For many years a great number of smaller businesses have been strongly opposed to being forced down the ISO 9000 quality management route by the ‘Big Brothers’ of the security industry.
To many it represented a complicated and unwanted set of procedures that stood in the way of making a profit. The very idea of using ISO quality management as a yardstick for measuring the standard of security installations or manned security provision was considered to be beyond the pale.
While it may be true that small and medium-sized end user companies can learn a great deal from the ISO scheme, it was also seen as coming with a disproportionate amount of paper ‘baggage’ – not to mention a similarly disproportionate cost in consultancy (courtesy of men in BMWs). What went wrong?
I always quote the instance of the alarm company that, a decade or so ago, brought in consultants to instigate quality management procedures and ended up with a paper-munching monster of a scheme. A classic case of a firm employing the wrong people to do the right thing and taking a financial hammering as a result.
In truth, the alarm company concerned was buying-in nice new PIR detectors at a giveaway price of GB pound 8 each (ten years ago that was cheap!). As the deliveries began to arrive, each PIR was taken out of its neat little box and a sticker placed on it bearing a unique serial number. The number was then entered in a logbook, with the date received, delivery note number and supplier written alongside. Each PIR was then put back in its box and placed on shelves in readiness for dispatch.
When finally called upon, each PIR would then be taken down from the shelving, removed from the box, the serial number located in the logbook and the date, the job number and the address of the installation site recorded alongside. The detectors would then be taken to site. This system was more appropriate to the anti-Bin Laden bomb factory than a mere alarm installation company!
From the security consultant’s point of view I’ve no doubt that the system was perfect, but when the alarm company itself actually worked out the cost of the time spent on such procedures the PIRs actually cost around GB pound 20 each. Not so cheap. In a perverse sort of way, the system did ‘pay-off’. The cheap PIRs turned out to be roughly the same quality as the ‘end product’ from a home for retired donkeys, and they all had to be removed and replaced with better quality units. At least the alarm company knew where each detector had been fitted and when. The irony is that, when NACOSS was called in to audit the system, the procedures adopted were thrown out for being unsuitable.
What security managers and consultants must do is learn the rules and then find ways of using those rules to their own advantage.
The progression of ISO 9000
The early days of ISO 9000 (BS 5750) in the security industry were little short of a disaster. At the time, NACOSS and other inspectorate bodies freely admitted that they had little or no experience of the scheme, thus consultants had to be called in.
For their part the consultants, drawn from without the security industry, saw a blank canvass on which to paint their own picture. The end result? Every conceivable principle was employed, every ‘i’ dotted and every ‘t’ crossed. Most consultants were sincere in terms of what they suggested, but perhaps you will forgive me for being cynical in thinking that a minority of them also saw ISO 9000 as a licence to print money.
Times change, though. We all learn more.
And if we’re bright enough, we adapt. Just lately, I’ve been given the opportunity to look over the shoulders of the NACOSS inspectors as they carry out their audits, and what I’ve seen represents a vast improvement on days of yore.
In the early days, a non-security industry consultant would have a company carry out all manner of unnecessary, long-drawn out procedures simply because they were part and parcel of the quality standard. Now, the procedures have been streamlined to produce a meaningful management system. One that makes you check and double-check all along the line to ensure that nothing is left out or forgotten about, and that time isn’t wasted by having to go back and correct mistakes.
As an end user, how many times have you forgotten to order things in, or neglected to take specific items with you on a given task when a simple list would have prevented any problems? I rest my case.
Now, of course, the industry is privy to an all-new standard – ISO 9001:2000 – and by all accounts it is far better than the old one.
For a start it’s much more flexible, and the need for minutely-documented procedures is less specific. Parts of the new standard are not always relevant or needed such that they can be left out. Some of the sections have also been improved no end. In essence, ISO 9001:2000 asks installers to be more aware of end user requirements. Does the finished security system do what it is supposed to? Is it right for the customer?
Self-analysis enters the equation
Reviews and audits have always been a quality management requirement. That said, a good many security companies just plod through the motions without giving them a second thought. They should be thinking: “Why are we doing this?”, “Is this the best way forward?” or perhaps “Can we find a better way?”.
What’s certain is that ISO 9001:2000 brings self-analysis squarely into the picture, pushing security companies further towards improving their service.
How many smaller security companies measure and analyse their quotation success rates, or their installation/service procedures? Not many. Many a boss will say: “I haven’t got time for that”. I’d like to counter that with another old saying… “I’m too busy working to earn money”. Think about it. It’s not as daft as it seems.
The truth is that if such firms did measure and analyse, they might just find out where they’re wasting valuable time and resources. It’s a simple equation. Measurement and analysis lead to increased performance and a reduction in time wasted. This in turn equals greater profit, and more time in which to seek out more business contracts.
All-in-all, ISO 9001:2000 is a useful and viable quality management tool that even the smaller companies may benefit from, but – and it’s a very big ‘but’ – managers need to ensure that they get the right people in to administer the quality management programme. For a great many smaller companies, this is where the problems begin.
There’s a rising tide of security companies – particularly in the manned guarding sector – that claim to have an industry-compatible ISO quality management scheme in place when they don’t. Often this is not borne out of any deliberate attempt to defraud the end user, they have simply bought-in their quality management expertise from people who are not wholly familiar with the security industry – and who introduce procedures alien to it. Even worse, those people may well leave out industry-specific procedures that are crucial.
Confused? Well, imagine that you can’t drive, but you want to be able to. What’s the answer? Take lessons from an instructor. Great. But which one do you choose? Do you go to the expensive one on the High Street, or the cheaper instructor who works from home? There’s no real set answer here because each may or may not be good at their job. It’s all down to the experience and background knowledge of the individual concerned.
What about passing your test? We all know that you have to go to the proper Government testing authority and be tested by a qualified examiner. There is no cheap alternative available. With quality management, though, it’s a different story. The examining or testing procedure (known to us as a certification) is licensed out to private industry – and for a very good reason. Since quality management can be applied to any company conducting any type of business, the certification of that business needs to be carried out by people with a working knowledge of the industry.
If people with little or no knowledge of the security industry carry out the certification then there is a very real possibility that certain basic procedures will be under-emphasised (false alarm management being an obvious candidate). There is also a possibility that far too much emphasis will be placed on other, less important areas. We must ensure that the right people are doing the right job.
Determining levels of competency
When it comes to quality management in the security sector, the Government supports UKAS (the United Kingdom Accreditation Service) to oversee the work of the quality management certification bodies.
At company level, if the managers of a security firm decide to make use of a quality management system they’ll need to employ a consultant (in this case the equivalent of a driving instructor) to help them do so.
The point they must remember is that the consultant (the instructor) cannot give them the accreditation or certification (ie the driving licence). For that they must call in a certification body (driving examiner). In our industry, of course, NACOSS is the recognised body for the installation companies while the ISI (the Inspectorate of the Security Industry) covers the manned guarding sector. Both have been ‘tested and examined’ by the UKAS to prove that they’re doing the job properly.
Thus everyone is happy. Or are they? This is the point at which we can throw some fat in the fire. Due to the general lack of understanding in our industry (and, indeed, in other sectors), certain parties have decided to jump on the bandwagon and offer a cheaper alternative. You may well have had a glossy circular in the post in recent times offering an ISO quality management system for less than GB pound 1,000, complete with the necessary certificate. These companies will even state: “No certification, no fee”. Sounds wonderful. But is it?
The driving equivalent would be for me to set up the Acme Driving and Testing School. I can offer to teach you to drive anything from a motorcyle to a Chieftain tank (after all, I possess all the necessary manuals). Provided that you can get your desired conveyance from Point A to Point B without mowing down a few hedgerows and the little old lady out walking her dog, I can then offer you a licence to drive.
Thank heavens that, as far as I know, such a practice is illegal. The carnage on our roads would be incredible!
Unfortunately, when it comes to quality management it is quite legal, and any attempts made to stop the perpetrators would be an infringement of their rights to make a living. The problems will only appear when you are apprehended for speeding and you flash the Acme Driving Licence at the arresting officer. He will then point out that your licence is invalid, and that you might just as well have used it to wallpaper part of the bedroom.
The same is true of the unofficial quality management scheme. It looks fine – until you try and run it by someone who knows better, that is, such as your insurance company. Remember the phrases ‘buyer beware’ and ‘there is no such thing as cheap’.
Look before you buy
The real confusion comes with the ‘broad spectrum’ certification bodies. These bodies are fully accredited by UKAS, so no-one can doubt their quality or integrity. However, there is much concern within the industry that obtaining your quality management accreditation from a non-industry related body may in turn lead to a non-specific quality management scheme that’s not in your company’s best interests.
By way of an example, the person arriving to audit your particular quality management scheme may have been carrying out the same task last week for a supermarket, and a steelworks the week before. The question must be asked: does he or she know enough about the security sector to be sure that you have all the correct mechanisms and systems in place?
My advice is simple. Look very carefully before you buy. Find a consultant that has a history of experience within the security industry, then look for a certification body that is exclusive to the security sector.
