulky, uncomfortable, restrictive and confrontational looking. But this is now far away from the truth".

Mr Kaiser is convinced that the majority of violent attacks on emergency services staff in the UK are not edged weapon, knife or needle related. He believes that the majority of assaults are 'blunt trauma related incidents'.

"Based on many years of frontline experience and our extensive research we know that the risk of knife or needle attacks exist, but this risk is nowhere near as high as the risk of being pushed, punched or kicked whilst on duty".

"This is why we have developed concealable, ultra thin and 2.1kg light body armour that protects the wearer from any type of knife and needle, but more importantly also from punches, kicks and any type of blows".

Mr Kaiser explains: "I think it is time to ask paramedics, prison officers and other emergency services personnel the right questions and educate them in a caring and supportive manner."

"Let us show them how much body armour have advanced. We fully understand the operational responsibilities and risks of ambulance personnel and our body armour reflect this understanding".

On Thursday 10th April, PPSS Group delivered a very informative public presentation, demonstrating the astonishing capabilities of their recently developed body armour, stab vests and slash resistant clothing at the London Islington Hilton Hotel. The event was attended by numerous organisations and professionals.

Aiming to clarify the common misperceptions of body armour, Mr Kaiser himself demonstrated the effectiveness and capabilities of the equipment. The two LIVE demonstrations, which saw the audience gasping for air, certainly had a huge impact and impressed all visitors.

Mr Kaiser strongly recommends to all NHS Ambulance Trusts, Healthcare Trusts and any organisations which employ frontline professionals to re-look at the potential requirements for user friendly and lightweight body armour..

Should you have any questions in reference to body armour, stab vests or slash resistant clothing, then please feel free to contact PPSS Group on +44 (0) 845 5193 95 email info@ppss-group.com or visit www.ppss-group.com

---

PPSS Group is a UK based manufacturer of UK Home Office certified stab vests and the company behind Cut-Tex® PRO. This groundbreaking fabric is the world's strongest cut resistant fabric and is now used to manufacture slash resistant clothing for police, military, emergency services, prisons and private security professionals all over the world.

Robert Kaiser, CEO of PPSS Group is frequently invited to speak in front of large audiences about the latest body armour developments within homeland security and domestic frontline services. He is acting as body armour consultant for a number of organisations, associations and government departments. He is also organiser of the annual LONE WORKER SAFETY Conference & Exhibition, taking place in London in May every year.

Some organizations require a consultant, a security system integrator and/or a video surveillance vendor in addition to many other service providers. Finding the proper assemblage of security providers is a daunting task. It is even more difficult if multiple site locations are involved. This task would be infinitely simplified if these customers were able to turn to a single resource that would be capable of meeting their varied needs. SSO provides that resource.

Security Source Online (SSO) is stepping into this void by providing a single source for a diverse grouping of security professionals, products and services. Security Source Online is the brain-child of William Nesbitt, CPP, a well seasoned Board Certified Security Professional. In addition to Bill, the website’s advisory board members are all Certified Protection Professionals. These individuals are profiled on this website.

This website is also unique in that it offers one year memberships to security providers for a single annual fee. A distinctive aspect of SSO is that the website is also a blog where members only can post informative articles. However, any visitor to the website has the ability to make commentary to any posted blog thereby making SSO interactive.

Security Source Online provides those with security needs direct unfettered access to their vendor of choice. Additionally, SSO members are encouraged to form collaborative relationships with fellow members in order to best serve the collective needs of their clients and to provide clients with a single source for a plethora of security products and services. Over time this website will become the gold standard as a reliable resource for security products and services. Interested parties will be able to find everything from access control system providers and manufacturers to forensic security expert witnesses. This website will become a resource for finding security guard companies, system integrators. IT security specialists as well as forensic security experts.

Given the number of active shooter incidents over the past ten to fifteen years, as well as the upward trending of these incidents, awareness for security professionals is prudent. The N.Y.P.D. study and the Homeland Security document attached hereto provide useful information. If one adheres to the belief that history is prologue, familiarity and preparation for these kinds of incidents seems like a worthy objective. You will also find an active shooter protocol developed by the National Retail Federation.

When these incidents occur, they generally capture several news cycles and have a lasting shelf life. History has shown us the very few institutions are immune from these senseless acts of workplace violence. Active shooter incidents have touched public schools and universities. They have occurred in shopping malls, manufacturing facilities and business offices. They have also occurred in healthcare facilities such as hospitals and extended care facilities. The common denominator is that most incidents have occurred in properties that afford public access.

As I see it, security professionals need to plan for these events on two levels. First, they need to reasonably try to prevent these events from occurring in the first place. Second, if and when an episode does occur, they need to develop reasonable protocols to contain the event while at the same time moving potential victims out of harms way. There are no "one size fits all" remedies.

Part of the planning process needs to include sensitivity to warning signs, if and when they exist. Sometimes warning signs can be a shooting event on the other side of the country. How many times, over the past ten years have we seen two or three of these events occurring in close time proximity to one another?

www.SecuritySourceOline.com (SSO) is open for business. This marketing/informational site is unique because the site is managed and overseen by seasoned security professionals, not marketeers. Security Source Online provides the vehicle for the marketing of a wide range of security services and products on one hand, and on the other hand a source for practical information aimed at the mitigation of security threats. The SSO advisory board consists of security professionals representing the breadth and width of the United States and can be found on the website.

This website is unique because it serves two purposes. First it is a resource for security information. The site contains an ever growing number of blogs that address variety of security subject matter. SSO blogs are responsive to problems and questions posed by those seeking answers to difficult problems. No legitimate security topics are ignored. The site also provides links to a number of current security news stories. All blog postings are screened to ensure they are truly informational as opposed to being thinly veiled advertisements. The best way to advertise is to provide usable information for those looking for answers. We want visitors to the site to return again and again, not only to locate problem solvers and security equipment when needed, but to also find ideas for mitigation security threats.

Second, as mentioned this site is intended to be a resource for those truly need professional security problem solvers. As our membership grows SecuritySourceOnline.com will become the place to go when security expertise is needed. SSO members will consist of security integrators, security consultants, forensic security experts, alarm companies, security equipment providers, contract security providers, fraud investigators and information security experts. As this site grows, you will find security expertise representatives from all over the world. SSO members represent such disciplines as hospitality security, healthcare security, retail security, information security, supply chain security and many other security disciplines.

The Security Source Online Group had been on LinkedIn for only about a year and has more than 1300 members. Within this group there have been numerous and diverse discussions. SSO on LinkedIn is testimony to the wide range on interest in this unique approach. The Security Source Online Group on LinkedIn continues to attract a diversified group of international security expertise, as well as those seeking answers to difficult challenges, and will continue to do so. On LinkedIn about half of the members of Security Source Online Group members are security providers with the other half being security services users. One of the goals of the SSO LinkedIn group is to encourage thoughtful interaction between users and providers with a minimal amount of commercialism. SSO will provide access to regional providers as members with both a national and international presence as well as those providers who serve local markets.

Our security provider members are encouraged to address the issues of the day by posting topical and thoughtful articles on our blog. We want visitors to SSO to consider the site to be a resource of current security management and security program development information. Those seeking security products or services will be afforded direct access to any of our members with no middle-man interference. Any member who does not maintain high ethical standards will be removed from the site immediately.

The site also hosts a Speaker’s Bureau for those members who provide special insights within the ever-changing world of security services and security technology my making educational public presentations. The SSO Speaker’s Bureau consists of individuals who regularly making presentations of ASIS Internationals and other prestigious trade organizations. Those members of the SSO Speaker’s Bureau understand that our role is to inform as opposed to making forty five minute sale pitches.

Finally, the Security Source Online Roundtable is comprised of individuals who hold widely recognized professional certifications in the various security discipline members. A condition of Roundtable membership is a willingness to form strategic partnerships other Security Source Online Members, in order to meet the synergistic needs of clients they serve. These partnerships will afford SSO member clients with a single point of contact as well as the capability to serve many geographic locals in a coordinated and cohesive manner.

Those interested in becoming a member of the Security Source Online family are now able to do so at a very low annual fee. These low introductory sign up fees will be available on a very limited time basis only. Our goal is to provide an international security resource for those individuals and organizations seeking security information and providers of security related services.

By Jim McGuffey, CPP

This paper is a basic overview of the security risk assessment process. It reflects a process that I utilize when requested to assist in the resolution of security incidents or security requests. An example of a security request is the selection of CCTV equipment or an alarm system; a security incident might involve an assault or theft. I have turned down work because a customer felt rushed and wanted me to make recommendations for a security system without first conducting a security risk assessment.

Funds are sometimes spent on unnecessary security equipment or a project that could have been completed with less cost had more research occurred. In other cases spending a little more money on a more comprehensive integrated security system could have eliminated man-hours and reduced labor cost significantly. A good security manager or consultant understands the importance of performing a security risk survey prior to making changes in a security system.

A security program’s objectives are to deter, delay, detect, deny, respond to and, or recover from reasonably foreseeable events. Understanding the security problems that a company is experiencing will help you to meet these objectives. This is done by assessing the kinds of threats that could impact the assets, the probability of these threats becoming loss events and the impact on the assets should the loss event occur.

Once it is determined that a loss will have a negative impact on a company then countermeasures should be discussed, evaluated for cost effectiveness and implemented. Management will determine the level of risk acceptance for their organization. One example of risk acceptance is the fine-counting of funds by banks or other financial institutions responsible for verifying currency. One firm may elect not to fine count $50.00 bills, citing the cost saved by weighing each strap or bundle of currency instead of running each bill through a currency counter. Another firm may decide that this level of risk is only acceptable for $20.00 bills, thus fine counting each $50.00 dollar bill.

Unless management accurately assesses the level of risk that their organization can accept, they may cease to exist. Unfortunately too many companies have become breeding grounds for internal theft by electing to accept employee theft as part of doing business. I review numerous statistics and incidents related to employee theft which continues to be a top threat to organizations. Most studies report that between 40% to 60% of employees steal from their employers in one form or another and approximately 1/3 of all business go out of business as a result of theft.

Unfortunately in today’s world, many companies have either lost their ability or interest to balance risk with profit. They have gambled on shortcuts to reduce expense, hoping to increase profits while placing their employees, their shareholders and the public at substantial risk of injury and or financial ruin.

A security risk assessment indentifies security vulnerabilities and threats and measures the likelihood of threats occurring. It then prioritizes each identified threat and assesses the opportunity for the risk/threat to occur while measuring the impact that each risk/threat has upon the organization’s assets which in the security world is referred to as criticality.

A risk assessment identifies people, things or processes that are necessary to continue the business and determines how much risk is acceptable and what action should be taken to reduce, mitigate, transfer or eliminate the risk.

THE RISK ASSESSMENT PROCESS:

Step One: Conduct a Security Survey.

A security survey is conducted of your facility and property by an experienced security practitioner and with someone who is familiar with your operation and property. A security survey is the basic tool used in a risk assessment. A security survey consists of an on-site examination to determine existing security measures, indentify deficiencies, establish the protection needed and recommend measures, to enhance overall security.

Step Two: Appoint safety and security focus group.

Management appoints a safety and security focus group representing all operational departments and facilities. These participants should be persons who are familiar with day-to-day operations and their facility and grounds. The security consultant will serve as the facilitator meeting with your safety and security focus group to train them in the Vulnerability/Risk Assessment.

Step Three: Identify assets in need of protection.

Assets are people, property, information and reputation of the organization, with people being the most important.

Step Four: Identify risks/threats that could impact the assets identified.

Risk refers to the possibility of experiencing harm or loss from a security incident, a threat or an event. Risks are natural and man-made and can be moral, economic or physical.

A loss event profile identifies individual threats that could become events. This profile involves understanding the conditions, circumstances, objects, activities and relationships that can produce the loss events.

Following are a few questions to consider asking when identifying risks/threats that could happen. What person or position could commit the act? Would more than one person be required? How easy would it be to commit the act? Could identification documents be forged easily if needed for access? Could the identity of the perpetrators be learned if activity succeeded? Would the act generate a record or audit trail which would help in the investigation?

A threat is a person, place, thing or event which poses danger to an asset. Possible risks or threats to consider are: employee theft, external theft, workplace violence, fire, robbery, burglary, identity theft, bomb threat, injury, vandalism, natural disasters, industrial espionage, extortion, slander, payroll, accounts receivables and payables, purchasing and receiving, computer, information theft and cyber terrorism.

Step Five: Determine risk probability and ranking.

Loss event probability evaluates the number of ways in which a loss event can occur. The more ways that a particular loss event can occur the greater the probability that it will occur. Factors that impact the likelihood of a threat occurring are: historical experience, social and physical environment, and criminal state of mind. Historical information is often the most helpful since frequency of occurrence suggests probability of future occurrence.

Qualitative and quantitative approaches are used to gather information with the qualitative approach being the most widely used.

Thequalitative approach evaluates data obtained from police and community interviews, contract and employee interviews, analysis of existing procedural and physical security and process and operational studies. This data is used to assess threats and vulnerabilities and implement countermeasures consisting controls that discover a vulnerability or threat, reduce the likelihood of an incident and or reduce the impact of an incident.

The qualitative approach is often used when statistical information is not readily available and the organization has a more limited budget. These assessments are more descriptive than measurable and only estimated potential loss is used.

The quantitative approach utilizes annualized loss expectancy (ALE) which is a calculation of single loss expectancy (SLE) multiplied by annual rate of occurrence (ARO). The quantitative approach attempts to identify those threats and risks likely to occur and rank them in the order of seriousness to the organization and the likelihood that they will occur. Then based on that ranking, appropriate counter measures can be assigned. Ira Somerson, states in The Art and Science of Risk Assessment that probability can rarely be precise, and in some cases, promote complacency.

Step Six: Determine impact of loss event on the organization in dollars when possible.

Loss event criticality refers to the impact of a loss on people, property, reputation and information. The Loss event criticality rating assigns letter and numerical ratings to each anticipated event or threat. Criticality ratings used by security practitioners may vary. If unable to assign a probability factor you might note that event Y is more apt to occur than event X.

Step Seven: Determine countermeasures:

When all risks have been identified and prioritized, countermeasures are identified to eliminate or reduce the threat and improve vulnerabilities. Vulnerability refers to a weakness within the system or lack of safeguards. Countermeasures consist of loss prevention, loss control and loss indemnification that transfer, mitigate, reduce or eliminate the risk or threat. Countermeasures include: police, procedures, personnel, barriers, equipment, and records such as incident reports, access reports and transaction logs.

Security experts all agree that the human factor poses the greatest single source of risk for any asset. A good security program begins with hiring the right people. A security risk assessment will determine vulnerabilities in your hiring process.

Step Eight: Perform a cost/benefit analysis:

Countermeasures and security programs should not cost more than the benefits received and should relate to the level of risk exposure. Prior to spending capital to implement countermeasures, management must measure the return on the expenditures (ROE) which is done by determining the avoided losses (AL), recoveries made (R), and the cost of the security program or expenditure (CSP). AL+R divided by CSP = ROE.

On February 17, 2010, a pilot flew his small plane into an IRS facility in Austin, Texas. News stations rounded up well credentialed security experts to solicit comments. One expert stated that we need to find a way to have TSA or other guards posted at the 5,000 plus small private air strips across the U.S. It reminded me of similar countermeasures following 911 when well intentioned security experts reacted with a counter measure that called for guards at every location throughout the world without weighing the benefits or costs or liability. In my opinion, the posting of these guards without specific post orders or specialized training only serves to create a false sense of security and expose assets to even more danger.

I am a proponent of acting quickly to avoid future events but we must always remember a cardinal rule in security which calls for cost justification in the selection of countermeasures to ensure that benefits outweigh the cost! In the Feb. 17, 2010 event, adding man-power without evaluating systems and processes would not be prudent.

Step Nine: Risk Management:

Your team will now implement, monitor, revise and improve these countermeasures as needed. Many companies have comprehensive security programs but management fails to continuously track, monitor and revise these programs as needed. I have investigated numerous thefts, injuries, and other security incidents where the facility had properly positioned cameras and a state of the art CCTV system at the time, only to find that the system was not working properly.

Which Businesses Need a Risk Assessment?

Businesses can benefit from a security risk assessment regardless of size. Let’s look at a laundry room located inside an apartment complex located in a tough inner city area. There are inherent risks to this sort of operation such as assaults and vandalism but one risk that may be overlooked is the theft of copper since this metal is now a highly sought after item.

Copper theft at a laundry room may result in flooding to the apartments after the copper piping connected to the washers is cut. Damage from flooding will likely cost more than the actual loss of the copper, not to mention the interruption of service to the tenants. I am aware of such an incident occurring locally just prior to writing this paper. A security risk assessment will not prevent all threats from occurring but it will help to avoid or mitigate many of the threats that you would otherwise not be prepared to handle.

Value added from security risk assessment.

Following are a few reasons for conducting security risk assessments: 1) Risk assessments help to raise security and safety awareness. When employees are involved in the risk assessment process your security program is more apt to succeed when countermeasures are implemented. 2) Risk assessments help to identify risks that could result in injury to employees or customers resulting in 3rd party law suits. Judgments can exceed the amount of coverage provided by insurance and punitive damages may not be covered. 3) Risk assessments can have an immediate impact in reducing expenses and increasing profits. 4) Risk assessments look at the cost effectiveness and efficiency of existing controls. Funds spent on equipment or systems that are not properly utilized or managed are not contributing to the bottom-line. 5) A risk assessment is recommended prior to designing or making major changes in a security program. A security manager might be wasting funds on a new CCTV system as well as placing the organization at legal risk without more thoroughly understanding the risks. 6) The Sarbanes-Oxley Act of 2002 directs management of publicly held companies to prevent and detect fraud within their organizations related to financial reporting. A risk assessment will not only help to meet some of the SOX requirements but it will help to increase morale, customer service, productivity and profits.

Who should conduct a risk assessment?

I recommend that only security practitioners, who are experienced and credentialed, should work with the management team to conduct a security risk assessment.

Evaluating foreseeability.

Historical records are crucial in determining future events. Records maintained by the organization relating to losses and loss events are helpful when assessing future incidents since frequency of occurrence suggests probability of reoccurrence.

Police and other community interviews, employee and contractor interviews, existing physical security and procedures, other facilities and like businesses, standard of care and best practices for similar businesses, police response, access roads, etc. are also considered.

BALANCING PROFITS WITH RISK!

A day does not pass without the news media reporting a serious safety or security resulting from lack of security and safety processes in place. In April 2010 a large coal mining company well known for their focus on profits incurred an explosion that resulted in the death of 25 workers. The media reported that this company had been cited for 600 violations in the past year at the location where the explosion incurred.

Too many companies continue to deliberately place profits ahead of employee and public safety by refusing to balance profit with risk. Only when productivity is made equal to safety and security will an organization be able to protect assets which include people, property, information and reputation. Existing business models of “profit at all cost” must change!

REFERENCE SOURCE: “The Art and Science of Security Risk Assessment” Ira S. Somerson, CPP 2009 ASIS International.

Disclaimer: This paper is based on what the author believes are generally accepted security principles as of the date of its writing, and on data gathered from what are believed to be reliable sources, this article is written for general information purposes only and is not intended to be, and should not be used as, a primary source for making security decisions.

ABOUT THE AUTHOR:

Jim McGuffey, CPP has 38 years of security and safety management experience with responsibility for the protection of approximately 70 high risk facilities in various parts of the U.S during his career. He is now a security consultant and has been retained as an expert witness by defense and plaintiff firms for security and safety incidents. Jim is an expert on premise security and teaches businesses how to conduct security risk assessments to protect people, property, reputation and information.

Jim earned numerous national awards for consistently improving safety, security and profit while working for global leaders in the security/transportation industry where he held the positions Area General Manager, District Manager and Regional Vice President with full P&L responsibility for various profit centers.

Jim earned a B.A. in Criminal Justice from Aurora University and an M.A. in Management from Webster University. Prior to being recruited into the armored car industry, he served 3 years in the military and 8 years in law enforcement. He currently teaches Criminal Justice Courses at a college near his home.

Jim has been an active member of A.S.I.S. since 1981 and is also a member of International Association of Professional Security Consultants (IAPSC). Jim earned the Certified Protection Professional certification which is valid through December 31, 2012. Throughout the world, the Certified Protection Professional (CPP®) designation is acknowledged as the security profession's highest recognition of practitioners. It is evidence that an individual is "Board Certified in Security Management." The CPP® is awarded based upon experience, education, and of an examination that provides an objective measure of an individual's broad-based knowledge and competency in security management. Ongoing professional development is required in order to maintain the credential. The CPP® is administered by ASIS International, the preeminent international organization for security professionals, with more than 35,000 members worldwide.

Please contact Jim at 215-460-7370 or jimmcguffey@verizon.com for any questions regarding the Security Risk Assessment Process or to learn more about our services provided. www.acesecurityconsultants.com

by Jim McGuffey, CPP

This article is intended as a basic over view of the cash-in-transit industry for customers, investors, security managers and others interested in the products and services provided by the cash-in-transit industry as well as some of the risks and challenges facing the industry.

The cash-in-transit industry which has been known for decades as the armored car business is now often referred to as a cash management business. The exact number of carriers operating in the U.S. constantly changes but it is estimated to be 55 to 65 carriers, with several large carriers dominating the majority of US markets, transporting, storing, processing and managing billions of dollars.

The U.S. economy and markets depend on the global distribution and management of these funds. Most carriers in the armored car industry provide a total cash management solution for their customers. Customers consist largely of financial and retail businesses but also include government agencies and any business requiring the protection, storage, distribution and management of valuables.

As recently as 15 years ago, upon entering an armored car facility you would have observed a garage area that consumed a substantial amount of space utilized for parking trucks. The next largest space utilized was for administrative and vaulting functions, with the smallest amount of space being used for currency and coin processing operations. Space allocation would also vary depending on the climate as more space was allocated in colder climates for inside parking.

Space allocation became better utilized as carriers began to realize the value in managing cash for their customers. Upon entering carrier locations today, you will observe that while the garage still consumes substantial space, many facilities have been renovated or newly constructed to support cash management systems and numerous teller stations. A few carriers maintain a large centrally located cash center with their Armored/ATM Branches located in a somewhat circular fashion surrounding this main cash center where cash is pick-up and dropped off daily.

When I started my career in the cash-in-transit industry nearly 30 years ago on the armored side of the business, armored car managers were responsible for starting basic cash processing operations consisting of a single pocket currency counter and a fax machine used to receive orders from financial institutions and send daily balance reports. With the evolution of technology and high speed processing equipment, this is no longer the case and now managers with banking or other types of money processing backgrounds are often recruited to manage this product line.

Many financial and retail institutions outsource their currency and coin operations to carriers. This is a logical choice since carriers are transporting and storing these funds. Processing and managing currency has grown tremendously with numerous carriers dedicating state-of-the art facilities entirely for currency processing and management of this profitable product line. Even those facilities offering mostly traditional transport services allocate substantially more space for currency and coin services.

The growth in this product line has created a significant ROI, resulting in the traditional armored product line in some cases, being sold as a loss leader to obtain the more lucrative cash management business. I do not recommend this practice since the armored businesses still encompass the bulk of carrier revenue and diluting the traditional and larger pieces of the business can result in lack of proper evaluation of risk issues experienced on the street.

Within a few years, some predict that the cash management product line will surpass the traditional armored businesses. I concur with this assessment but I do not see it happening in the next few years. Change and growth in cash management will be mostly driven by retailers who must find a more efficient method to handle cash from both a risk and service prospective. These two drivers along with improved profits for both customers and carriers when cash handling is expedited, will continue be the main industry focus.

Industry Products and Services:

Carriers use different terms to describe their products and services. One carrier may refer to the processing of currency as currency processing while another may refer to it as cash management. Transporting valuables in a truck may be referred to as cash-in-transit services, armored services, transport services, or by other descriptive terms.

Transportation or Cash-in-Transit involves picking up valuables and taking these valuables to designated points. This basic service still remains the largest revenue producer for most carriers even though cash management is closing the gap. Carriers utilize armored vans or trucks to transport valuables. Some carriers use vans when servicing ATM’s or carrying lighter loads but a van chassis does not support the weight of coin or heavy currency loads. The cardinal rule in the cash-in-transit business is to always get and give a receipt.

Cash Management/Currency Processing is the fastest growing and most sought after service provided by carriers. Cash management consists of verifying, reconciling, processing, forecasting, storing, and total management of customer cash and coin in a seamless and transparent manner for the customer.

Carriers experience the largest return on investment from this product for several reasons. Risk issues are better managed since supervisors are able to work closely with their tellers and CCTV systems are engaged in monitoring processes to ensure compliance. Unlike crews working on the trucks who must deal with traffic, accidents, robberies and other variables that substantially impact profits in a negative fashion, processing currency is done in a controlled environment under close supervision.

Coin Processing is out sourced by some carriers to other firms that specialize in processing coin. Coin service consists of storing, processing, packaging, distributing and managing coin contained and shipped in box, bag or other sealed containers.

This laxity and complacency of handing coin has resulted in the theft of substantial funds. In some cases coin is not discovered missing or reported as quickly as currency. As with any loss, the sooner it is reported and the investigation begins, the better the chance for recovery and resolution.

Audits similar to those recommended for currency should also be conducted periodically for coin. A walk through of a carrier’s facility can often reveal a carrier’s attitude regarding coin. If coin is left in areas unprotected by CCTV and other controls, a loss is certain to occur.

CCTV video should be maintained for a minimum of 90 days. Under most contracts, carriers are not responsible for losses reported after a certain period of time. However, customers have requested manifests for items that were delivered by a carrier more than a year earlier. Thanks to enhancements in digital video, storing and retrieving data is much easier today than in past years.

Storage of valuables normally goes hand-in-hand with transportation services. However, some customers store gold, silver, computer disks, nurse and other professional examinations, and other valuables. These valuable are stored for long periods of time without requiring transport services. To properly protect these valuables, a daily audit is required as well as other stringent controls.

Responsibility for vendor management of carriers should be rotated every few years. In my opinion, vendor managers tend to become too close to their carrier contacts which can create credibility issues on both sides. This closeness can also result in a lack of objectivity during review of a response to a Request for Proposal for services.

The downside of changing vendor managers is that new managers may lack the experience gained by the former manager. However, in my opinion there are more upsides to be gained by changing managers and newer managers can spend sufficient time with the former manager prior to exchanging roles to gain adequate insight.

ATM Services are often provided in conjunction with traditional cash-in-transit service. Some carriers provide a full ATM service package to include the actual purchase and installation of the ATM, full maintenance service, cash replenishment, cash processing and total management of all ATM funds.

Electronic Safes are known by various brand names. These safes are primarily used by retail customers experiencing high turn-over and internal theft issues as well as spending significant time at the end of each shift reconciling receipts and cash. Even without theft issues, these safes can substantially reduce management downtime which can be better used for growing and managing the business.

Most carriers partner with different safe manufacturers to offer a wide scope of services using these electronic safes which come in various sizes. The store clerk places bills into a bill validator located on the safe which verifies the bill by denomination. Coin is placed into a separate storage compartment as are checks.

These units provide shift reports and daily audit reports for the cash which can also be reviewed electronically via a web based system by an owner or manager to evaluate funds available, shrinkage issues, and other useful business purposes. These safes also dispense coin and provide some degree of currency counterfeit detection.

Properly managed and used in conjunction with a well managed CCTV system, the use of these safes can substantially reduce internal theft. A few managers reported that currency shrinkage was entirely eliminated. However, as with any countermeasure, complacency can occur unless processes and systems are properly managed.

These safes are also used to provide provisional credit which means that customer’s assets can now earn interest at the time funds are deposited into the safe, depending on banking relationships and regulations.

Stationary Vaults are mostly located inside a mall that lacks a bank. These vaults are then used by store owners inside the mall. The vault provides customer change orders that are available during normal course of mall hours. Carriers can sell this service to retailers at a substantially less rate since the armored crew makes only one stop at the vault to gather the deposits and replenish expended coin and currency. Customers benefit with reduced rates in addition to having the ability to withdraw change and make deposit drops without waiting on their carrier to arrive. This service has proven to be more in demand at locations without a nearby bank.

Virtual Vault Service utilizes a web based system. For banking locations with numerous branches, this service can help reduce cross-shipping charges from the Federal Reserve Bank. An example of cross shipping occurs when a bank ships to the Federal Reserve Bank $100,000 in tens while ordering 100,000 in tens at the same time. This web based system provides faster and more accurate processing and reporting as well as allowing customers to review historical data to forecast cash needs which results in better management of funds.

This service also allows customers to capture new business wherever carrier trucks operate. An example of a need for this service occurs when a bank headquartered in California which provides service for a retailer located in numerous states, seeks to use a single carrier. Both the retailer and bank want to expand their relationship, however the bank is unable to add locations fast enough or does not have sufficient expansion capital. An agreement is reached with a carrier, usually within the same footprint as the retailer to provide cash management services and a solution for this logistical concern.

Funds are then picked up by the carrier and returned to the carrier’s facility for processing. Data is electronically transmitted to the banking relationship with seamless transparency for the customer.

Bar Encoding:

Substantial investments are required in bar encoding technology to reduce carrier risk and add value for customers. While bar encoding has been utilized by logistical companies for many years, this technology continues to be rolled out by some U.S. carriers. A few regional carriers had pioneered this technology several years ahead of some larger carriers, realizing the value it added for their customers.

When bar encoding is fully implemented, the system improves accuracy and eliminates hours of hand writing information onto manifests and rewriting those same items that are returned to the carrier’s branch. The system captures information which is used for billing, saving substantial hours within the billing department and again improving accuracy while making information more readily available to the carrier and customers.

Bar encoding provides many enhancements for the carrier and customers. In addition to increasing vault productivity and security enhancements another value added is referred to as proof of delivery (POD). Customers often call their carrier looking for proof of delivery for items.

Prior to bar encoding, the carrier had to search through boxes of files looking for a manifest containing a customer’s signature for the item in question. While most requests are resolved by locating the manifest reflecting proof of delivery the search can take time, depending on the number of requests and the length of time that passed since the item was scheduled for delivery.

Carrier Due Diligence:

Regardless of upgrades in systems and technology, the three basic components that have always protected customers and carriers are integrity, financial strength and a solid cargo insurance policy. Reference to these basic protection factors can be found in Security Management Magazine (ASIS Publication) in articles that I wrote in 1993 and 2009.

Conducting due diligence when reviewing carriers financial capabilities and a having a thorough understanding of the carrier’s insurance policy are imperative in the selection process. Insurance must be adequate for the size and scope of the carrier's operation. A carrier must maintain the financial strength to repay a large loss should for whatever reason the cargo policy fail to pay a claim.

A thorough due diligence process should apply to all carriers regardless of carrier size or reported financial strength. Customers should verify prompt repayment for loss situations with other customers of like size. Financial strength and a solid insurance policy may mean little to a customer, if the carrier has a history of failing to reimburse for losses. If a loss is clearly the responsibility of the carrier, most carriers will reimburse within 30 days.

In order to reduce insurance costs, carriers self insure for a certain dollar amount. This means that should the loss occur and it is less than the self insured amount, the carrier pays the loss. The same process applies to truck insurance in states where allowed. Carriers are banking on their ability to manage risk and if they are successful in this objective, their insurance premiums are reduced substantially.

Training is essential to a carrier’s success and it is an area in which most carriers have made considerable strides towards improving. Many carriers require mandatory completion of classroom training followed by OJT training and on-going certification. Most carriers use training as a selling point to customers. The best way to ascertain that training is occurring is to ask the crews. Due diligence is especially important during economic downturns to ensure that crucial areas such as training are not curtailed.

Training is an important management function. Professional, on-going training programs implemented with qualified and quality instructors can improve employee retention, customer service, risk metrics and bottom-line profits.

When conducting a carrier facility tour, it pays to be observant. Pay attention to the equipment being used. Has the carrier invested in proper equipment to move coin or cash throughout the facility and for storage? Are employees in uniform and well groomed? Is horseplay occurring? Is there a dual alarm system? Are cameras properly placed? If trucks are remaining in the garage, how do they look?

Some customers entrust substantial funds with carriers and these funds must be adequately protected. A prior check-list should be developed to ensure that contractual requirements are reviewed and are in full compliance.

Managing Risk:

Managing money, trucks and guns is all about managing risk. It requires the ability to balance risk with profit. Managers must make safety and security equal to productivity. While some events are difficult to prevent, there are many actions that can be taken to reduce risk.

During my industry tenure I participated in numerous security audits and I strongly endorse unannounced and random security and cash audits. During a cash and coin audit, inventories are counted to make certain that all cash is present. These audits should occur in conjunction with other customers who maintain on site inventories at carrier locations.

This collective effort will help to ensure that an inventory is not moved from one side of the storage room to the other side just prior to an audit occurring. Failing to properly audit funds stored at carrier locations have resulted in large losses with some of these losses remaining unpaid.

During audits, a review of policies is also conducted to ensure contractual compliance. While many facilities and cash rooms are monitored with new digital CCTV systems, some are not. Should customers request to review video during an investigation or incident, it is important that the system produce a clear viewing of the process involving the items in question. Customers who assume that carriers storing substantial amounts of money have state-of-art security systems in place may be in for a rude awakening if funds are missing.

Facilities should have back-up generators to support operations during power failures. A review of carrier back-up systems is an action that all customers should require as part of their Business Continuity Plan since a simple power outage can adversely impact customers if the carrier is unable to process and distribute cash.

Ascertain the type and condition of the back-up generator in place to ensure that it provides sufficient power to support the size and scope of operation occurring at the facility. I would also ask to review records reflecting the testing of the generator. I would also inquire about back-up systems for computer data. Is computer data backed up nightly and if so where is it stored and what are the protective measures? What is the contingency plan should a major disruptive event occur?

There are many actions both carriers and vendors can take to protect their valuables. One of the most overlooked actions is ensuring the quality of the disposable plastic bags used to store and transport funds. Not too many years ago, the industry switched from using cloth bags and lead seals to disposable plastic bags which are referred to as evident tamper resistant plastic bags. This was a great improvement, provided quality bags are used.

There are plastic bags in existence that can be easily compromised without leaving indications of such compromise. I knew this was occurring when these bags were first introduced but I was disappointed to learn that these bags are just as easily compromised without leaving a marking when I recently tested several.

One issue occurs when the bag is compromised using cold or heat and then resealed without reflecting a marking such as “VOID” in the area where penetration or attempted penetration occurred. In this case, money is easily removed and the bag resealed without indication of being compromised.

Another issue occurs when a bag reflects a marking indicating that it has been compromised simply through the normal handling process of the bag without the bag actually being compromised. This is referred to as a false positive reading which can lead to complacency by tellers if not corrected.

There are other concerns such as the quality and thickness of the plastic which can cause the bag to burst if the plastic is lacking in quality and thickness. As with any change in security practices, there should be a risk assessment conducted prior to a change. Please refer to my paper on The Security Risk Assessment.

Financial institutions entrust highly confidential information to carriers. This information must be protected and additional protection must be required for lap-tops that can be easily stolen or compromised if left unattended.

This paper is not intended to discuss all areas that need to be reviewed but hopefully it provides insight into the importance of a thorough review process.

Industry Concerns:

The industry requires leadership who understands the importance of balancing risk with profit. Leadership must be confident enough with their organization to sell the business at rates that support wage increases for their front-line people, improvements in technology and upgrades in security systems.

The industry cannot continue to increase responsibility of front-line crews while in many cases paying low wages that are not commensurate with level of risk and responsibility.

Customers have leveraged their size in markets, driving down already low transportation rates to the point that in my opinion will not support quality growth and sustain quality programs needed to manage a high risk business. Should this occur with cash management services, the industry will struggle even more to remain viable.

Handling cash is very costly, time consuming and presents significant risk for carriers and customers. The objective for carriers and manufacturers of industry equipment is to reduce cash handling and expedite credit for cash in transit so that it becomes a performing asset. The retail environment is the primary target for cash recycling equipment and applications to improve handling efficiencies and reduce risk. Some carriers are testing cash recycling units which are not much larger than an ATM via a pilot program in select retail stores but there are still concerns to be worked out in the reconciliation process.

Those carriers implementing technology to improve internal efficiencies and reduce handling fees while providing faster credit to customers will continue to gain an immense competitive advantage. The key to success has and will continue to be the investment in people, technology and equipment while balancing risk with profit.

Disclaimer: This article is written for general information purposes only and is not intended to be and should not be used as a primary source for making security or financial investment decisions.

ABOUT THE AUTHOR:

Jim McGuffey, CPP has 38 years of security and safety management experience with responsibility for the protection of approximately 70 high risk facilities in various parts of the U.S during his career. He is now a security consultant and has been retained as an expert witness by defense and plaintiff firms for security and safety incidents. Jim is an expert on premise security and teaches businesses how to conduct security risk assessments to protect people, property, reputation and information.

Jim earned numerous national awards while working in the cash-in-transit industry for consistently improving safety, security and profit. He held positions of supervisor, branch manager, area general manager, district manager and regional vice president with full P & L responsibility of numerous profit centers over a 26 year span.

Jim earned a B.A. in Criminal Justice from Aurora University and an M.A. in Management from Webster University. He currently teaches Criminal Justice Courses at a college near his home. Jim has been an active member of A.S.I.S. since 1981 and is also a member of the prestigious International Association of Professional Security Consultants, (IAPSC).

pJim earned the Certified Protection Professional certification which is valid through December 31, 2012. Throughout the world, the Certified Protection Professional (CPP®) designation is acknowledged as the security profession's highest recognition of practitioners. It is evidence that an individual is "Board Certified in Security Management." The CPP® is awarded based upon experience, education, and of an examination that provides an objective measure of an individual's broad-based knowledge and competency in security management. Ongoing professional development is required in order to maintain the credential. The CPP® is administered by ASIS International, the preeminent international organization for security professionals, with more than 35,000 members worldwide.

• The client has, or is considering implementation of an enterprise-wide formal security program and strategy.
• The program has a designated security manager or an individual responsible for oversight of the security program in addition having other managerial responsibilities.
• The security program has or intends to include the application of security measures, that may include, but is not limited to:
  • Access management system
  • Closed circuit television usage
  • Alarm system
  • Information protection programs
  • Uniformed security personnel
    • Contract
    • Proprietary
  • Investigation personnel
• The enterprise is composed of an excess of 100 employees

• An initial comprehensive security assessment. (It is important to establish a foundational basis from which to move ahead and to build upon moving forward.)
  • Physical security audit
    • Lighting
    • CPTED (Crime Prevention Though Environmental Design)
    • CCTV
    • Access management
      • Card system
      • Locking systems
    • Security personnel usage
  • Pre-employment practices
  • Inventory and supply chain management security
  • Exterior and perimeter security
  • Security training needs
  • Security awareness programs
  • Internal & external crime threat levels

• Development of a Security Plan
  • Mission statement
  • Job descriptions
  • Workplace Violence Prevention
  • Metrics
  • RFP development if deemed necessary
    • Vendor selection oversight

• Initiation of Perspective Premium Incident Management System
  • Establishment of the Perspective Premium Incident Management program
  • Security Management Support in setting up Perspective to ensure it meets site specific needs
    • Establishment of Perspective reporting, and other output functionality
      • Customized Reports
      • Charts
      • Graphs
      • Multimedia Presentation Capabilities
      • “State of the Art” Analytics
    • Ensuring that security decisions are data driven

• Establishment of Security Management Support structure
  • Development and defining the support role of Security Management Services International, including but not limited to:
    • Determination of Site visits per year
    • Unlimited phone/online support service
    • Incident management protocol
    • Initiation and promulgation of Security Awareness Program
  • Response to special needs protocol

• Investment
  • A one-time modest retainer
  • Contract for One Monthly Fee for Security Management Services, inclusive of the Perspective Premium monthly subscription

• Benefits
  • These combined services clearly fit the description that “The whole is greater than the sum of the parts.”
  • The value of these bundled services is greater than the cost of the individual components.
  • The likelihood of reduced liability.
  • The reduction of both internal and external losses.
  • The assurance of achieving greater value and return on investment from the accumulated security vendors.
  • The result of maintaining a contemporary security program that addresses the needs of today and tomorrow.

SMSI does not seek to replace the existing security program, its management and/or personnel. This programhas as a primary mission of enhancing the existing security program by improving its value added impact to the organization it serves. All too often securitydecisions areintuitively derived and may or may not sufficiently address specific needs. SMSI believes that security programs should be need drivenpredicated on hard data.       

A woman in her 70s has a sizable estate acquired from a lifetime of hard work and smart investments. Lonely and overly trusting, she falls prey to a much younger man who persuades her to sign over her assets to him.

A frail widower hires an attractive housekeeper to help him with various household tasks. She eventually sweet talks him into giving her large gifts of money to pay for nursing school, clear her debts and pay for her mother’s operation.

The elders in these scenarios do not have dementia. Most courts would find them competent. How then are they bamboozled into losing what has taken a lifetime to accumulate? These examples of financial abuse (a form of elder abuse) occurred because of an insidious process called undue influence.

The perpetrators of undue influence use various techniques and manipulations to gain power and compliance, exploiting the trust, dependency, and fear of older adults. Over time, the perpetrators gain control over the decision making of their unwitting victims.

Anyone can be unduly influenced including the stressed, ill, sleep deprived, lonely or frightened of any age, but the elderly are particularly at risk because of failing health, isolation and a tendency to trust. Margaret Singer Ph.D.,an expert on cults, brainwashing, and persuasion, has pinpointed several factors that perpetrators commonly use to groom potential victims. They include:

• Isolation from others. Telling the victim she was abandoned by her relatives and cutting off outside communication by telling visitors or callers that the senior does not want to see or talk to them.
• Building a siege mentality.  Making the victim believe that enemies (including healthcare providers and family members) are lurking everywhere. They convince their victims that these “enemies” are going to take away their houses, pensions and social security, and that they are going to put them in nursing homes.
• Fostering dependency. They create the fiction that the influencer is the only trustworthy person and the only one who cares about the older person.
• Creating a sense of powerlessness. Slowly but surely, the influencer persuades the senior that only they have the power to do anything to help the elder.
• Making the senior fearful by exaggerating their illnesses and disabilities. The perpetrator treats the elder more and more fragilely, exaggerating their ailments.  

Unfortunately, individuals who prey on vulnerable seniors are often the proverbial “wolf in sheep’s clothing.” They may appear to be warm, sympathetic and selfless friends, caregivers and even family members, but they are not. Their numbers include:

• Psychopaths or sociopaths, who get wind of the money, resolve to go after it, and have no conscience about committing financial abuse.
• Individuals with character defects whose greed is an overriding motivation.
• People who perceive themselves as entitled to the money. They feel that they deserve to have the elder’s money or assets because their own lives have been fraught with hardship or because the older person wasn’t as appreciative of them as they should be.  

Family, neighbors, friends and professionals who come in contact with older people can help in the following ways:

• Check that the elder’s health and nutritional needs are being taken care of. A perpetrator may try to weaken an elder’s will by getting the senior to discontinue medications, neglect their health and eat poorly. 
• Keep the elder socially involved. The best insurance is for the older person to stay connected to relatives and people who they have known for a long time. Senior Centers and social service programs are also excellent resources.
• Provide the elder with information about undue influence and unscrupulous people that prey on senior citizens. Urge them to be careful.
• Advise anyone who has contact with seniors to be on the look-out for the signs that someone is attempting to control the elderly person for their own gain. 

If you suspect that an elder is a victim of undue influence, as soon as possible. Put every detail and all dates down in writing. States vary on abuse reporting requirements and procedures. However, each state has a service designated to receive and investigate allegations of elder abuse. The Eldercare Locator (800-677-1116) is a federal agency that will provide a referral to the proper agency for the area that the elder lives in.

Reporting suspicions of financial abuse via undue influence to the appropriate authority will begin an investigation and may prevent financial ruin or at least bring a halt to the elder’s suffering.

Rachelle Zukerman, Ph.D. is author of Eldercare for Dummies and Professor Emeritus at UCLA. Dr. Zukerman provides litigation support and consultation on elder abuse and standards of care in Skilled Nursing Facilities and other institutions which provide health care and housing to elderly individuals. Dr. Zukerman can be contacted at 818-313-8622 or DrRZuk@aol.com.

Whether you are building a security program to better protect your home or to better protect your company, there must be some logic behind the plan.  Security solutions, in our opinion, arrange themselves in what is referred to as the Security Solution Hierarchy.  As you go through the Security Solution Hierarchy, you will see there is a logical approach to developing solutions that are cost-effective to each institution.  To ensure a maximum cost/benefit ratio for dollars budgeted to the security needs of the Hospital, it makes sense to approach the fixes the way they are suggested in this model.

The hierarchy contains three levels. The bottom of the hierarchy represents the least costly remedies, while moving up through the second and third levels the remedies become more costly.

Level One
Behavior Modification
The security solutions contained within this level include but are not limited to such methodologies as policies and procedures, education and security awareness, as well as the implementation of various types of public relations strategies intended to further the goals of a solid security and loss prevention program.

It is important, that all employees understand which behaviors are appropriate and which behaviors are inappropriate.  All too often, the assumption is made that everybody knows what is right and wrong; however, this assumption is often fallacious. Employees must know what is expected of them. To revisit security awareness as one of the topics contained in behavior modification, it is important to understand exactly what is meant. Security Awareness Programs provide a means for improved security through employee involvement and do so with little or no budgetary impact. Security Awareness Programs are the single most cost-effective method in gaining a positive, productive security and loss prevention program. Employees should be encouraged to take part in the goals of the security awareness program; and, furthermore, they should be sold on the benefits to them as well as the institution.  Security awareness programs, in fact, must be positive, not negative. The security goals contained in level one can mostly be gained through education and require little financial resources.

Level Two
Electro-Mechanical
Obviously, one cannot simply impose several policies and procedures and educate the employees and expect all the security problems to go away.  It often is necessary to ensure the security program has some teeth.  Therefore, it is necessary to implement various and appropriate physical security methodologies.  Some of those methodologies include lock and key systems, access control systems, closed-circuit television systems, alarm systems, lighting, etc.

It will be the goal of SMSI, to follow the guidelines of the Security Solution Hierarchy (see attachment). Therefore, the first objective will be to develop a set of recommendations that have little cost attached to them by recommending training as well as security awareness programs at your Hospital. Only after completing this level, will we delve further into solutions requiring electromechanical remedies. For example, it makes no sense to recommend the use of closed-circuit TV if there is no one assigned to watch the monitors unless the goal is evidentiary only. The ergonomics of watching a plethora of monitors must also be considered.

Level Three
Personnel
As we build our security program, develop policies and procedures, and ensure that we are making satisfactory use of physical security methods such as those mentioned earlier, it then becomes necessary to employ the use of security personnel such as uniformed officers.  Security personnel (or security surrogates) should be the glue that holds the entire security program together.  They give the program life, meaning and direction.  To the degree the security personnel are effective and competent, the security program works and to the degree that they do not meet satisfactory standards, the entire security program suffers.

The use of security personnel as a security method is the most expensive fix that one can apply.  It is, therefore, important that if security personnel are necessary, they personify the professionalism and integrity that a security program should exude.

These three levels referred to as the Security Solution Hierarchy provides a model and a framework within which the consultant can easily operate.  The Security Solution Hierarchy is always in the mind of the consultant when evaluating existing security methodologies and comes into play again when the consultant seeks to find remedies that are effective as well as cost-efficient. 

One of the ironies in looking at this Hierarchy is the tendency for many organizations to turn this Hierarchy upside down.  Often, the first response to a security problem is to go out and hire uniformed security personnel. If this is done without regard to the other levels of the Hierarchy, an inadequate security program is almost guaranteed.  The Security Solution Hierarchy provides a logical model from which to develop a comprehensive security program form the bottom up.

The key factor implicit in the Security Solution Hierarchy is that security solutions should start with low cost procedural and training solutions and progress slowly to more costly solutions, only if needed. Higher cost solutions should be applied, only after less costly solutions have been exhausted and significant risk remains.

Over the last 40 to 50 years the Shopping Mall has replaced traditional downtown shopping in many regions around the country. This phenomenon has focused high concentrations of people into relatively small areas. This environment has provided fertile ground for a variety of criminal behaviors. The invasion of criminal behavior into the malls of America includes purse snatching, car theft and car break-ins, assault, shoplifting by committee and even homicides.

Criminal activity tends to be focused in two general areas, food courts and parking facilities. Although these areas represent the focus of much of the criminal activity, they are noted at the exclusion of other areas such as retail space restrooms, etc.

Where does mall security begin?
Mall security begins with the public. Most research seems to support the notion that if the victims of crime had practiced more prudent behaviors, they would not have been victimized despite the efficacy of the mall security program. Most of the effective behaviors only require the practice of “common sense” behaviors. Such behaviors include parking in well lit areas, keeping valuables out of sight in the trunk of the car, and being alert. Malls that uphold good housekeeping standards tend to be safer. For example, malls that are trashy, that have burned-out lights, and have graffiti on their structures are generally less secure than malls that are kept in pristine condition.

Parents need to know where there kids are. Parents cannot assume the local mall is providing a safe after-school program and babysitting service. Food courts are often the site of teenager on teenager conflict including gang conflict.

Shopping malls also have an obligation to maintain reasonably secure premises. Defining reasonable security is not easy because one size does not fit all. Shopping malls can only determine how much security is reasonable by conducting a thorough security assessment. It is best that the assessment be conducted by a qualified security professional. Clearly the mall must examine the history of criminal activity when assessing future needs.

Mall security does not merely mean the use of patrolling security guards. Shopping mall security results from a combination of mitigating strategies. Such tactics may involve the application of adequate lighting, access management plans, police patrols and the use of closed-circuit television. There are no universal standards, nor should there be, for adequate mall security programs.

Security is a situational discipline. The security needs of a shopping mall in Minneapolis may be completely different from a mall in Atlanta. The situational differences will determine the prudent solutions.

SSO invites your comments. If you are involved with mall management and wish to register your point of view, your comments are welcome. If you are a consumer and have experiences to share and concerns you would like addressed, SSO would like to hear from you. SSO also welcomes comments and articles from security practitioners and providers. It is the goal of SSO to bring security solutions to those with security needs.

Security driven lawsuits continue to pose financial threats to a wide range of public and private enterprise. Security lawsuits generally fall into two broad categories. The first, and most frequent lawsuit, falls under the category of premises liability lawsuits. The second group is classified as intentional tort lawsuits.

Intentional tort lawsuits within the security genre are stemmed from the overt actions of an employee or representative of the enterprise against the plaintiff. An example of this category of lawsuit could be a sexual assault committed against a patient in a hospital by an employee, such as a male nurse. Another example might be an assault by a nightclub bouncer against a patron, resulting in injury. Private security officers, and their employers, may be sued for claims of false arrest, use of excessive force and false imprisonment.

Security lawsuits arising under the aegis of premises liability claims are brought by plaintiff’s who were victimized by criminals while on the defendant’s property and/or while the defendants place of business. Examples of this type of case might include a patron who was assaulted and robbed in the parking structure of a shopping mall. Another example might be a hotel guest who is assaulted by unknown third parties whiles the guest of a hotel. The question to be decided in this kind of case is the adequacy of security necessary to prevent and deter criminal activity.

The issues at stake in many intentional tort cases such as use of excessive force are often the adequacy of training, the efficacy of the hiring process and the sufficiency of supervision. For example if a security officer is hired without an adequate background screening, and through the discovery process it is found the officer has a criminal past, the employer may my found culpable of negligent hiring.

Clearly premises liability cases tend to dominate the media. Innocent bystanders who are assaulted by criminals in nightclubs, apartment complexes and parking lots may all file lawsuits asserting inadequate security. The question then becomes, “How much security is enough?” The answer to that question is not as easy as one may think.

Security is a situational discipline. One size does not fit all. Security solutions follow a Hierarchy. The SSO Security Solution Hierarchy will be discussed in a separate article. The only way to understand which security solutions are needed to reduce risk of crime is to complete a security assessment (security audit, security survey). It makes absolutely no sense to spend money for security guards, alarms and CCTV until the scope of the problem is evaluated.

Many of us who have been security professionals for many years know the driving force behind most security programs is a major incident. All too often, until something really bad happens, the tendency is to put security on the back burner. Often a major security incident is the trigger for a security lawsuit. At that point consideration of remedies is a day late and a dollar short.

One of the best ways to avert security litigation is to practice sound security and loss prevention planning. Security should be proactive, anticipatory and preventative. Sound security programs are intended to deter criminal activity. Let’s look at a few of the rudiments of a sound security review.

First, consideration must be given to the crime environment. There are various vendors that can provide statistical information regarding criminality for a given area. Police departments can also provide raw data regards the level and kind of crime for a given neighborhood. If the security assessment is being applied to a business enterprise or a healthcare facility, there must also be an evaluation of the internal threat as well as the external threat.

Second, there must be some consideration given to what is the intended purpose of the security solutions under consideration. Security programs, to varying degrees are dedicated to protection persons and to protection property. These considerations apply to protecting a high-rise office building or a private home.

Third, when protecting any facility that caters to the public the security program must meet a Reasonable Standard of Care. To put it simplistically, the security program must address the reasonably anticipated threats of the enterprise. Clearly the security needs of a nightclub in New York City differ from the security needs of a retirement community in Butte, Montana.

We believe at SSO that security assessments should be conducted by an objective qualified professional. The reason for the term “objective” is that it is not recommended the security surveys be conducted by security vendors who have a vested interest in selling you something.

If you have questions about security litigation or the security assessment process, please contact SSO and we will find some answers. If you wish to make comments or suggest solutions, your input is welcome.