1 / 29

CORPORATE SECURITY and THE LAW

Samuel
Download Presentation

CORPORATE SECURITY and THE LAW

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. How Corporate Security Changed After 9/11

    2. The Business Security Advisory Group (BSAG) specializes in a broad range of corporate security consulting services including : Business continuity, Risk assessment and management, Regulatory compliance, Strategic security planning and policy development. Getting Ahead of the Problems www.bsag-cso.com 1- Partners are four former CSOs representing American Express, Burlington Industries, Fidelity Investments and Texaco. Also have an attorney. 2- Clients are small and mid cap companies who do not need or cannot afford a full time CSO. 3- In addition to the stated disciplines, BSAG also does security assessments, supplies expert witnesses from its partner and Executive Consultant base, writes columns in industry magazines on the current trends in the security industry and authors books and security tools for the Security Executive Council, an association of CSOs. 4- Does security presentations for professional organizations and societies 5- Has a professional affiliation with Burrill Green, a London based security organization, which gives BSAG a global platform.1- Partners are four former CSOs representing American Express, Burlington Industries, Fidelity Investments and Texaco. Also have an attorney. 2- Clients are small and mid cap companies who do not need or cannot afford a full time CSO. 3- In addition to the stated disciplines, BSAG also does security assessments, supplies expert witnesses from its partner and Executive Consultant base, writes columns in industry magazines on the current trends in the security industry and authors books and security tools for the Security Executive Council, an association of CSOs. 4- Does security presentations for professional organizations and societies 5- Has a professional affiliation with Burrill Green, a London based security organization, which gives BSAG a global platform.

    3. Corporate Security’s responsibilities prior to 9/11 Corporate Security’s responsibilities post 9-11 Laws and regulations regulating the security industry post 9/11 Corporate Security in the 21st Century Slide is self explanatory.Slide is self explanatory.

    4. Investigations – violation of corporate policy and other corporate crimes Physical security – gates, guards, guns Executive protection – ensuring top executives and families were secure 1- Bribery, conflict of interest, trademark and copyright violations – reactive investigations 2- Physical Security – consists of risk Assessment, vulnerability studies- security assessments with emphasis on gates, guards and guns. 3- Executive Protection – domestically – ensuring the security of the “C” suite and the homes and families of top executives. Also ensure that executives and family get from point A to point B in safety and security. 1- Bribery, conflict of interest, trademark and copyright violations – reactive investigations 2- Physical Security – consists of risk Assessment, vulnerability studies- security assessments with emphasis on gates, guards and guns. 3- Executive Protection – domestically – ensuring the security of the “C” suite and the homes and families of top executives. Also ensure that executives and family get from point A to point B in safety and security.

    5. Corporate Security generally a middle management responsibility Corporate Security generally thought of as the “Corporate Cop” Corporate Security plans and programs generally responsive or reactive to immediate incidents – no long term planning 1- Corporate Security in many cases reported too the facilities manager since the bulk of Corporate Security’s responsibilities concerned corporate assets (buildings, equipment, etc.) 2- Business Units would call on Corporate Security to scare employees – show the employees that he/she meant business and would not tolerate any type of improper conduct as he/she defined it. 3- Corporate Security plans and programs were generally non-existent. Corporate Security’s function was to respond to incidents as they happened.1- Corporate Security in many cases reported too the facilities manager since the bulk of Corporate Security’s responsibilities concerned corporate assets (buildings, equipment, etc.) 2- Business Units would call on Corporate Security to scare employees – show the employees that he/she meant business and would not tolerate any type of improper conduct as he/she defined it. 3- Corporate Security plans and programs were generally non-existent. Corporate Security’s function was to respond to incidents as they happened.

    6. Mostly reactive-incident happens, security responds – fire house mentality Stove Pipe thinking – Security programs sometimes contrary to Business Unit’s business plans and goals Law Enforcement Driven – security goal must be attained at all costs – no priorities 1- Knee jerk reaction to perceived anti corporate conduct. Corporate Security responds – determines if there is a violation of law or corporate policy – investigates to determine the identity of the perpetrator(s) – turns him/her over to administration for disciplinary action. 2- Corporate Security executives believe that the corporate security remedies were the most important processes in the company and must be both implemented and followed no matter the cost. Theory for this thinking is that corporate employees and assets are at risk. Budget and corporate plans should not interfere with the implementation of Corporate Security processes. 3- Law enforcement experience is a paramount qualification for a security executive and this mind set dominates all security solutions. 1- Knee jerk reaction to perceived anti corporate conduct. Corporate Security responds – determines if there is a violation of law or corporate policy – investigates to determine the identity of the perpetrator(s) – turns him/her over to administration for disciplinary action. 2- Corporate Security executives believe that the corporate security remedies were the most important processes in the company and must be both implemented and followed no matter the cost. Theory for this thinking is that corporate employees and assets are at risk. Budget and corporate plans should not interfere with the implementation of Corporate Security processes. 3- Law enforcement experience is a paramount qualification for a security executive and this mind set dominates all security solutions.

    7. Photo SlidePhoto Slide

    8. Three thousand civilians murdered $80 Billion dollars in losses 11 Million people in developing countries pushed into poverty. Financial markets closed Air transportation system grounded Self ExplanatorySelf Explanatory

    9. Mail Processing – 86% Travel – 85% Protection of Employees – 79% Protection of Infrastructure – 75% Risk Assessment – 71% *3 Booz, Allen, Hamilton Survey – 11/01 Protection of Offices and Physical Plants – 69% Employee Morale – 69% Supply Chain Distribution – 51% Customer Security – 50% Productivity – 47% Security issues post 9/11 – self explanatorySecurity issues post 9/11 – self explanatory

    10. Corporate Security gets the attention of Executive Management Corporate Security seen as a resource to the company not as a necessary evil Corporate Security an advisor to Executive Management and Business Units concerning comprehensive security programs for personnel and corporate asset protection 1- Executive Management realizes that Corporate Security is a necessary resource to protect corporate employees and assets. It looks to Corporate Security to see what it is doing to protect the company. It wants to know what plans and programs are operative in the company to protect it from terrorism and other evils. 2- Corporate Security is now seen as a company resource rather that a necessary evil – it has a place at the corporate executive table. 3- Executive management and middle management see the value of Corporate Security and how important it is to keep the company and its employees safe especially in the midst of alien threats which are uncontrollable.1- Executive Management realizes that Corporate Security is a necessary resource to protect corporate employees and assets. It looks to Corporate Security to see what it is doing to protect the company. It wants to know what plans and programs are operative in the company to protect it from terrorism and other evils. 2- Corporate Security is now seen as a company resource rather that a necessary evil – it has a place at the corporate executive table. 3- Executive management and middle management see the value of Corporate Security and how important it is to keep the company and its employees safe especially in the midst of alien threats which are uncontrollable.

    11. Corporate Security reports to the “C” suite in many companies and is no longer a mid-level executive responsibility Corporate security executives become more business oriented in management style and program content Corporate Security becomes an enterprise function of the company 1- In most cases, Corporate Security top executive (CSO) reports to the “C” suite rather that to a middle management executive. 2- Corporate Security executives have to explain their mission, values and contribution to the company’s success in words, terms and actions that business executives understand. Technical terms and other mumbo jumbo will have to be replaced with plain talk and practical logical explanation of the Corporate Security function. 3- Corporate Security becomes a part of the entire company not just a servant of the few.1- In most cases, Corporate Security top executive (CSO) reports to the “C” suite rather that to a middle management executive. 2- Corporate Security executives have to explain their mission, values and contribution to the company’s success in words, terms and actions that business executives understand. Technical terms and other mumbo jumbo will have to be replaced with plain talk and practical logical explanation of the Corporate Security function. 3- Corporate Security becomes a part of the entire company not just a servant of the few.

    12. Emergency plans include crisis management, disaster recovery and business continuity developed in a proactive environment Corporate Security executives now craft strategic and tactical security plans for business units. Plans and programs consider business goals and budgets All corporate security plans and programs are more proactive and include prevention of terrorist attack 1- Corporate Security is no longer centered on gates, guards and guns. Corporate Security must develop strategic and tactical plans just like the other business units and craft metrics to show progression to goals and value to the company. 1- Corporate Security is no longer centered on gates, guards and guns. Corporate Security must develop strategic and tactical plans just like the other business units and craft metrics to show progression to goals and value to the company.

    13. The Public Sector recognizes its greater responsibility to protect its citizens and assets Corporate Security deals more with federal, state and local officials as security regulations exponentially increase Public and private partnerships flourish as both attempt to craft meaningful emergency proactive plans, protective processes, security laws and regulations 1- Public sector realizes that they have a non-delegable duty to protect the public but realizes that 85% of the infrastructure is owned privately. 2- The only way for both the public and private sectors to fulfill their responsibilities is through a partnership. 3- DSAC, CIP, OSAC are examples of public and private partnerships. 4- From these partnerships come what is hoped common sense practical regulations and statutes to establish a baseline for good security policies.1- Public sector realizes that they have a non-delegable duty to protect the public but realizes that 85% of the infrastructure is owned privately. 2- The only way for both the public and private sectors to fulfill their responsibilities is through a partnership. 3- DSAC, CIP, OSAC are examples of public and private partnerships. 4- From these partnerships come what is hoped common sense practical regulations and statutes to establish a baseline for good security policies.

    14. Corporate security plans and programs develop a legal compliance component as corporations comply with the new mandated legislation Corporate Security’s programs are more restrictive and costly as both terrorism and legislative compliance are emphasized 1- Public sector codifies its responsibilities and attaches criminal and civil penalties for non-compliance. 2- Corporate security must work closely with Corporate Counsel and the heads of the business units to ensure that the company has a credible compliance program. 3- Compliance costs are extremely high and cumbersome and in some cases changes the way the corporation does business. Some of the compliance costs are so extreme that they have forced domestic corporations to either move from a particular state or out of the United States. The financial industry is an example – several companies handling initial public offerings (ipo) have moved to London where the tax and regulation environment is more friendly.1- Public sector codifies its responsibilities and attaches criminal and civil penalties for non-compliance. 2- Corporate security must work closely with Corporate Counsel and the heads of the business units to ensure that the company has a credible compliance program. 3- Compliance costs are extremely high and cumbersome and in some cases changes the way the corporation does business. Some of the compliance costs are so extreme that they have forced domestic corporations to either move from a particular state or out of the United States. The financial industry is an example – several companies handling initial public offerings (ipo) have moved to London where the tax and regulation environment is more friendly.

    15. Legislation* Access to Information Act Arming Pilots Against Terrorism Act Aviation and Transportation Security Act Bank Protection Act of 1968 Canadas Bill C-6 Childrens Online Privacy Protection Act (COPPA) Corporate Manslaughter and Corporate Homicide Act 2007(UK) Customs Modernization Act Cyber Security Enhancement Act of 2002 CyberCrime TreatyE-Signature Act European Union Data Protection Directive Executive Order 12958 – Information SharingExecutive Order 13224 – Doing Business w/ Terrorists Executive Order 13231 – Infrastructure Protection Executive Order 13234 – Slides 14 to 21 are a list of statutes, etc.Slides 14 to 21 are a list of statutes, etc.

    16. Legislation (Continued) Citizen Preparedness Family Educational Rights and Privacy Act Federal Anti-Tampering Act Federal Computer Security Bill – H.R. 1259Federal Hazardous Materials Law Foreign Corrupt Practices Act Homeland Security Act International Emergency Economic Powers Act Maritime Transportation Security Act of 2002 National Information Infrastructure Protection Act Notification and Federal Employee Anti-Discrimination and Retaliation Act Patriots Act Personal Information Protection and Electronic Documents Act

    17. Legislation (Continued) Presidential Directive 2 Presidential Directive 3 Presidential Directive 7 Presidential Directive 8 Public Health Security and Bioterrorism Preparedness & Response Act Robinson-Patman Anti-Trust Act Safe Explosives Act Safe Harbor Act The Occupational Safety and Health Act The Currency and Foreign Transactions Reporting Act Title 18 - Federal Sentencing Guidelines Trade Act of 2002 US Global Anti-Corruption Policy US The Currency and Foreign Transactions Reporting Act USA PATRIOT Act Voluntary Private Sector Preparedness Accreditation and Certification Program *Above information furnished by Security Executive Council

    23. Vicarious corporate executive liability for violation of some of the criminal and environmental laws Civil liability in money damages for tort law violations Criminal liability for companies and employees in foreign venues for violations of international laws and regulations Overarching federal statutes either mandate or furnish guidelines for fines and/or punishment for violation of statutes and regulations 1- Criminal and civil penalties attach to security regulations and statutes promulgated by federal, state and local authorities for non-compliance. 2- The corporation and the individual who failed to comply with the law or committed an act in violation of the law will be held accountable. 3- Some statutes (environmental, etc.) will also hold the CEO responsible for a act or failure to act regarding a particular law even though they were not personally involved in the activity. This is called vicarious liability. 4- An example of vicarious liability is found in the New York State Motor Vehicle Law. 1- Criminal and civil penalties attach to security regulations and statutes promulgated by federal, state and local authorities for non-compliance. 2- The corporation and the individual who failed to comply with the law or committed an act in violation of the law will be held accountable. 3- Some statutes (environmental, etc.) will also hold the CEO responsible for a act or failure to act regarding a particular law even though they were not personally involved in the activity. This is called vicarious liability. 4- An example of vicarious liability is found in the New York State Motor Vehicle Law.

    24. CORPORATE SECURITY 21st CENTURY Corporate Security executives will be law enforcement and business qualified and also possess some technical security and management ability Chief Security Officer will report to Executive Management and have complete unfettered access to the “C” suite Corporate Security will have an enterprise component and deal with security matters in a manner business executives will understand 1- The qualifications for a Chief Security Officers (CSO) will still have a law enforcement component but also must have business and technical savvy. Information Technology (IT) security is most important today for without it companies cannot function. The CSO of the 21st century must be able to discuss his responsibilities in a way that it makes sense to the business and technical communities. The CSO must add value to the bottom line as well as protect both the corporate employees and assets and show this empirically through clear and convincing metrics. 2- The CSO of the 21st century will have unfettered access to the “C” suite because the ultimate responsibility for corporate employees and assets lies with Executive Management. As such they will demand to know the plans, programs and processes Corporate Security crafted to ensure the safety and security of the company. 3- Corporate Security plans and programs will apply to all business units with the result that the CSO will have to deal with the budgetary restrictions and competing priorities of the units. The CSO will have to articulate the importance of his programs and with clear and convincing evidence show haw they add to the bottom line. Actually, in these times of financial strain, all service entities will have to deal with this reality.1- The qualifications for a Chief Security Officers (CSO) will still have a law enforcement component but also must have business and technical savvy. Information Technology (IT) security is most important today for without it companies cannot function. The CSO of the 21st century must be able to discuss his responsibilities in a way that it makes sense to the business and technical communities. The CSO must add value to the bottom line as well as protect both the corporate employees and assets and show this empirically through clear and convincing metrics. 2- The CSO of the 21st century will have unfettered access to the “C” suite because the ultimate responsibility for corporate employees and assets lies with Executive Management. As such they will demand to know the plans, programs and processes Corporate Security crafted to ensure the safety and security of the company. 3- Corporate Security plans and programs will apply to all business units with the result that the CSO will have to deal with the budgetary restrictions and competing priorities of the units. The CSO will have to articulate the importance of his programs and with clear and convincing evidence show haw they add to the bottom line. Actually, in these times of financial strain, all service entities will have to deal with this reality.

    25. CORPORATE SECURITY 21st CENTURY Corporate Security plans and programs will be mostly pro-active and preventative anticipating security challenges and emergencies before they occur Corporate Security will use the team concept and interact with all the business units and service departments to ensure cost effective corporate security policy is practically implemented company wide. 1- To establish a business connection, security programs must demonstrate how they will anticipate security challenges and the cost effective methods that will be used to meet these challenges. By crafting these types of programs for the business units, Corporate Security demonstrates that it and the business unit are interested in providing a safe environment for the employees and that the corporate assets will be paid for only once. 2- Using the partnership of business unit personnel and Corporate Security, cost effective and beneficial security policies and programs will be crafted and implemented. Using this method will enable the business unit to take ownership of the plans and programs and therefore have a stake in their success. 1- To establish a business connection, security programs must demonstrate how they will anticipate security challenges and the cost effective methods that will be used to meet these challenges. By crafting these types of programs for the business units, Corporate Security demonstrates that it and the business unit are interested in providing a safe environment for the employees and that the corporate assets will be paid for only once. 2- Using the partnership of business unit personnel and Corporate Security, cost effective and beneficial security policies and programs will be crafted and implemented. Using this method will enable the business unit to take ownership of the plans and programs and therefore have a stake in their success.

    26. CORPORATE SECURITY 21st CENTURY Corporate Security plans and programs will have to deal with the reality of government regulation and develop innovative methods to keep current with the laws and effect compliance Develop innovative methods to ensure security solutions are as multi-faceted as possible so that the cost and compliance components can be spread among other business units 1- Keeping track of the myriad of security rules, regulations and statutes and how they apply to the business units is a monumental task and can be costly if a corporation is determined to be non-compliant. A cost effective method must be developed to not only capture the federal , state and local statutes and regulations that may apply to the company but also determine if current internal operations policies amount to compliance. BSAG can assist in this regard. 2- Security programs that require the purchase of “large ticket” items must have multi purposes so that the cost can be spread among several business units resulting in the sooner implementation of the item.1- Keeping track of the myriad of security rules, regulations and statutes and how they apply to the business units is a monumental task and can be costly if a corporation is determined to be non-compliant. A cost effective method must be developed to not only capture the federal , state and local statutes and regulations that may apply to the company but also determine if current internal operations policies amount to compliance. BSAG can assist in this regard. 2- Security programs that require the purchase of “large ticket” items must have multi purposes so that the cost can be spread among several business units resulting in the sooner implementation of the item.

    27. CORPORATE SECURITY 21st CENTURY Corporate Security will re-orient its goals from strictly law enforcement objectives to ones that includes a business component e.g. provide metrics for security services that: Increase profitability Reduce costs Enhance the brand Improve customer relationships Reduce employee attrition Self explanatorySelf explanatory

    28. Drug Testing Programs Employee Reduction Programs Investigative and Interview Training Background Inquiries Expatriate Mobilization Programs Workplace Violence Programs Crisis Management Programs Security Awareness Programs Domestic and Global Evacuation Programs Self explanatorySelf explanatory

More Related