Capt SB Tyagi
Security is part of productivity and profitability
Organizations do not exist just to be secure or safe. They exist to produce or provide goods or services. Customers care about the goods or service—that is why they engage with the organization in the first place (Even where security actually is the goal of an organization it is provided as a complement to another product or activity—protection of property, transportation, etc.). This means that an understanding of the fundamental conditions for security and safety begins with an understanding of the balance between production and protection. Humans normally strive for an acceptable (rather than ideal) level of performance in relation to their goals and resources and to not process all available data is a part of this resource-saving strategy. Consequently, action is guided by an intuitive and implicit trade-off between cost and efficiency or between thoroughness and efficiency.
Security now cannot be seen as ‘cost center’ needing budgets for non-productive systems and plans. Security must not be seen as burden which is evil yet essential! There are issues such as insurance, legal compliances, pressure from stakeholders etc. that meager budget is allocated to security department. Mostly security professionals are to be blamed for this misconception.
It is good security that guarantees secured, hassle-free congenial work atmosphere where all production, operation and maintenance or marketing activities are conducted smoothly without fear or danger. No one can work; forget the best performance, if there are chances of attack by miscreants, theft of costly inventory or law-and –order problems inside the premises or at work-floor areas. loss-prevention, fire prevention & fire-fighting, safety and the safe work environment is related field with the security and that all these put together effect productivity and profitability of the organization.
Good security means good production, which in turn means higher profit!
Synergies between Safety and Security
The synergy between safety and security is very strong even when it is not deliberately pursued. The overall protection of a facility can be very effective when the design features of safety and security measures takes into account the synergy between safety and security. Further mitigation measures can be conducted on-site and/or off-site. These measures are synergetic, however, in case of a security incident, additional measures, focused on prevention of further malicious acts by adversaries, may be required.
For many critical facilities, such as nuclear power plants and large defence and research facilities, the protection of the facility against sabotage will also provide protection against theft of the associated critical materials. Theft of such materials may result in ‘unacceptable consequences outside the facility.
Safety-Security Interface Challenges
Different Paradigm: One of the main differences between safety and security is the type of assessment. Safety assesses natural and unintentional man-induced Hazard to determine how the design, procedures or mitigation measures should be made or implemented in order to maintain safe operation of the facility. On the other hand, Security assesses a ‘Threat’ in order to determine what physical protection is needed or what counter-measures or response should be in place. Hazard assessment is basically a technical issue and requires professional expertise. Threat assessment requires different set of specialized knowledge such as intelligence, investigation skills and expertise.
Another important difference between the two paradigms is use of probabilistic tools in safety in modelling equipment failures and human errors and in the risk informed decision making. Security specialists prefer to use deterministic approach in developing a threat scenarios and counter measures. However, the use of probabilistic approach in security for the assessment of threats is possible but not a common practice in the security community.
Transparency versus Confidentiality: Safety requires high degree of transparency. The most important pillar of implementing safety culture and keeping safe operation of facilities is sharing experience, information and engineering solutions between stakeholders. The public needs assurances that facilities are well protected therefore the transparency is required in sharing and making public some security information. In the other hand, a large part of the security information may be used by adversaries to circumvent security systems and security measures; therefore, this part of security information must be protected and shared only on the need to know basis.
The silos mentality: The silos mentality represents a real challenge for safety and security interfaces. Two factors may be considered as the basis of the silos mentality. The first one is due to the fact that the Management have the full responsibility of safety while security is a shared responsibility where threat assessment and protection against sabotage involves state organizations and in some cases, the security is largely under state responsibility. The second factor is due to the fact that traditionally, safety security specialists have worked in isolation. The challenge represented by these two factors could be resolved by having the same regulatory authority responsible of regulating safety and security. This is consistent with the concept of 3S (Safety, Security and Safeguards) that some countries implement with success.
Security and Safety Complement each other
Security and safety share fundamentally important features as operational activities with the goal to protect people, property, and the smooth economical functioning of organizations and society. In safety-critical industries, safety is seen as the positive outcome of management of problems and trade-offs that are rooted in systems’ complexity, goal interaction, and resource limitations. This perspective has led safety research to shift focus and go beyond individual acts and move to systematic aspects of human, technological, and organizational performance. It involves dealing with problems connected to regulations and standardized procedures, technology and automation, and efforts to understand the impact of communication, group dynamics, leadership, and culture on safety.
In spite of distinct differences in the nature of threats (intentional / unintentional), there are many areas (use of standardized procedures, human factors training, and modelling for increased understanding of adverse events) where knowledge and experiences from safety operations can fruitfully spill over to security. To establish cooperation between these two fields, for example on regulatory and procedural development, training and simulation, as well as operational evaluation, would be to produce synergies not yet known today.
Following approach is suggested –
In-depth Analysis of Security & Safety Functions
Security and safety are concepts that share important features; they both involve the risk of occurrence of events with consequences that may range from trivial to disastrous. Yet as concepts they are also different, with security relating to intentional acts by individuals and safety relating to events caused by unintended consequences of a combination of a host of factors. In safety-critical industries, such as aviation, petroleum, chemical and nuclear industry safety is seen as the positive outcome of management of problems and trade-offs that are rooted in systems’ complexity, goal interaction, and resource limitations. This perspective has led safety research to shift focus and go beyond individual acts (such as “human error”) and move to systematic aspects of human, technological, and organizational performance. It involves dealing with problems connected to regulations and standardized procedures, technology and automation, and efforts to understand the impact of communication, group dynamics, leadership, and culture on safety.
The advancement of security issues in a complex modern society should be able to benefit from the knowledge gained through safety industry operations in the field of Human Factors. This knowledge has the potential to make security more safe (for those who design and implement security measures as well as for those who are subjected to them) and effective (in terms of time and resources spent on security measures).
Role of Security in Contingency Planning
The dictionary definition of contingency plan is:
Plans or measures made to handle a particular situation, should it arise.
From this it is possible to infer that every conceivable situation should have a contingency plan. This is not a practical inference and contingency plans, whilst tailored to specific situations, must have some element of flexibility and scope for generalization. The basic framework for a contingency plan should contain provision for –
- Containing the emergency
- Protection of lives and property
- Re-establishing normal operations as soon as possible
- Limiting the “after effects” of the emergency
- Meeting legal requirements
Since any contingency plan involves coordinated activities from various quarters, the contingency plan should provide for the involvement of:
- The Security Team
- The workforce
- Safety and Environmental Specialists
- Emergency Services
- Other companies within the area or within the industry
- Local Authorities
- The Public
Security Department plays very important functions in any contingency planning. When an emergency arises there is a need to evacuate personnel. Depending on the premises and the – situation this can be a simple or a complex operation. In case of evacuation, the coordination of Security and Safety is very necessary as one executes the evacuation plan as per the requirement of other! It is Safety Department which will decide the nature and location of evacuation but it is Security Department which will execute the evacuation exercise with effective traffic management, head counting and verifying that evacuees are moved to safe locations in shortest time. In general the situations are:
- Evacuation of persons from their place of work. This is straightforward but should be well drilled.
- Evacuation of staff and customers from a retail store or similar premises. Provided the staff is well trained there should be little trouble but provision must be made for the customers who may be elderly, sick, disabled, prone to panic, very young etc. Since fire- fighting team will be busy and Safety Officials will be supervising the entire evacuation drill, it becomes duty of security in-charge to oversee and execute the evacuation drill.
- Evacuation from Institutions. Staff in these situations is trained to deal with the type of inmate involved and generally the contingency plan will reflect this. Security team will have role such as area cordoning, area search and traffic management.
- Evacuation from places which are open to the public. There are difficulties to categories but would include places of worship, museums, public open spaces such as bus stands and railway stations, beaches etc. Generally members of the public would exceed the numbers of staff present if, indeed, there were any staff present at all. In such places successful evacuation depends on good communication. Panic can easily occur and the casualty level from an ill-conceived evacuation can potentially exceed the casualty rate of the incident itself. Head of Security does the effective liaison and coordination with public authorities.
Involvement of Security in Evacuation
There are two broad causes of evacuation.
- Fire or similar tangible incident – exclusively handled by Fire and Safety Team
- Bomb threat or other intangible incident – handled by Security Team initially, will have potential where Fire & Safety Team steps in eventually
Each has certain characteristics that are not compatible and one plan cannot be used for both. The contingency plan will cater for both types of evacuation as well as a partial evacuation. Re- entry following evacuation of a building should also be part of the contingency plan.
Here also Security Team has very important role to play and that is of access control which ensures that only those are permitted in which have reasons to be inside as resuming the operation is most critical phase of business resumption. An evacuation is ordered when there is an immediate danger. Sometimes this danger is not readily apparent to the evacuees and therefore degrees of danger must be established.
Defined Role of Security during Fire evacuation
One requirement of the sound safety drill is that no person should have to move towards a fire in order to evacuate. To this end, escape routes must be planned and routed, directly to the open air. In a fire evacuation the Security Staff will have additional duties. Because of the evacuation additional exits will be used. These exits are often left open after evacuation and, depending on the nature of the business, may attract the opportunist thief. Part of the contingency plan should involve the perimeter security of the building or plant that may have been breached. One member of the Security staff should be nominated as Fire Brigade Escort. This duty is particularly important in a large industrial complex. The officer detailed should have the following information available:
- Where the fire is situated.
- Details of best route to the fire.
- Details of any special hazards e.g. unprotected trenches or manholes etc., scaffolding, broken clown vehicles, construction work.
- Location of water supplies, risers, inlets etc.
- He should also be in possession of any keys needed to access the area.
- Details of any persons not accounted for.
Relation to Regulation, Standardization, and Procedures
Economic theories of human behavior provide us with some understanding of its potential problems with regards to security and safety. A seemingly reasonable response would then be to try to control human behavior. This means using laws, regulations, standardized procedures, manuals, guidelines, and other similar means to increase the reliability of human behavior and limit the risk it may induce in systems. Industry has a long tradition of negotiating regulatory frameworks that can ensure a high minimum level of safety. Manufacturing and maintenance, medical and other requirements for employees, selection and training as well as practically all operational aspects are guided by extensive regulation and enforced by nodal authorities. The regulations stipulate that all operators also should have standard operational procedures (SOPs) for all aspects of operation. These standard operating procedures must be regarded by all employees as the main source of safety and security operations. The approach of merging the function of HSE&S will have following cyclic activities –
Summary
Even British Safety Council advocates the comprehensive role and responsibilities clubbed as HSE & S. Their approach is that even when there are legal compliance issues and pre-qualifications of Safety Officers and Fire Officers are mandatory, the leadership of the composite function can be from either mainstream function that is from either security, safety or fire-fighting which all are with minimum qualifications and subsequent hands-on experience and professional practice. The subject of Environment is heavy on study of the subject, formulation of policies and co-ordination and auditing and can be given as additional responsibility to professional from aforementioned stream.
Extensive experience in the chemical industry with on-site emergency planning has provided the need and value of rehearsal of emergency procedures. The organization responsible for developing off-site plan should also test its arrangements in conjunction with on-site exercise. Table – top rehearsals have proved successful in such cases although often requiring sufficient elements of reality in the exercise. Practice Drill (Please don’t call it Mock Drill!) must be conducted with all the sincerity and importance.
The Government of India had recently moved in the direction of merging the HSS&E functions when it rolled-out its Safety and Security Rating System. It had included 19 Key Performance Indicators for security and safety in chemical plants and applicable to petrochemical, and petroleum industries also. These KPIs are to be used as an assessment tool for rating the Chemical organizations in respect of the practices followed by them. The document envisages a star rating system to grade the chemical plants according to their performance. The government’s thrust in this direction indicates that serious thoughts are given in accepting security and safety as composite functions and inclusion of health and environment will be a logical conclusion. Every member of the Industry needs to be ready to respond to the demands of the safe practices and should be equally ready to face the contingencies.
Goethe has once said, “Let everyone sweep its doorsteps and world will be a cleaner place.”