We’ve written about the executive protection industry’s need for quality control and standardization before. In those previous blogs, we focused on the lack of quality control standards and meaningful certification in the executive protection industry. As we’ve pointed out, this creates a number of problems for our clients and for our industry.
The problems due to poor standardization of executive protection are well known
The lack of shared standards makes it difficult for clients to distinguish good from bad executive protection programs. Unless a client organization has a deep understanding of why quality matters, what drives EP program quality, and how quality relates to cost, it is difficult (if not impossible) for them to appraise the real value of an EP program objectively, or to compare one program to another.
In our experience, very few procurement departments have such an understanding of executive protection. Evaluating competing responses to RFPs easily ends up in comparing apples to oranges. The bias toward choosing the lowest price is often not overcome by considerations of “total cost of ownership”, actual risk mitigation, and the costs of replacing non-functional programs with something that works.
But this lack of shared quality standards creates problems for us as an industry, too. Anyone can call themselves an EP company, hang up their shingle, and open for business. Fly-by-night operators, local mom-and-pops, and serious players with worldwide capabilities all end up next to each other in the Yellow Pages. Just google “bodyguard” and see what shows up in the news.
Poor standardization also creates problems regarding training – for both employees and employers. Different executive protection schools teach to different standards, namely, their own. If you pay and show up, you usually get your certificate – no matter what you actually learned – since there’s rarely any real evaluation of individual learning or capabilities. Individuals who want to work in the industry may end up wasting time and money on poor or irrelevant training. EP providers and corporate programs may end up having to retrain people constantly. As we pointed out in a blog a few years ago, in many U.S. states, the people who do manicures and pedicures have much more rigorous training standards than the people who protect the captains of industry.
Some lessons learned from Denmark
In this blog, we’d like to focus less on the problems that all of this creates and make a modest proposal for a solution. This is based on our own experience at AS Solution in Denmark, where we participated in a process that helped introduce some of the Danish security industry’s first standards for both guarding and executive protection companies.
Before the process, the Danish situation was similar to where we are now in the U.S. There were no countrywide quality standards for security companies, and anyone could call themselves a guard or EP company and sell their services. This led to all of the problems for clients and the industry that we outline above.
Things began to change about 15 years ago when the Danish Security Industry Association worked with member companies to create quality standards for security services. It all started because members of the security association were having a hard time talking with clients about the comparative quality of ICTV services. There were no standards that made quality comparable, which created problems for clients negotiating terms and conditions with their insurance companies. To mitigate risk through ICTV systems and get the best insurance rates, some insurers required A, others B, still others everything from A to Z. Members of the Danish Security Industry Association selling ICTV systems asked: could the security industry association create standards for quality assurance that all members could apply evenly?
The association did just that, drawing members into the process and choosing certification around the well-known quality management system, ISO 9001. Then, when the first standardization and quality management systems were completed, and the first batch of companies completed their audits and certification processes, the security association knocked on the door of the trade association for Danish insurance companies and pension funds, Insurance & Pension Denmark. Would you work these quality management standards for ICTV into your insurance policies? The association subsequently lobbied private and public sector organizations that purchased security services in a similar way.
Insurers adapted the standards because it simplified their work, increased cost efficiency, and improved consistency and transparency. Security providers adapted the standards for similar reasons – and because insurers started requiring them. Procurement managers adapted the standards because it made it easier to compare providers and comply with other quality norms.
Over time, the standards were integrated into most insurance policies, and many major purchasers began to depend on them. Since then, other members (AS Solution included) initiated similar processes for access control, physical security, guarding, executive protection, and more. Now, many Danish security companies are ISO 9001 certified, and certification is necessary to bid on many, if not most security jobs in the private and public sectors.
AS Solution was directly involved in creating standards for guarding, executive protection, and maritime security in Denmark. Our Danish company received its first ISO 9001 certification in 2008. In 2018, we also completed certification for the part of our U.S.-based secure travel support services.
ISO 9001 certification is an ongoing process – and mindset – with many advantages
Like a lot of good things, changing attitudes to quality and standardization happened only gradually. Some security providers didn’t understand why they couldn’t simply pay to get their company’s quality processes rubberstamped. It took a few major insurers years to integrate the certifications into their complex IT systems. Still, although there were plenty of challenges and change did not occur overnight, experience with these quality standardization processes has been overwhelmingly positive in Denmark’s security industry.
Clients like it not only because it makes it easier to buy insurance and compare apples to apples in RFP rounds, but also because it provides significant advantages regarding compliance and liability issues. When corporations have their own quality management systems, as most do, having ISO 9001 certified vendors makes life much simpler.
As an EP company, ISO 9001 certification has had a huge impact on how we operate. To put it simply, improved focus on quality management improves quality. The ISO 9001 process forces you to look at the parameters that impact quality, figure out how you measure whether and how you live up to these parameters, define processes for dealing with quality gaps, and submit to regular internal and external audits to ensure that you’re doing what you said you were going to do.
The upshot is that we don’t keep repeating the same quality mistakes over and over. When quality breaches do occur, we have a process that makes us look at our systems and figure out how to prevent them in the future. When this focus on quality starts to permeate more and more of what we do, and everyone in the company participates, good things happen. Yes, quality improves, but so does innovation. ProtectionManager, the first digital platform for executive protection providers, was a direct result of our quality management efforts and provides a convenient way to monitor and trace many activities that impact the quality of what we do.
ISO 9001 certification is by no means a panacea: if you set out to deliver mediocre quality, then ISO 9001 only helps to ensure that you deliver that mediocre quality consistently. That said, we think most companies would agree that if you embrace quality management and use the ISO 9001 processes as they were intended, good things happen.
A modest proposal for standardizing the EP industry in the U.S.
Could something similar be done in the U.S. executive protection industry? We think so – even though there are clearly significant differences between a small EU country and the huge U.S. market with its many federal, state, and local differences.
We could take a few pages from the Danish playbook – and also look around to see how others have introduced standardization in various industries – and try to come up with a similar, if different, process here. Some of the key success factors should be the same, no matter where the standardization process occurs:
- Standardization should be voluntary, not mandatory if you want to avoid the trap of falling for the lowest common denominator.
- Standardization processes should be driven by industry associations or at least groups of companies and interest groups, not any one particular company.
- Both providers and purchasers should be involved, and both should benefit.
- Certification should be done through an existing and proven quality management system, such as ISO 9001, with thousands of successful implementations worldwide.
- Certification does not have to be simple, but it should not be overwhelmingly difficult, either. It must be accessible and affordable to large and small companies alike, even if the least professional mom and pops might find the process too daunting.
Colleagues in the EP industry – what do you say?
Procurement professionals for the Fortune 500, family offices, and governmental agencies – would you be willing to join in?
ASIS, IPSB – could this be for you?
Ping us on social media and let us know if we are completely crazy or only crazy ambitious!