Wednesday, 11 April 2012

SECURITY OF CONFIDENTIAL AND SECURITY SENSITIVE INFORMATION


This document is confidential and security-sensitive.  Any reproduction or dissemination of any portion of this document is prohibited without the written consent of the Chief Operating Officer of the Company.


 This Security and Emergency Preparedness Plan (SEPP) will attempt to ensure that, if confronted with a security event or major emergency, [NAME OF COMPANY] personnel will respond effectively, using good judgment, ensuring due diligence, and building on best practices, identified in drills, training, rules and procedures.


This level of proficiency requires the establishment of formal mechanisms and procedures to be used by all personnel to identify security threats and vulnerabilities associated with operations, and to develop controls to eliminate or minimize them.  This Plan also requires processes for:

  • Coordinating with law enforcement and other public safety agencies to manage response to an incident that occurs on a vehicle or affects operations, and

  • Identifying a process for integrating company resources and capabilities into the community response effort to support management of a major event affecting the community.

Management expects all employees, volunteers and contractors, especially those working directly with passengers, to support this Plan.

Division of Responsibilities



All personnel must understand and adopt their specific roles and responsibilities, as identified in the SEPP, thereby increasing their own personal safety and the safety of our passengers and the motoring public, during normal operations and in emergency conditions.

To ensure the success of the SEPP, the following functions must be performed by personnel:

  • Immediately reporting all suspicious activity, no matter how insignificant it may seem, to the Operations Manager or his/her designee;

  • Immediately reporting all security incidents

  • Using proper judgment when managing disruptive passengers and potentially volatile situations

  • Participation in all security and emergency preparedness training, including drills and exercises

  • Becoming familiar with, and operating within, all security and emergency preparedness procedures for the assigned work activity

  • Notifying the Chief Executive Officer or his/her designee when a physical or mental condition, or required medications or therapies, may impair the employee’s ability to perform security or emergency preparedness functions

  • Accurately completing “Employee Statements” and appropriate reports as quickly as possible
  • Cooperating with/assisting first responders as necessary

The Chief Executive Officer (CEO) has the overall authority to develop and execute the company’s SEPP. Ultimate accountability for implementation of the SEPP rests with the Chief Executive Officer.  In addition, the CEO is responsible for the following specific activities:

  • Ensuring that sufficient resources and attention are devoted to the SEPP, including:

o       Development of standard operating procedures related to employee security duties
o       Development and enforcement of safety and security regulations;
o       Development of emergency operating procedures to maximize company response effectiveness and minimizing service interruptions during emergencies and security incidents;
o       Provision of proper training and equipment to employees to allow an effective response to security incidents and emergencies

  • Development of an effective notification and reporting system for security incidents and emergencies
  • Designating a Point of Contact (POC) to manage the SEPP
  • Establishing a Security Committee
  • Communicating security and emergency preparedness as top priorities to all employees
  • Developing relations with outside organizations that contribute to the EPP Program, including local public safety and emergency planning agencies
           

To ensure coordinated development and implementation of the SEPP, the CEO has designated [INSERT TITLE OR NAME] as the Security and Emergency Preparedness Point of Contact (POC) for development and implementation of the SEPP.  The POC, who reports directly to the CEO, has been granted the authority to utilize specific company resources to develop the SEPP, to monitor its implementation, and to ensure attainment of security and emergency preparedness goals and objectives.

The [INSERT TITLE OR NAME] has the responsibility for overseeing the SEPP on a daily basis.  The [INSERT TITLE OR NAME] will be the direct liaison with the company’s drivers and dispatchers, regarding the Program. The [INSERT TITLE OR NAME] will also serve as the primary contact with public agencies.  To the extent that liaison is necessary with local, state and federal agencies, the [INSERT TITLE OR NAME] will serve as the lead liaison for the company.  The [INSERT TITLE OR NAME] will also be responsible for the agenda items for Security Committee meetings and actions.

In managing this Program, the POC will:

  • Be responsible for successfully administering the SEPP and establishing, monitoring, and reporting on the company’s security and emergency preparedness objectives
  • Review current company safety, security and emergency policies, procedures, and plans, and identifying needed improvements on a semi-annual basis
  • Develop and implement plans for addressing identified improvements
  • Coordinate with local public safety agencies, local community emergency planning agencies, and local human services agencies to address security and emergency preparedness; including participation in formal meetings and committees
  • Develop, publish, and enforce reasonable procedures pertinent to company activities for security and emergency preparedness
  • Provide adequate driver training and continuing instruction for all employees (and volunteers and contractors) regarding security and emergency preparedness
  • Review new company purchases to identify security related impacts
  • Ensure performance of at least one emergency exercise annually


Given the nature and scope of [NAME OF COMPANY] operations, it has been determined that a separate Security Committee is [necessary or unnecessary].  [If unnecessary, start here.]  As a continuing responsibility of the [Vehicle Accident Prevention or Safety Committee], [If necessary, start here] there will be a permanent agenda oriented toward security and emergency preparedness matters, ranging from comments on the management of the SEPP to liaison with public agencies and feedback from employees.  It will also be an ongoing part of the security agenda to determine the level of compliance with company policies, rules, regulations, standards, codes, procedures, and to identify changes or new challenges as a result of incidents or other operating experience. 

The SEPP POC will be responsible for managing the security agenda during the Security Committee meetings. When appropriate, members of local fire and police departments, state and federal agencies will be invited to participate in the Committee meetings. 
                                                                                                                             
The Security Committee provides the primary mechanism through which the company:

  • Identifies security conditions and problems at the company
  • Organizes incident investigations and develops and evaluates corrective actions to address findings
  • Obtains data on company security performance
  • Develops strategies for addressing company security problems
  • Coordinates the sharing of security responsibilities and information
  • Manages the integration of security initiatives and policies in company operations
  • Evaluates the effectiveness of the security program
  • Manages the development and revision of company policies, procedures, and rulebook
  • Coordinates interaction with external agencies
  • Reviews, evaluates and recommends approval of reports from company staff

The Committee also ensures that all company employees, volunteers and contractors:

  • Have a full knowledge of the security program and emergency preparedness programs
  • Make security and emergency preparedness a primary concern while on the job
  • Cooperate fully with the company and local, state and federal agencies regarding any incident investigation
  • Raise security and emergency preparedness concerns

Supervisors are responsible for communicating the company’s security and emergency preparedness plan and procedures to all employees, volunteers and contractors. For this reason, supervisors must have full knowledge of all security rules and policies.  Supervisors must communicate those plans and procedures to operations personnel in a manner that encourages them to incorporate SEPP practices into their everyday work.  The specific responsibilities of supervisors include the following.

  • Having full knowledge of all standard and emergency operating procedures, and are strongly encouraged to be trained in the National Incident Command System (NIMS).
  • Ensuring that drivers make security and emergency preparedness a primary concern when on the job.
  • Cooperating fully with the SEPP regarding any accident investigations as well as listening and acting upon any security concerns raised by the drivers.
  • Immediately reporting security concerns to the SEPP POC.

In addition, when supporting response to an incident, supervisors are expected to:

  • Provide leadership and direction to employees during security incidents;
  • Handle minor non-threatening rule violations;
  • Defuse minor arguments;
  • Determine when to call for assistance;
  • Make decisions regarding the continuance of operations;
  • Respond to service complaints;
  • Respond to security related calls with law enforcement officers when required, rendering assistance with crowd control, victim/witness information gathering, and general on-scene assistance;
  • Complete necessary security related reports;
  • Take photographs of damage and injuries;
  • Cooperate and coordinate with all outside agencies at incident scenes 

In addition to the general responsibilities identified for ALL PERSONNEL, drivers (including volunteers and contractors) are responsible for exercising maximum care and good judgment in identifying and reporting suspicious activities, in managing security incidents, and in responding to emergencies.  Each driver will:

  • Conduct vehicle security inspections
  • Take charge of a security incident scene until the arrival of supervisory or emergency personnel
  • Collect fares in accordance with company policy (if applicable)
  • Attempt to handle minor non-threatening rule violations
  • Respond verbally to complaints
  • Attempt to defuse minor arguments
  • Determine when to call for assistance
  • Maintain control of the vehicle
  • Report all security incidents to dispatch
  • Complete all necessary security related reports
  • Support community emergency response activities as directed by company policies, plans and procedures

Other personnel also have responsibilities for the SEPP.

Dispatchers are expected to:

·        Receive calls for assistance
·        Dispatch supervisors and emergency response personnel
·        Coordinate with law enforcement and emergency medical service communications centers
·        Notify supervisory and management staff of serious incidents
·        Establish on-scene communication
·        Complete any required security related reports
·        Provide direction to on-scene personnel

Mechanics (including volunteers and contractors) are expected to:

·        Conduct vehicle security inspections
·        Report suspicious behavior, packages, or situations
·        Report vandalism
·        Report threats and vulnerabilities of vehicle storage facilities
·        Provide priority response to safety and security critical items such as lighting
·        Maintain facility alarm systems

Human Resources personnel are expected to:

·        Ensure all pre-employment screening processes are carried out effectively
·        Notify the Chief Executive Officer of employee disciplinary action that may result in the affected employee becoming a risk to company facilities, systems, passengers, employees or other assets
·        Educate employees on employee ID policy and procedure
·        Ensure confidentiality of employment records and personal employee data

Communications (Marketing-Customer Service-Community Relations) are expected to:

·        Request assistance from public safety resources as needed for special events
·        Provide insight into potential threats and vulnerabilities through feedback from customer focus groups and other information sources
·        Designate a Public Relations Coordinator (PRC) for media contact regarding security incidents and issues

No comments:

Post a Comment