The problems, due to poor standardization of executive protection, are well known.
The lack of shared standards makes it difficult for clients to distinguish good from bad executive protection programs. Unless a client organization has a deep understanding of why quality matters, what drives EP program quality, and how quality relates to cost, it is difficult (if not impossible) for them to appraise the real value of an EP program objectively, or to compare one program to another.
In our experience, very few procurement departments have such an understanding of executive protection. Evaluating competing responses to RFPs easily ends up in comparing apples to oranges. The bias toward choosing the lowest price is often not overcome by considerations of “total cost of ownership”, actual risk mitigation, and the costs of replacing non-functional programs with something that works.
But this lack of shared quality standards creates problems for us as an industry, too. Anyone can call themselves an EP company, hang up their shingle, and open for business. Fly-by-night operators, local mom-and-pops, and serious players with worldwide capabilities all end up next to each other in the Yellow Pages. Just google “bodyguard” and see what shows up in the news.
Poor standardization also creates problems regarding training – for both employees and employers. Different executive protection schools teach to different standards, namely, their own. If you pay and show up, you usually get your certificate – no matter what you actually learned – since there’s rarely any real evaluation of individual learning or capabilities. Individuals who want to work in the industry may end up wasting time and money on poor or irrelevant training. EP providers and corporate programs may end up having to retrain people constantly. As we pointed out in a blog a few years ago, in many U.S. states, the people who do manicures and pedicures have much more rigorous training standards than the people who protect the captains of industry.
ISO 9001 certification is an ongoing process – and mindset – with many advantages
Like a lot of good things, changing attitudes to quality and standardization happened only gradually. Some security providers didn’t understand why they couldn’t simply pay to get their company’s quality processes rubberstamped. It took a few major insurers years to integrate the certifications into their complex IT systems. Still, although there were plenty of challenges and change did not occur overnight, experience with these quality standardization processes has been overwhelmingly positive in Denmark’s security industry.
Clients like it not only because it makes it easier to buy insurance and compare apples to apples in RFP rounds, but also because it provides significant advantages regarding compliance and liability issues. When corporations have their own quality management systems, as most do, having ISO 9001 certified vendors makes life much simpler.
As an EP company, ISO 9001 certification has had a huge impact on how we operate. To put it simply, improved focus on quality management improves quality. The ISO 9001 process forces you to look at the parameters that impact quality, figure out how you measure whether and how you live up to these parameters, define processes for dealing with quality gaps, and submit to regular internal and external audits to ensure that you’re doing what you said you were going to do.
The upshot is that we don’t keep repeating the same quality mistakes over and over. When quality breaches do occur, we have a process that makes us look at our systems and figure out how to prevent them in the future. ISO 9001 certification is by no means a panacea: if you set out to deliver mediocre quality, then ISO 9001 only helps to ensure that you deliver that mediocre quality consistently. That said, we think most companies would agree that if you embrace quality management and use the ISO 9001 processes as they were intended, good things happen.
A modest proposal for standardizing the EP industry in the U.S.
Could something similar be done in the U.S. executive protection industry? We think so – even though there are clearly significant differences between a small EU country and the huge U.S. market with its many federal, state, and local differences.
Some key success factors should be the same, no matter where the standardization process occurs:
- Standardization should be voluntary, not mandatory if you want to avoid the trap of falling for the lowest common denominator.
- Standardization processes should be driven by industry associations or at least groups of companies and interest groups, not any one particular company.
- Both providers and purchasers should be involved, and both should benefit.
- Certification should be done through an existing and proven quality management system, such as ISO 9001, with thousands of successful implementations worldwide.
- Certification does not have to be simple, but it should not be overwhelmingly difficult, either. It must be accessible and affordable to large and small companies alike, even if the least professional mom and pops might find the process too daunting.