Ship security is becoming big business—but is it delivering a service in line with the risks that you need to address? Remember, your business is about moving persons and goods from one location to another so that they arrive at that location on time and in acceptable condition. If they don’t, you face not being paid, being forced to pay penalties, or higher operating costs in the future. You may also face losing clients that lose trust in your ability to maintain reasonable costs or even make delivery. If you hold a position of trust within your organization, you will someday find yourself having to answer one of two questions—were the measures that you took adequate to the situation or were the measures that you took really necessary and a worthwhile use of resources?
This needs to be answered in two parts. First, what is the risk to the vessel in terms of its transit? Is the vessel susceptible in some way to some kind of attack that could lead to the transit being interrupted, the cargo (or passengers) being lost, or even the vessel being taken? Each vessel is reasonably unique. They may share common characteristics depending on their class or type, but when you look at the vessel and how it operates as an entity on the water, it is now a unique being. The second question is how important is this transit to your company? Is the company relying on the transit in order to stay in business or is it simply one of many iteration of the same thing? Why is this important? Because the impact changes as the transit becomes more crucial to your organization’s survival.
As a person holding a position of corporate trust—either to the executive as a trusted advisor or to the shareholders as a capable executive—you need to have a sound basis for your answer if you are going to at least appear to be exercising your due diligence. You need to be prepared to answer why the services you are paying for, right down to the particular safeguards, should be considered an effective and efficient use of resources. That means that you need the security company to provide you with reasonable, logical arguments as to why they should be allowed to put administrative, physical (barriers), procedural or other kinds of protective measures on board your vessel. If they cannot provide this, you need to ask yourself whether or not the service that they are purporting to provide really would be adequate to the challenge at hand and, frankly, you will only be doing so based on luck, not on your exercising due diligence in making the decision.
In the security community, any security safeguard should be based upon a security assessment (often called the threat and risk assessment). In short, the safeguard is there to answer the question that the risk assessment asks the person responsible—is this level of risk appropriate and acceptable? If not, then you determine what steps or measures are put in place so that the risk is treated appropriately. What you should not see, is an immediate response to your question about how you would be protected unless the security company has examined those elements of the risk assessment that are needed in order to arrive at a logical basis for what they are going to propose.
Remember, risk management is more than simply addressing one of many issues. It is about appropriately responding to as many issues as possible in such a way that the delicate balance of operations is not disrupted inappropriately. You should not trade security risk for legal or operational risk where those other two risks would cause an equivalent or greater injury to your organization. Why? Because risk management is about being able to assure your organization and your clients that they can count on you to deliver on your own promises to them.
Some thoughts for ship managers and owners to ponder.
Allan McDougall (BA BMASc PCIP CMAS CISSP)