27-11draft

More documents

Recommendations

Info

Security Management protecting 50,000: As Rolls-Royce has 50,000 employees, the chances are - as world events prove - that when anything bad happens, a R-R worker is there and needs accounting for and help, the Security Institute conference heard. In brief n Rolls Royce uses the official UK police ‘run-hidetell’ video across its workforce to give commuters into London, for example, confidence in case of terror attack. For news of risk it uses Risk Advisory. n Matthew Drew has a first degree in law and a masters in risk and security management from Leicester University. He was a police detective, and went into corporate security. n What keeps him awake at night? “The insider threat.” Above and next page: Perimeter fencing and outdoor CCTV at the Rolls-Royce site at Filton, Bristol Photos by Mark Rowe 42 HAPPY ‘We were lucky we had a big house and a gate and could employ people to protect us when we needed it.’ Comedian Dawn French in the Sunday Times on racist abuse against her and then husband Lenny Henry. Matthew Drew, group security director for Rolls-Royce, spoke broadly about his work, for instance the ‘quite sustained attack’ on the company’s intellectual property, as rivals, whether other companies or nation-states, may seek to learn how R-R build aero-engines. The theme of the day was ‘security culture’, that Drew did cover in detail, stressing how security at the firm was based on ‘defining the behaviours’, both so that employees know what to do, and if they don’t follow the rules, there are consequences. Some of the risks to employees come from the company’s markets, and its evolving work. Forget luxury cars; this Rolls- Royce makes engines, for instance for the UK’s nuclear submarines. The firm has 400 sites, 100 in the UK, and across continents. He singled out Filton, in north Bristol, creating intellectual property; Security’s job, then, is to make sure that IP ‘stays in the building’. Saudi border But; half of R-R revenue comes not from selling engines, but from maintaining and repairing those engines already sold. Hence R-R staff may be in Saudi Arabia, near the border with Yemen (Drew did not say so, but for a while the Saudi air force has been bombing Yemen; and what he did touch on was that as part of the arms trade, R-R might face protests). Security also advises the wider business on what risks may be on the horizon, not only affecting safety of those maintenance staff, but plans. He gave the example of Iran, which ‘opened up’ two and a half years ago. International sanctions lifted and after decades the western world could do business with that country, including updating its passenger jets and aeroengines. In other words, because the aircraft makers decided to do business with Iran, R-R as a supplier NOVEMBER 2017 PROFESSIONAL SECURITY Corporate culture was pulled in also, despite, in Drew’s words, ‘a huge amount of risk for our people’. How to keep R-R engineers safe, in that unfamiliar country? Their personal behaviour in an Islamic country could (even in ignorance, not on purpose) compromise their safety, or Rolls-Royce’s reputation. Turkey shoot Drew gave Turkey as another example, where that country recently has seen terrorism, and an attempted military coup. R-R, then, needs to keep informed of what might happen in politics in such countries, and quickly; he gave the case of Kenya, where R-R people withdraw at election time, so that staff are not exposed to the risk of political violence. R-R has thousands of its people abroad at any time, including in what Drew called ‘high risk countries’ such as Nigeria and Pakistan; and even Iraq and Afghanistan. “We make sure all our staff are well-briefed before a trip.” Indeed, the employees cannot book their travel, without being briefed. “We have real time alerting for people; for example, if I was travelling to Saudi Arabia next week, our systems will recognise where I am and will push alerts about the country I am in, in real time.” Tracking When travelling to one of those ‘high risk’ countries, R-R does phone tracking; and can and does provide ‘incident response’. Matthew Drew gave the example only days before of the mass shooting in Las Vegas; about half a dozen R-R people were in the city then; fortunately, no-one harmed. In the last three years, he went on, the company has experienced kidnap and ransom; extortion; and serious injury, when caught in terrorist attacks. “And it’s really important when those things happen, all our staff know what is expected of them. One of the biggest challenges we face in driving a security culture ... it really starts with our leadership.” An intriguing glimpse into the corporate heights - and how indeed security does get heard when executives are personally feeling at risk - came from Matthew when he admitted that he might do a year without talking to the CEO; but he had a morning with him, briefing, when the chief exec had a business trip to Japan (near to North Korea that is, and at risk of a missile attack and perhaps worse). p www.professionalsecurity.co.uk p42,3 Institute <strong>27</strong>-11.indd 1 12/10/2017 11:01
Security Management On the Institute’s theme of ‘culture’, Matthew Drew indeed dwelt on ‘behaviours’. He mentioned the fine by the Serious Fraud Office, or rather the ‘Deferred Prosecution Agreement’ (DPA) completed in January. To quote the SFO director David Green in a September speech, ‘bribery had occurred in seven jurisdictions [Indonesia, Thailand, India, Russia, Nigeria, China and Malaysia] in three of its business streams touching three decades’. The penalty and costs, also to the authorities in Brazil and the United States, at about £670m ‘was equivalent to a year’s profits for Rolls-Royce’, Green noted. As an aside, that case shows the sheer size of a corporate and how hard it is to achieve compliance; the investigation was the SFO’s largest ever, costing £13m and covering some 30m documents. Behaviour But to return to Matthew Drew. He recalled a memorable line from an Institute conference speaker years before; that security is a behaviour, not a function. In that bribery case, you had people who thought they didn’t have to behave in an ethical way (in procurement); that brought Rolls-Royce those problems. “Security is the same,” Matthew said. “You can have a fantastic security function, and clear policies, but unless every individual feels some ownership, you won’t be a secure company.” Everyone who joins the firm is vetted, to a consistent standard. Their criminal and financial history, and right to work in the country, and social media profile and any views if expressed, checked. As R-R has 50,000 people, the company as Matthew said has experienced ‘just about every’ personal issue that can cause a reputational harm. A R-R team runs ‘high quality investigations’ so that if such behaviours have to go to law enforcement or an internal disciplinary process, evidential standards have been kept. Code of conduct He spoke of a ‘global code of conduct’, a commitment given when applying to join Rolls-Royce, ‘so that you know exactly what you are signing yourself up to. It’s very clear, it’s a very simple document, it leaves absolutely no room for ambiguity on the behaviours expected in the company’. Another document is the ‘global security policy’; again, sent out to people before they even join, so that everyone, security and nonsecurity jobs alike, understands the ‘core behaviours’ expected. It goes over basics, such as; you will wear a pass if you are in a R-R building, and if you don’t bring it, you go home for it. If you’re a manager, it’s your responsibility to brief your staff at team meetings on such security issues as ‘clear desk’. Matthew also aired something that Paul Grainge did at his Security TWENTY talk in 2015 in Newcastle; how to deal with unions. R-R factories, like docks, has a unionised workforce. Even small changes to security behaviour can be significant for unions, Matthew said. meeting the unions: If any new CCTV is fitted, unions will ask whether it’s not for safety and security, but to monitor time and attendance. Security meets with unions monthly, the aim to get unions to understand why such things as wearing passes to work are necessary. Here the threat of terrorism and risk to workers - and Security’s advice on the official lines of ‘run-hide-tell’ - has meant that unions have been the ones to report to their members, on security behaviour. On the insider threat, R-R doesn’t want to ‘recruit the problem’. R-R doesn’t want its intellectual property so locked down that it cannot be used; the company has to know where the IP actually is; but Matthew returned to security ‘culture’; workers understanding what unusual behaviour is, such as working odd hours, avoiding supervision, and drawing it to Security’s attention. Enabler As Drew added, he tries to drive security as a business enabler, not a cost. Drew’s direct line manager is the general counsel, who makes sure that every time the executive leadership team meets, at least one security issue is on the agenda. While his work is about flattening out risk, and managing real (and perceived) threats from terrorism, the recent acts of terror across Europe, in Berlin and Brussels for example, affect R-R people simply because they are in the vicinity. Likewise, the Westminster Bridge terror attack was 300 yards from R-R headquarters. Drew praised support from police; and stressed the first five minutes of an attack, figuring out where people are, and what to do for them. p About Rolls-Royce n R-R has customers in 150 countries; armed forces and navies, airlines, nuclear power companies. n Revenue was £13.8 billion in 2016, around half from ‘aftermarket services’. n Its recent engine sales include to the UK’s new polar research vessel the RRS Sir David Attenborough; San Francisco Bay catamaran ferries; and Bangladesh power stations. Below: An Emirates A380 passenger jet. The airline is among users of Rolls-Royce engines and service support Photo courtesy of Airbus www.professionalsecurity.co.uk NOVEMBER 2017 PROFESSIONAL SECURITY 43 p42,3 Institute <strong>27</strong>-11.indd 2 12/10/2017 11:01
Page 1: November 2017 Vol 27/11 £6.00 Idle
Page 5 and 6: Retail partner: page 18 www.profess
Page 7 and 8: Editor’s Comment Bright ideas and
Page 9 and 10: EURO 46 V10 One panel, versatile se
Page 11 and 12: ...You won’t find us on the web .
Page 13 and 14: EUROPE'S LARGEST HIKVISION DISTRIBU
Page 15 and 16: Connect your life to your home and
Page 17 and 18: Spotlight feature on: to store pict
Page 19 and 20: WE MOVE with trust that our product
Page 21 and 22: Guarding london property put to tes
Page 23 and 24: C M Y M Y Y Y K Woodhouse Fields Fa
Page 25 and 26: C M Y CM MY CY MY K The Ned A new c
Page 27 and 28: Comment need to re-engineer: Safe d
Page 29 and 30: Una Says ➬ wish to pay, especiall
Page 31 and 32: They see a well secured airport. Yo
Page 33 and 34: We are the UK’s Largest Authorise
Page 35 and 36: You don’t have to be an explorer
Page 37 and 38: STAY SECURE WITH SMART ID Smart Sol
Page 39 and 40: Dallmeier_S-Panomera_A4_Montage_UK_
Page 41: Security Management annual gatherin
Page 45 and 46: “More than just a Distributor”
Page 47 and 48: Spotlight feature on: KINGDOM SERVI
Page 49 and 50: Security Alarm Simple & Easy Instal
Page 51 and 52: st18 ad FT-45 FEED-THRU MODULAR PL
Page 53 and 54: MY MOTTO? TRUST WHAT SETS YOU FREE.
Page 56 and 57: IS NOW Combining thermal security c
Page 58 and 59: IS NOW Combining thermal security c
Page 60 and 61: Jobs So you want to work in televis
Page 62 and 63: Reviewing Books for professionals G
Page 64 and 65: TRADE ONLY CCTV DISTRIBUTOR WWW.DVS
Page 66 and 67: TRADE ONLY CCTV DISTRIBUTOR WWW.DVS
Page 68 and 69: Directory of Services access contro
Page 70 and 71: Directory of Services computer syst
Page 72 and 73: Directory of Services payroll servi
Page 74 and 75: The things you say Write to: Profes
Page 76 and 77: Training Manx courses The Universit
Page 78: Right drive, right application. NAS

27-11draft

Create successful ePaper yourself

Delete template?

Save as template?