Twenty-eight years ago, I began my career as a hotel night security guard at the SAS Scandinavia Hotel in Oslo, Norway. The hotel was part of the SAS International Hotel chain of nearly 25 hotels, all located in Nordic countries, except for one in Kuwait. Today, I work for the company that operates that same hotel, but it is now part of the global Carlson Rezidor Hotel Group with over 1000 hotels in more than 110 countries and territories.
When I started out, our security department was large, professional, well-equipped, and well-trained. We were the in-house emergency response team. We worked closely with local law enforcement on security issues, the fire department gave us in-depth fire safety training and someone from the local ambulance service trained us in advanced first aid. In the first couple of years, I made good money working overtime on investigations and handling incidents. Security was our department’s business, and not a lot of time was spent training other staff how to detect, deter, or prevent issues that could become incidents that needed our response.
Our first experience of having to evacuate staff—not only from the hotel but from a country—was in 1990 when Iraq invaded Kuwait. I can still remember my boss calling me early in the morning asking why our hotels didn’t have plans for what to do if a foreign army invaded and took over the building.
Gulf War 1 also brought the 24 hour live television news channels to life. The days of the news deadline were disappearing and the information age was rolling in. By the mid-90s our hotel group was also expanding. We had more hotels in more locations, meaning different legal systems and requirements. The hotels themselves were different sizes and ranged from beach resorts, to city centre business hotels, to a seasonal ski resort or two in the mountains. Writing a one-size fits all security manual for the chain was not only becoming difficult, it was impossible.
In 1997 we started to change our entire approach to security when we formally announced to our hotels that corporate safety and security were no longer simply a command and control function in the company but were a support function. Our role was not to protect all of our hotels but to support them so they could protect themselves, their guests, their staff, and their property.
Instead of a manual, we introduced self-assessment programs linked to a dynamic online library of best practice examples of how some hotels in the group are tackling the challenges faced within the “Four Cornerstones” of Guest Safety and Security, Employee Safety and Security, Fire Safety, and Operational Security. Being able to learn from each other’s experiences is a big and helpful step towards increasing preventive preparedness for many of our hotels.
At the corporate level, our approach was changing on other levels as well. As our shift from centralised command and control towards a more collaborative approach was taking place, we also started to look at what elements would best assist us in our role as a support function to the hotels and the business overall. Our answer was the TRIC=S formula:
Threat assessment + Risk mitigation + Incident response capability + Crisis management, communication and continuity = Safe, secure and sellable hotels. In short that means, we start by looking at what can negatively impact us, what can be done to reduce the risk or the impact, how do we respond if a risk becomes an incident, and what do we have in place if the impact is so great it threatens life or disruption of operations. Unlike a prescriptive program, the formula has the great advantage that it can be applied almost anywhere.
If the growth of 24 hour news channels signalled the start of the information age in the late 1980’s, things certainly didn’t stop there. Today, we live in a world of tweets, Tripadvisor, and real time travel tracking. If travel used to be an adventure into the (sometimes) unknown and unfamiliar, today it may still be an adventure, but expectations have been built by Youtube, Instagram, and Facebook, promising sunny skies and smiling faces.
On the other hand, the fact that almost any person anywhere can broadcast almost anything in close to real time, also means that travellers today may have expectations that are driven more by fear than by threat assessment. The legal situation and duty of care requirements in many countries have also led to more scrutiny and focus from tour operators, travel providers, and companies who send their employees on business trips. How can they reassure themselves that their destination will be safe and that they are not putting themselves, their clients, or their employees at undue risk?
Most big chains have brand standards for their hotels, and since 2007, a number of the larger international hotel groups, including Carlson Rezidor, have worked together on the Overseas Security Advisory Council’s Hotel Security Working Group. Since 2009, the working group has conducted an annual joint training workshop for our security managers. Workshops have been held in Mumbai, Doha, Istanbul, Shanghai, Bangkok, Amman, and New Dehli with the idea of improving the knowledge and capability of our security leaders. Additionally, the training builds bonds between hotel security managers from common destinations and empowers them to take new knowledge back to their cities and countries that can help improve the hotel security management capabilities.
Unlike many industries however, there is no universally accepted international standard for hotel security. Although the big brands have their own standards and some countries have regulations that govern hotel security, how can a traveller know or how can a company conduct due diligence that covers their duty of care when it comes to finding safe accommodation?
Many companies send questionnaires out as part of their Request for Proposal and hotel contracting process. Hotels can be sceptical if they feel the questions may put them in an unfair liability situation. The company is in the position of having to trust the responses, and it may be questioned whether a process without verification properly fulfils the duty of care requirement. Another much more expensive solution for the guest or buyer is to have someone inspect or survey the hotel. In addition to the expense, it is also questionable whether hotels should show an unauthorized, third party where all their critical infrastructure is, and how it is accessed and secured.
A new possibility is emerging that may be beneficial to hotels, travellers, and travel buyers alike: compliance. This year, we signed an agreement with the certification company SafeHotels Alliance AB. In addition to reviewing and approving the self-assessment process that all of our hotels around the world have access to, SafeHotels certifies hotels that submit to a survey and follow-up program that ensures the hotel is meeting the criteria that they’re independent, which the “Global Hotel Security Standard” requires. The guest or buyer is no longer dependent on trusting answers on a questionnaire, or carrying the cost of an inspection that may not give access to the information needed to make an informed decision. By choosing a certified hotel, the guest or buyer can be confident that a competent person has reviewed the hotel and worked with the hotel management to close any gaps or resolve any issues until the certification requirements are met.
The threats we face may differ in scale from place to place, but we truly now do live in an anytime, anyplace, anywhere threat environment.
Technology helps us with every element of our TRIC=S formula, but for us, security has moved far beyond guards and gates, and we are keenly aware that safety and security is dependent on the everyday actions of every employee at every level in every hotel. Just as we moved from a simple command and control structure to a focus on internal and external, communication and collaboration, we believe that compliance will become a new tool in our belt that will benefit hotels and their guests alike.
Paul Moxness has been with The Carlson Rezidor Hotel Group since 1987. He leads Carlson Rezidor’s global hotel safety, security and crisis council overseeing development of safety and security support programs and guidance globally for all brands. He is an active member of ASIS International's CSO Roundtable advisory board. He is also a founding member of the Overseas Security Advisory Council’s Hotel Security Working Group as well as a member of the steering committee for OSAC’s Africa Regional Council. Paul is based in the Carlson Rezidor Hotel Group Corporate Support Office in Brussels, Belgium.
