Personnel Security Mike Mason, CPP, CFE, CPS Security Manager Lyondell/Equistar Chemical Companies Three Components of Security Personnel Security Physical Security Personnel Information Security Security Physical Security Information Security Personnel Security Involves those measures taken to safeguard a company’s employees and those coming to a place of business either for business reasons or as a guests. Can further include access control systems that control access in and out of specific premises. Personnel Security Various identification card systems, passes, and permits used by companies are considered personnel control. Probably the most recent concerns classified under personnel security are executive protection and background investigations. Interaction of Security Components Alarms & Hardware Security Personnel Protective (Security) Components Security Policy & Procedures Employee Support Important Points for Success A Security program must become an integral part of both the operations and management systems of an organization. Unlike most other components of an organization, security directly affects every other component and thus must be extraordinarily concern with the comprehensive quality of the programs it offers. The Human Factor FBI statistics indicate that 72% of all thefts, fraud, sabotage, and accidents are caused by a company’s own employees. FOR MORE INFO REFER TO CURRENT FBI STATISICS Another 15 to 20% comes from contractors and consultants. Only about 5%to 8% is external people. Personnel Customers Visitors Employees Executives Contractors & Consultants Unauthorized persons Customers and Visitors “Due diligence” is the rule of thumb when it comes to protecting people who come to your premises. History of security incidents where people have been the target. Efforts to provide adequate security can prevent or reduce liability. Workplace violence prevention plan. Employees Human factors, probably the greatest single source of risk, including both human error and failure. An organization’s employees are now considered a corporate resource and asset, requiring constant care and management. Employee Liability Issues A co. can be held liable for ignoring their prescribed duties when injury or loss could result. A co. can suffer liability for damages resulting from its negligence in not providing enough security. A co. is subject to liability for negligent hiring and failure to train personnel. Employee Liability Issues (cont.) A co. is liable for negligent actions of their employees. A co. can be held vicariously liable for criminal acts of employees. Discharged employees are entitled to view reports of investigation that caused termination. Interrogation is not a coercive action. Employee Liability Issues (cont.) An employee can be terminated for refusing to cooperate in polygraph test Results of a polygraph exam are admissible if both parties agree. Employees have an obligation to assist in investigation and report loss. Employees obligated to comply with policies as condition of employment. Importance Personnel Practices A company’s existence could depend on the integrity of its employees. Without security processes in place, an organization’s reputation could be destroyed. The new employee’s ethical outlook is unknown to the company. Importance Personnel Practices New employees may have access to extremely sensitive and confidential information. Unauthorized release of sensitive information could destroy the corporation’s reputation or damage it financially. Importance Personnel Practices An employee, who has just accepted a position with a major competitor, may have access to trade secrets that are the foundation of the corporation’s success. Hiring Practices Corporations must take special care during the interview to determine each candidate’s level of personal and professional integrity. The sensitive nature and value of the assets that employees will be handing require an in-depth screening process. Hiring Practices (Cont.) At a minimum, the screening process should include a series of comprehensive interviews that emphasize integrity as well as technical qualifications. References from former employers should be examined and verified. This includes former teachers, friends, co-workers, & supervisors. Hiring Practices (Cont.) Former employers are usually in the best position to rate the applicant accurately, providing a candid assessment of strengths and weaknesses, personal ethics, past earnings, etc. Unfortunately many employers have become increasing cautious about releasing necessitating release forms. Hiring Practices (Cont.) Use of a reference authorization and hold-harmless agreement oftentimes provides the necessary information. Be sure reference authorizations have: signature of applicant, releases former & prospective employers, and clearly specifies the type of information that may be divulged. Hiring Practices (Cont.) What to Look For? A Straw person Perhaps? Education Training Experience Stable Work History Professional Certifications Clear Criminal Record Fiscal Responsibility Background Continuity Physical Fitness Sample Security Officer Checklist Responsibility, honesty, conscientiousness: being morally, legally, & mentally accountable; being fair, objective & straightforward; being scrupulous & professional in the performance of his/ her job; concern for being to work on time, being of such moral character as to avoid involvement in theft, graft, bribery, or other dishonest activities. Sample Security Officer Checklist Concern for protecting confidential information; personal concern about avoiding absenteeism; concern for the safety of others; concern for reporting whole truth, and only the truth, about any incident involving employees; respect for the rights of others; and concern for appearance, demeanor and personal hygiene. Sample Security Officer Checklist Reading & Writing Communicative Skills: Ability to write a clear and concise incident report; communicate in a clear and concise manner; reading ability at a 12th grade level. Leadership Skills - exercising responsible authority over people & property: ability & willingness to discharge duty without getting too close to employee; Sample Security Officer Checklist (i.e. without getting emotionally or personally involved to the point of becoming ineffective; ability to take action decisively when necessary in emergencies, and making correct decisions; ability to recognize the development of a potentially dangerous or emergent situation; possession of alert mind….. Screening Techniques Application or resume verification. Honesty or integrity testing. Physical and physical agility tests. Personality testing. Background checks. Polygraph examination (when authorized) Security Awareness Programs Initial orientation training for everyone when initially employed. Annual security awareness training. Training Documentation Requirements: Curriculum Attendance roll Evaluation of comprehension Instructor(s) qualifications Personnel Disciplinary Action Only for clearly defined and properly documented incidents. Must follow the company’s disciplinary policy - dependent on severity: Verbal warning Written warning Decision-making leave Termination Personnel Disciplinary Action When an employee leaves, even if on excellent terms, certain precautions regarding employment terms in effect: Return all documents, records, and other information regardless of media. During exit interview, terms of original employment agreement reviewed (i.e. non-compete, wrongful disclosure, etc. Executive Protection The threat to executives comes from terrorists who perpetrate hostagekidnapping incidents these reasons: Worldwide recognition & publicity. Emphasize organization’s vulnerability. Value powerful psychological impact. Obtain benefit for cause (i.e. funds, release of fellow terrorists, etc.). Company’s Duty To Protect Manage situations through preparation. Employees provided with the best risk information about various overseas environments where they are assigned. Employees should be advised on how to protect his/herself through planning and preparation. Develops a plan to quickly respond to an incident and effectively operate to recover a kidnapped person. Executive Protection Management Program Implement a county specific, proactive plan that identifies detailed activities to be accomplished. Threat situation procedures in place. Employees training to prevent or to survive being kidnapped. Viable, ongoing risk assessment activities. Specific Activities in Plan Crisis management team formation. Arrangements for logistical support. Command & control decisions (i.e. who will participate/manage the effort. Make decisions regarding ransoms. Conduct risk assessment to determine need for kidnap insurance. Send response team to be with family. Specific Activities in Plan Address publicity issues. Establish government relations (U.S. State Dept. & country of occurrence). Determine who will negotiate. Formulate victim recovery process. Make arrangements for victim post event handling. Vulnerability Assessment WHEN SELECTING A TARGET, TERRORISTS EVALUATE FOR SUCCESS: Accessibility – take steps to harden target. Prestige – respect & influence target enjoys. Visibility – widely publicized target at risk. Financial – company ability to pay motivates Family – reputation for closeness attracts. Medical Condition – healthy target is at risk. Due Diligence is Key EVERY COMPANY SHOULD TAKE PRECAUTIONS TO PROTECT PERSONNEL & PROPERTY FROM THREATS: Assassination Ambush Kidnapping Extortion Harassment Bombings Company Policy Should Address: Establishment of a Crisis Management Plan. Formulation of a Crisis Management Team. Conduct of a threat analysis with updates. Procurement of Negotiating Team Support. Establishment of an Executive Protection Committee. Establishment of an Onsite Command Post Team. Development of an Evacuation Plan.