Aircraft operators should screen vendors as closely as they do possible new hires – and on an ongoing basis.
Aug. 8, 2016
Every flight department implements a careful pre-employment screening program as part of a documented hiring process that helps minimize risk when considering job candidates. Security experts say the same level of diligence should be applied to screening and monitoring vendors, preferably as part of a comprehensive security program.
The foundation of any solid vendor-vetting program is consistency, explains Eric Moilanen, president of Premier Corporate Security.
“You should have a process so everything is documentable, verifiable and repeatable. If you can develop a process of vetting vendors and looking for the same things every time, then it really doesn’t matter what markets you expand into or how your operation changes. You already know what questions to ask, and you know what to do if those questions aren’t answered in the manner in which you would like them to be.”
You should have a process so everything is documentable, verifiable and repeatable. If you can develop a process of vetting vendors and looking for the same things every time, then it really doesn’t matter what markets you expand into or how your operation changes.
Moilanen’s firm has more than 125 clients, including many Fortune 500 companies, and among the services it offers are audits that provide a detailed overview of a potential vendor’s processes.
“We end up making a report and a recommendation– basically a gap analysis – that explains what each vendor is doing, where possible vulnerabilities are, and how we recommend addressing them,” said Moilanen.
REFERENCES AND ASKING QUESTIONS CONSISTENTLY
Asking a consistent set of questions and reviewing the same information – such as background checks on prospective vendors’ employees – forms a solid foundation for a service-provider vetting process. But a truly effective program probes more deeply, and does so regularly.
References are an ideal place to start the process. “Reach out to peers and ask them for recommendations,” says Kris Cannon, director of safety and security for Landmark Aviation and founder of Aviation Secure USA, which specializes in aviation security training. “Adding new vendors should not be, ‘test it and see.’ It should be, ‘Go with what’s been tested.’”
Both Cannon and Moilanen caution that while a colleague’s recommendation is valuable, there is no substitute for due diligence. Calling references that a vendor provides can be useful, but operators should probe several levels deep, whenever possible. A reference list provided by a vendor is likely to yield very satisfied customers and glowing reviews. But asking those references for additional references that the vendor may have served could yield more enlightening information.
Both Moilanen and Cannon also recommend looking beyond security-specific topics to help evaluate a company’s viability. Paying attention to how a company handles basic transactions can yield clues about how diligent they are with more sensitive matters. For example, Cannon said a background-check vendor that emails reports without password-protecting them or taking comparable security precautions probably isn’t being any more careful with your data.
INITIAL SCREENING AND ONGOING MONITORING
“Vetting can be time-consuming on the front end,” noted Moilanen, whose firm handles the process for many of its clients, especially smaller flight departments. “But it is worth the effort and investment” to establish an approved vendor list.
However, setting up an approved vendor list is just the first step in an effective vetting program. Ongoing monitoring is key to helping ensure continuing compliance with security standards.
At Landmark Aviation, internal evaluation programs focus on one department per month, and they include reviewing vendor performance, said Cannon. The company’s standard operating procedures cover outsourcing, and vendor audit results and approvals are included.
Even the most thorough vetting program has vulnerabilities, however. “Vetting is good,” said Cannon. “You always want to know who you are working with and that somebody is taking a look at them. But you have to remember that you are still dealing with the human element. Vetting doesn’t assure anything. It just lessens the risk.”
Cannon offers the example of a limo driver who gets arrested and loses his license the night before a scheduled job. If the driver is released in time to get to work but doesn’t tell his employer about the arrest, that day’s customer may never know.
Such risks can be mitigated by taking some precautions, said Cannon. For instance, it is a prudent precaution to ask for identification or a driver’s license to ensure that the person who shows up to drive aircraft passengers to their destination is actually the one who is supposed to be providing this service. An added layer of security, such as a code word relayed from the flight department’s scheduling team to the vendor, can ensure that the driver is actually connected to the vendor.
LEVERAGING CORPORATE SECURITY ASSETS
Small operators may have little choice but to set up their own security programs from scratch. But flight departments that are part of larger companies should look internally for programs that they can adapt.
“What we’re finding, particularly in the last several years, is that more and more flight departments are falling under corporate security supervision or becoming part of corporate security,” said Moilanen.
But this can be a mixed blessing.
On one hand, there’s the issue of aviation’s uniqueness. Corporate security rarely has a unique, full-spectrum understanding of all the things that apply to aviation security, but may not apply to facility security or employee security, Moilanen says.
On the other hand, a strong corporate security program can have some useful elements that, with a few modifications, should serve a business aircraft operator very well.
Typically, corporate security will have a vetting procedure, contingency plan, emergency response plan and a security program for the employees, said Cannon. “All they have to do is connect with aviation and overlay it,” making changes where necessary. “I’ve seen it work that way often, and it’s been very successful.”
ESTABLISHING AND MAINTAINING A STRONG SECURITY CULTURE
While well-crafted plans are a key to executing an effective security program, no plan can overcome a lax culture. Becoming a security-focused operation should be very close to, if not on par with, safety awareness in any aviation operation, said Cannon.
“It only takes one person or one moment in time to change your life,” said Cannon, adding that preparing for those moments can be the difference between a bad day and something far worse.
Proper preparation starts at the top – with culture. Senior executives must buy into any security plan’s importance and consistently convey that message down through the ranks. “Security should not be part of a program you’re following once your shift starts,” said Cannon. “To be truly effective, it should become a way of life.”
Training creates awareness. When training is delivered and there is buy-in among management and the front-line workers, it is easier to start shifting the [security] culture.
The next step is reviewing the program regularly.
“Training creates awareness,” said Cannon. “When training is delivered and there is buy-in among management and the front-line workers, it is easier to start shifting the [security] culture.”
Finally, security programs should have an internal point person. At larger flight operations, it’s likely a full-time role. But even a smaller company should have a designated “champion” who, with support from the top and access to the proper resources, is empowered to lead the development and execution of robust security programs.
“It really comes back to developing a plan and making sure that everybody is educated on the plan,” said Moilanen. “Having something in place – a documented plan where everybody can pull up the same information – is the key to being best prepared for any scenario.”
Learn more at www.nbaa.org/security.
International Business Aviation Council Ltd.