July, 2020 - securitylinkindia

Feature

Auditing & Process Building in Security Industry

MassMediaLink India LLP SecurityLink IndiaJuly 20, 2020November 14, 2024012 mins

The culture of Auditing & Process Building in India: An Overview The Indian economy saw a major emergence of both domestic and foreign MNCs within its political borders with the economic liberalization reforms of 1991. With this, while the inflow of foreign direct investments (FDIs) increased in various industry verticals of the economy, the inherent risks of the local environment remained ingrained in the newly set-up businesses and industrial zones. These risks primarily related to crime, terrorist activities, civic disturbances, natural disasters and likes. In short, while businesses opened up hastily and pro-actively in the new economic environment, the existing mindset regarding the culture of security did not necessarily change or follow the structural changes in the economy. Decades later, the reluctancy of looking over the security aspect as an ‘additional’ cost to an organization have now shown near-tectonic effects. At the domestic level, the long and diverse nature of the unrest unleased by the Citizenship Amendment Act (CAA) brought business continuity to a standstill in different states across the country. Second, at both domestic and global levels, the benefits of the historical reforms of 1991 have been neutralized by the outbreak of the Covid19 pandemic. The current scenario has now compelled businesses to re-assess that crisis plans are irrelevant, unless they can actually be implemented on-ground. The adoption of pragmatic and far-sighted processes and audits in security culture is a small but decisive step in this regard. Why is a change in the current scenario needed? The outbreak of the Covid19 pandemic has highlighted once again that business risks may be mitigated, but never be actually prevented in whole from occurrence. It may not be an exaggeration to state that the pandemic has exhibited apprehensions/ risks of unprecedented extent and nature, of which no business continuity or crisis management plans had ever envisaged while they were framed. A survey carried out, in the midst of the pandemic, displayed the following outcomes from the respondents (mostly senior security managers of global firms in India). While the above responses honestly display the current psychological mindset of professionals trying to gauge the pandemic effects on their organizations, the irony remains that global organizations had well-thought and drafted standard operating procedures (SOPs) on security and emergency response processes. Organizations, at their end, have also invested resources, time and capital to draft SOPs. Under such circumstances, it becomes more pertinent to assess whether these SOPs have been applied in reality, reviewed, up-graded or just have stayed on paper revisions? Analysing key shortcomings in Security Audits and related SOPs Having discussed the current state of affairs in the overall corporate security domain in preceding sections, assessments and experiences gathered across various industry verticals primarily display the common shortcomings as follows: Absence of simplicity and use of excessive jargons or technical words: Not every person is a security professional and SOPs must be understood by cross-functional teams. Recommendations provided by security auditors are not implementable: Solutions recommended are either too expensive or not precise to be understood by the auditee. Holding back of knowledge by the security auditor: The auditor feels that giving too much insight in one audit itself may lead to loss of future business generation from the auditee. Below are few examples of the arguments put forward: Vague recommendation: Increase the boundary wall to ensure that it is difficult to be accessed by anyone. The wall must be fenced appropriately to further increase the height and reduce the risk of unwanted intrusion.(Note:Recommendation does not specifically explain height, fencing etc). Use of jargons: Installation of GPS in your official vehicles may be integrated with authorized SIGINT software, as legal under laws, to your centralized command centre (supported by back-end 24/7 embedded staff). (Note: Recommendation does not explain what elements like SIGINT, Embedded etc., mean for non-security professionals/ teams). The way forward: Suggestions for Improvements The simplest ways for building actionable SOPs are to be guided by the very principles that drive the business and people of that organization. These are the principles of simplicity, accessibility, transparency and consistency – to build processes towards business excellence which every global firm strives for. While this may look like an uphill task for an organization, it actually is not: A change in the psychological mindset is the first step. Auditors need to exercise transparency and act as trusted partners to the organization which calls them upon. Similarly, the organization/ auditee must not be afraid of an auditor’s findings when the findings are provided in an amicable, lucid and professional manner by the auditor. SOPs do not need a crisis to prove their existence. This means SOPs need to be carried out in action through mock drills and red teaming exercises. Such real-life scenario enactments are very essential to review and identify strengths and weaknesses in a real emergency SOPs can never be time-bound i.e., there must always be room for the unknown future. The bridge to integrate the present and the future is to review and identify weaknesses in current SOPs and supplement them with new wings i.e., new or supplementary SOPs. This is a continuous cycle and has to be carried out at least every 1-2 years (depending on size, total asset value etc., of the organization). The role of stakeholder engagement (right from first-response teams to emergency managers to board/ owners) is indispensable in building sustainable and well-communicated processes. Else, audits and SOPs just remain limited to control room logbooks. Conclusion The need of the hour for corporate India is to hence shed away pre-conceived notions regarding the negative attitude attached to security auditors and their scope of work. A confidence-building measure towards attaining this is the innovative concept of peer auditing (where security managers of different companies audit each other’s facility) as a voluntary and goodwill expression. Such audits develop a sense of comfort and familiarity to the idea of allowing an external party to have visibility and access to an organization’s internal state of affairs –…

National

Government Declared PSS as the Essential Service

MassMediaLink India LLP SecurityLink IndiaJuly 20, 2020November 14, 202405 mins

Addressing the members of Private Security Industry (PSI) on 19 June 2020, through video conferencing organised by the Central Association of Private Security Industry (CAPSI), Vivek Bharadwaj, IAS, Additional Secretary, Ministry of Home Affairs (MHA), Police Modernisation (PM) touched upon the COVID pandemic which has created havoc in the nation, and appreciated the tremendous role played by PSI. It was due to the efforts of CAPSI and persuasion at the highest level in the MHA that enabled the Government to declare PSI as an essential service. The fact that there has been no incident of arson and violence during lockdowns speaks volumes of the laudable work done by the security guards, security supervisors and the management. The Additional Secretary placed on record his deep appreciation for the stalwarts of the industry, termed them as the ‘heroes’ of the time, and urged all to recognise their contributions in true sense. Mr. Bharadwaj began his discourse by paying homage to the martyrs of the Indian Army who sacrificed their lives on the northern borders in a tussle with China. All participants joined him to observe a 2 minutes silence praying for their rest in peace. He later asked the participants to explore how they can help the families of these martyred soldiers. The industry comprises mostly ex-servicemen and veterans; he requested CAPSI State Chapters from the states of the martyred soldiers to connect with their families and exert to help them get suitable employments. Earlier, CAPSI took the issue of barring the services of security professionals during lockdown aggressively up and raised it to the pertinent higher authorities of the government of India. The delegates of CAPSI headed by the Chairman, CAPSI, Kunwar Vikram Singh kept in pressing touch with Mr. Bhardwaj himself, and G Kishen Reddy, the Minister of State for Home Affairs Government of India. The dedicated efforts of CAPSI fructified and on 14 April 2020 the government notified PSI as the essential service and allowed them to operate in lockdowns. “The CAPSI decision to approach MHA to bring private security services under essential services has saved 23000 PSAs and 9 million security guards from major livelihood disaster. Imagine 9 million SGs going back to their native places leaving everyone business establishment and RWAs unprotected. MHA decision will be remembered as a life saving landmark decision for the PSI. Not a single case of theft, industrial damage or trespassing reported during lockdown. Salute to all security guards and management of PSAs those worked all times with total professional commitment. After all ‘the chowkidar’ proved its worth as guardsman to the nation,” said Kunwar Vikram Singh. Understanding the problems being faced by the PSAs in renewing their licenses, Mr. Bharadwaj stated that the Government has extended the date for renewal till the end of August. Talking of the situation post pandemic, he stated that the industry should think in terms of playing an international role. The valuable human resource available if trained properly can help the PSI play a significant role in the global arena. The Additional Secretary concluded his talk by assuring the participants that the reframing of the model rules will be a great step towards resolving many current problems being faced by the industry.

Report

COVID-19 CONTACT TRACING APPS

MassMediaLink India LLP SecurityLink IndiaJuly 20, 2020November 14, 2024024 mins

(Submitted by Overseas Security Advisory Council) Digital contact-tracing mobile applications have become a useful mitigation tool for countries and private-sector organizations alike in the fight against COVID-19. South Korea and Singapore were among the first to deploy a digital version of contact tracing, a key reason those countries have experienced relatively few coronavirus cases. In the United States, such measures have fallen largely to tech companies, resulting in a rare partnership between Apple and Google to develop contact-tracing technology that will operate on both iOS and Android phones. However, other countries have implemented apps that raise serious security concerns for private sector operators. This report looks at the issue as a whole, and examines its implications in two key countries for OSAC members. Using Contact Tracing Applications While governments and major companies work to create and monitor tracing apps, private sector organizations have also begun acquiring mobile applications and wearable devices to track and stop the spread of coronavirus in the workplace. PricewaterhouseCoopers (PwC), which is building its own contact tracing app, noted that nearly a quarter of chief financial officers they surveyed plan to evaluate the technology as part of an office reopening strategy. A recent survey of 300 OSAC members received similar results; 22% of respondents noted that their organization was considering the use of contact tracing mobile applications to identify and track possible COVID-19 infections, with another 3% reporting that their organization was already using these applications. These responses were highest in Asia, where almost 30% of respondents reported either considering or currently using contact tracing mobile applications. As organizations consider mandating these technologies in the workplace, many questions arise such as whether participation actually makes employees safer (or just feel so), if apps are legal and appropriate to deploy and mandate for employees, and if the technology will work as advertised in the field. The legality and appropriateness of mandated digital contact tracing in the workplace is likely to differ by country and organization. Also, organizations may need more time and experience to fully understand how well the technology will work, and how it will impact employee safety. Regardless, the mandated use of these technologies present cybersecurity and privacy concerns that can and should be examined before considering or committing to any new platform. GPS vs Bluetooth The two primary forms of digital contact tracing mobile applications are those that rely on GPS and those that use Bluetooth. GPS-based apps, such as those in South Korea and Israel, are the most intrusive on privacy, since they track and communicate user locations and movements to a centralized source (like the government). They can pinpoint potential locations of exposure, as well as the phones of the users who appear to have been in close contact with an individual. Meanwhile, those that rely on Bluetooth technology, like the apps in Singapore and Australia, can tell you when you might have been exposed to COVID-19, but they are more decentralized and will not tell a user where or to whom they were exposed. Privacy advocates prefer the latter for these reasons. Some legal experts argue that the optimal design for private-sector organizations from a privacy point of view leverages Bluetooth technology without giving the employer access to the server containing the information. Companies Behind the Apps In addition to understanding the technical backbone on which these applications rest, organizations should also consider the developers and their track records with cybersecurity and privacy issues. There is a wide variety of companies seeking to develop this technology and earn their share of what may prove to be a lucrative market moving forward. These include all types of organizations, from traditional business software and professional services companies like PwC and Salesforce, to technology startups and cyber intelligence firms. According to Reuters, at least eight surveillance and cyber-intelligence companies are attempting to sell re-purposed spy and law enforcement tools to track COVID-19 and enforce quarantines. Executives at four of those companies said they are piloting or in the process of installing products to counter coronavirus in more than a dozen countries in Latin America, Europe, and Asia. One of the more controversial companies in this group is the Israel-based cyber intelligence firm, NSO Group. The surveillance software-developer is currently being sued by WhatsApp for allegedly helping governments hack 1,400 targets, to include activists, journalists, diplomats, and state officials using its signature software, Pegasus. The company also faces another lawsuit in which it is accused of supplying software to the Saudi Arabian government, which allegedly used it to spy on the journalist Jamal Khashoggi before his murder. While these platforms, which largely rely on GPS location data, have primarily marketed to governments, organizations interested in employing digital contact tracing tools within their facilities and workforce should also be wary of clandestine technologies traditionally used for surveillance. Beyond the damage that such technologies could cause to an organization’s business image or employee trust, they could also present significant data privacy concerns, depending on how the data is collected, stored, and accessed. Organizations should also monitor which countries are adopting these more privacy-invasive technologies, as countries more predisposed to dissent suppression and other digital authoritarian practices could easily abuse then. Two Significant Case Studies OSAC has received inquiries from the private sector regarding digital contact tracing apps that host governments are mandating for employees. According to MIT Technology Review’ COVID-19 Tracing Tracker, 25 countries currently have significant automated contact tracing efforts in place, and five of those countries (Bahrain, China, India, Qatar and Turkey) mandate use of tool . Two case studies address how mandated use might impact U.S. private-sector employees operating in the world’s two most populous countries. China Color-Coded Health Passes China has rolled out a color-coded health system based on travel history and contact tracing to monitor new COVID outbreaks. While downloading the app is not mandatory, the health code is necessary to enter public places such as public transportation, residential compounds, hospitals, workplaces, or schools, or to travel domestically. If an individual…

Latest

Can Consolidation be the Growth Strategy for PSI in Current Stressed Market Scenario

MassMediaLink India LLP SecurityLink IndiaJuly 13, 2020November 14, 202409 mins

The booms and busts of economies and markets have consolidated businesses over decades. The word consolidation takes its origin from ‘Consolidatus,’ a Latin word which means ‘to combine into one body.’ Many of today’s mega companies have resulted from high profile business unions termed as Consolidation, Merger, Unification, Alliance, Amalgamation, Coalition or Collaboration etc. Consolidation within a business group refers to merging of several business verticals or different companies into a single larger organisation to improve operational efficiency by reducing redundant personnel and processes. Consolidation within a business sector is also the merger of several independently managed business entities which typically concentrates market share in the hands of a few large companies. PSI – A Stressed Sector Stress conditions of Private Security Industry (PSI) were initiated by the ill-advised GST mode of applicability on the body corporate Private Security Agencies (PSAs) resulting in acute shrinkage of cash flows disabling budgets for expansion and growth. Any business which comes to standstill commences to deliver diminishing or negligible returns, and gradually goes sick and dies because of inflating costs and infrastructure maintenance. Additionally, COVID 19 shut-downs, downscaling, layoffs and closures have devastated many small and medium PSAs who were comfortably operating in niche sectors such as infrastructure, hospitality, malls, retail, entertainment, transport and more. Private Security Industry (PSI) is a human resource intensive service sector and primarily existed on sourcing of migratory labour which has seen major disruption countrywide. The dust is yet to settle to allow the true picture to emerge. Favoured employers who practiced employee retention policies may feel the ‘pinch’ but it is the ‘marginal industry’ comprising SMEs with high employee turnover rates that have begun to encounter the paucity of manpower availability. Bank funding and public financing are not easily accessed in the absence of sufficient acceptable securities. MECHANICS OF CONSOLIDATION Consolidation can strategically deliver differing values derived for meeting the strategic objectives of the consolidating businesses. It is important to mark that when private security agency owners (PSAOs) consider consolidation, merger, acquisition or sale they must reconcile their bottom lines with the fiscal realities of customers, employees, investors and regulators. Consolidation can also refer to the uniting of smaller PSAOs into larger companies through ‘suited arrangement.’ One of the driving forces behind consolidation is the operating efficiencies that often arise from mergers. The merged entities can merge existing operating structures and reduce any overlap. There usually exists an opportunity to realize significant cost savings as well as related fiscal synergies. Strategically, other objectives could be for gaining targeted or expanded geographical reach, a larger customer base, a broader product line etc. Consolidation alters the balance of power in marketplace and the competitive landscape and associated supply chains. However, the Mantra of the entire exercise is that there is sufficient to be left on the table for the next benefit. This will lead to a win-win situation. SPARKLING EXAMPLES OF THE CONSOLIDATION Consolidation is disrupting traditional competitive development and the economy. In banking sector we are experiencing major deployment of the consolidation strategy in merger of many strained or marginalized banks into a mega entity for the planned outcomes. On April 01, 2020 we witnessed the merger of the Oriental Bank of Commerce and the United Bank of India with the Punjab National Bank creating PNB as the second largest lender after the State Bank of India. Successful restructuring is likely to eliminate redundancies in back office operations like accounting, marketing, warehousing and technology resulting in efficiencies of service delivery and improved profitability. The Confederation of Indian Industry (CII) is a successful strategic outcome of the coming together of three associations forming a larger and more effective entity that forcefully competes for Government recognition in influencing policy formation, regulation and development initiatives for its stakeholders. A fine example of consolidated evolution in the global public accounting sector over the years is reproduced here. In 1986, nine large accounting firms dominated the industry. Then, in 1987, Klunveld Main Goerdeler (KMG) merged with Peat Marwick Mitchell to create KPMG Peat Marwick reducing the number of top tier players to the ‘Big Eight.’ Then in 1989, Ernst and Whinney merged with Arthur Young, and Deloitte Haskins and Sells merged with Touche Ross, further consolidating the industry to the ‘big six.’ In 1998, the merger of Price Waterhouse and Coopers & Lybrand created the ‘big five’ and the dissolution of Arthur Andersen in 2002 left the field to the ‘big four.’ CONCLUSION The birth of these giants is the fruit of timely due diligence by the stakeholders who saw the light at the end of the tunnel to create bigger business models and success stories. Thus consolidations gave birth to these behemoths. One cannot afford to miss the power they wield today. I feel consolidation is the way forward for bulk of the players in the PSI under the current stressed market scenario. A thought leader and an action catalyzer rolled into one – Anil Puri is a rare combination of a visionary, and one who has mastered the art of strategic and tactical thinking to the core. He has been using this combination to seed new ideas and to lead them to their implementations on ground. This has been a consistent feature of his career. He has been keenly watching the widespread turbulence in the PSI due to COVID 19. The pain is not temporary in nature but permanent in its attributes because of multiple factors. He visualizes that PSI is heading down to consolidation phase. Here he analyses the nuts and bolts of the consolidation and examines the option if consolidation can be one of the growth strategies in the current stressed market scenario.