Managing Director Kevin Ward’s Security Article in Security Matters Magazine

Written by Kevin Ward, Managing Director

Shared responsibility

Ultimately, security and risk management affects – and exerts an impact on – our entire society whether the focus is at the local, national or global level. As Kevin Ward astutely observes, when you add-in the fiscal and political implications, it can easily become a core subject for discussion and debate.

Some weeks ago, Security Matters’ Editor Brian Sims contacted us with a straightforward request. “We were wondering if a senior member of the team at Ward would like to script an article on the core subject of Security and Risk Management for publication in our April print edition?”

As the long-term managing director of that successful, established and highly regarded security business, as someone who has worked with several of the most highly regarded security and risk specialists, as someone who has attended many, many conferences and, in my opinion, is well read, and as someone who has spent over 30 years working diligently in this challenging profession, why was it that I spent the next few hours pondering how best to address that particular topic?

The reality is I’m not sure any single individual is able to cover that subject in its entirety within one article given the scope of it is so immense.

The same rules apply to security and risk management as they would for any managed process. It’s going to be all about ‘Plan, Do, Review’. Yes, this is the most simplistic version of a management system and the scale of investment, the level of analysis and the quality of data can vary from the minimal through to the inconceivable depending on the ‘Who?’, the ‘Where?’ and the ‘Why?’

Set against that backdrop, allow me to explain how all of this applies to our business here at Ward in the hope that, as the reader and a subscriber to Security Matters – not to mention someone enveloped in ‘all things security’ – you can then begin to draw some synergy with your own security-centric organisation.

Turning the power off

First of all, some background. Ward has been keeping organisations across the UK secure for over 20 years, working with a broad range of clients from blue chip companies through to small businesses. Our private sector work includes the protection of high-profile commercial offices, business parks, retail outlets, Shopping Centres, Data Centres and specialist sites that are often viewed as being hard to protect. We also work with local authorities to safeguard open spaces and parks within specific communities.

With over 1,000 employees and offices in London, Kent, Manchester and Milton Keynes, we are very well placed to serve businesses on a national footing. Our services include security personnel, CCTV security systems, general purpose patrol and specialist search dogs, alarm response, keyholding and security patrol services, remote monitoring, concierge and reception services, temporary detection and void property management, and fencing systems.

As a business, we had written our disaster recovery plan for our former head office, which was also the home of our National Operations Centre, and not only the central hub for our own business, but also a fundamental part of the security, safety and welfare of our employees and clients. The plan was well written over a number of weeks, in accordance with all relevant standards, and each element had been reviewed time and time again.

We had invested in training our people, bought all of the necessary hardware and technology and ensured that our data and systems were backed-up. We had evaluated everything as far as it was possible to do so. The team was confident that, should we be confronted by a scenario whereby the building became inoperable or otherwise inaccessible, we could simply transfer our business operations to an alternative location at the push of a button.

The entire team was rightly proud of this achievement. As a company that wasn’t particularly big at the time, and with a relatively small budget, we had minimised the risks posed to our business and, by association, our clients’ buildings and businesses. We had ensured that, if a tricky situation should arise, we would be capable of continuing to operate in a safe and secure manner.

Determined to put that very theory to the test, I decided to walk into the room that held the switchgear for our mains power supply and duly turned it off (more of which anon).

Manchester Arena

Recently, I attended a conference organised by TINYg, the global counter-terrorism information network. The keynote speaker was Neil Basu QPM, a senior British police officer who, from March 2018 through to September 2021, served as Assistant Commissioner for Specialist Operations with the Metropolitan Police Service and also as the National Police Chiefs’ Council’s lead for counter-terrorism policing.

Basu eloquently spoke about many facets of his distinguished career, but most notably about the Manchester Arena terror attack that occurred on Monday 22 May 2017. Tragically, 22 individuals – men, women and children included – lost their lives in the suicide bombing attack that took place as concert-goers were leaving the venue after a performance by Ariana Grande.

Hearing one of the most senior, qualified and experienced police officers in the country talk about this tragic event, about the ongoing Public Inquiry, about the lessons learned and the aims of Martyn’s Law (ie the Government’s proposed Protect Duty legislation) to improve the safety and security of public venues and spaces was, in no small measure, not only very powerful, but also thought provoking.

In my opinion, here in the UK we have the very best Emergency Services and intelligence services resident on the global stage. We spend millions – if not billions – of pounds on collating information, analysing profiles, writing plans, training and testing to ensure the security of our country and to manage risk.

Why, then, did those 22 people die? Why did I find myself listening to a clearly emotional, passionate and angry senior police officer share his extremely honest reasoning on what went wrong on the night in question?

Public Inquiry

When it does work, and when we make sure that everything is right in terms of security provision, we very rarely hear about it. Thankfully, our security and intelligence services do make sure everything’s right much more often than not. However, given what happened at the Manchester Arena, an independent Public Inquiry was orchestrated by the Home Secretary on 22 October 2019, with its purpose being to investigate the deaths of those 22 victims. All of the information is readily available online at www.manchesterarenainquiry.org.uk 

Try reading the material resident on that website. If you do and completely and honestly understand all of the associated implications – and, importantly, how the findings of this Public Inquiry that has led to Martyn’s Law/the Protect Duty can be readily and easily implemented across the UK – then you are a much more intelligent individual than myself. 

In addition, Lord Toby Harris has just produced his report into the resilience landscape for London.

None of this is going to be easy to digest and implement, but it’s incredibly important that we do the very best we possibly can in this regard and, what’s more, without compromise.

By working together, by ‘planning’, ‘doing’ and ‘reviewing’, we can improve the security of our crowded places and minimise the degree of risk posed to our people. We can try to prevent episodes like that which occurred at the Manchester Arena from ever happening again. The ‘together’ element is the hard part. This is the ‘Who?’, ‘Where?’ and ‘Why?’ It’s now time for a collective push to create a culture of learning, inclusivity and collective responsibility.

Business continuity

So how, you’re wondering, could I possibly write something (about our ‘powering down’ scenario) that’s so irrelevant when compared to a devastating terror attack in Manchester? How can testing a basic business continuity and risk management plan be likened in any way to such a horrifying occurrence?

When I turned the power off at headquarters, the team was horrified. When the team members asked why I’d done this, I replied that it was because I could. It was easy. The implications were manageable and it would give me an immediate indication as to the success or failure of our pre-planning.

Let me tell you that our plan failed. Not massively so, but enough to have reduced our services, security, safety and risk to an unacceptable level.

We then re-wrote the plan. We changed the configuration of the building. We retrained the team. We had failed as a collective and we rectified the situation (and everyone knew that I would turn the power off again!).

When we moved into our new head office in 2018, we already had a tried-and-tested plan in place. The same team implemented the equipment, software, processes, training and everything else that we had learned from our previous mistakes and the collective works really well. We probably need to turn the power off again soon, though, just to be on the safe side.

As stated, the Manchester Arena terror attack led to the loss of 22 innocent people’s lives. The impact since exerted on their families and friends is unimaginable. It will never go away. The legacy of those who died – among them Martyn Hett, the son of campaigner Figen Murray and the young man in who’s honour Martyn’s Law is named – is the Government’s Protect Duty and we must respect their memory by implementing it correctly.

At the same time, a number of hugely respected, high-ranking police officers have been replaced and we’ve lost a huge amount of knowledge and skill as a result. Going forward, we must stop this culture of blame and embrace instead one imbued by collective responsibility and learning.

Risk assessments

As a company, we’ve completed thousands of risk and threat assessments. In order to ensure that our business supplies the correct levels of security at our own properties and for those of our clients, the level of detail required is immense. Indeed, the quality of the information needed is becoming more detailed every time, but equally importantly it’s now easier to understand, share and implement.

Without constantly reviewing the risk, training individual team members and testing the plans put in place, risk and threat assessments are worthless. When we do fail, I would hope that the culture underpinning Ward’s operations remains one of teamwork, collective responsibility and learning.

If you don’t create a culture where individuals are not fearful of making mistakes, where they always feel supported and completely understand that, while better avoided, failures are an opportunity to learn, then there’s a failure in the business. If we don’t create a culture whereby anyone is comfortable to put their hand up and say: “I don’t understand”, and also brave enough to challenge something that doesn’t look right to them without fear of reprisal, then we as security professionals have failed as a collective.

The article also featured in the April edition of Security Matters. You can read this here pg 52-54.