It is the policy of RisKontroL to work closely with the in-house risk manager, security staff, and/or attorney, as well as, the client’s historical outside legal counsel and security and facility vendors, unless the client desires otherwise or there is a valid reason, pre-discussed with the client, as to why the same should be avoided. We desire to supplement, provide value added services, assist, and support a client’s in-house staff and outside legal counsel, not replace them. We seek to build teams for the client’s benefit, not destroy existing ones.
Please Simple Click on The Subject for a Full Discussion of It - they are hyperlinked.
Liability Risks
In our litigious society protecting the company assets against claims of negligence, as well as contractual and intentional wrongs, is mandatory for business success. A number of these liabilities arise from instances related to an alleged failure or lack of adequate security. The legal trend today is to push more and more duties to foresee possible dangers off on the business or property owner and simply “burying one’s head in the sand” and not actively looking for and protecting against these dangers has cost businesses and property owners billions of dollars in damage settlements or judgments. Many businesses and property owners take the view that “that’s why we have insurance”, but this is an extremely shortsighted approach, because a bad loss history can result in not only the premiums going up, but also the quality of the insurer going down to the point where often one’s insurance carrier is not of acceptable A.M. Best rating to those that they do business with and business opportunities are therefore lost.
At RisKontroL, we follow the trends in liability related to security issues on a wide variety of topics including premises liability, workplace violence, creating a false sense of security, failure to warn, etc. We work with your historical legal counsel to devise ways to help your business present a better face in court at the minimum and possibly avoid claims and causes of action altogether on such matters. We also suggest contractual clauses, negotiating strategies, and other legal tactics for them to utilize on your behalf.
Return to Services Index...
Regulatory Compliance
More and more governmental intrusion into how you run your business is an everyday fact of life anymore. Some are politically motivated and some are done with good intentions but with poor forethought on the impact of the law, rule or regulation. Congress and our state legislatures pass laws that are so general in nature (so both sides of the political aisle can claim victory) that it must be turned over to bureaucrats, many of whom are long time government employees protected by civil service who have no experience in trying to run a business successfully, to fill-in the details. The bureaucrats then think up and propose rules and regulations which govern how you do business. These regulatory bodies include agencies such as Department of Homeland Security (DHS), the Transportation Security Administration (TSA), the Food & Drug Administration (FDA), the Department of Health & Human Services (HHS), and the Federal Trade Commission (FTC), just to name few of the literally dozens of federal and state agencies that want to impose their will on your business. From a security issue standpoint a large number of the federal and state agencies want to dictate ideas that to them seem brilliant but have either a high economic cost to you to implement or so seriously impede the way you do business that your business can grind to a standstill. Several of the most important regulatory and enforcement bodies for security issues are the Department of Homeland Security and the many agencies under its umbrella, the Department of Energy, the Department of Agriculture, the Department of Transportation and the Federal Trade Commission.
At RisKontroL, we follow the trends related to security with the various agencies and assist you and your historical advisors in anticipating what these agencies may be visualizing for your business to do. We then prepare your business to “beat them to the details” and to propose what you believe is a fair and reasonable solution before they decide for you. Often “doing the work” for the agency can make what you and others like you believe is a viable solution the standard that the agency adopts, thus preventing those outside of your industry from deciding what is best for you. Once a rule is final we will work with you to find innovative ways to comply and if you are sanctioned, we will work with the attorneys you have chosen to provide you representation on matters of administrative law to provide you the best defense and/or negotiating position.
Return to Services Index...
Legal Risks - Other
There are numerous other legal risks out there not addressed by our above mentioned thoughts on Legal Risk (mainly pertaining to negligence issues) and Regulatory Compliance (mainly pertaining to administrative rules and regulations). The most prominent of these risks are ones related to your employees and include their violations of laws, rules and regulations, of internal company policies and of course, Title VII (sexual harassment, racial harassment, etc.) and matters similar to Title VII matters, employee privacy issues, etc.
Return to Services Index...
Legal Services To The Security Industry
Greg H. Walker also practices law in the area of representing private investigators and security services contractors in all phases of their legal matters, including contract negotiation, representation before regulators on license and other issues, litigation, insurance, etc.
At RisKontroL we can assist you and your historical legal counsel in manner ways on such matters by designing and carrying out compliance audits, being the neutral third party investigators, improving your internal company policies, selecting technology to assist you in verifying and encouraging compliance, etc. We can also serve as a Private Inspector General -- wherein a settlement with either a union, employee, governmental agency, commercial litigant, etc. you reach an agreement that X, Y, and Z will be done in a certain manner, we can be the third party that verifies and reports compliance or non-compliance.
Return to Services Index...
Comprehensive Security Risk Management / Security Management -- Crime and Terrorism
We approach management of security issues from the standpoint of risk management and apply the basic philosophy of risk management of “Don’t Risk A Lot For A Little”, but on the other hand we also believe that you “Don’t Spend A Lot For A Small Risk” -- we believe that countermeasures to risks must be commercially reasonable based upon the circumstances, the type of risk and the probability of the risk; and that we need to concentrate on realistic risks to your business, not highly speculative risks. For example, if you are the owner of a 5 story office building that does not have any governmental agencies, high profile or controversial companies or individuals, historical targets of terrorism (both domestic (traditional hate groups and emerging dangers such as Animal Liberation Front (ALF) and Earth Liberation Front (ELF), etc.) and international (al-Qaeda, Hezbollah, Hammas, Tamil Tigers, etc.) as tenants in your building and you are not located in close proximity to any strategic infrastructure, etc. you probably don’t need to worry that much about terrorism risk, but do need to worry about crime risks, such as “office creepers” (opportunistic thieves), your parking lot / garage, workplace violence, etc. In short, your money should be spent on protecting a crime that could result in premises liability claims against your company, not spent hardening your building with bollards, blast film on windows, moving your parking to a safe standoff distance, etc. But even as to crime risks your actions should be based on realistic risks which are determined from review of your internal incident records, those of any security guard service you may be using and local police calls for service records for your buildings and the area around your building. Below are some of the services we offer in this regard:
- SECURITY ASSESSMENTS / SURVEYS
Security Assessment, also known as Security Surveys and sometimes, although wrongly, Security Audits, in a comprehensive security assessment, it is a process where the subject of the assessment scrutinized by a professional security consultant to determine the subject’s critical assets and operations/core functions, what key unwanted events could occur, the impact that an occurrence of an unwanted event would have on assets and operations/core functions of the subject, the abilities of those seeking to carry out the unwanted event, and the countermeasures presently in place to thwart or lessen the impact of the unwanted event to arrive at a conditional risk rating. Then, additional countermeasures can be factored in to see how they would affect the conditional risk rating by reducing the probability of a loss event or, in the alternative reduce severity or impact of the loss event on the business’s assets and operations/core functions. We then select the most appropriate new or improved countermeasures for installation in accordance with a priority list.
A comprehensive assessment like the one described above can be considerably expensive and take a considerable amount of time to conduct if the subject is a large enterprise. These extensive assessments are most probably only warranted for critical infrastructures, high value assets, make or break the company operations/core functions, assets that are a target of terrorism, etc.
More common for most businesses is a modification of the foregoing appropriate to their particular risks. These assessments can be done over a relatively short period of time (average 45 to 60 days) and at a much more commercially reasonable cost. They are usually done in three parts (often called “deliverables”): an assessment of the present security posture of the subject, including what type of unwanted events it is most likely subject to, recommendations for improving the security posture, and a closing report tying it all together.
What is an asset? An asset is something that is of either tangible or intangible value to a business, such as its real property, its personal property (furnishings, furniture, equipment, rolling stock, accounts receivable, tools, etc.), its people (employees and contractors), its reputation, its working environment (safe, clean, comfortable, etc.), its client or patrons, its supply chain, etc.
What are just some of the things RisKontroL would look at? Well, let’s take a common request, a security assessment of a multi-tenant office building complex located in Houston, Texas:
1) The buildings’ crime rate compared to similar type buildings in Houston, in Texas and in other large U.S. cities -- to do this I gather statistics from your records and from Calls For Service reports with the Houston Police Department for your building and others near you and compare them using industry accepted standards -- this allows you to see how the crime rate in your buildings compares to similar buildings;
2) We would spend a considerable amount of time (time to be spent during the days, evenings, weekends, etc.) on the property, both inside and outside, walking, noting, and in some instances digitally photographing, what we observe on the property in terms of, among other things:
a) Tenant and their Employees conduct and procedures;
b) Guard force conduct and procedures;
c) Maintenance and Contractor conduct and procedures;
d) Visitor conduct and procedures;
e) Janitorial conduct and procedures;
f) Delivery personnel conduct and procedures;
g) Lighting (both internal and external);
h) Tenant’s security of their own demised space;
i) Use of and security of the common areas;
j) Garage traffic and usage;
k) CCTV coverage, effectiveness and use of the same;
l) Location of and effectiveness and use access contro system;
m) Key Control;
n) Verification of compliance with building rules and regulations;
o) Building Management security practices;
p) Ingress and Egress (including by routes and means that are normal and acceptable in an office building/complex and by routes and means that are not desirable);
q) Etc.
3) We would interview major and other selected tenants (after consultation with you) for their observations, concerns, input, etc. -- making them feel included is good public relations for the properties;
4) We would interview an appropriate representative of any property management association (or as its name may be) for their view of the overall area where the buildings are located;
5) We would interview members of your guard force, your maintenance crews, your janitorial crews, certain contractors, etc.;
6) We would review your lease form, your building rules and regulations and audit how well they are followed and how they can be improved for the benefit of reducing your company’s liability;
7) We would attempt to circumvent your security systems and that of your tenants to try and find exploitable weaknesses; and
8) Such other matters as deemed prudent by either your company or RisKontroL or as reasonably suggested by tenants.
This would be a 1st deliverable, from here we move on to the 2nd deliverable, the investigation of countermeasures that are appropriate for your risks all the while attempting to select ones that are cost efficient, don’t unreasonably burden your business process flow and produce a reasonable return on investment (ROI). The final or 3rd deliverable is a final report tying all of the foregoing together.
At RisKontroL we’re always willing to meet with you and your advisors to discuss what is appropriate for your business and to work up a proposal for those that are seriously interested in knowing where they stand on their security posture and from our recommendations of which way they should go in making improvements.
Return to Services Index...
Security Master Plans are an extension of a Security Assessment that not only looks at where a subject is today, but what their business plans are for the future, thus, heading off costly mistakes and oversights before they happen. Pre-planning and including security measures upfront is a lot less expensive prior to design and construction or implementation of a new operation, etc., than it is after, when, as the old saying goes, “the horse is already out of the barn”. At the same time one has to be imaginative, based on trends, and take into consideration what the unwanted events of tomorrow may be, who tomorrow’s targets may be, and who may be seeking to cause those unwanted events.
At RisKontroL we work with your strategic long ranger planners, with governmental long range planners and others to build into your future countermeasures for a more secure future. With technology constantly changing we don’t want to specify products, etc., but want to make sure that rough dollar amount “placeholders” are in the budget and plans for the security systems of tomorrow. We also want to build in “alarms” that signal your company as they start to move forward on new project discussions that it’s then time to get the Security Consultants involved in the details of the new plans. Certainly, September 11, 2001, brought a new reality to the United States and new threats by new and old enemies are constantly evolving - while on September 10, 2001, most businesses didn’t think that much about where parking for their facilities should be located we now stop and make sure that they are far enough away that large vehicle borne improvised explosive devices (bombs) can’t be parked near the facility, that the buildings are set back far enough from roadways that they are protected from bomb blasts, etc.
Return to Services Index...
- SECURITY & SECURITY AWARENESS TRAINING
Knowledge is power!
However, most people attempt to deal with today’s crime and terrorism issues by simply not thinking about it or convincing themselves that “it won’t happen to me or mine”. I, other Security Practitioners and even the crime prevention officers of law enforcement are constantly amazed when we offer free security awareness training to civic, community, school and religious organizations and they say “no” -- when asked why, their standard response is along the lines of “we wouldn’t want to upset our members” or “our members want lighthearted speakers or something that is really going to benefit them, like financial planners, not something that will just worry them.”
One of the single most important things in being safe from crime and terrorism is being aware of your surroundings such as: what seems out of place or just not right, why is the hair on the back of my neck standing up or why is my stomach knotting up, etc.
So what is the difference Security Training and Security Awareness Training?
Security Awareness Training is something that everyone should receive and centers on your security at home, at the office, in your car and while traveling. For example at the office it would include how to recognize signs that a co-worker may have violent tendencies and/or intentions, how to spot an “office creeper” (opportunistic thief), how to protect your office against an “office creeper”, steps to take when you are all alone in the office or working late at night and going to your vehicle. It’s more about awareness for everyday life. For young singles its about safety on and off campus, on dates, at a nightclub, etc.
Security Training is more advanced and is more oriented for someone who is more likely to have an imminent problem. For a woman it may be that she feels she is being stalked. For a business it may be learning about internal theft. It is not as intense as Executive Protection Training & Planning.
We also do Security Operations and Security Management Training for a wide range of individuals and businesses, both in and out of the security industry. Ask about our new On-Line Security Training programs.
At RisKontroL we teach and train people in both of the foregoing. We train people to be alert, aware and cautious, not afraid. We train people to look and listen and to trust their own instincts when they feel that something is not quite right. We train people in the basics of when to act and how to act. We train people to call their local or state or federal authorities. We teach people about common scams, tricks to get into your home or get you out of your car, etc. We teach people how to recognize danger signs and respond to them. We teach business managers and owners to recognize signs of a possible internal thief, a sexual harasser, etc.
Return to Services Index...
- SECURITY POLICIES, RULES & REGULATIONS DEVELOPMENT & MANAGEMENT
Security programs are derived from security policies. Poorly defined policies equates to a poorly defined program. Any rules, regulations or technologies deployed should only be deployed if they support and contribute to moving successfully toward at least one of the security policies.
Think of security policies as your goals and these goals can either be strategic (long term) or tactical (short term) or, as is most common, a mixture of both. Supporting your security policies you would have security rules and regulations, as well as the technologies (both modern (e.g., CCTV) and those that have existed for centuries (e.g., fencing)) which assist you in meeting those policies. If a security rule, regulation or technology does not support one of the policies, the question should arise, “why have it?”. A good example of a security policy would be to reduce unauthorized access to a facility.
Whether or not we achieve our security policies and/or how close we come to achieving them is how we measure the success of a security program. The trick in writing security policies is to write policies that the organization’s security program has the ability and the authority to achieve. Once appropriate security policies have been written, then the means to achieve them can be determined, deployed and their success measured. Security policies become strategic goals and the means to achieve them become tasks.
Security rules and regulations govern the interplay of individuals to the organization’s security policies. They govern how individuals will act, such as what they will do in response to certain things, what they will and won’t do, how they will do certain things, etc. Utilizing our example of a security policy of reducing unauthorized access to a facility, our rules and regulations for that might be such things as not letting anyone through an access controlled door with you unless they personally activate and are allowed in by the access control system (in the United States we pride ourselves on being polite like saving someone having to go to an extra effort to get their access control card out, so we hold the door for them; unfortunately the bad guys capitalize on this trait of politeness and improperly gain entry).
To the foregoing security policy and the security rules and regulations we add the technology, i.e. in this example, an access control system.
Everything works together to form a proper security program, unfortunately we run into many organizations that simply want to throw money at technology believing that all things can be solved with technology -- nothing is further from the truth. Technology is merely a tool to assist humans in a security program.
At RisKontroL, we have vast experience in putting together the entire program for clients, but a couple of our strongest points is in the security policies and in the rules and regulations thus laying a strong foundation for the selection of appropriate technologies.
At RisKontroL, we also realize that once the policies and rules and regulations are developed that they are only effective if applied fairly, consistently and constantly, and we provide effective management of these issues by writing audit and measurement (metrics) procedures and training your personnel in utilizing those procedures.
Return to Services Index...
- EXECUTIVE PROTECTION TRAINING & PLANNING
A business organization’s most important asset is often its people. In today’s world of terrorism and crime, whether traveling abroad or domestically, or even at home or in the office, the executive and even middle management and front line supervisors face a wide range of risks. In this section we are going to concentrate on the executive; however, almost all of the thoughts herein are applicable to any of the organization’s personnel.
Statistically, the greatest danger to any person traveling internationally is:
1) Murder;
2) Kidnap for Ransom;
3) Hotel Fires;
4) Transportation Crashes;
5) Robbery.
It is #3, Hotel Fires! Foreign hotels are often not built to U.S. standards.
Statistically, the 2nd greatest danger to any person traveling internationally is:
1 Robbery;
2) Fraud;
3) Medical Emergencies;
4) Transportation Crashes;
5) Distraction Thefts
It is that old # 3 again, Medical Emergencies. Foreign medical care is often not up to U.S. standards, either in terms of personnel or facilities.
In some countries an executive should take another person with them to the restroom at restaurants and other public places -- the reason for this is:
1) Robbery;
2) Kidnapping;
3) Murder;
4) Blackmail;
5) Assaults
It is # 4 this time, Blackmail. An old con game in a number of countries is for the executive to go to the restroom and after he/she has been back at his/her table for a few minutes a little boy or girl with “daddy” in tow points and says “that is the person who tried to touch me in the restroom”. Of course, if reasonable compensation is quickly made, the daddy won’t call the police -- remember in many countries when you call the police, you are calling part of the criminal enterprise.
In many countries of the world, kidnapping is:
1) Common;
2) A Hobby;
3) A Standard Job Classification;
4) A Business;
5) All of the Above.
It is # 5 -- All of the Above. This is particularly true in countries South of the United States in the Western Hemisphere and gaining popularity in parts of the Caribbean. Again, very often when you call the police for assistance, you have called the kidnappers or their partners. K&R (Kidnap & Ransom) Insurance is a good investment because almost always, upon payment of ransom, after skillful and sometimes extended negotiations, the executive is returned unharmed -- to kill the victims would be to ruin the chances of the business continuing to be a success. But remember in other parts of the world, kidnapping is deadly almost 100% of the time (Middle East, Indonesia, some parts of Africa, etc.) as ransom is not the goal, but publicity is what is sought and the more gruesome the kidnapping and killing the more media attention will be gained.
At RisKontroL we work with our trusted and proven specialized associates, often former agents of the United States Secret Service, United State’s Department of State Diplomatic Security Service, or other federal, state or local, and even foreign, former law enforcement, military and intelligence officers trained and experienced in high level Executive Protection, combined with both domestic and foreign private intelligence and executive services, to train, educate and equip the executive with the skills, knowledge, personnel and equipment to live and travel safely both domestically and abroad.
Besides safety and security and whether here in the United States or abroad, an important asset of the business executive to be protected is his or her public image of being a skillful, ethical and competent leader. It has been said that former Senator Bob Dole may have lost his presidential bid when his executive protection team failed to prevent him from falling off of a stage when a rail he was leaning on broke, thus making him look like a bumbling person. There are so many facets to consider in executive protection and at RisKontroL we work with you on all fronts.
In Executive Protection it is not about being a world class shot or about brawn, it is about brains. Intel, advance planning and skillful execution is what keeps the executive safe. It is not about standing and fighting, as that is only a last resort; it is about keeping the executive out of harm’s way to begin with, but if harm raises its ugly head, then it is about getting the executive as rapidly as possible from the area of danger to one of safety.
Some important areas of Executive Protection that RisKontroL can assist in are:
- Distance Travel Security -- i.e., foreign or long distance travel in the U.S.;
- Local Travel Security -- getting safely around the area of the executive’s normal everyday travels for work, shopping, entertainment, etc.
- Home Security -- making and keeping the executive’s residence secure, their communications to and from the home secure, safe/secure rooms in the event of home invasion or severe storms, etc.
- Office Security -- making and keeping the executive’s area of the office secure from publicity seekers, environmental and other activists, workplace violence, industrial spies, etc. Providing for escape routes, etc.
Return to Services Index...
- OPSEC -- OPERATIONS SECURITY
Operations Security is learning how much information can be derived about a person or business endeavor by means other than illegal activities -- what is available on the internet, what is available in public records, what is available in trade publications, what can be learned by just sitting outside of your business and watching who and what comes and goes, The United States government states it this way: “Operations Security (OPSEC) is an analytic process used to deny an adversary (competitor) information - generally unclassified - concerning our intentions and capabilities by identifying, controlling, and protecting indicators associated with our planning processes or operations. OPSEC does not replace other security disciplines - it supplements them.” “The information that is often used against us is not classified information; it is information that is openly available to anyone who knows where to look and what to ask.”
Operations Security is a tool that your competitors and America’s adversaries believe in and apply to their activities. It is one your business needs to understand and integrate into your daily routine. Much of the assets of businesses is information, and not all of it is classified, or receiving the protections that you normally place on your most sensitive proprietary information or trade secrets. What we don't always realize is how much we are giving away by our predictable behavior, casual conversations, routine acquisitions and Internet information. You must be careful of what you are revealing - failure to do so could provide your competitors and America’s adversaries with the information they need to gain a serious business advantage against your company or to execute additional terrorist acts against the United States.
At RisKontroL we, often in concert with our trusted and proven specialist associates, can run OPSEC studies on you and your business and assist you in closing the windows through which your competitors and America’s adversaries see through to gain information to harm you, your company, and, in some cases, the whole of America.
Return to Services Index...
- PROPRIETARY, CONFIDENTIAL & TRADE SECRET PROTECTION
Today we live in a world where information is more powerful and valuable than ever and that means someone out there wants your proprietary, confidential and trade secret information. It can be a number of people, from foreign or domestic competitors, to someone thinking about attempting to defraud your company, to a present employee or past employee that is upset with you or your company or is sending your info to their new employer, and so on.
The actual person who is tasked with stealing your information may be one of your own employees, it may be a member of the janitorial staff (do you leave sensitive documents laying around at night), a repair person, a computer technician, or even a industrial espionage specialist. It can happen at your office, at a trade show (where a member of a sales team is too talkative about an upcoming new product), at the local bar, the gym, the country club, etc. (loose lips sink ships), at a hotel where a laptop is stolen from a member of your staff’s room, and so many other places.
In most countries of the world, large corporations expect and receive high quality commercial intelligence from their country’s intelligence agencies (like our CIA) so you may have the real professionals with all of the techno-gear assisting them trying to get information to benefit their own citizen businesses. One certain foreign airline for many years had covert microphones and video cams installed above the passenger seats -- American business folks flying to a negotiation would work on polishing their bid for a large contract while flying and by the time they walked into the negotiation the other side already knew what their strategy would be.
At RisKontroL, we can assist you and your company in preserving your proprietary, confidential and trade secret information by helping you understand the techniques that may be employed against you and then improving your physical, cyber/communications and travel security in various ways, including technology, and most importantly, in training your personnel in counter-measures to the other side’s operations.
Return to Services Index...
A security system can often be quite simple at a given installation or for a small sized company. However, today the marrying of access control, with fire detection and protection systems, with communications (voice and data), with intrusion detection, CCTV (which today has some amazing technology for such things as seeing in dim light (high tech cams and/or infrared cams), to seeing in absolute darkness (thermal), to software that will let you set alarm conditions using pixel technology), with long term recording and rapid locate and playback equipment (DVRs or DVMs -- the videotape recorder of yesterday is almost gone), with perimeter protection systems, and so much more is becoming more and more common. This “marrying” requires people that are specialists in not only choosing the right mix of equipment for you, but also in tying it altogether so that it gives you the maximum return on investment and the maximum quality of protection.
Your going to an equipment vendor for this type of design will mean that most likely what you get will be very heavily weighted in whatever the vendor is selling and anything else will be products that are easy for them to integrate with their equipment. Vendor driven equipment and system purchases are not the correct way to go. An independent consulting security engineer and/or consulting security system designer who is paid a fee for their services is preferred because you get someone who does not have a product to sell for which they are getting a commission and the design services for free or low cost because they know they will get you on the equipment purchase.
At RisKontroL, we have trusted and proven specialized associates that do not sell any products or services, other than their own design and project management services, who work hard to see that you get the type and size of integrated or converged security system that you need, not one that the vendor needs to sell this week.
At RisKontroL, like your primary care doctor, we can, ourselves, assist those with smaller and less complicated projects.
Return to Services Index...
- COMPUTER / INFORMATION / COMMUNICATIONS & DATA TECHNOLOGY PROTECTION
Today, we are very heavily dependent on our computers, information, communications and data technology for so many facets of our business and of our personal lives. To keep this wonderful tool working for us and not being the means to our end we have to take a number of steps:
a) Physical Security Equipment -- are the computers and the communication equipment and their access terminals safe from theft, fire, vandalism, sabotage, flood, etc. -- can unauthorized individuals get to the equipment; do user’s leave their computers on and unprotected when not at their desk, do people write their usernames and passwords down and leave them on or around their desks, do you have good rules, policies and protection about what is loaded on the computers, are your voice and data cablings protected, etc.;
b) Physical Security Traveling -- is your laptop or electronic media you are carrying with you on the road safe from theft, damage by airlines, etc., damage by your own carelessness, safe from people looking at your screen, safe from magnetic or other media disruptive forces, etc.;
c) Wi-Fi, Bluetooth or other Non-Hardwired Access -- are the WiFi systems you’re logging on to secure, can someone intercept your transmissions, can someone log onto your computer, etc.
d) Power Supply -- do you have appropriate back-ups going during work so you can recover lost documents, do you have enough fuel for the generators, do you have surge and low voltage protection, are the batteries in your computer, information, communications and data equipment and your UPS (Uninterruptible Power Supply) charged and in good condition (remember batteries wear out with age and other factors), etc.;
e) Networks and On-Line Protection -- are there appropriate authentication measures, are there anti-hacking/anti-intrusion measures, is the virus checker of good quality and current, do you have both hard and soft firewall protections (if appropriate) and is the software/firmware current, is voice and/or data cryptology appropriate, etc.
f) Back-Ups -- on mission critical activities do you do real time remote back-ups, do you have appropriately configured and hot-swappable RAID drives, do you make daily back-ups and store them away from the office, do you have an arrangement for mission critical applications for an outsourced or additional computer at another company owned facility to take over the work should the main computer running the application fail, etc.;
g) Penetration Testing -- Have you had experts who specialize in hacking, etc. run tests on your system to see if they can be compromised -- NOTE: don’t let just anyone do this, not only can they mess up your system if they aren’t qualified, but they may be “bad” guys masquerading as “good” guys -- be sure they are reputable and properly vetted;
h) Document Disposal Policies -- do you have in writing appropriate document (in this instance electronic documents) disposal policies and procedures, are they enforced, are they audited -- this can be a major matter in litigation discovery, etc.;
i) Computer, Information, Communications & Data Usage Policies -- do you have in writing strong policies on use of company computers, networks, communication/data lines and internet access, are these policies signed by every employee and contractor and kept safe by human resources, does your policies provide that the company can monitor computer use, read and copy anything on the company computers (including private/personal matters), do the policies allow for the company to use key-loggers and other monitoring devices and software, do the policies allow for the company to monitor (including personal phone calls) communications using company equipment or from company property or on company time, etc.; and
At RisKontroL we can assist you on all of the foregoing matters even more that are related to your computer, information, communication and data systems. Many of services, especially c, d, e, f, and g, require the use of our trusted and proven specialized associates and with these associates we have a wide variety to choose from that is appropriate for each size of company and particular to its risks, including former National Security Agency (NSA) computer and communications protection specialists;
Return to Services Index...
- FACILITY PENETRATION TESTING
So you think or have been told, by either your in-house security staff or your vendors, etc., that your facility is secure. Well, the best way to find out is to run penetration tests to see if we can get to someplace where you don’t want us, get a hold of something you don’t want us to get, or damage you in some way (all done without actually removing anything from your premises or damaging any of your property), see if your security officers are performing as they should be, see if your systems give you the coverage you were promised, etc.
At RisKontroL we can run various scenarios to test your security, before the criminals or terrorists do so, while you still have time to make corrections. We test systems and people. We do so, “Uberrimae fidei” - in utmost good faith, with appropriate controls in place for your and our protection.
Return to Services Index...
In the traditional Risk Management Model the final item is “Monitor”, which includes not only monitoring the applied tool and/or countermeasure to see how well it is working, but also includes “tweaking” it to make it work even better based upon lessons learned after its deployment. Security audits should be an ongoing task of the client with an occasional audit conducted by the outside security professional.
In RisKontroL’s Security Management Model “Monitor” is also the final item and includes all that is included in the Risk Management Model, but we find that the client needs the security professional to actually design the audit for them by assisting them in choosing metrics to measure how well the deployed tools are working, helping them choose realistic benchmarks and goals and then seeing how well the results assist the organization in reaching its tactical and strategic goals.
Many people use the terms Security Assessments, Security Audits, Security Surveys interchangeably, however, Security Audits monitoring as opposed to assessing or surveying.
Ask about our new program for ongoing Security Compliance Audits on a long term contract at most reasonable rates.
At RisKontroL we view Security Audits as a very important function all of its own and work with your corporate staff and outside security services contractors to make sure that you are measuring meaningful data for your strategic purposes while making sure that the Audits are performing the function of monitoring so you can accurately appraise, and if necessary, tweak those that can be improved.
Return to Services Index...
Project Management of security projects requires experience in all phases of the project from writing the RFP, to choosing the right vendors, to doing due diligence, to coordinating the installation and ensuring quality control and pre-payment testing. Project Management of a security related project goes beyond just being a good project manager, it requires an intimate knowledge of the security industry, its standards, customs, law, rules & regulations, etc.
- Request For Proposal (RFP) Writing -- Like a good building, a project needs to have a firm and proper foundation and the RFP when properly written in sufficient, but not overly restrictive detail, lays the foundation for the success of the entire project and is easily converted to a contract;
- Vendor Interview -- Like all other industries, the security industry has its own language, norms and standards, customs, etc. when selecting a vendor(s) knowing the right questions to ask is one of the major keys to selection of a quality and experienced vendor;
- Vendor Selection -- Knowing the little hidden differences between bids/proposals, the reputation of the vendors, etc. is so important in selecting just the right vendor for your project;
- Vendor Management -- Whether one or a number of vendors will be involved in your project a security project often comes together somewhat differently than the traditional building or improvement project and again, it is experience with both large and small projects in managing vendors that leads to a successful completion;
- Quality Control -- Unless your in-house project managers, your engineers or architects, etc. have experience and training in security management and looks at your overall security policies and goals holistically instead of just focusing on the particular project being installed it is highly probable that you will end up being disappointed with the final result -- good quality control in security projects requires an intimate knowledge of overall security management.
At RisKontroL, we have within our own firm, and via our trusted and proven specialized associates, the personnel that are experienced in large and small projects, that truly understand and have vast experience in security management and in project management of such projects and that believe in exemplary customer service and dedication.
Return to Services Index...
- GUARD FORCE SELECTION / MANAGEMENT
Hire a well recognized security guard company and trust them to do their job -- WRONG! Over the years we’ve found that most companies that hire contract guard services cannot tell you exactly how the guards will react to any given scenario, often have no clue as to what the guards should and should not be doing, often have no clue on how to measure whether or not the guard service is performing according to either contract or best practices, etc. and when something goes wrong they get upset at the guard service for not doing what the business thought the guard service should do. Even worse, the businesses using the outside guard service has failed to inform, or even worse yet, misled, employees, invitees, etc. of what they can expect and what they shouldn’t expect. The exception to the foregoing is normally businesses that have an in-house security professional that knows how to select, negotiate and set standards of service.
The same often applies to companies that attempt to use proprietary guards. They often hire someone who has some security guard experience and expect them to do the job and fail to give them proper education and direction.
Unfortunately the same often applies to those who decide to use off-duty sworn law enforcement officers (LEOs) as their security officers -- they fail to understand the legal requirements that the officers have to deal with in their off-duty jobs and are shocked and dismayed when an unintended consequence of using off-duty LEOs occurs -- a couple of examples, off-duty officers in most places enforce only criminal laws, they do not enforce “house rules”, in most instances they do not protect your company from liability for their actions if they violate someone’s civil rights or negligently injure someone, if they see a crime (like a college student smoking marijuana) unlike non-LEO campus security who can take the student to administrative hearings within the university, they must arrest the student.
Any of the foregoing can lead to huge liability claims and lawsuits, embarrassing media coverage, disappointed employees and customers, etc.
- Proprietary -- Studies show that generally a proprietary guard system, when they are properly selected, educated, trained and supervised is more likely to perform better for a business than contract guard services for a number of reasons with one of the biggest being they are part of the business’s corporate culture and team. Needless to say, they are much more responsive to the demands of the business’s management, especially in terms of being more customer service oriented. Another huge benefit is that their turnover is considerably lower than those of contract guards. However, the down side is that they are more expensive when you consider wages, benefits, training, cost of uniforms, liability insurance, etc.
- Contract -- Hire the company and forget -- AGAIN WRONG! As discussed earlier in this article, and without repeating the same, there is still much that has to be considered, understood, agreed and managed. But certainly they are in the long term less expensive, as long as you have a good contract and firm written understandings of scenario responses and performance expectations with metrics in place. Another problem is that the guards assigned to your place do not work for you and you have the chain of command, etc. to deal with. But one of the biggest disadvantages is turnover -- the security guard industry has an average turnover rate that varies between 75% and 85% with some companies having over a 300% turnover rate -- so continuity is just not there and that, in security can be a major disadvantage.
- Off-Duty Law Enforcement Officers -- Hire the folks and forget, after all they’re really trained -- AGAIN WRONG! A LEO’s first duty is his sworn duty to uphold the laws of the state and its political subdivisions -- not to make you happy or to obey what you want from a business standpoint. Remember a LEO is trained to act, to stand and fight, to make the arrest and for a business that is not always the best choice or desired result. Also, off-duty LEOs are expensive in terms of wages, they have certain departmental restrictions on them and when a catastrophe strikes it is highly doubtful they will be there for you -- they will be called back to 24/7 duty with their department (although there are some back-up plans that can greatly ameliorate this event). On the advantage side, they are a real deterrent to crime and terrorist activities, they are experienced and well-trained, they have authority and can use force, including deadly force, for traffic control they give you a much better degree of liability control than a contract or proprietary guard, they can call for assistance and usually flood an area with on-duty personnel in a matter of moments, and they have the authority to call for certain government support services that might not ordinarily be available until LEOs arrive and evaluate.
At RisKontroL, we understand and have experience with the entire guard force process from selecting the type of guard services, to preparing the RFP, to selection, to contract negotiation, to contingency/disaster clauses, to preparation of written understandings of how the guards will respond to various scenarios, to training, to licensing, and beyond. We understand LEOs and their use in off-duty situations and their requirements and restrictions. We can help you make the correct choice for your organization and then assist you in making sure it works as you desire.
Return to Services Index...
- CONTINGENCY / EMERGENCY PLANNING
While a lot can be said for being an optimist one still must realize that in life many things that can go wrong will go wrong and the business that is not prepared beforehand with good contingency and emergency planning, that is kept up to date, and that is practiced (at least via tabletop exercises) will one day find itself in a very critical situation that may cost lives and/or cause the financial collapse of the business. There are so many things to consider in a catastrophe and/or emergency that security is often forgotten about or severely downplayed. Usually after a catastrophe and/or emergency security is more important than ever because normal security measures are often down due to lack of electricity, inability of security personnel to get to the jobsite, off-duty LEOs being called to 24/7 duty with department, inability to get certain supplies, fences and windows being damaged, etc.
At RisKontroL, we work with your security department if you have one, and always with your risk management and contingency and emergency planning personnel to analyze and provide for continuation of appropriate and adequate security before, during and after the catastrophe and/or emergency has passed. We make sure that from a security standpoint that you have back-up vendors in place, know what kind of temporary equipment is available and that you have stand-by contracts for the same. We work with you to coordinate with appropriate governmental agencies so that you maintain your secure posture in order to fulfill requirements of law, rules & regulations, as well as good business sense. Security planning for contingencies, emergencies and catastrophes requires specialized knowledge and RisKontroL is there for you.
Return to Services Index...
- SECURITY / RISK RELATED INVESTIGATIONS:
At RisKontroL we don’t do marital, car wreck, etc. investigations, we only do investigations that have a component to them that is often best handled by someone who is not only a trained and highly experienced investigator, but is also an Attorney or someone with a strong federal, state or local law enforcement background working under an Attorney who has a strong and full understanding of private investigations. Many companies prefer their investigations to be done by their legal counsel, but often legal counsel doesn’t have the necessary full range of investigative training or, more likely, they want to be able to be your legal counsel in the matter, not a witness.
For some matters such a surveillances, technical countermeasures (locating technical eavesdropping devices) etc. we bring in our trusted and proven specialized associates that are licensed private investigation companies for their manpower, specialized skills and equipment and for liability reasons during mobile surveillances -- but RisKontroL will not let the 2006 Hewlett-Packard scenario happen to you and your business because we intensely oversee that our associates and outsourced contractors strictly obey the laws, rules and regulations pertaining to investigations and privacy concerns and that your company’s ethical standards are matched or exceeded. We will refuse instructions that are contrary to the foregoing and/or place anyone in danger or life or limb. Your good corporate image deserves that.
At RisKontroL, we work extremely closely with your in-house security personnel, if you have them, and with your in-house and outside legal counsel -- we don’t want to replace them, just supplement them with special skills and give them the freedom to represent you as your legal counsel just as they have in the past.
We would urge you to consult with us on the following types of investigations:
- Internal Theft
- External Theft
- Title VII and Similar Matters -- civil rights, sexual harassment, Americans with Disability Act, etc.
- Company Policy & Procedure Compliance
- Regulatory Compliance
- Due Diligence for Numerous Reasons
- Special Management Oriented Investigations
Return to Services Index...
- PRIVATE INSPECTOR GENERAL SERVICES
Private Inspector General Services is when two or more parties contract, or when a party is court ordered, as part of a contract, settlement agreement, judgment payoff agreement, or plea bargain to undertake or perform certain acts, refrain from certain acts and/or operate in a certain manner and they engage a neutral third party to monitor and audit the obligor to assure compliance with the contract, agreement, or plea bargain. This can provide the obligee with the level of comfort that is necessary for them to enter into the agreement. The fee is usually paid by the obligor(s), but may be split in any manner decided by the contract or agreement or court order.
At RisKontroL, we provide such auditing, monitoring and oversight services for a broad range of matters and pledge to perform “Uberrimae fidei” - in utmost good faith. This type of service is somewhat similar to a receiver, but without the impact on financial and daily business operations and the lost of faith with customers, bankers, vendors, etc. that a receivership so often causes. The Private Inspector General, normally does not have the power to control, manage, restrict, freeze funds, etc., but does have full access to audit and monitor the accounts, operations, etc. of the obligor and to report the same to whomever the contract, agreement or plea bargain directs. The agreement can provide for greater powers, especially upon the occurrence of certain conditions and they often provide that the Private Inspector General can bring suit or use discovery proceedings reserved from a prior lawsuit to enforce its ability to monitor and audit in an unrestricted manner.
Return to Services Index...
- TRADITIONAL RISK MANAGEMENT, INCLUDING INSURANCE PROGRAM MANAGEMENT AND CLAIMS MANAGEMENT
Many small and medium companies are large enough where they are facing much more complex risk management, insurance requirements and claims/litigation management needs than they have the skills to handle in-house. These companies have learned that often times their historical insurance broker/agent is not sophisticated enough to handle such service, does not always have the client’s best interest at heart or just does not want to perform the services in the manner that the client needs.
Our services cover the entire gamut of traditional risk management services:
- Loss Prevention -- Reduction of Occurrences
- Loss Control -- Reduction of Severity / Impact on Financial Strength
- Risk Transfer -- Insurance and Other Contractual Techniques
- Risk Financing -- Retentions, Self-Insurance, Captives, Deductibles, Hedging, etc.
RisKontroL can provide those services on a consulting basis. Rebecca S. (“Becky”) Walker, CPCU, ARM, with over 33 years in commercial insurance and risk management, is the Principal Consultant on traditional risk management issues, such as insurance underwriting negotiations, complex premium plans, and claims/litigation management. She can also train your in-house staff to be more “insurance and claims aware”.
Return to Services Index...
|
