The search for reputable security and protective security companies can be incredibly frustrating. There are so many unregulated security organizations operating all over the world with little to no oversight, even from within. For some reason, global industry has seen fit to regulate (some might even say, over-regulate) occupational health and safety without including travel to foreign countries. The understanding of what is regulated, responsible or required is open to broad interpretation, leaving reputable companies to flounder when it comes to acting responsibly.
Commercial and nonprofit organizations are adjusting to the shrinking world, although rather slowly and often too late. The idea that an organization can send someone on an errand abroad for that organization, with only an address to the embassy and an insurance policy, is quickly fading. Organizations are left to enact policies blindly as well as find a balance between growth and risk mitigation. On the one hand, many opportunities are being overlooked because of overreaction, while on the other hand, individuals are risking life and limb to make a profit unnecessarily.
So how should an organization pick the right security company, especially regarding that gray travel safety area?
The first question should always be about vetting. If a security vendor immediately starts talking about all the services they have available to help an organization, without questioning whom they are doing business with.........hang up the phone or walk away. That vendor should either be asking specific questions from the start or already have a detailed folder on the potential client.
Any worthwhile security organization has had to turn down business or exit clients. To do business or promise services without vetting a client first is a sure sign that the organization is unregulated, amateurish and knows nothing of the compliance and legal headaches that come with unvetted clients. Even something as simple as promising services or the appearance of negotiating contracts with an unvetted client can compromise a security company legally and reputationally.
Security companies that offer a "one size fits all" solution are generally selling empty promises. Part of mitigating risk is to determine an organizations vulnerability level as well as the threats to various business functions and individuals within the organization. All organizations are unique in one way or another. If by some slim chance an organization's operations happen to match another organization in that particular industry, then the people running things are unique and therefore require a unique program. Tailored programs must be part of an experienced security practitioner's offering.
Commercial and nonprofit organizations should also avoid security companies that are run by individuals who only have experience running government security operations. Just because a company uses elite special forces and military operations planners, does not mean they will provide the type of services a commercial or nonprofit organization need. On the contrary, many government security experts are used to organization standards on a large scale, alleviating much of the requirement to be creative in the design of a security program.
Often growth will be stunted by practitioners who do not understand measuring risk and alternative (outside the box) recommendations, to ensure an organization can go where they need to go. An analyst will show the client a pretty map with green, orange and red shapefiles, depicting low, medium and high-risk locations. If an area is a high risk that organization should not go there right? The question that few are able to answer is, "high risk to who?" What if that organization had an employee who was raised in that region? Would the risk still be high?
A good security company will have a balanced workforce of government security experts as well as practitioners who have only worked in industrial security. Growth is just as significant as mitigating risk as it means profit for both the security company and the client.
A surefire way to weed out "fakers" is to ask them for proof of liability insurance. A good security company will not only have professional coverage but coverage for security-specific tasks like; guard services, errors and omissions, electronic data breach, assault, EMT and paramedic and subcontractors minimum coverage (because most companies that operate abroad must subcontract). If a security company cannot provide their potential client with this coverage, again.......the client should hang up or walk out.
If a company offers the ability to provide "evacuation coverage" without explaining the plan for each location the client is traveling too, they are lying. The United States government with its extensive reach and unlimited resources cannot make that kind of a promise to its government workers. It is disingenuous for a security company (or an insurance company) to do the same.
There is a certain amount of planning that should go into evacuating a client. Things like safe locations/houses, vetted medical facilities, trusted contacts, multiple contingencies, and transportation routes must be developed based on a clients itinerary, location and most importantly, their mission. Not every traveler may require an evacuation plan.
Recommendations should be made based on current intelligence and as assessed by the (reputable) security company. Because it is rarely used, a standard evacuation policy goes unnoticed by most organizations. Security companies know this and can roll the dice, hoping to be able to put a plan together at the last minute using resources on the ground. Companies have wasted vast amounts of money on this type of coverage with little or no return to show for it.
These are only a few of the warning signs that a security company is inexperienced or disingenuous. Its hard for organizations to determine who is reputable and who is not because they often assume that the security industry is highly regulated. The security industry is not controlled very well, and industry standards vary from location to location. It is essential for commercial and nonprofit organizations to do their homework. Due diligence and duty of care will ultimately fall on the shoulders of the sending organizations, not the contracted vendors.