There aren’t many corporate executive protection strategy documents lying around in corporate headquarters or in executive protection companies. Blueprints that cover the strategy essentials are not available online. Why? We believe this is due to two simple but interrelated factors:
- Most people who know a lot about corporate strategy don’t know much about executive protection.
- Most people who know a lot about executive protection don’t know much about corporate strategy.
A corporate EP strategy template is a good start. Just because there aren’t many examples to build on doesn’t mean that a strategic approach to corporate EP isn’t important. Just ask any business manager, military officer or coach: A simple strategy is better than none, and a little planning goes a long way in winning both the battle and the war.
In this blog, we’d like to share a process that we go through while planning EP programs for our corporate clients. We’re convinced that asking and answering the right questions in an orderly sequence will help everyone involved – both on the corporate and on the EP side of the table – to create a planning process and document that will make a huge difference.
Here is our skeleton template for corporate EP strategy. We’ll leave it up to you to fill in the details and to answer the questions in a way that aligns best practices in both the corporate and EP worlds.
1) INTRODUCTION/SUMMARY
Feel free to write this after the rest of the plan is written. And be aware that many people won’t read much more than this.
- Statement of purpose: In broad terms, what are your reasons for creating a corporate EP strategy? Why will the world, or at least your corporation, be a better place once you have written a water-tight strategy?
- Background
- How do corporate values, history and business objectives relate to the EP strategy?
- Are there any events, developments or other reasons that make the plan necessary now? Don’t forget to consider the following:
- Personal risks
- Business risks
- Board mandate
- Duty of Care, corporate liability issues
- Objectives: What are you trying to achieve? Try to be as specific and measurable as possible.
- What are the goals and expected outcomes/results of the EP program?
- What would be the key benefits of achieving those goals – for the corporation and for the principal?
- Can you boil the program down to some simple guiding principles that are easy for everyone to understand and remember?
- Key Success Factors: What elements of the program are critical in order for it to be successful? “If we get these parts right, we are on our way to a great program.” What are the parts?
- Key Performance Indicators: Top line, what do you need to measure in order to know whether your EP program is on track? Consider “hard” factors like budget and schedules – as well as “soft” factors like principal satisfaction.
- Governance
- Who makes decisions about corporate EP?
- Based on what criteria?
2) SITUATION ANALYSIS
This is similar to the well-known Strengths, Weaknesses, Opportunities and Threats (SWOT) analyses so familiar to the corporate world. In the EP industry, we call this a Risk, Threat and Vulnerability Assessment (RTVA). The purpose of the SWOT and the RTVA exercises is similar: Know where you stand before you start planning how to move ahead.
- Risk, Threat and Vulnerability Assessment
- External factors not in our control
- Are there direct threats and security risks to the corporation or principal?
- Are there indirect threats and security risks not directly targeting the company or its principal(s) but present in regions where the company operates?
- What would be the impact, or loss, should these threats be realized?
- How vulnerable are we to these threats should they be realized?
- Internal factors in our control
- What is the status/evaluation of our current EP and security programs?
- How do we evaluate security vulnerabilities?
- Evaluation of current and past EP efforts: What lessons have we learned?
- What parts of the corporate ecosystem are relevant to the EP effort?
- What are the principal’s personal preferences regarding EP and his or her lifestyle?
- Gap analysis: Where we are now compared to our goals?
- External factors not in our control
3) EP PROGRAM DESIGN
- WHO is to be protected?
- List of principal(s)/corporate position(s) (e.g., CEO, COO, etc.) that are to be protected by the EP program.
- Are any other persons related to the principals, e.g., family, also to be protected?
- Are all persons to be provided the same level of protection? Why or why not?
- WHEN are the principals to be protected?
- 24/7/365?
- Only while travelling for the company? To all destinations or only some?
- In other circumstances?
- WHERE are the principals to be protected? To all destinations or only some?
- At home
- At work
- While commuting home/work
- While traveling
- Abroad – high, medium and low-risk territories?
- Domestically
- Business
- Personal
- At corporate or other events
- At other family member activities
- WHAT kinds and levels of protection are necessary?
- Alarm monitoring, access control and trained security agents for controlling access to the principal’s workplace and residence
- Close personal protection provided by trained EP agents at home, at work, while commuting or traveling
- Security drivers trained in EP and defensive/evasive driving
- Automobile(s) specially equipped for security
- Intelligence analysts that monitor, investigate and report on people of interest, inappropriate communications and threats, and also provide risk analysis and travel risk assessments for the employee’s scheduled trips and events.
- Surveillance and anti-surveillance protection that identifies and deters potential attackers prior to any attack.
- Flights on charter aircraft for business and personal reasons
4) EP TEAMS AND ORGANIZATION
- Draw the organigram that describes the EP organization and its lines to other parts of the corporate organization
- What are the key job descriptions and qualifications?
- How does the EP team interface with the rest of the corporate organization?
- Stakeholder analysis: Who else in the organization does the EP team need to work with? Why is this important?
- What are the communication procedures between the EP organization and other corporate departments?
- Training
- Who should be trained, certified for what and to which level?
- What are our training programs and procedures?
- Career planning
- How do we help EP agents and managers continue to develop their capabilities and career – so they stay with us rather than move on?
- Alignment with corporate HR strategies and procedures?
- Program scoping
- How do we scale up or down as needs change? Which costs should be considered as fixed, or variable?
5) PROCUREMENT STRATEGY
- For technology
- Which tech do we need?
- How do we buy it?
- Alignment with corporate procurement strategies?
- For human resources
- Make/buy: Do we insource, outsource or embed key EP positions?
- The EP manager
- EP agents
- Residential agents
- Intel analysts
- How do we search, shortlist and evaluate the EP companies we want to work with?
- Are our contract management & policies in order?
- Make/buy: Do we insource, outsource or embed key EP positions?
6) PROGRAM DELIVERY AND MAINTENANCE
- What are the Standard Operating Procedures (SOPs) for all key processes?
- How do we assess security risks on an ongoing basis? How often do we update RTVAs? Do we do it ourselves, or ask for third-party assistance?
- How do we continually improve the skills of our staff?
- Security exercises and drills: frequency, scope, post-drill evaluation, data collection, etc.
- How do we inspect and assess the quality of our own security measures?
- Internal evaluation
- External audits
- Red teaming
7) REPORTING AND KPI MEASUREMENT
Which KPIs do we follow and measure program success against? Consider both the “hard” criteria such as the wellbeing of the principal, budget adherence, etc., but also “soft” criteria such as the principal’s satisfaction and team motivation.
- Which reports do we create on a regular basis? What do they contain? Who writes them? Who reads them?
- Which ad hoc reports will be necessary, when?
8) BUDGET
- What are program set-up costs?
- What are ongoing program costs?
- Fixed
- Variable
- Who has budget responsibility?
- What are procedures for financial reporting?
- What do we do about budget/actual deviations?
9) IMPLEMENTATION PLAN
- What are the critical path milestones for developing and implementing the EP program?
- Who has responsibility for moving the program forward?
- Who approves what, when?
10) APPENDICES AND ADDITIONAL NOTES
- Is there extra information relevant to the strategy?
- Do we need a glossary of terms?
- References & resources
- Special circumstances