Frequently-Asked Questions (FAQs)
(or at the least the questions that we wish you would ask....)
We have no clue as to how much security we need or how it should be provided. Can you help us?
Yes, absolutely. The most challenging time for many organizations is the period when they are too small to have a formal security program in place, yet big enough to begin experiencing the security problems faced by a larger company.
Silva Consultants has helped many organizations through this period of transition. We generally recommend that a Security Assessment be conducted as the first step in developing a security program for your company. This assessment will identify your company’s security risks and help establish priorities for how security will be managed as your company continues to grow.
Our company has a culture that places great value on maintaining a friendly, open, and collaborative work environment. Can you help us to provide security in this environment?
Yes. We respect every organization’s unique culture and will design a security program that works within your specific environment. Yet, please recognize that some of the very values that you cherish may make it easier for a criminal or other adversary to exploit you. We help you to find the right balance between maintaining a friendly and open environment, and in providing an adequate level of security for your people and other important assets.
How can we tell if our present security program is adequate to meet our needs? Can we do a better job of security with the resources that we already have?
A formal Security Assessment will help you to answer these questions and more. The assessment can be thought of as being similar to the annual physical “check-up” that many people get from their physician. During the assessment, all aspects of the security program are examined, any weaknesses are identified, and suggestions for improvements are made. In addition, opportunities where costs can be reduced or where security operations can be made more efficient are identified.
Is the process you call a “Security Assessment” known by other names?
Yes. Different security practitioners sometimes have different names for this process. These names may include “Security Survey”, “Security Audit”, “Risk Analysis”, “Threat Assessment”, “Threat and Vulnerability Assessment” (TVA), “Risk Assessment” , “Security Gap Analysis”, and many others.
How does a Security Assessment conducted by Silva Consultants compare with those performed by other consultants?
The Security Assessment process used by Silva Consultants is one of the most comprehensive in the industry. (See a detailed description of our Security Assessment process in Security Assessments).
Our Security Assessment report is where we really differentiate ourselves from most of our competitors.
First, the report is intended to be read by a non-technical reader who may not be familiar with most technical security terms. We keep the use of acronyms and “buzz words” to a minimum, and use simple, easy to understand language whenever possible.
Second, we offer practical, proven security recommendations that can easily be understood and implemented. Unlike some consultants, we avoid making broad, generalized recommendations that are difficult to understand and nearly impossible to implement. We also carefully consider the operational and cultural impacts of what we recommend, and avoid suggesting things that would be impractical to implement at your facility.
Some consultants like to “bulk-up” their assessment report with lots of unnecessary photos, copies of articles from trade magazines, and other filler material. Our reports are very detailed, yet concise and to the point. The majority of the report will have been specifically developed for your project, and we use a minimum of “canned” or “boilerplate” material. When we include photos, they are directly related to specific findings or recommendations. and are not just used to fill up space.
Finally, we provide a prioritized action plan with each report. This plan provides a summary of recommendations and costs and groups them in order of priority. This allows you to do the most important things first, and implement the remaining recommendations later if desired.
Do you provide an “executive summary” or other abbreviated version of your Security Assessment Report?
Yes. Every report contains a one to three page executive summary, as well as a summarized listing of all recommendations. Either or both of these can be given to senior executives and others who don’t wish to read the entire report.
What methodology does Silva Consultants use to conduct a Security Assessment?
There are numerous formal methods used to conduct security assessments. These include the CARVER Method, the RAM methodologies developed by Sandia Laboratories, and other systems developed by the Department of Defense, Department of Homeland Security, and other government agencies. All told, there are probably at least several dozen different risk assessment methodologies in common use.
Silva Consultants has studied most of the assessment methodologies described above and continues to keep track of the latest developments in security and risk assessment. However, we do not strictly follow any of the established methodologies; we take the best techniques from each methodology and combine them to provide a security assessment specifically designed to provide realistic and practical guidance to private-sector facility owners. Our assessment methods have been used for over 35 years on more than 1,500 assessments and are constantly being refined to keep up with the latest trends.
What does it cost to have a Security Assessment performed?
Costs for a formal security assessment usually range between $5,000 and $50,000 depending on the size of the facility, number of employees, and complexity of operations. Please contact us for a free, no-obligation quotation on the specific cost to conduct a security assessment for your facility.
Why does the Security Assessment cost so much, and why is it worth it?
The security assessment process that we follow is very comprehensive and takes many hours of professional time to perform. The investment made in the security assessment can pay many dividends, especially in terms of savings in ongoing security operating costs. Considering that just one security guard working 24/7 can cost close to $175,000 per year in many parts of the country, the creation of a security plan that can reduce or eliminate the need for security guards can be money very well spent.
In addition, the focused and prioritized recommendations made in the security assessment can often keep the client from making unwise investments in expensive security technology (cameras, alarm systems, etc.) that won’t do the job. Often these systems seem like a good idea, but don’t really address the client’s specific security problems.
Finally, a well-designed security program can help cut thefts and losses and reduce liability claims. While it is often difficult to precisely quantify these types of savings, the cost of the security assessment can pale in comparison to the cost of just one major loss or liability claim
How long does it take to have a Security Assessment performed?
It typically takes about thirty days from the time we start the security assessment process until the time that we deliver the first draft of the Security Assessment Report. Larger and more complicated facilities may require more time. We are often able to give the client a preliminary report, either verbally or as a brief written outline, within just a few days after we have completed our field work.
My company has over a hundred facilities nationwide. Do we need to conduct a separate Security Assessment for each facility?
Many organizations choose to have assessments done at only a representative number of their facilities. These are often picked by size; the company will select examples of their typical “small”, “medium”, and “large” facilities. Other organizations may choose examples of facilities based on geographic region.
In addition to conducting assessments at these representative facilities, separate assessments would almost always be conducted at specialized facilities, such as the corporate headquarters facility, data center, and other unique facilities.
How often do you recommend that organizations have a Security Assessment performed?
At least every three years. Major changes in your business, such as the bringing on of a new product line or a major facility expansion, may require you to reevaluate your security program sooner.
If I have a Security Assessment performed, and fail to implement the security improvements that you recommend in your report, aren’t I placing my company in a position of increased liability?
This is a legal question that should be answered by your attorney. Most reasonable people look favorably upon an organization that tries to do the right thing by periodically reviewing the way that it provides security. However, if you have blatant security problems and have no intention of correcting them, you probably aren't going to be well served by having us prepare a written assessment report.
Some clients have asked that we perform our work though their attorney with the expectation that our report would be treated as “attorney-client work product” and kept confidential. Other clients have asked that we provide only a verbal presentation of our findings and recommendations. Again, this is really a legal issue and your attorney should be consulted if you have concerns in this area.
Do you offer free samples of your assessment reports or provide templates that I can use to conduct my own assessment?
Organizations who we feel are legitimately considering the use of our services can receive a sample assessment report after signing and returning a written non-disclosure agreement. We don't provide sample reports or templates to other parties.
Can you help us to implement the security improvements that you recommend?
We can provide as much or as little assistance as you desire. Some of our clients have extensive in-house resources and are able to implement most recommendations on their own. Other clients feel that their in-house staff lacks the time and/or expertise necessary to implement the recommendations and choose to hire us to provide additional assistance.
Some of the things we can help with include writing RFPs and preparing bid specifications, assisting with the selection of vendors and products, the development of security policies and procedures, and conducting training for employees and managers.
Why can’t my security systems vendor or guard company provide me with advice on how to design my security systems and develop my security programs?
Many people selling security equipment or other services often call themselves “security consultants” or “security advisors”. While well-intentioned and probably knowledgeable of their own particular discipline, most “consultants” of this type do not possess the wide range of technical skills necessary to be a true security consultant. For example, it is unlikely that a person selling alarm systems is knowledgeable about the protection of confidential information, the prevention of workplace violence, and the myriad of other complex security issues that need to be addressed in today’s world.
Further, the solutions offered by this type of “consultant” generally involve the use of the specific type of products that he or she sells; i.e. the person selling electronic security systems will recommend the installation of electronic systems, the person selling guard services will recommend the use of guards, etc. This does not imply dishonesty on the part of the person offering the advice—but is only a reflection of this person’s limited scope of knowledge and the natural tendency to want to sell his or her own product.
Silva Consultants is an independent security consultant, and has no ties to suppliers of security equipment or guard services. (See What is an Independent Security Consultant?)
Can my local police department provide me with good advice on how to deal with security problems?
Most police departments are “reactive” rather than “proactive” organizations. While most police departments can provide some crime prevention advice, their emphasis will usually be on simple measures that help to prevent common street crimes.
With few exceptions, police agencies are not equipped to provide advice on preventing internal theft, matters involving the protection of confidential information or trade secrets, and other complicated security issues that must be faced by businesses. In addition, police agencies are generally not well versed in physical security and the latest in security technology.
We encourage you to take full advantage of whatever free security consulting your local police department offers. However, in most cases, you will find that the advice provided by police departments will fall far short of addressing all of your security needs.
My insurance company provides me with a free safety and security audit every year. Is this the same thing as the Security Assessment that you provide?
The security and safety audits provided by most insurance organizations usually consist of conducting a physical inspection using a prepared checklist. The inspector notes compliance or non-compliance in each area on the checklist and prepares a summary report of his findings.
It is our opinion that this type of audit is useful in identifying obvious physical security deficiencies (holes in fencing, burned out lights, etc.). However, this simple type of audit only looks at a small subset of the total security program, and is nowhere near as comprehensive as a formal Security Assessment.
I am the corporate security manager at my company. Won’t my boss question my abilities and think less of me if I ask to bring in an outside security consultant?
To the contrary, most practitioners in every profession use consultants to provide specialized expertise or to render an outside opinion. Think of your physician, who never hesitates to bring in other professionals (radiologists, hematologists, etc.) when conditions warrant it. Undoubtedly, the senior management team at your company (and probably your boss) regularly call in consultants of various types to assist with certain projects.
The benefits provided by an outside security consultant include:
The ability to provide a fresh, unbiased opinion.
Experience with similar security problems and conditions at many other companies and organizations.
Current knowledge of security best practices and the latest security technology.
Ability to work full-time on your project.
Experience in conducting formal consulting assignments, report writing, and presentations.
No need to moderate opinions for political reasons—can “tell it like it is” without fear of retribution.
See more on this topic in the article Why Would an Experienced Security Manager Hire a Security Consultant?
Can you help us solve an ongoing internal theft problem?
No, at least not initially.
If you suspect an internal theft problem, we suggest that a qualified private investigator be hired to try and identify the culprits. The investigator may choose to employ covert video surveillance and/or place undercover operatives within the organization in an attempt to identify the thief. Making sudden changes to the security program in advance of the investigation might jeopardize the operation and make the criminals temporarily discontinue their activities.
Once the initial investigation has been concluded, a security consultant should be brought in to conduct a Security Assessment and make recommendations on how to keep the situation from occurring again.
We are designing and constructing a new facility. At what point in the design process should a security consultant be brought in?
A security consultant should be brought in at the earliest phases of the project. The input provided by a security consultant can have a major impact on site layout and general building design. Things such as the location of building entrances, physical separation of public and non-public areas, and the placement of stairs and elevators all can greatly affect the way that the building can be secured.
A good security consultant can also provide guidance on the effective use of CPTED principals in the design of the building and site. These principals can allow good security to be achieved through use of natural design elements, greatly reducing the need to rely on physical and electronic security systems.
A common mistake is to wait until the design has been fully developed before bringing in a security professional. At this point, there is a strong reluctance to alter the design in any significant way and it may be costly to make the changes necessary to provide good security.
Where is Silva Consultants located and what areas do you serve?
Silva Consultants is located in the northwest region of the United States in Covington, Washington. Covington is a small town located about 30 miles southeast of Seattle. (We were formerly located in the city of Edmonds, Washington.)
Since 1985, we have performed projects in almost every area of the United States and several in Canada. A number of our corporate clients have hired us to provide services at all of their facilities nationwide, and this has given us the opportunity to work in nearly every state.
Our primary service areas are the states of Washington, Oregon, Idaho, and California, although we are willing to consider projects in any location where we feel we can provide good service to the client in a cost effective manner.
Does it matter where the security consultant is located?
Work on projects away from the consultant's home base always increases costs due to travel time and travel expenses. A consultant located in your area also probably has a better understanding of local security conditions and has better contacts in the local law enforcement and security community. So, when considering two equally qualified consultants, you are generally better off hiring someone local rather than bringing in someone from out of town.
However, many clients outside of our primary service area have chosen to hire us because of our specialized technical expertise in certain areas or because they prefer our unique method of conducting security assessments. A number of our clients have also used us to provide services nationwide because they wanted consistency in the security program at all facilities.
Does Silva Consultants provide services outside of the United States?
Generally not. While many security consultants claim to provide services internationally, we feel that the client is not well served when the consultant is not knowledgeable of the local language, local security conditions, local laws, and types of resources available in the country where the project is located. If the majority of your sites are in the United States, but you have a few facilities located outside of the US, we would be happy to take on the overall project and find qualified local associates to perform the work at the international sites. However, if your facilities are located primarily outside of the US, you would probably be better served by finding a consultant in your local region.
Does Silva Consultants specialize in any specific type of client?
No. Silva Consultants works with a wide range of different types of clients. We have performed projects at corporate headquarters facilities, data centers, manufacturing facilities, warehouses and distribution centers, hospitals and healthcare facilities, biotechnology and pharmaceutical facilities, educational facilities, government facilities, public utilities, and residences of celebrities and other high net worth individuals.
There are certain security consultants who specialize in only a specific type of client. For example, there are consultants that just do schools or just do hospitals. Silva Consultants is a generalist and does not specialize in any particular type of client, however due to the large number of projects we have done since 1985, chances are good that we have already performed work at several facilities very similar to your own.
Is there an advantage to using a specialist security consultant over a generalist?
Yes. A specialist is generally already up to speed on your specific industry or profession and already speaks your language. A specialist should also be very familiar with security problems common in your business and security best practices used at other similar facilities. A specialist may also have more credibility when presenting recommendations to your senior management team or other employees.
However, there are downsides to using a specialist also. Often, specialists tend to take a "cookie-cutter" approach when recommending security solutions to clients and fail to listen to your unique problems. For example, a hospital security consultant may attempt to give you the same recommendations he gave the last twenty hospitals he worked for.
As it would be rare to have a specialist consultant located right in your city, this type of consultant must usually be brought in from out of town. This often involves extra expense and the out of town consultant is usually unfamiliar with security conditions and resources in the local community.
Finally, the specialist may be so focused on his specific industry that he is unaware of security solutions used in other industries. Often, a security solution developed for one industry can be directly applied to another, and the specialist may fail to see this.
Is a large national or international security consulting firm better qualified than a small independent consulting firm?
Contrary to what people might think, the quality of service provided by a large national or international firm is usually no better than that provided by a smaller independent firm, and in many cases, may actually be worse.
Consulting projects are performed by people, not companies. If the large consulting firm assigns competent people to your project, you will probably get excellent results. However, it is very common for large consulting firms to win a contract using the resumes of their most senior people during the proposal process. Once the project is won, the vast majority of the actual work may be assigned to junior people who are considerably less qualified.
The managers of some large consulting firms are usually under constant pressure to generate lots of "billable hours" and to maximize revenue. Sometimes, the need to meet revenue targets gets in the way of doing what's right for the client or project. It's hard to think long-term when you are trying to meet this month's quotas.
With a small independent consulting firm, it is very likely that the owners of the firm will be personally involved in every project, including yours. You will generally get a higher level of personal service from the smaller firm, and your project will be treated with greater importance. While the smaller firm needs to generate profits to stay in business, there is generally less emphasis on short term results and a greater emphasis on developing a long-term and mutually beneficial relationship with the client.
Where larger firms do have an advantage is when dealing with large scale projects that must be completed within a short time frame. Large firms can generally assemble a large team of people that can quickly begin working on your project almost immediately. A larger firm will probably also have offices in multiple cities. This can be an advantage when a project is spread across multiple states or continents, as consultants can be assigned from local offices, reducing costs of travel.
To offset these advantages, many smaller consulting firms often collaborate with other similar-sized firms when working on large projects, or when working on projects that have multiple locations. For example, Silva Consultants belongs to an association that has more than 100 independent security consultants as members. We regularly collaborate on large projects with fellow members as well as take advantage of the many types of specialized expertise that exists within this organization.
Does Silva Consultants have openings for security consultants or for people retiring from the military or law enforcement?
No. At the present time, Silva Consultants is not hiring for any positions.
Did You Know?
Most people wait until after a major theft or other crime has already occurred before they call in a security consultant
Many losses could have been prevented if a security consultant were called in earlier
Silva Consultants is located near Seattle, Washington.
Our primary service area is Washington, Oregon, Idaho and California, but we serve clients in all parts of the United States.
Thinking about becoming an independent security consultant yourself?
Buy Michael A. Silva's book on Amazon
Published May, 2016