How To Write An RFP For Executive Protection Services


May 5, 2016 - By Christian West & Brian Jantzen

Tags: , ,

Every good corporate executive protection program starts with a good RFP. Or should, at least.

Because the RFP, or request for proposal, is the most powerful document the corporation has to structure the bidding process and improve the transparency of competing bidders’ advantages and disadvantages.

All organizations have their own purchasing policies and procedures, and most will probably already have guidelines and templates regarding RFPs. But few corporations have much experience in outsourcing such a specialist partner service as executive protection. Given the executive protection program’s close-up-and-personal visibility with top execs, this experience gap matters: Whereas most purchasing decisions made by the security department will not figure prominently on the CEO’s radar, the people chosen to provide close personal protection will.

In this blog, we provide an outline of the various elements a good RFP should contain. It will allow you to organize your RFP so that it makes clear the decision criteria you apply in choosing your executive protection partner. And it will enable you to ask the right questions to make an informed decision.

Price is inevitably one of the most scrutinized of all the many criteria, and of course it matters. But we would encourage organizations to broaden the scope of the RFP well beyond price. We’ve been called in to fix a number of programs that started out with low-cost vendors but ended up costing far more than they should have. In executive protection like anything else, you get what you pay for. But unlike many other purchases, the costs of a failed executive protection program can be much greater than purely financial.

Scoring and weighting according to well defined decision criteria

We think it’s a good idea to lay out the decision criteria in clusters, weight each of them according to relative importance, then score your evaluation of each vendor bid, for example as in the table below. It’s also a good idea to inform vendors of your criteria and how you intend to weight them.

Criteria

Weight

A

B

C

Company background/management

10

Protective service capabilities

10

Human resource management

20

Protective service processes

20

Implementation plan

10

References

10

Price

20

Total

100

How you choose and weight these decision criteria is an individual matter, and even careful scoring won’t allow you to delegate the decision to a numerical model. Personal chemistry and gut feelings do matter. But we hope this blog will enable you to move beyond the “I know a guy” method to a more effective – and ultimately successful – way of choosing a specialist partner in this niche field.

Statement of Work/Scope of Work

The statement of work (SOW) should make clear just what kinds of protective services the corporation wants to contract. But realistically, it can be difficult or impossible for corporations with no experience in executive protection to know exactly what they need.

How extensive does the risk, threat and vulnerability assessment (RTVA) need to be? How often should it be updated? Are advance trips to upcoming travel destinations always necessary? Why or why not? Should intelligence analysis be part of the program?

Answers to these and many more questions can be elusive for non-experts. That’s why some corporations rely on external consultants to carry out an RTVA and make SOW recommendations based on the results.

The SOW should cover at least all the basic points listed below:

  • Who: Principal(s) to be protected
  • What: Specific tasks
    • Threat assessments
    • Advance work
    • Security driving
    • Close protection
      • Office
      • Residential
    •  Travel logistics
  • When: Full time, part time
  • Where:
    • Office
    • Residential
    • Travel
    • Domestic
    • International
  • How:
    • Specific tasks
    • Procedures
    • Operational planning
    • Staffing and training
    • SOPs
    • Quality control/KPIs
    • Reporting
    • Contingency/response plans
    • Stakeholder communication
    • Expense reporting and invoicing
    • Personnel and program evaluation
    • Key personnel needed from vendor

Vendor background information

Once you have defined the scope of work, you’re ready to start asking potential vendors to bid on it. The next thing to do is to get get vendors to provide information that will let you evaluate their expertise and ultimately let you choose among them.

The first cluster of decision criteria lets you examine some of the basics: you need to get some general background information from all vendors.

Financial information: Ask all bidders to provide information that proves their company is a viable business. Are they profitable? Are they growing? Can you count on them to be around in a year? To find out you should go back at least three years, and require to see at least the balance sheet and income statement.

Management team: Good companies have good management – also in the executive protection industry. Ask for the management team’s bios or CVs. Find out which person at the senior executive level will be accountable for your program. If the scope of work calls for a team or onsite manager, you’ll also want to learn more about who the vendor proposes for this important role.

Mission, values and guiding principles: Try to move beyond all the marketing talk and get a good sense of what makes the vendor tick. What kind of values do they try to instill throughout their company? Do they have a set of guiding principles that are clear and actionable? Do they walk the talk?

Compliance with ethical, environmental and other corporate purchasing guidelines: We’ve seen it happen time and again: The security director puts together an RFP as best he can and sends it to potential vendors; then the purchasing department asks for a whole slew of other information in keeping with corporate purchasing guidelines.

Be sure to ask about whatever is relevant for your corporation. Some of the more common guidelines include:

  • Quality control: What kinds of quality assurance programs does the vendor use? Are they certified according to ISO 9000 or 9001 standards?
  • Environmental: Does the vendor comply with corporate environmental standards? What kinds of certifications does it use to ensure compliance?
  • Non-discrimination: How does the vendor ensure compliance with non-discrimination policies regarding gender, race, etc.?  For larger programs, how can they ensure that the diversity of the corporate workforce is also reflected in the protective team?
  • Anti-corruption/bribery: What are the vendor’s policies regarding corruption, bribery, etc.? For example, do managers and agents receive training in the UK Bribery Act or other accepted ways of preventing bribery?

Global presence: Seamless quality of service regardless of location is a hallmark of good executive protection, and you will want to understand the vendor’s ability to provide protection and smooth logistics worldwide.

This is worth considering even if the scope of work currently calls for protection in only one country, which is exceedingly rare in our globalized economy. Protection needs change, sometimes quickly; you want your executive protection vendor to scale internationally as and when necessary.

Ask to learn more about the vendor’s

  • Own locations: Where do they have people, offices or subsidiaries?
  • Vetted vendor/partner locations: Where do they have tested, tried and true partners?
  • Vendor vetting procedures: What are their procedures for selecting, training and briefing other companies in other territories? How do they carry out remote supervision? How do you know the “security driver” they provide in Karachi is reliable, and that you can safely entrust your CEO to his driving skills and background?

Insurance: How is the vendor’s liability and other insurance coverage? Be sure to get some insight into the kind and level of insurance protection.

Licensing: Licensing requirements vary internationally and by state in the US. Ask vendors to provide information on what kinds of licenses allow it to operate where.

Vendor protective service capabilities

When choosing an executive protection provider, it’s important to gain a comprehensive overview of the bidding vendors’ capabilities. That they all can build and deliver a basic executive protection program should be a given, so you will as a minimum want to examine their expertise concerning protective agents, security drivers and program management.

In order to future-proof your vendor relationship, however, it is a good idea to look beyond the minimum requirements. You need to ask questions about related security services, too.

  • Can they provide you with strategic planning support in addition to tactical implementation?
  • Do they have experience in residential security? How do they recommend aligning residential security services with the rest of the executive protection program?
  • If the need arises, can they ramp up security with protective surveillance or counter surveillance teams?
  • What is their track record in adding intelligence analysis to protective programs? How would they recommend staffing, managing and integrating the intel piece into the overall program?
  • Can they also provide event security? Depending on the corporation’s needs, it might make good business sense to ask the same vendor to handle executive protection and event security services.
  • What about corporate investigations?

When considering all of these protective service capabilities it important to consider vendors as long-term partners with whom you will be building and maintaining the program.

Unlike other security services, executive protection is intimately entwined with the principal’s daily routines and corporate culture. Once implemented, there is a resistance to making major changes, so choosing the best partner from the beginning is even more important here than in other areas with less direct involvement with the principal.

Human resource management

Executive protection is a people business.

While this is true for many industries, the close-up-and-personal nature of executive protection makes human resource management an especially critical decision criterion. The RFP process should enable the corporation to understand how vendors manage HR because a provider’s ability to recruit, develop and retain the best people is essential to program success.

Scope: The first thing to look at is the kinds of employees the vendor can provide. Depending on the nature of the program, you may need to fill some or all of the jobs listed below, and you want to be sure that your vendor has the necessary experience and expertise in providing quality people. How do they recruit, vet and develop and retain these specialists?

  • EP agents
  • Protective surveillance agents
  • Security drivers
  • EP managers
  • Residential security agents
  • Intelligence analysts
  • Event security specialists
  • Corporate investigations

Vetting process: You should ask tough questions about how the vendor vets potential candidates for each job type. What policies and procedures do they follow in order to ensure that those charged with protecting the principal are worthy of this trust?

“Background checks” can be bought off the shelf, and some vendors are satisfied with low-cost but superficial versions of these. Others have far more thorough processes that might include anything from extensive and recurring reference checks to social media analyses and even polygraph tests.

Hard skills and experience: A variety of trainable, demonstrable skills is essential to good executive protection. These vary according to the specific job type.

You will want to understand how the vendor sets standards for training and experience for each and every job type called for in the scope of work:

  • What are the minimum training qualifications for each job type? Which courses must candidates have completed? From which type of training school?
  • How many years of relevant experience are necessary for each job type?
  • Ask to see job descriptions and required qualifications for each job type.
  • What are the providers’ policies for refreshing perishable skills? For many skill sets, including critical ones like evasive driving and emergency medial care, it’s use it or lose it: providers who aren’t requiring their staff to do regular training aren’t doing their job.
  • Certifications: Does the vendor have company-wide quality assurance certifications such as ISO 9001? What kinds of certifications are necessary to fulfill specific job types?

Soft skills: The mastery of hard skills is a necessary but insufficient qualification for success in an executive protection job. Emotional intelligence is equally important. Why? Because if the people providing the protection 24/7 don’t thoroughly understand and adapt to both the corporate culture and the principal’s personal preferences, it is unlikely that the program will achieve sustainable success.

To thrive in executive protection drivers, agents and managers must possess a variety of characteristics we call “soft skills”. To mention a few: resilience, empathy, discretion and self awareness. While all of these can be improved by dedicated effort, they are essentially personality traits that some people possess more than others. See our blog on this subject to learn more.

The context of the RFP is too narrow to investigate the psychological makeup of potential agents. Still, it is a good opportunity to discover how seriously vendors take this critical aspect of the business, so at least a few good questions are in order:

  • What are the provider’s procedures for ensuring good cultural fit between protective agents and corporate stakeholders? What do they actually do to learn about the corporate culture and adapt programs accordingly?
  • How does the provider make sure that the program meet’s the principal’s personal preferences? What are their procedures for discovering these, and for making sure they are respected across three-shift teams and around the world?
  • What procedures does the provider use to evaluate the soft skills of its candidates? How does it match individual agents and managers to individual clients?

Employee continuity: The security industry is notorious for high staff turnover and low employee loyalty. This has negative consequences for the quality of its services and for the reputation of the entire industry.

While the executive protection sector is better off in this regard than many other parts of the industry, we too can get better. For far too many years, we in executive protection have failed to give our employees the means to develop their careers. We have not been good enough at nurturing talent through career planning, and we have paid the price: too many high performers have switched companies to climb up a rung of the career ladder, and too many low performers have stayed where they are.

While it’s not the corporation’s headache to organize a supplier’s HR efforts, if it is interested in sustainable program success it will want to inquire how the vendor does so.

Be sure to ask how the vendor ensures staff continuity through employee retention and career planning. Two simple metrics that are useful: employee turnover rate and average years of employment.

Employee compensation and benefits: It is a fair question in the RFP process to ask how the vendor pays its employees.

Transparency around employee compensation and benefits (including 401k, health, life, vision, dental, short-term disability, long-term disability, paid time off, performance bonuses, etc.) is important. Because everything else being equal, vendors who provide competitive salary and benefit packages are more likely to attract the best talent. We have yet to work for a client who doesn’t want the best talent when it comes to close protection.

Scalability/surge capacity: Extending program scope means adding resources, and corporations need to consider vendors’ ability to scale up quickly if this becomes necessary. Adding another principal to the program could effectively double the staff needed. Can the vendor respond quickly? How? What kinds of lead times are necessary?

Vendor protective service processes

You will want to pay particular attention to how vendors organize the nuts and bolts of their services. All of the bullet points below are important, and you should ask vendors to provide information on the procedures and processes they use for all of them.

Who does what? When and with what frequency? How do they actually do it? What information do they supply? What is expected of you in each process? Where will you need to approve or review?

  • Risk, Threat and Vulnerability Analyses (RTVA)
  • Operational planning
  • Staffing and training
  • Standard Operating Procedures (SOPs)
  • Quality control/KPIs
  • Reporting
  • Contingency/response plans
  • Stakeholder communication
  • Expense reporting and invoicing
  • Personnel and program evaluation

All of the above points are important but we want to call out one in particular for our friends in corporate security: reporting.

Like any other expense the corporation commits to, executive protection is an investment that will be scrutinized in many ways. Security directors can be hard-pressed to demonstrate the return on investment of an executive protection program: If nothing happened to the principal either before or after program implementation, then what difference has the program made?

Good reporting based on solid data can help security directors quantify program value. You should ask vendors to tell what kind of data they can and will report, how they will do it, and with what frequency. See a blog that explains this data-driven approach here.

Implementation plan

A great way to learn how a company works is to ask them to describe how they would implement the new program.

What are the process milestones? When can you expect these to be achieved? Who on the vendor side will be involved – and who on the corporate side will need to be involved?

References

Last but by no means least are client references.

Have the vendors provided similar services for similar clients? How did things go? Are they still providing services? Why or why not?

Of course, no serious executive protection company would list corporate or other clients on a website, so you will need to ask. Go beyond the logo lineup and simple client list. Ask to contact one or more of the security directors or CSOs they work for directly, so you can learn firsthand of their experiences with, and opinion of, the vendor.

Price schedule

Ask vendors to break down all costs so that you can see how they arrive at a total – and compare competing bids at the line-item level.

Be sure to capture all costs – both fixed and variable, ongoing, out of pocket, etc., and to understand what is and is not included in the budget.

RFP Schedule/Timing

Depending on the complexity of the scope of work, the RFP process can take anywhere from a week to several months.

Be sure to allocate adequate time so that vendors and your own purchasing department can prepare and complete all of the steps below:

  1. Issue request for proposal
  2.  Requests for clarification due
  3. Response to request for clarification due
  4. Notice of intent to bid due
  5. Proposal due date
  6. Oral presentations
  7. Expected contract start date

What do you think? Have we left anything important out? We hope you’ll let us know!

Read more about our approach to executive protection here

Christian West

Founder and CEO

Christian has been active in the executive protection industry since the late 1980s, when he worked for Danish musicians who relocated to Hollywood. Upon returning to Denmark, he founded his own EP company, which he quickly grew into Scandinavia’s largest, before it was acquired by Securitas.

Christian founded AS Solution in 2003, and again in 2009 followed his international clients to the US, where he is now based. An active member of ASIS and a leader in the corporate executive protection industry, Christian has personally planned and led high-profile engagements in over 76 countries for a wide variety of corporate and high net worth individual clients, including the international roadshow for the biggest IPO in history.

Brian Jantzen

Executive Vice President

After leaving the US Marine Corps as a captain in the early 1990s, Brian has pioneered corporate executive protection services internationally for Fortune 500 companies, high net worth families and NGOs.

Brian has provided protection at the highest levels of corporate and philanthropic environments in over 35 countries. With his demonstrated ability to align security operations with both the client’s organizational goals and personal preferences, Brian uses his strong relationship building, collaboration and project and vendor management expertise to create security solutions that deliver program efficiencies and customer satisfaction. Brian graduated from the University of Washington with a BA in Sociology and is the subject matter expert chair for the ASIS Executive Protection Council.