How Ryder System Focuses on Incident Prevention for Security Success

For the fifth year in a row, FORTUNE has named Ryder System, Inc. as one of the World’s Most Admired Companies and one of the leading five companies in the Trucking, Transportation, and Logistics industry. This honor is due in part to Ryder’s “world-class safety and security programs,” which are helmed by Bill Anderson, Group Director of Global Security.

“I think what really sets Ryder apart is our management culture,” says Anderson. “We’ve always had a very entrepreneurial culture within the organization, and our operations managers, at the local level, are considered captain of the ship.” Since each manager is accountable for everything from employee morale to customer satisfaction, safety and security is also seen as a serious responsibility. “The people at the local level are really our first line of defense in terms of protecting our people, our assets, and our customers’ inventory,” Anderson says. “They’re looking at it as a local security program to do what’s right for their people and for the company.”

Along with the local management culture, Anderson cites the prevention of security incidents as the other component of Ryder’s recipe for a top-notch security program. “When we have a security incident, that’s a failure,” says Anderson. He acknowledges that it’s easier to chase after the next investigation than it is to set it aside and work on prevention instead. “Even in an investigation, we don’t come at it necessarily from a ‘whodunit’ aspect as much as how did they do it, how did we fail to prevent it, and how can we prevent it from happening again. Our focus is prevention.”

Anderson notes that even if you’re successful in identifying a thief, for instance, it’s both time- and labor-intensive to investigate, and the majority of these types of cases never make it to court anyway. “Crimes against a company typically take a back seat for a prosecutor, so you can really spend a lot of time and effort to get one out of 10, or even one out of 100, cases prosecuted,” Anderson says. “You’re better off focusing on preventing the next case than trying to solve it and put somebody in jail.”

Anderson sees prevention as the biggest key to mitigating risk while also supporting the company as a whole, and it’s the area on which he focuses most heavily. No matter how well investigated an incident is, every single one still has the potential to erode customer confidence and employee morale, and it takes the team’s time and energy, says Anderson. “If we don’t have the incident, then we’ve mitigated the risk, and by preventing it, we’re supporting our enterprise because we’re keeping our employees happy, our customers have confidence that their inventory is secure, and our operations can focus on making deliveries or making rentals, instead of having to gather evidence or arrange interviews.”

When Anderson began his role in 2002, there weren’t any standardized procedures for things like incident reporting, workplace violence or access control. Building a security management system with documentation was one of the changes he initially implemented. “Along the way, we started venturing out into other areas that set us apart a little bit from the competition in terms of customer screening,” says Anderson. Ryder now has a vigorous customer screening program for customers who are renting trucks.

Supply chain security and trade compliance are other areas Anderson has been building up. This requires keeping current with customs regulations and getting involved in voluntary supply chain security programs such as the Customs-Trade Partnership Against Terrorism (C-TPAT) and Partners in Protection. Since trade compliance involves complying with customs regulations, Anderson has found that the two are closely associated. “Even though they are two different disciplines, a lot of good things within trade compliance that we manage help us maintain control on a supply chain security program,” he says.

For example, in order for a truck that’s coming into the United States from Canada to use the fast lane, it has to have a transponder so that when it gets to the fast lane, the customs agent knows which vehicle it is by the manifest, which is sent to the border an hour or two before the truck gets there, says Anderson. “By controlling those aspects, we have visibility into which of our operations are crossing the border, and those operations have a higher security net over them because they have to deal with all of the requirements for C-TPAT and so forth. When we’re dealing with customs, we have a much broader scope internally because we also deal with all of the compliance issues for moving goods across the border.”

Upgrading to a cloud-based security incident reporting system is yet another initiative Anderson has going at Ryder. This will enable people out in the field to report security incidents on a more robust platform that delivers more tools for investigation. “With an organization as large as Ryder, keeping track of all the various incidents and how many you’ve had and what the trends are gives us better analytics which will, hopefully, help us to focus our security and prevention efforts,” Anderson says.

A smaller, yet important, change Anderson is implementing is centralizing physical security technology, such as alarm monitoring, which up until recently has been chosen and purchased at the local level. “After years of that, we’ve got a lot of disparate technology, different vendors and different providers, so we’ve been working for the last few years to centralize all of our alarm monitoring under a single vendor,” says Anderson. This allows his team to audit areas such as alarm response and how alarms are being used, as well as making sure the systems are being serviced and maintained. “It gives a lot of ability to provide oversight for the company, but it also provides support to the field so that this isn’t necessarily something they have to deal with,” he says. If an alarm breaks down, for instance, local managers can let Anderson’s team deal with dispatching repair technicians instead.

There are many security challenges involved with having a large fleet of vehicles as Ryder does. Issues such as vehicle theft, keeping track of the numerous vehicles in the fleet, the potential of a Ryder vehicle being used in a criminal or terrorist act, and keeping up with the technology criminals employ all keep Anderson’s security team hustling. “Even though it’s somebody else who stole our truck, the negative press always comes back to us, so it’s important that we respond quickly to that,” Anderson says. Customer screening is one deterrent to these challenges, as is retaining GPS on the majority of the vehicles, as well as making sure response time is fast when issues do arise.

“These aren’t opportunistic crimes,” says Anderson. “Nobody walks out and says, ‘Oh, there’s a truck there, I’m going to steal it.’ It’s generally well-planned, well-researched, and they know what they’re after and what the truck’s route is. They’re highly organized, they’ve got their own anti-security technology, and you’re relying on local managers, for whom, for the most part, this is a rare event.”

Indeed, maintaining vigilance at the local level is a major challenge for Anderson, especially because Ryder is so decentralized. With a large number of employees spread over 800 locations in the United States, plus a number of worldwide locations, “you’re asking those managers to spend a lot of effort,” he says. “They’ve got to train employees, do yard checks, inspections, follow up with drivers, and you’re asking them to expend a lot of energy to prevent what for them might be a once in a lifetime event.” Because of this, he makes sure that what he asks them to do is efficient and practical.

Ryder’s C-suite is not only supportive of the security department, they’re actively engaged in security management. During one particularly high-profile incident several years ago, Ryder’s CEO scheduled a conference call for the next morning with the entire rental team, which consists of thousands of people, and explained to them his expectations for what they should do security-wise on a daily basis until the crisis had been averted. “I didn’t have to schedule the conference call, I just had to attend,” Anderson says.

Centralization is one of Anderson’s long-term goals. Though the security team has expanded in the United States, Canada and Mexico, it maintains a corporate security role that he’d like to see become more standardized and get closer to local operations. “We tell people what they’re supposed to be doing and then we make sure they’re doing it, but they’re the ones that are ultimately setting the alarms, maintaining the facility systems, and so forth,” Anderson says. “As we move forward, we’re trying to move closer to the operation, to be a part of a process in the field that’s actually doing security at the local level…rather than just telling them what they’re supposed to be doing and then coming in like a seagull and auditing them. We can actually be a part of helping them solve the problem.”

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.