Security Consultant Frequently Asked Questions

There are many definitions given to the term security risk assessment.  According to ASIS International’s manual, Protection of Assets: Physical Security, a security risk assessment is “a fundamental examination that can include review of documentation, policies, facilities, technology, protection strategies, staffing, training, and other key indicators to determine the present state of the protection program (security) in an effort to identify deficiencies and even excesses, in order to make recommendations for improvement based on proven methods.”

In fact, the actual process of identifying security issues has been called many different things. Some of the more common names assigned to this subject have been security assessment, security survey, security audit, and risk assessment, to name just a few. Generally speaking, they are all going after similar goals of identifying security weaknesses, risks and even excesses, and then formulating a plan to address the findings.

As part of our assessment, all characteristics of the security program are looked at as identified above, and vulnerabilities and risks are identified. We will be looking for cost savings or ways to make your program more efficient; improved utilization of existing technology; existing training programs; policies; post orders; lock & keys systems; and many other things. We will then make recommendations for improvements based on proven industry standards and best practices.

Protection Management LLC can assist your organization in all parts of the improvement process.  Some of our clients have internal resources available to them and can often implement the improvements without outside assistance.  In some cases, they might only need minimal outside assistance, or in some cases, they may have our firm manage the entire process and fill the role of project manager.

We have had some clients that have felt that their internal resources could handle the improvements, but asked us to be available as needed for mentoring or technical assistance. In the end, the role that we can play in assisting with the improvement process is tailored to each client.

We can help with writing RFPs-RFQ’s-RFI’s and preparing bid specifications as needed, as well as screening responses and assisting with the development of security policies and procedures, post orders and conducting training for staff.

No. Protection Management LLC will never use your business name or what services we provided to you in our advertising or marketing programs. If our potential client requests references and you have agreed to be a business reference for us, we will pass on your contact information only; not what services we performed for your company. In reality, our past clients are only contacted 1-2 times per year at most, so there will not be numerous calls.

Due to the sensitivity of our work we maintain the highest degree of confidentiality for our clients and the services for which they retained us. All of the information that we receive as part of your project, as well as the recommendations we make to you, are held in strict confidence to the extent permitted by law.  You can trust us to keep your information confidential and secure.

No, Protection Management LLC does not sell or provide security related equipment or guard services.

As an independent security consulting firm, we are not affiliated with any manufacturer or vendor of security equipment or guard services, nor do we profit in any form from a client’s selection of vendors or contractors to add, remove, update, or replace security equipment. The principal objective of Protection Management LLC is to assist our clients by using our extensive knowledge and proven methods to insure that the client receives the maximum protection for their assets, as well as the most use and benefit from their new or existing security resources and measures. Our professional advice and recommendations are solely based on our clients’ needs.

Yes, Protection Management LLC has assisted organizations and their legal counsel in legal matters. We have testified or been deposed in legal cases in both state and federal courts, and for both criminal and civil cases. For more information, please give us a call, or have your legal counsel call us, so we can determine if we can assist your company.

If you do not have anyone on staff that is trained to conduct the security risk assessment, it is best to retain the services of an independent security consultant to perform the assessment. By independent, we are referring to someone who is not working for a company that sells guard services or security products. What is often the case is that a “security consultant” that works for a guard company or sells security equipment will be trying to sell you products or services that you may not need or want. A security consultant that is independent is not trying to steer you in a direction to purchase anything. Many security companies call their sales people “Security Consultants” yet their job is to turn their prospects into sales leads and future customers for products or guard services. If anyone is suggesting that a client purchase a product or service from their company as part of their assessment or consultation, they are not independent.

That is such a broad question and one that is not easily answered. First, most businesses do not have or need a security department. However, whether or not you choose to have a dedicated security department is really based on your security risks, laws or regulations.  As for the risks, you first need to ascertain what your risks are based on vulnerabilities, a threat assessment, and the number of crimes or security incidents at your business location. The best way to determine all of these factors is to conduct a security risk assessment. A professional security consultant can answer all of your questions and insure that your risks are identified and mitigation steps are in place. In the end, the security consultant may suggest a security presence to some degree, but before you go and spend your time and money to form a security department, it is best find out if you really need one. If the consultant does recommend hiring security staff, they will provide you with the justification for the need, and they can assist you in setting the department up and getting the staff trained.

First, I would refer you to the question and answer above. Second, if you chose to start a department from scratch, it is best to seek out an experienced security professional that has a background in developing security departments. This can save you a lot of time and money if you have someone that knows exactly what to do and how to do it. If you prefer assistance with getting the department going, and would like a security professional to mentor a new manager, then you may want to consider retaining an experienced security professional that can be an interim security director, or retain the services of a security expert to provide mentoring services. There are only a few security experts that will offer mentoring services, and even fewer that will provide interim management services. Protection Management provides both interim security management and mentoring services. Give us a call for a free consultation, and we will discuss your options.

Very good question, in fact, this question has historically been discussed by thousands of security practitioners over the years and still to this day it is being discussed. There is no easy answer to this question, but suffice it to say it all depends on what your needs are, and what all you want the officers to manage. There are some formulas that have been tossed around over the years, and some people have also used the square footage measurement to determine how many officers to hire. However, what is really comes down to is determining what you want to protect; what you want security to do; where you want security officers to work; and what hours you want security coverage. The number of managers or supervisors is tied to the number of officers and shifts, so once you know what size of department you want, you can fairly easily ascertain how many management personnel you require. Like many other answers on this page, you first need to conduct a needs assessment which can be completed the same time as your security risk assessment. Once you have done this, you will have your answers on paper along with a plan to move forward to secure your facility.

Not always is the short answer. However, you need to assess your risks and determine your needs formally before you staff 24/7 or cut back staffing. There is so much technology out there these days that you may be able to secure your facility without officers 24/7. There are also guard services that provide spot checks of properties at night, which in the long term saves you money because you do not have an officer or two on duty at night only doing a few rounds. If you have 24/7 coverage, and you are considering cutting back, it is best to properly assess the risks of doing so before you make that move. If not, you may find yourself in the situation where your intent was to save money, but in the end you realize a major loss, or you find yourself in a civil litigation case for Negligent Security. In other words, if you have security risks that you fail to identify and mitigate prior to cutting staff, those may manifest themselves into a civil case when someone on staff or a customer gets injured or killed. Know your risks and address them all before you make any security cuts.

When organizations have made this decision in the past, they likely did so based on several factors, such as costs, control, and experience.

If you are looking for the cheapest route, you may go with contracting out the service. You will often find that contract security companies will be less expensive than proprietary staff, mainly due to the fact that they pay the officers less and often will often provide the officers with few benefits. Companies also have often commented on the fact that they do not have to train the security officers or worry about staffing, because the contract security company has to deal with those issues and many more. The downside of contract officers is that there is often high-turnover within these companies, and their staff’s training and experience is often limited. Hiring your own officers will likely cost more, but you will have more control over the officers, and proprietary officers have been known to be more committed to their jobs and better trained. Remember that less is not always better, so the dollars that you save today may end up costing you more in the end.  Our best advice is to research this very carefully and only make a decision once you have determined the pros and cons of each way. Feel free to give us a call to discuss this, and keep in mind that we do not provide guard services, but we do provide honest and independent advice.

Enough to get the quality of staff and the protection you are seeking. Realistically speaking think about what it is that you want the officers to do, and determine how much that service is worth to you. If you pay too little, do not be surprised with high-turn-over. Security officers on average make between $12-$17 an hour, and again it is an average. Some officers receive only $8-$9 an hour, but for that you are not always getting quality staff. On the other end of the spectrum, I have seen officers making $25+ per hour, and when they are that high, you are talking about professional security officers and likely they have police or military experience. Another factor to consider is your location, as some parts of the country will pay a lot more depending on the costs of living in an area. Some Human Resource departments conduct salary surveys with other similar companies, or they subscribe to resource services that provide pay scales. But remember this, you must insure that the information that you use is comparable. What we mean by that is that if you have proprietary officers, you must make sure that any salary information you are evaluating is for proprietary staffing and not contract security officers. As mentioned elsewhere on this page, contract officers are notoriously paid less than proprietary security officers.

Not always. We would suggest that before you arm your officers, you conduct a needs assessment and security risk assessment. Keep in mind, too, that even though you may not arm your staff, they may in fact be armed. When conducting security risk assessments in the past, we have found security officers to be armed even though their company policy prohibited it. You have to stay on top of this and manage your risks with whatever decision you make. If your security staff is asking for weapons, you really need to find out why, and what risks the officers are facing. Before any weapons are approved, be sure that you have a Use of Force and Force Continuum policy in place, and be certain that all officers are properly trained. If you are seriously considering this, or wish to ascertain if any type of defensive or offensive weapon is needed in your organization’s security department, we have experience assisting with evaluating the need for any weapons; policy development; training; and risk management practices.  For additional information on any of this give us a call.

It depends on what they will be doing. In many cases, a flashlight and radio is what many officers carry. In some cases, they might be carrying handcuffs, a baton, Tasers, or firearm.  However, before you arm someone with anything other than a radio and flashlight, determine the need for anything else. Even handcuffs can be a liability for your company if the officers are not properly trained by a certified instructor. We have assessed some security departments that have been armed and yet there was no need to arm the officers. Somewhere over time someone decided that the staff needed to be armed, yet there was no justification for such. Remember this, there may be a need to arm staff, but do your due diligence up front prior to arming officers, or you may be facing a Use of Force civil suit.

We get calls several times each year where we are asked this question, and the best way to answer this question is to seek the services of an outside security expert to come in and conduct a full assessment of your security operations. When we speak of “Security Operations” we are talking about everything from your campus security measures to every part of your security department. We are also often asked to evaluate security management personnel to insure that they are managing the program properly. In most cases they are, and in the other cases we have assisted them in making positive changes.

We would recommend that security report to the highest level possible in the organization based on your organization’s value in the program. In other words, our recommendation would be to have security report to the CEO/COO or similar VP level. All too often we find that security management reports to other managers that have no security background, and because of this, there are several layers of management between security and the true decision makers. As an example, in many corporations the Compliance Officer or the Risk Management Officer reports directly to the C-Suite, and this is because the C-Suite wants the direct connection due to the risks. Just remember that the more layers you have between security management and the administration, the higher the chances that security risks will go unchanged, and that will likely increase your risks for losses.

Many states have security officer licensing laws. However, some of those states require that only contract security officers (those that work for a security company) be licensed, and proprietary officers (those that work for your company and are paid by your company) may not be required to be licensed. Contact the Department of Public Safety in your state to determine if your staff has to be licensed or not.

As a side note, some states also require that your security department have a state issued license, and that all officers must receive required training annually. So be sure to find out if your state requires either of these things.

Yes, we can. The most challenging time for many companies is that time when they realize that their security risks are getting to the point where they have to consider implementing a formal security program, yet they do not know how to go about it.

Protection Management’s leadership has helped many organizations through this period of transition, and we have assisted in taking existing security departments to the next level by structuring a more professional security program. As a standard practice, we would recommend that a Security Risk Assessment be conducted as the first step in developing a program or changing any existing program for your company. This assessment will identify your company’s security risks and vulnerabilities, and it helps establish priorities for how security will be managed at your company.

Yes, we understand that certain industries have special needs, and we always respect our client’s requests. We will design a security program that works within the specific environment that our clients desire.  Our job is to assist the clients in finding a workable solution that will maintain their desired environment yet also provide for an acceptable level of security measures that will reduce or eliminate risks.

When you work with Protection Management LLC, you can rest assured that we understand your needs, and we will work with you to keep your environment as open and user-friendly as possible by providing your company with the tools and knowledge to maintain your safety & security measures for your staff and customers.

The best way to determine the current state of your security program, and to identify all security risks, is to complete a Security Risk Assessment. This assessment will establish your current baseline for safety and security and will measure your security operations against industry standards and best practices. During the security risk assessment, we will evaluate all aspects of the security program and identify any risks and vulnerabilities. You will be provided a detailed list of recommendations based on proven practices and industry accepted guidelines. Any opportunities to reduce operating costs will also be identified, and our recommendations will be fully addressed within our formal report. Our goal is to identify your security risks and vulnerabilities and give you the recommendations to correct any deficiencies or excesses.

Protection Management, LLC, utilizes the most comprehensive assessment processes in the security industry. When you receive our report, you will have detailed information and comprehensive recommendations to make positive and meaningful changes to your security program.  Our assessment reports are widely described as thorough and easy to read, and the report is written so that a person with little or no security background can understand the findings and recommendations.

Our recommendations are practical and proven security measures with corrective actions that can be understood and implemented with minimal effort. Unlike some security consultants, we stay away from making overly broad recommendations that are complex and often nearly impossible to implement without expending thousands of dollars and hundreds of hours. We also understand our client’s existing culture and operations to insure that our recommendations work best within your existing operations whenever possible.

Our reports are not canned text or boilerplate materials like some software programs or other consultant’s reports, and they are all written based on your business and existing security.  While some consultants have an inclination to add volume to their reports by inserting fill and irrelevant materials, we only provide detailed information based on your security operations. If we use information as a comparison, we do so with a full explanation of the intent, and what it is we are comparing.

Photographs will be used within the report when it is needed to provide more precise information regarding a finding or recommendation.

We provide you with an electronic copy of the recommendations so that you can easily track your progress in implementing any changes or addressing any of the recommendations.

Finally, many security consultants give you a report with recommendations, yet they do not provide you with any idea of what your next step should be.  Protection Management LLC goes that extra step and provides you with information on how to proceed once you have read the report.  Our recommendations are listed in order or priority as we see them, yet you can easily adjust your priority rankings as needed. Our intent is to provide you with a listing of the most important things first, and follow it with recommendations that can be implemented later as desired.

Yes, every report that we author has an Executive Summary at the beginning of the report.  The executive summary will identify the most relevant findings with the basis for such.  This summary is a high-level snapshot of the report’s contents and along with the recommendations can be provided to your administrative team if they choose not to read the report in its entirety. 

In most cases, the answer is absolutely! Once you know what your security risks are, you may be able to make some minor changes to addresses those risks without the long-term expense of hiring more security staff. In other cases, you may need to make some environmental changes to the property that better manages your security risks following the Crime Prevention Through Environmental Design (CPTED) concept. This methodology is based on the principal that you can design your facilities to reduce your crime risks.  Normally the CPTED method can be incorporated into construction or remodel plans and reduce the costs for security over time.

We can provide services on an hourly basis plus expenses or on a fixed-not-to-exceed basis which include all expenses.  We have found that clients want to know their project costs up front and do not like the increasing costs and open budget process that an hourly contract entails.  Since most clients want to establish a firm budget upon retaining our services, our normal practice is to offer the fixed fee pricing model. In short, there is no such thing as a “Ball Park Figure” and anyone that throws you a number will likely be on the high side, or may low-ball to pull in a client and then add change-orders to increase the bottom-line.  Worst case scenario is that their low price may, in fact, be a result of their lack of experience, and they will cut rates to get some work.

The nice thing about a fixed cost assessment is that you will know the exact costs of the project up-front. The only way the cost will change is if your company wants to add additional work to the project. In the end, it all comes down to the size of the project and how much time is required to complete it.

Protection Management LLC will provide you with a written proposal that will address the budget and all other information needed to complete a security risk assessment, and we will provide that to you at no cost and with no obligation.

On average, it takes about 20-30 days from the time we formalize our agreement to the time we arrive onsite (In urgent cases we can be onsite sooner depending on our existing schedule).  Our written proposals will identify the project’s schedule in advance of starting so you will know precisely when it will commence and end, as well as when you will have the final report of findings.

To give you an average on how these projects work, once onsite our security risk assessment takes between one and five days depending on the size of the project. Before we leave your site, we will conduct an Exit Conference where we will verbally identify our findings. Normally speaking within 10-15 business days after we have departed your property, the final report will be shipped back to you.

That is your decision to make, but we have seen where clients wanted all sites to be evaluated, and then there have been organizations that wanted the project to focus on a specific site for a specific reason. We would recommend that you give us a call, so we can answer your questions; but in the end, we will work with you to determine your need and plan the project accordingly, and we will both know up front what the project’s scope will entail and what sites are covered.

On average, the industry standard is every three years. However, there may be changes in your business that necessitate additional partial or full assessment, and you may need to reevaluate your security program sooner depending on security incidents and/or threats.

Although we would be surprised if a client did not act on our findings, since you even are asking this question, we would suggest that you need to speak with your legal counsel regarding this matter. This is a legal question that should be answered by your attorney.

Security Risk Assessment reports like most other documents can become an issue during the discovery process of any civil litigation. Some clients have requested that we provide only a verbal report of findings verses a written report. We can provide such if you are concerned about liability exposure. Again, this is really a legal question, and your legal counsel should be consulted if you have concerns in this area.

Yes, we can provide as much or as little assistance as you require. Some of our clients realize that they do not have the time and/or expertise required to execute the recommendations and instead choose to retain us to provide professional services beyond the assessment.  We also provide services “On Retainer” which insures that you will receive services as needed until such time your program is properly setup.

We can also assist with writing Request for Proposals (RFP); Request for Qualifications (RFQ); and Request for Information (RFI) for those cases where you are seeking information or bids from security vendors.  In addition to that, we can assist with preparing bid specifications; selection of vendors; specification for security products; the development of policies and procedures; and conducting training for staff. We also can assist in the new hire screening of security management staff, and provide new staff with mentoring services onsite or online.

We have specialties that we have extensive training and experience in; however, security is basically the same in all industries, yet it is applied differently depending on the type of business and the clientele served.

Protection Management LLC has an extensive background in healthcare security. However, our knowledge of the security industry and loss prevention strategies is such that we have worked with clients from many types of businesses and industries. We have performed security risk assessments in retail settings, tourism destinations, manufacturing facilities, warehouses, hospitals, lodging/hospitality, distribution centers, corporate headquarters facilities, pharmaceutical centers, transportation facilities, and numerous other settings.

The last few years several employers have made the decision to downsize security staffing due to budget cuts. There are several things to consider before you downsize, so that you do not place your organization or your customers at risk.

First, you should weigh your options and seek out expert advice on how to manage the process.  Reducing or eliminating security staff can increase your liability exposure, cause morale issues with the organization’s staff (not only in security), and it may cause a void in services that will need to be managed by others.  Prior to any staff reductions, it would be advisable to conduct a security risk assessment to determine where your program is at, and what affects a downsizing will have throughout the company.  A security expert can identify possible security technology and equipment that can minimize some of the loss in staff or services.  They can also assist you with the planning and transition periods and identify most if not all possible vulnerabilities that may result due the change. Since this type of action has so many different risks and mitigation strategies, and that would require pages of information to answer this question, please give us a call for a free no obligation telephone consultation.

When it comes to methodologies for conducting security risk assessments, there are many that are commonly used. These include the method published by the Department of Homeland Security, ASIS International, IAPSC, as well as the CARVER and RAM methodologies.

Our approach is to study and apply principals of each of the methodologies available, yet we do not primarily follow just one.  We continuously monitor for the latest developments and changes in security risk assessment methodologies, and our practice is to take the preeminent techniques from each methodology and merge them to conduct a comprehensive assessment.

Yes, we do offer professional services for special event security planning. Our company CEO, Mr. John M. White, has participated in the security planning, coordination, and post-event debriefings of gatherings in excess of 100,000 people and the estimated 30,000 vehicles that they traveled to and from the event in. Our approach would be to complete a risk and vulnerability assessment of the location for the event and meet with the key players of the planning and event staff. We think outside the box when it comes to security planning, and we have experience working with local and state government agencies, law enforcement agencies, military installations, and mass transit systems in an effort to insure that the event is coordinated with any and all entities and services that may be impacted.

Look at it this way, an independent security consultant is a professional who makes their living providing expert security advice, and they do so without selling their clients security equipment, service contracts or guard services.  What that means to you is that when the independent security consultant gives you expert advice, it is based on the client’s best interests rather than the consultants desire to sell a specific product or service.

Another benefit of an independent security consultant is that they are an expert third party.  Their approach should be to look at your company from an unbiased perspective, providing you advice based on their expertise.  Security consultants also can dedicate the time to your project without having to handle management tasks that come up, and they will focus on your project full time until it is completed.

There are numerous people selling security equipment or guard services that call themselves “security consultants.” We have worked with many of these professionals over the years, and we are not disputing that they have knowledge of their products or services. However, many of these “security consultants” do not understand the complexities of security management and operational issues to be a genuine security consultant.

Another way to look at this is a person that designs and installs camera systems is not likely to be current on the prevention of workplace violence, threat assessments, security training, security laws, best practices and the countless other multifaceted security concerns that one must plan for and respond to in our present day society.

Yes, we have the experience to help draft the documents, and we can also assist in the screening of responses, which can include onsite meetings and interviews.

Yes, we can assist you with both of those services. Give us a call, and we can discuss your needs and schedules, and determine the best way possible to meet your goals.  We also can assist in the screening process of security management positions, and we can provide your company with the expertise to understand what type of experience and backgrounds of applicants you should be seeking.