Hotel companies are increasingly looking to merge their security and safety teams to do more with less whilst striving to maintain standards in both. The organisation merging is the easy bit; revision of organograms, shuffling of people, re-write job descriptions ‘et voila’!!!! As described in a previous blog, the tricky bit is delivering merged capability and perhaps even more of a challenge is maintaining the quality and capacity of security and safety risk management support to operations. We believe that this can be achieved by organisations significantly improving their internal intelligence collection, analysis and assessment without which there is little chance of deploying scarce security and safety risk management resources effectively. Critically, the use of internal intelligence can demonstrate continued due diligence in the management of such risk in the event of any challenge being mounted about the motives behind the reduction in risk management resources; ‘we can longer afford it’ or ‘other areas of the business have a higher financing priority’ is unlikely to bear legal or moral scrutiny.
Companies spend significant amounts on external, or protective intelligence, to identify, quantify and inform mitigation to security threats. This is understandable and laudable and needs to be continued but this intelligence is of limited use if a company does not have detailed insights to its vulnerabilities to standing and newly identified threats. Without this understanding, effective safety and security is impossible. Often organisations’ vulnerability intelligence is weak especially in less regulated sectors such as hospitality. To maintain security and safety risk management capability, companies will need to be more proactive and open to challenging vulnerabilities head-on. Therefore, hotel companies and portfolio owners need improved intelligence to identify and then support hotels that have poor security and safety.
Security and safety capability is generated by the considered utility of people, procedures and technology; from this, it can be deduced that vulnerability can also be generated and exist across the three aspects. So, from a corporate perspective what might be the internal or vulnerability Intelligence Requirement might be?
- What security and safety vulnerabilities and risk management gaps exist by hotel, country, and region?
- How serious are these vulnerabilities and risks?
- Where in the hotel operations do these fall?
- Why are vulnerability and risk issues present?
- What safety & security incidents are occurring?
- Are there incident trends and what are they?
- How effective are hotel, country, region security and safety programs?
- Are Action plans in place to address issues?
- Are plans being executed within agreed timelines?
- Are there systemic failures, requiring program adjustment/improvement?
- Are there incident trends indicating changes in threats/hazards or program weaknesses?
- Are hotels meeting their security and safety training requirements?
- What hotels require support?
Most hotel companies will most likely have some manual systems in place to answer these questions, but these can be ad hoc, labour intensive and inconsistent.
Northpoint International is working with Simon Scoot and Michael Stamer-Smith at Aius to build a Hotel Security, Safety, Resilience and Cybercrime Risk Management Internal Intelligence Platform that will provide Hotel Managers, Hotel Companies and Portfolio Owners with powerful insights into their security, safety and resilience operations and programs. We aim to actively support the hotel sector to conduct intelligent risk management that is practical, affordable and actionable; assisting the sector do more with less and maintaining security and safety standards vital for protecting our guests, staff and assets.
Questions for Consideration:
- How are you going to do more with less?
- Are your governance programs fit for purpose?
- Are you keen to focus your efforts where it is really need it?