Controlling Costs of Compliance
I recently had the opportunity to participate on a panel at the joint Chemical Security Regulatory Workshop with the Chemical Industry Council of California (CICC), sharing the stage with Lance Boyer, Regional Security Advisor, BP and Joe Olivarez, VP, Enterprise Security and Crisis Management, Western Hemisphere, Baker Hughes to discuss strategies for controlling the cost of compliance.
Mr. Boyer opened the program by first explaining BP’s corporate security organization and how the company manages security globally. He then briefed the audience on the various security regulations that affect BP’s U.S. locations and identified several compliance strategies that BP has adopted to manage the regulatory burden. These strategies included driving consistency among sites, ensuring frequent and current corporate communications are disseminated to affected sites, and developing security as a core value at BP – much like safety.
Following his presentation, Mr. Olivarez discussed how Baker Hughes manages and analyzes risk, and emphasized the importance of having the appropriate risk assessment processes in place. He also explained how Baker Hughes has standardized its security technologies, procedures, and training, which reduces the burden of re-training personnel who must move from location to location. For instance, where possible the placement of cameras, access control readers, and other security equipment is uniform across locations according to risk. Baker Hughes has also developed programs to directly budget and track the costs associated with security at an enterprise level – as it’s obviously difficult to drive down cost if you don’t understand what you’re spending. Standardization is definitely beneficial in driving costs down. This can be challenging for CFATS regulated sites since they have a level of variability based on Screening Threshold Quantity STQ), location, and Chemicals of Interest (COIs).
To begin my portion of the program, I discussed some of the strategies ADT AI has identified in developing physical security programs for regulatory compliance – and specifically compliance with the Chemical Facility Anti-Terrorism Standards (CFATS). I first described the difference between the facility- and asset-based protection philosophies. Using a hypothetical facility, I demonstrated how a site can use an asset-based approach to reduce the cost of implementing new physical security solutions while at the same time limit operational and safety concerns.
During the discussion, I also explained the difference between capital costs (e.g., one time equipment purchases and installation) and operating costs (e.g, ongoing maintenance, remote monitoring, etc.) and the importance of understanding and budgeting both. I then reviewed some common surprises that we often run into during security projects, including (1) environmental issues (e.g., soil remediation due to fence removal and installation); (2) timelines for obtaining permits and the importance of ensuring they align with the timelines included in the site’s Planned Security Measures, and; (3) local ordinances and codes which may limit the type of security measures and equipment a facility can utilize (e.g., local permit prohibiting the use of barbed wire on fencing).
Using one real world example, I demonstrated how value engineering, and specifically infrastructure design, can reduce the overall costs associated with security project costs. Certain types of fencing, for example, can act as the backbone for conduit to run fiber and power for CCTV, IDS, and lights. In a second example, I reviewed cost efficiencies for monitored video when compared to 24x7x365 guard services.
Each site is unique but it would help to contain costs if you can leverage standards while at the same time address the specific needs for each site. Various options should be reviewed so that the security plan will meet corporate and regulatory requirements and at the same time work with the company or site accounting and budgeting processes.
Stay tuned for additional information discussed on the Chemical Workshop panels.
~ Ryan Loughin
Copyright © ADT Security Services, Inc. 2011 - All Rights Reserved. Legal Disclaimer - Some of the individuals posting to this site, including the moderators, work for ADT Security Services, Inc. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of ADT Security Services, Inc. The content is provided for informational purposes only and is not meant to be an endorsement or representation by ADT Security Services, Inc. or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release ADT Security Services, Inc. from any liability related to your use of the Website. You also grant to ADT Security Services, Inc. a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.