Selecting the Right Security Consultant for Your Project

Independence, appropriate experience and good references are just some of the signs that the consultant you’ve hired is the right fit for your university, hospital or district.

The University of Massachusetts, Amherst (UMass) recently selected an external consultant to perform a comprehensive review of its residence hall security program and make recommendations for improvements to ensure a safe campus community. The report addressed residence hall layout, nuisance alarm activation and remediation, among other recommendations. In choosing to contract an external consultant, UMass took into account a number of issues, and some of the key considerations that factored into their decision can serve as a good guide for any organization for whom safety and security in a residential setting is of utmost concern.

Security consultants generally work for non-security experts to provide supplemental knowledge, experience and services. However, it is also very common for such consultants to be retained by seasoned security professionals for a variety of reasons.

How often a security consultant is used in settings such as higher education, healthcare, municipalities or corporations will vary based on the individual institution’s needs and circumstances. The consulting services consumer needs to first identify the type of consultant for the organization’s needs, verify his or her independence, solicit a qualified consultant at an affordable fee and manage that consultant throughout the engagement.

Of note, one of the most significant challenges in this process is verifying a consultant’s qualifications. There are so many entrants into the market since 9-11 who profess to know security but might not actually be qualified.

RELATED: 10 Tips to Selecting the Right Security Consultant

The first step in hiring a reliable consultant is to define the requirements of the job. Does it involve the analysis of risk, implementation of security systems, regulatory compliance, management consulting, training or defense of an inadequate security claim? Only after the requirements of the job are defined can you select the right type of consultant to complete the work.

Security consultants generally fall into one of three categories: management, technical and forensic. For UMass Amherst, for example, technical security knowledge and experience were important components of the consultant selection process. Some would argue that a security consultant should work in more than one of these areas. A management or forensic consultant who fails to keep up with security technology cannot serve his or her client in the best manner possible. 

Key Factors to Consider in Choosing a Consultant
You want your consultant to be independent and not affiliated with a product or service. If your consultant is not independent, you should know about his or her relationship with a product or service line and understand that it may result in a conflict of interest.

Typically, an independent professional security consultant is going to be a member of ASIS International or the International Association of Professional Security Consultants. These are the top two logical affiliations. While lack of membership in either of these organizations does not equate to a lack of qualifications, participation indicates that the prospective consultant at least professes to observe the code of ethics and to meet the minimum standards for affiliation with the groups.

There are also several industry certifications that serve as benchmarks for the professional security consultant, including the Certified Protection Professional (CPP), Physical Security Professional (PSP) and Certified Security Consultant (CSC) among others.

Additionally, the consultant must be able to demonstrate prior experience and knowledge as well as provide references. While safeguarding confidentiality is an essential part of a consultant’s business, most clients when asked will agree to serve as a reference. Be wary of the consultant who claims that all clients are confidential and refuses to provide references

Industry Specific Knowledge – How Much is Enough?
How much does the consultant need to know about the industry in which you operate? There are two schools of thought and each has some merit. One school says for the consultant to be effective he or she must know your business; the other states that critical diagnostic processes can effectively be applied uniformly across multiple organizational types.

Those who believe the security consultant needs to have significant depth in a vertical market may assert the number of consulting engagements the consultant has performed in the relevant area of service/expertise is critical. For example, analyzing threats to water treatment plants is different from evaluating dangers at universities or hospitals. While there may be some common issues, there are enough significant differences that make specialized experience and knowledge crucial.

Get Our Newsletters
Campus Safety Online Summit Promo Campus Safety HQ