Tribune Company’s Rob Holm sees quality security response as a means to create an effective program as well as manage the enterprise’s resilience and reputation needs. Photo by Chris Walker/Chicago Tribune

Quality response can mean myriad things to many chief security officers and security directors.

It may be quickly answering a call for assistance in a parking garage. Or helping another company department or plant manager improve his or her level of security. There is always the need to respond to the chief executive officer in meeting business and budget goals.

It may be as simple as having a security officer on patrol answer a visitor’s question or help start a stalled car.

On the electronic side, security systems from video and card access to intrusion and communications are often measured on their quality responsiveness.

Then there is trying to save an employee’s life during a medical emergency.

Tribune Company’s Rob Holm knows a lot about quality response.


Just recently security officers working for the vice president/corporate security services faced a medical emergency while awaiting for emergency medical technicians.

“It shouldn’t be complicated. To me, a quality security response is primarily based on the feedback from the customer. Depending on the situation, the customer can be an employee, visitor, witness, management, fellow co-worker, contractor or others. Providing excellent customer service should be the cornerstone of any uniformed security program,” said Holm.

Viewing it a bit differently, Ronald Mahaffey, chief security officer at American International Group (AIG), said that customer service “is and should be a concern. However, customer service cannot be at the expense of getting our job done. Whether dealing with employees or the public, the security staff needs to remain focused on its mission.”

For John Imhoff, director, Office of Firm Security at Ernst & Young, quality security response also centers on compliance issues.

“The degree to which compliance activities affect the CSO’s duties depends on various factors such as industry sector, span of duties, size of the company, nature of goods and services provided and import/export activities to name a few. If a CSO has aspects of OSHA, HIPAA, CTPAT or any other of almost innumerable federal safety and security directives in his or her purview, regulatory obligations are substantial,” observed Imhoff.

“The U.S. Government asserts that 85 percent of critical infrastructure is controlled by the private sector,” he added, while stressing the essential importance of quality response. “You don’t have to scour the popular media hard to find examples of less than optimal public/private coordination in the wake of a crisis. The government at almost every level is striving to correct such deficiencies by promoting public/private crisis response and resilience as essential elements to protecting our citizens and way of life.”

“I certainly agree with strong communications, which says that the CSO and his/her staff are knowledgeable and competent,” said Ronald Mahaffey, chief security office with American International Group.


Not surprisingly, in Imhoff’s estimation, the pressure on quality response translates to increased government oversight.

“Title IX of the 9/11 Security Act passed in August has yet to show its effects and obligations to corporate America. That won’t be true this year. Its regulatory reach will be a significant factor for all CSOs without regard to industry sector. More regulation – despite the ‘voluntary’ nature of this legislation – is on the way,” added Imhoff.

Whether its between public and private organizations or between in-house security staff members, another key to quality response is teamwork.

Said Tribune’s Holm, “I emphasize the importance of teamwork and often use the analogy of sports teams. Most everybody understands that successful teams consist of players that play special roles or have unique talents, which makes the team better. And when they’re not playing they’re practicing (or training) to prepare for when they do get into the game.

“That’s not unlike a security officer team. It’s important to identify talents that each member has and exploit those talents by assigning each certain responsibilities. It’s also important to expose others to those that demonstrate desired skills and to crosstrain. The skill set of security officers must be cultivated regularly,” contended Holm.

People issues also play a crucial role on quality response for Ernst & Young’s Imhoff.

“Hiring and retaining quality security professionals, in my experience, has not been as challenging (as some would expect). I don’t manage a large staff of uniform personnel, so I can’t comment on that aspect. Aside from that, the greatest people challenge for security professionals today, and for the indefinite future, will be ensuring security leaders stay abreast of the most dynamic evolution the security industry has ever seen.

“A prime example is the convergence of technological security with traditional physical security demands. No longer are they easily distinguished. If the middle ground is unaddressed, there will be holes in a company’s security plan.” Spotlighting another key to quality response, Imhoff added, “Security professionals must also gain a comfort level with advanced technology they employ as apparatus – access control, security video, security networks, emergency communications devices and others.”

“For security to be effective, it must be integrated with operations, not an overlay or afterthought,” said John Imhoff, director, Office of Firm Security at Ernst & Young.


Of course, to ensure program success, there are numerous elements.

Said Holm, “I am fortunate to have a very talented, dedicated and professional management staff that is responsible for the day-to-day activities running the security officer program. The managers and supervisors casting their shadow upon the operations is where the quality of service begins.”

Ongoing training also is a key to quality response.

“It’s unrealistic to expect a security officer to retain the training he or she received two years ago and apply it in an emergency or very stressful situation. As a result, we conduct regular ‘mock’ drills that simulate a real medical emergency and actually grade the responding officer. We use this not as a pass/fail, but as a development opportunity by providing positive and constructive feedback. We also do this for bomb threats, fires, irate customer visits/calls and other situations,” said Holm, who added that security leadership having face-to-face time with the security officers is key.

Imhoff agrees as to the introspective nature of assessing quality response. “Corporate security operations serve the organization and its people or they are abolished or replaced. Corporate security managers’ customers are (often) internal. Those customers are our people. If the CSO’s customer base does not perceive benefit from security operations, that message will reach leadership and changes will follow. Effective security management listens for constructive critique well before that happens and addresses it as a matter of course.”

Quality response also calls for a sophisticated touch.

Added Holm, “Militaristic environments are not the way to manage and motivate officers. Individuals have diverse backgrounds, process information differently and are motivated by different means.”

Measuring response has its own obstacles.

According to Holm, security operations and their leadership should develop metrics “that are important and valued and aligned with the company’s goals and objectives.”

For Imhoff, measuring performance starts with solid security planning. “Security planning dictates what is to be measured. Any project is best measured by defining what a timely, complete deliverable is and its budget. Inevitably, there will be influences beyond the project team’s control. Transparently factoring and reporting these uncontrollables in timeline and budget management will save at project end.

“For ongoing operation, understanding what security operations are protecting and knowing whether that has occurred effectively and within budget underpins that case needs to sustain the operations.”

When all is said and done, quality security response is a business issue.

Concluded R. Scott McCoy, chief security officer at Alliant Techsystems, “Our customers tend to be the business units within our companies. We need to provide value and show a benefit. If we treat our business units like customers, which means asking their opinions and including them in solutions, everyone wins.”

SIDEBAR: Safeguard Corporate Reputation

When it comes to quality response, enterprise security leaders today are more focused on resilience and reputation of the organizations they work for.

That’s a focus already shared with chief executives officers and stakeholders.

For example, corporate reputation is increasingly able to either generate or rapidly destroy shareholder value, concludes a report by The Conference Board. The report, Reputation Risk: A Corporate Governance Perspective, provides recommendations on how to develop a robust reputational risk management process integrated within an enterprise-wide risk management program.

“The report increases the awareness of reputation risk as a corporate governance matter and offers guidance,” Matteo Tonello, senior research associate at The Conference Board Governance Center and author of the report, added.

The report makes the following recommendations for corporate executives:
  • Reach a common understanding of the concept of corporate reputation and tie its discussion to a comprehensive analysis of the firm’s stakeholder base. Corporate reputation oversight represents a formidable strategic opportunity to strengthen stakeholders’ relations that pertain to the company’s long-term business objectives.

  • Become familiar with management’s rationale for prioritizing stakeholder relations and be persuaded that the selected relations are instrumental to achieving the firm’s long-term objectives. In doing so, security executives and other insiders might attribute different importance to the same group of stakeholders, according to the degree of interactions they have experienced with such a group or the potential private benefit they may derive from certain relations.

  • Discuss and understand the nature of reputation risk as an effect of certain business operational incidents, not a separate and distinct category of uncertainties.

  • Help oversee the design and implementation of a strategic, top-down and holistic risk management program where all business events with potential consequences on the firm’s reputation capital are identified, measured vis-à-vis tolerance levels and appetite to risk, and addressed in a timely manner. Enterprise risk management enables the company to elevate relevant reputation issues, where they can be analyzed strategically and in relation to their possible impact on long-term shareholder value.

  • Security leaders and their management should oversee the determination of a proper response strategy to each risk category affecting corporate reputation. Response strategies should be chosen, among other things, on the basis of a resource cost-benefit analysis. Be skeptical of any attempt at restoring stakeholder confidence exclusively through savvy communication tactics, and request that response strategies fully address underlying operational risks.

Quality response at Phoenix Sky Harbor International Airport includes call boxes. Some of the Code Blue units are solar powered.

SIDEBAR: One Practical Side of Quality Response

Visitors to Phoenix Sky Harbor International Airport can simply push a button to summon help if they have lost their vehicle, have a flat tire, need a jump-start or lock their keys in their vehicle. With almost Code Blue 200 call box units, “it is just one more way (we) provide world class service to our customers,” said Phoenix Assistant Aviation Director Carl Newman.

These highly visible units are equipped with the signature Code Blue lights on the top which make them easier for both visitors and attendants to locate. The units also offer a separate emergency button that connects the visitor to the airport emergency dispatcher. Any time a button on the Code Blue unit is pressed, a two-way conversation is immediately initiated between the customer and the employee answering the call. “We were looking for an easy way for customers to be able to reach us in case of non-emergency situations, but also in case of emergencies. It’s so much easier now,” said Julie Rodriguez of Sky Harbor.