chernicoff letter of miscellaneous security news and opinions

Photo by margery bass chernicoff

In My Opinion
by Joe Chernicoff

Every issue features the publisher's editorial opinion on some topic relevant to security. Reader are invited to submit their opinion - just keep the size small, about 1K if possible, and we'll be happy to print it here - and archive it with other past editorials. Also see current editorial opinion on the Chernicoff Group main page. E-mail your opinion to The Chernicoff Group

May, 1998

I've been providing security services for almost 22 years, and I'm still amazed at how businesses and institutions keep making the same security practice mistakes over and over, even when they should know better (read, when they've settled a lawsuit about the same kind of incident). One would think that after a while, companies would get the big picture, and do the right thing. I'm not blaming security directors, although they should have the strength to make their company provide effective security.

The problem is, when the company appears not to care, or even to be unaware of what's going on, then there's a spill down to the security people, who then tend to make some sloppy decisions concerning the application of their security tasks. If nothing happens, nobody notices. But all it takes is one incident to get everybody scrambling to find a good excuse for what happened.

It's a heck of a lot easier to practice good, reasonable security than try to fix the problem. Security is there to protect the organization from needless loss. When the security practice of an organization promotes risk to the organization, all I can say is "Tsk,Tsk". Security is a 24/7 operation, and when duties are defined, and/or when the company sets security standards - either written or through practice -- and those standards are beneficial to the company, there is no excuse to deviate from those standards. Security cannot afford the luxury of laxity, and companies that allow such relaxing of good procedures had better renew their thinking - or someone else is going to do it for them

June, 1998

I remember when the Barr-Martinez bill first was announced in 1992. For those of you not familiar with the proposed legislation, it is titled the Private Security Officers Quality Assurance Act. Anyhow, when it was first announced, I said to myself - and to others - "here we go again". The private security industry has been self warned time and time again that if it doesn't take the issue of quality assurance into its own hands, then legislation is sure to follow. Even though the bill has still not been enacted, it does make a very strong statement about what the industry should have done many years ago.

A couple of major points to consider:
    1. The Private Security Task Force which concluded its work in 1976 provided a way for the Security Industry in every State to look at the recommendations it made concerning hiring, training, and the like, and to decide whether those recommendations should be voluntary or mandatory. The only State I know of taking advantage of that opportunity was Pennsylvania. The Pennsylvania Private Security Task Force, under the impetus of the Citizen's Crime Commission of Delaware Valley, and the leadership of a steering committee, conducted numerous task force conferences throughout the Commonwealth. Representatives of all segments of the Security Industry attended the meetings, and after a year-and-a-half, a report was published as to which standards promulgated by the national task force should be mandatory or voluntary in Pennsylvania.
    2. Following the publication of the Pennsylvania Task Force's report, a new action was formed to implement the agreed upon standards, but at this time, some twenty odd years later, I'm not aware of any follow through that was done.
    3. Continuing with Pennsylvania as an example area, the Commonwealth enacted a mandatory training act for security personnel who were in a position to use force on the job, including deadly force. Act 235, titled the Lethal Weapons Training Act, provided for a 32-40 hour training program, depending whether or not the resulting certification would include carrying a firearm. The program was an ostensibly good one, covering various important subjects, such as, but not mot limited to, constitutional law, citizen's arrest, search and seizure, Pennsylvania Criminal Code. Additionally, a physical examination was required as was a psychological examination ( the MMPI was the one finally approved after several years of using another widely accepted test), and was administered by a licensed psychologist. All training staff, school directors, doctors and psychologists had to be approved by the Pennsylvania State Police, the Commonwealth's administering authority for the Act. All personnel had to submit to a criminal background check.
    4. Personnel who were caught working with a weapon, and were not 235 certified, were subject to criminal prosecution. The only problem was, enforcement was weak, and there were flaws in the pre-certification testing portions of the program. Training quality - even though all courses were to meet specific criteria - varied from school to school.
    5. Many companies were reluctant to have their personnel go through the program - cost being one reason. This was understandable, because, once a security officer was certified, he was a better target for hiring by another firm. So in many cases, the security officer himself/herself paid for the training and pre-certification examinations.
    6. In the few years of the Act, record checks were done by the Pennsylvania State Police and FBI. Unfortunately - but not unexpectedly - the FBI did not have those fingerprint checks at the top of their "to do" list, and, as with other security employment applications, return of information was not speedy. In addition, the FBI made a big increase in fees for the background checks, leading the State Police to stop forwarding the data and the agency relied on its own background investigation.
    7. Did the program work well? It didn't stop every "wrong security officer" from being hired. Just as there were unlicensed private detectives working without being punished, so were there security officers who should not have been accepted into the certification program. Consensus of opinion among security people during the first ten years of the program (approximately 1974-1984) was that the Act didn't live up to its expectations.

Which brings up another consideration. An Act such as the Barr-Martinez legislation, in order to be successful, must have three things going for it: (1) complete acceptance by all segments of the industry; (2) a solid, mandated national training program, and (3) a strong monitoring program.

Will the legislation, if or when eventually enacted, work? That would be nice, but history makes the answer to that question clouded.

October, 1998

Security, for any organization, begins with the Human Resources Department - or whomever is responsible for the hiring process. Corporate policies alone do not insure the hiring of persons who will not impact negatively on the organization. The key words are training and supervision.

Human Resources and Security should work together. Just filling a position with someone with the required skills - or the ability to learn those skills - can lead to numerous problems. This is true in most businesses, but is of particular importance to organizations working with people, such as food service, healthcare, and contract security.

Orientation training programs for all new employees must include a section on security duty/responsibility, and its effect on the organization. Once training is completed, supervisory staff should monitor the employees and pay attention to any and all comments received about the employees' behavior -particularly if that behavior could become a breech of security. Employees should not be reticent about reporting such behavior to supervisors. Supervisors can then discuss the situation with the targeted employee, and recommend EAS assistance, for instance, if the noted behavior fits into that category.

As much as people generally do not like to get fellow workers "in trouble", a virtual policy condoning such action can lead to very serious problems for both employees and employer.

November, 1998

Sometimes it just isn't enough to establish a security policy. For instance, a school may determine that there is a specific saecurity/safety need for its children, and develop, on paper, a policy appearing adequate, but isn't. The policy may meet the standards of educators in establishing procedures to be followed by children and staff, but the policy, although looking good on paper, falls short of intended objective from a practical basis.

One of the reasons for this is that the policy - although geared to security and safety issues - is developed by persons unfamiliar with practical security. Subtleties in the policies, such as defining teacher duties, for instance, can lead to safety and security problems for the very children the policy is designed to protect. Contracting with children to obey certain directives is one way schools attempt to foster a sense of responsibility on their charges. But the very fact that the schools are dealing with young children makes it difficult to assume that every child will act responsibly even though he or she has stated an understanding of the rules or has signed a "contract" agreeing to abide by the established policies.

By the same token schools cannot delegate their duty of responsibility to their students. If the school security and safety policy is not managed by the staff who has charge ot the students, or is incomplete in its set of instructions to its teaching and administrative staff, then to blame the child who may be injured because of a breakdown in following procedures by saying he or she knew but didn't do, is only an attempt to cleanse itself of liability by delegating duty and authority to the very person for whom the policy was designed to protect.

When examing these polcies, they should be read very carefully - this goes for both school administrators and staff and those who are considering action against the school for injuries suffered.

February, 1999

Can there be such a thing as "perfect security"? When I hear security experts say that no security system is or can be perfect all of the time, I wonder just what the hidden interests are in these statements. Security can be "100% perfect all of the time", because all that is required is that everyone involved pays attention to what has to be done. Alas, there's the rub.

Security is basically an easy task. People don't become victims unless they make themselves victims. This holds true both for the individual who suffers an injury from an assault and the defendant company upon whose premises the assault occurred. If a woman is shopping in a supermarket, and places her open purse in the top basket of the shopping cart, then turns to pick items off the shelf, why should she be surprised if, when she turns back, the purse or her wallet is missing? If a person leaves valuable items in plain view in his or her car, why should he or she be surprised if, upon returning the vehicle, it is found to have been broken into and the merchandise taken? If someone is walking in a rough area in a manner that expresses fear or doubt, why should that person be surprised if he or she is attacked? And if someone is assaulted on a company property, and similar incidents have occurred in the past, why should that company be surprised if it is sued?

I know that it is difficult for the average human to maintain constant awareness of his or her surroundings and security related actions, and I understand that some people have a difficult time displaying indications of self-assuredness and security awareness. I also know that sometimes security can become an expensive proposition for companies, although cost can be a relative matter. But that does not mean that simple, reasonable, and practical security measures cannot be taken. The keyword in all of these scenarios is "opportunity". If the opportunity is removed , the chances of a security breach is greatly reduced. This in turn enhances security for everyone.

An Editorial Rerun

November 30, 1996

Security Awareness is something everybody's probably heard about. The problem is, having security awareness doesn't automatically make you secure. The only way we can really be safe and secure is to realize we can't be. Now that might sound kind of strange, but think about it. How many times do you see a woman, shopping in a supermarket, leave her purse open in the shopping cart, while she turns her attention towards the merchandise on the shelves? Or how often do tenants of an apartment building leave outside doors open, so that they don't have to use a key to reenter the building?

Often we believe that just because the area we're in is safe, or that what we're doing is only going to take a minute, we don't have to be security aware. Then, when something happens, we blame everybody but ourselves, based on the expectation that whoever owns or manages the premises we're in owes us a duty of protection. That expectation of ours does hold true in many instances, but it is wrong to expect other people to have to assume the duty of being our caretaker.

Regardless of the kinds of security system in place, unless we cooperate with security - that is, act in a security responsible way, we are in effect helping to defeat the system that is there to protect us.

Human nature being what it is often makes this seemingly simple outlook more difficult than it should be, but if we all practice security awareness, in the overall picture we'll be better off.

Continue with News and Articles