How to better protect the business - Introduction based on findings of SUPPORT Delft, May 9, 2012 Henk van Unnik Senior advisor, Securitas Maritime & Logistics Security Solutions Introduction • Picture of crime and terror • What has influenzed the corporate invironment • Risks related to Ports and Port facilities • What drives Crime and what drives Terror • SUPPORT´s 11 points of attention • How is Security perceived and organized to day • How can SUPPORT improve this • A proposed Model Picture of Crime and Terror • Corruption and bribe • Infiltration through joint ventures • Growth in violence • Underworld interwoven with the overworld • Loss of integrity in the business climate • Loss of a Ports reliability • Damage to supply chain, economy, and the rule of law What has influenced the Stakeholders Changes at Corporate level • structure and pace of corporate life and - security • more global trade and - economy • new business practices • risks more complex • interdependence between risk and business • higher security profile Risks related to a Port A Port is vulnerable to crime due to • concentration of valuable goods • limited number of people present during night time • poor control over stocks and data • poor awareness of risks • lack of transparency and inspections of corporate processes • blind faith in people, insufficient recruitment processes • too much confidence in social control between employees Risks related to a Port facility A Port Operator is extra vulnerable to crime due to: • placing too much trust in people and effectiveness 80 – 20 rule • lack of awareness • lack of efficient security procedures • weak systems of internal control • inadequate pre- employment and background checks • inadequate protection of information and IT systems • lack of business partner requirements • shift in norms and values What drives Crime Mechanisms that drives crime Demand driven by: Supply driven by: Greed Own use Global disease Crime as profession shift in norms / values Need created by PR & sales activities Poverty Crime opportunities by ineffective and insufficient processess, procedures, risk perception and mitigation exploitation /exclusion / culture Can demand be influenzed Little to nothing Can supply be influenzed By reducing vulnerabilities throug adequate security management What drives Terror Mechanisms that drives terror Selecting a terror object is based on the circle of 3 V’s • Visibility of an object • Value of an object • Vulnerability of an object The only V that can be influenzed to break this circle is Vulnerability 11 points of attention • Managing security (WP2) (WP5) (manual 2) • Threat and vulnerability assessments and control measures (WP4) • Access control • Inspections at access control • Screening of staff • Standards for fencing, alarm systems and CCTV (WP3) • Monitoring and surveillance performances • Handling of cargo in cooperation with Customs • Checking of personnel at the facility • Training and awareness programs • High resilience concepts (WP5) (WP3) How is security perceived From a business perspective A defensive approach focused on protection and `loss prevention` stopping people to do their jobs instead of enabling the business to function and grow. From a security perspective Only two components are considered to be addressed the most important components are hidden, leading to a wrong risk perception, a wrong risk coverage and ineffective risk methods. Physical security Process and procedure How to align perception and development Characteristics of alignment • Convince colleagues that the role is to deliver security to support every day decisions • Initiate the view that security is also there to improve management • Help the organization by taking and mitigate risks • Make sure that security developments respond to market developments • Help departments to align strategic and operational activities from a security perspective • Emphasize that legitimacy of security not only comes from expert knowledge but also from – Business understanding – Skills of people – Management ability and – Communication expertise Improvements by SUPPORT Security performance of an organization is as good as its processes and procedures To create a model we looked at two different approaches - one, a top down approach where the top management is responsible for security and instigator and facilitator of a model like Corporate Security Management OR - two, a bottom up approach where the PFSO / PSO supported by instruments, that enables him to do so, takes the initiative for Process Improvement Management A process improvement model Provide the PFSO / PSO, based on the provisions of the ISPScode, the AEO guide lines, the IMO`s “ Guide to Maritime Security and the ISPScode” and other best practices with a TOOLKIT that makes it possible to: • Monitor risks related to crime and terror • Monitor risks related to corporate processes and procedures • Monitor an instigate education and training • Prepare and execute drills and exercises Model, work in progress Identify risks related to crime and terror based on example procedures best practices and a cost calculation model Identify risks related to organizational processes and procedures and measures how to mitigate or improve them based on example procedures and process risk matrix Provide standards for education, training, drills & exercises based on best practices and examples how to implement them Recommend changes and implement improvements, by a clear statement why change is necessary, a clear vision how this will affect the organization, an implementation strategy, communication planning Questions?