printer friendly version

Do consultants add value?

You should always start a security project by getting a consultant to assist you in determining what you need and to help you make the right product decisions, or should you? Depending on your experience, consultants are either viewed as vital resources in a security project, or a useless waste of money that are biased to certain brands and probably get a kickback for whatever they recommend.

Whatever your view is, Security Management Consultants (SMC) are a part of the industry and can (or perhaps, should) play an important role in corporate security decisions. Hi-Tech Security Solutions spoke to Wayne Hermanson and Garth Briggs of Physical Risk about the role of consultants. In this, the first article on SMC, Hermanson and Briggs talk about what an SMC is and what service they supply.

Hi-Tech Security Solutions: What is an SMC?

Physical Risk: An SMC is a physical security professional with security management credentials and experience gained serving in positions of responsibility within one or more specialised sectors of the physical security industry.

The physical security industry is divided into a range of specialised fields such as manned guarding, security technology engineering, security system design and implementation, alarm installations, monitoring and response, investigations, surveillance and training.Their knowledge and experience is made available to customers via engagement of the following key service offerings:

a. Risk assessment/advisory.

b. System/service design.

c. Service/project implementation.

d. Performance measurement.

e. Compliance and functional audits.

Hi-Tech Security Solutions: What is the SMC’s value add to the market?

Physical Risk: The SMC should be able to comprehensively assess the customer’s physical risk profile, security systems and existing services, and advise independent risk mitigation to the long-term advantage and benefit of the customer.

This requires the ability to extract the relevant industry/product knowledge and effectively apply it to mitigate the customer’s security risk profile and audit existing security services and systems.

SMCs should also be able to design, manage and implement the following on behalf of their customers:

a. The development and independent management of purpose-prepared physical security procurement processes such as Request for Information, Request for Quotations and Request for Proposals.

b. Security system designs for new installations, system upgrades and integration of various security technology systems for risk, ease of use, robustness, scalability and ease of maintenance.

c. Prepare purpose-prepared technical input for security projects, services and maintenance agreements to ensure appropriate service delivery by the appointed vendor and performance measurement linked to the customer’s risk profile.

The SMC also needs to develop:

a. Performance-based service agreements inclusive of performance metrics for security services as a client-owned document.

b. Performance-based technology systems maintenance agreements inclusive of scheduled maintenance activities and critical components schedules and performance metrics.

Hi-Tech Security Solutions: Does an SMC have brand or product loyalty?

Physical Risk: A truly professional SMC should essentially maintain vendor and product neutral in order to offer his/her customers with unbiased knowledge best suited to meet their needs.

When discussing brand or product loyalty, we need to understand what vendor neutrality is as it relates to an independent security management consulting company. Vendor neutral SMCs should abide by the following unabridged ethical and professional conduct:

a. Inform clients and prospective clients of any special relationship or circumstances that could be considered a conflict of interest.

b. Never charge more than a reasonable fee; and, whenever possible, the consultant will agree with the client in advance on or basis for the fee.

c. Neither accept nor pay fees or commissions, for client referrals.

d. Will not accept fees, commissions or other valuable considerations from any individual or organisation whose equipment, supplies or services they might or do recommend.

e. To ensure 100% independence, SMC companies should not share ownership with other security service or product providers in the security industry.

Vendor neutrality is not an industry requirement for SMCs in South Africa, however we at Physical Risk are of the opinion that it should be. We subscribe to the best practice that SMCs should declare all the above when engaging a client and that it should be subject to audit/verification. SMCs with loyalty to a particular product or service brand have an incentive to promote it when advising their clients, which is not in the best interest of the client.

Hi-Tech Security Solutions: What experience/capabilities should customers look for in SMCs?

Physical Risk:

a. SMCs should be PSIRA registered at Grade A level.

b. They should be part of a registered security management consulting company with contactable client references.

c. Valid SARS tax clearance certificate.

d. Their résumé should be testament of their competence to advise, design, develop and implement on the required services. By manner of example, a person qualified as an electrical engineer or architect only, is not qualified as a SMC and should not be employed to design or advise on the security system of a newly built residential community estate, for instance.

e. SMCs should as a minimum have served in relevant positions of responsibility with one or more sectors of the security industry. It is difficult to advise security executives and customers if you have not served in positions such as manpower management, security design and implementation or forensic investigative positions yourself.

f. Formal management certification through a tertiary institution such as UNISA’s security management diploma, a security engineer diploma.

g. American Society for Industrial Security’s internationally certified accreditations such as Physical Security Professional (PSP), Certified Forensic Investigator (CFI) or the coveted Certified Protection Professional (CPP) are great qualifications that allow a SMC to gain industry knowledge across the spectrum of the physical security life cycle and make it possible to advise internationally.

h. Project management skills are imperative in driving project imperatives of time, cost, quality and customer expectations.

i. A healthy knowledge of security industry related quality management system standards such as the ISO 9001:2008 for security service and product design and the ISO 28000 for supply-chain security management.

Hi-Tech Security Solutions: How should SMCs engage with brands/vendors?

Physical Risk: SMCs should maintain a truly professional relationship with brands, service providers and suppliers. The South African security industry requires constructive reform to distinguish quality product providers, suppliers, guarding companies, alarm monitoring and response, investigations providers, technology installers and SMCs from the poor ones.

For this to happen we should embrace quality standards initiatives such as established and promoted by the South African Security Association through their SASA Gold Membership with its rigorous industry related requirements. Should the Gold membership be made a requirement during service and product tenders, it would either shake out the bad apples or get them on the track to becoming a quality provider.

SMCs should maintain their ethical standards by showcasing and declaring it during engagements.

Hi-Tech Security Solutions: How should they interact with customers and suppliers?

Physical Risk: Any client engagement should be commenced with and structured as follows:

a. A letter of introduction and company profile with contactable client references.

b. Once a prospective customer shows interest by requesting advice or services, the SMC should render a comprehensive service engagement proposal. The proposal should detail deliverables, fees and expenses and the consultant’s declaration of competence and independence.

c. A non-disclosure agreement signed by all parties.

d. Once the service proposal is approved and signed of as service agreement, the consultant should prepare a project charter with clear deliverables, time and resource allocation. The charter should clearly describe the scope of works to be completed, assumptions, restrictions and exclusions.

e. In interacting with the customer during the project, the SMC should schedule progress meetings as agreed in the project charter and submit a progress report with deliverables for sign-off by the customer. Any amendments to the charter needs to be discussed with financial implications and agreed to by the customer.

f. Once the project is completed the SMC should submit a final report detailing the deliverables as finalised.

g. SMCs should maintain professional and transparent relations with their customers especially when managing expectations or unforeseen issues that have additional cost implications.

Share this article:

Further reading: