Professional Documents
Culture Documents
Jerry W. Torres, President & CEO, Torres Advanced Enterprise Solutions, LLC, Falls Church, VA
ASIS International 62nd Annual Seminar & Exhibits, Orlando, Florida, USA
Tuesday, September 13, 2016, 11:00 am – 12 Noon
SMS and Torres Security Services in Pakistan
• Security & Management Services (SMS) –
Pathfinder Group Pakistan has had the
contract to protect the American embassy
and consulates throughout Pakistan for 28
years.
• Joint venture with Torres AES in Pakistan for
5 years.
• SMS also provides protection for the UN
mission and other international and national
clients.
• Therefore, SMS and Torres are implementing
the ISO18788 standard and ANSI/ASIS/PSC.1
standard for security operations, now a
requirement for contracting.
2
Centralized Recruitment & Training
Nerve Ops & Cmd Facility Management
Centre Centres
Background Screening
4
Getting Started – Expandable Pilot
Project Approach
• Do not eat the entire
elephant in one bite – use
a pilot project approach.
5
Getting Started – Expandable Pilot
Project Approach
• Do not eat the entire
elephant in one bite – use
a pilot project approach.
6
Getting Started – Expandable Pilot
Project Approach
• Do not eat the entire
elephant in one bite – use
a pilot project approach.
7
Why an Integrated Approach Using ASIS
Standards?
• The value of implementing a standard is improved business
performance, certification is the gravy.
• Pursuing simultaneous certification to ISO18788 and ANSI/ASIS/PSC.1 standards
for managing security operations and ISO9001 for quality management.
• Best kept secrets about the ASIS PSC series of standards:
• ISO18788 and ANSI/ASIS/PSC.1 are not “security operations” standards – they are the first
comprehensive enterprise risk management standards
• ISO18788 and ANSI/ASIS/PSC.1 cover all the requirements of the newly released
ISO9001:2015 Quality Management System Standard
• The ANSI/ASIS/PSC.3 maturity model standard gives a benchmarking approach for developing
an implementation plan
• All human rights obligations contained in the ICoC, Montreux Document and UN Guiding
Principles are covered by the ISO18788 and ANSI/ASIS/PSC.1
• The ANSI/ASIS/PSC.1 is written in a much more user-friendly fashion and easier
to use for implementation.
8
An Integrated Approach Using the ASIS Family
of Standards
• The ASIS family of management standards gives a comprehensive tool
for building a better business – seamlessly plugging into the ISO18788
and ANSI/ASIS/PSC.1 standards.
• The ANSI/ASIS/RIMS.RA.1 risk assessment standard gives a comprehensive
approach to assessing strategic, tactical and operational risk including human
rights risks and supply chain risk
• The ANSI/ASIS.SPC.2 auditing standard give a detailed approach to
developing an internal auditing capacity to identify opportunities for
improvement
• The ANSI/ASIS.SCRM.1 supply chain standard gives guidance in assessing and
minimizing supply chain risk
• Used together, all the pieces of the puzzle come into place.
9
What We Learned – Cultural Shift
• Do not focus on certification – focus on business improvement and changing the culture
of the organization.
• Cultural change is not driven by external consultants but driven by management
commitment and dedication to meeting objectives.
• Cultural change is an top down – bottom up approach:
• Create a “family attitude” in the organization so everyone feels part of the family.
• Everyone who is a risk maker and a risk taker is a risk manager.
• Empower people to contribute – openness has it’s benefits, your employees are the best early
warning system for potential problems.
• Proactive risk management helps prevent potential undesirable events while identifying possible
opportunities for improvement.
• Reaping the benefits of implementation comes from everyone in the organization understanding
the benefits of their contribution.
• When employees feel valued, their loyalty to the company increases and turnover
decreases.
• Pathfinder SMS has over 6000 guards with a turnover rate of approximately 2%
10
What We Learned – Getting Started
• Learning how to conduct an internal audit is an essential
tool for getting started.
• Simultaneously learn how to interpret the clauses of the
ISO18788 and ANSI/ASIS/PSC.1 standards and how to
evaluate where you are at:
• Serves as a training and awareness exercise
• Emphasizes and demonstrates management commitment to
implementing the management system
• Identifies resources and area to focus on when conducting the
implementation process
• Builds internal capacity to both implement and evaluate the
progress of the implementation process
11
What We Learned – Building Capacity
Source: ISO18788
http://www.acq.osd.mil/log/ps/psc.html
14
What We Learned – Context
• Pakistan is not the United States – local culture, customs, economics, social
dynamics, and the political and legal environment will have profound
impact on your security operations and must be understood.
• Before beginning a risk assessment, you must understand the risk
environment and factors that will impact your objectives.
• Who are your stakeholders:
• Stakeholders are not just your people and your clients, don’t forget the different
communities you operate in.
• How will the internal and external stakeholders impact your security operations?
• How will your security operations impact the internal and external stakeholders?
• YOUR REPUTATION AND BRAND IS YOUR MOST PRIZED ASSET!
15
What We Learned – Risk Appetite
17
What We Learned – Risk Thinking
• The risk in your supply chain is your risk and you are responsible.
• A supply chain partner can impact your reputation and that of your clients
• Incorporate analysis of continuity of operations and human rights
when conducting your due diligence for selection preferred
suppliers and contractors.
• Provide your suppliers and contractors with your Statement of
Conformance to respect human rights and your Code of Ethics –
have them agree to abide by the provisions in these documents.
• Provide your suppliers and contractors with a simple questionnaire
to assess their risks for continuity of operations and human rights.
• Supplier and contractor performance review should consider if they
have lived up to their commitments.
19
What We Learned – Command Structure
• A clearly defined command and
communication structure is essential.
• Define where strategic, tactical and
operation risk and planning decisions
will be made.
• Develop mechanisms for the flow of
information in both directions.
• Check and balances, including auditing
of processes minimizes risk and
enhances solving problems before they
escalate.
20
What We Learned – Implementation
Awareness and Training
• The key to success is a well-trained workforce - in any service industry, the risk
mitigation technique with the greatest return on investment is training.
• An investment in training pays back in professionalism and a positive
relationship with the client.
• The guards need to understand their role in achieving the organization’s
objectives:
• Guards who understand their risk environment know what to look for and understand the
importance of “see something, say something”
• Guards who understand you prioritize their safety will share their concerns
• Guards understand that their appearance and behavior impacts the way clients and the
people they impact with perceive them
• They feel valued and appreciated
• Guards know they are a desired as being recognized as having a value skill set.
21
What We Learned – Implementation
Use of Force Policy
• Having a use of force policy and procedures for the use of force prevents
problems.
• Minimizes accidents and violations of human rights
• Provide training on Use of Force Policy articulating that use of force should be reasonably
necessary, proportional and lawful
• De-escalation of the threat is the primary objective
• Outline parameters for an escalation and de-escalation of force relative to changes in threat
levels
• Force should be reasonable in intensity, duration and magnitude based on totality of
circumstances to counter the threat
• Explain organizational procedures for control, storage and issuing of weapons, including
procedures for holding people accountable for the weapons and ammunition issued to them
• Training should include classroom, mechanical, live fire and scenario based training based
on situations similar to those faced by the guards
22
What We Learned – Implementation
Facilitate Communication
• Communications are a two-way street:
• Communicate to your employees the importance of the management system and
their role in it.
• Lead by example – top management needs to follow its own procedures and
demonstrate commitment to the management system and employees
• Recognize people who contribute to identifying and managing risk
• Establish “town hall” meetings and recognition and reward programs
• Encourage internal and external stakeholders to communicate both the good and the
bad – you learn from mistakes and weaknesses
• Establish mechanisms for grievances and whistleblowers show you will address them
• Make sure everyone (internal and external stakeholders) clearly understands the
security operations policy, Statement of Conformance with human rights codes, the
Code of Conduct, and Code of Ethics
• Active shooter – security awareness training for clients
23
What We Learned – Implementation
Improved Business Management
• Doing the right thing pays:
• Client satisfaction
• Reputation enhancement
• Loyal workforce
• Lower turnover – lower recruitment and training costs
• Business development based on reputation, no need for advertising
• Biggest benefit – improved management of our business using an
enterprise risk management approach:
• The ISO18788 and ANSI/ASIS/PSC.1 standards walked us through an analysis
of all aspects of our business allowing us to find enhancements in our system
of management and making us a better run more efficient company
24
What We Learned – Implementation
of a Management System
• Shoot for Stage TWO!
• Stage One – Documentation review and definition of system of management
• Stage Two – Auditing the effectiveness of the management system
• Define what your target is using the maturity model.
• A management system standard is a living, organic system of management
in your organization – the human element is key!
• Management commitment is essential
• Start by building excitement and having everyone understand they are an integral
part
• Don’t just write procedures, live them
• Show people that their contribution is improving their ability to do their job and
manage the risks they touch
25
What We Learned – Building a
National Capacity
• “A rising tide lifts all boats” philosophy.
• Serving as a role model to become the first company certified to the
ISO18788 standard and ANSI/ASIS/PSC.1 standards in South Asia.
• Working with PSQCA, Accreditation Council of Pakistan, and Ministry of
Commerce to implement ANSI/ASIS.PSC.3 maturity model standard as
“recognition program” for all Pakistani security companies:
• Important to set achievable goals to break inertia
• Certification should not be a competitive barrier
• Improvement of the industry benefits all companies
• Having competitors makes you a stronger company
• Improves honor and reputation of the country while enhancing capabilities in a high
risk environment
26
Resources – US Department of Defense
and ASIS International
• The Unites States Department of Defense Office of the Assistant
Secretary of Defense for Logistics & Materiel Readiness provides a
wealth of information for private security companies:
• Free access to the relevant laws, regulations, international agreements,
contracting information, and the PSC standards.
• Visit: http://www.acq.osd.mil/log/ps/psc.html
• ASIS members can download all the ASIS standards for free at:
• https://www.asisonline.org/Standards-Guidelines/Guidelines/Published/Pages/default.aspx
27
Pathfinder Group, Karachi, Pakistan: http://www.pathfinder9.com/
Torres Advance Enterprise Solutions: http://www.torresco.com/
28