Title Page
-
Branch
- MHO
- SF/LA UNION
- STA ROSA
- CEBU
- NAGA
- DAVAO
-
Conducted on
-
Audit conducted by
-
Position
-
Location
-
Country General Manager
-
Country Head of Security
Key Control
-
Keys in day to day or regular use must be held separately from any spare keys.
-
Vehicle ignition and vehicle security keys must be held separately from each other. (Vehicle security keys include vault compartment keys – not used by crew, vault safe keys, vehicle system initiation keys, etc)
-
Vehicle security and vault keys must not be carried on CIT vehicles but must remain on branch while the vehicle is operational, unless required for maintenance or breakdown.
-
All keys (including spares) must be recorded on a current key inventory (Master List) which – as a minimum – must record the number of keys, the key type(s), the serial number(s), the purpose and owner of each key held.
-
A hard copy of the key inventory must be printed each month and date stamped. The inventory list must be audited against the physical keys held at least once per month. Such audit must be confirmed by signing and dating the printed key inventory and all/any discrepancies must be recorded and brought to the attention of the BM and Security Director/manager for investigation and rectification. The only exception to this is where an electronic system is in use which has a built in audit capability.
-
All keys must be issued and returned on signature and the use of key issue registers in mandatory. Asset tracking systems which record issue and return of keys may be used provided these have been approved by group security.
-
Audit Photos
FIREARM CONTROLS
-
Where firearms are in use, then all branches must use secure and effective firearm control systems and procedures in order to ensure that the whereabouts of all firearms can be accounted for at any given time.
-
Where national or local legislation or regulation stipulates that firearms must be deployed, then the business must ensure that such regulation or legislation is complied with in full.
-
Control systems must ensure that firearms are only issued to properly qualified, licensed, trained and authorized employees and that all firearms licenses are current and in place, and that all training requirements have been fulfilled.
-
Requires that employees licensed and required to use firearms receive range training on at least an annual basis (but more often if required by local legislation or regulation). Training records, including scores attained, must be held on file for audit purposes.
-
Firearms must be stored securely with access restricted to duly authorised personnel.
-
Ammunition must also be stored securely and separately from the firearms.
-
All firearms must be recorded in a firearm inventory which (as a minimum) records the make, model / type, serial number and calibre of each weapon.
-
A hard copy of the firearm inventory must be printed every month and date stamped. This inventory must be audited against the physical firearms held, at least once every month (or more frequently if required by local legislation or regulation). Such audit must be confirmed by signing and dating the printed firearm inventory and all / any discrepancies must be recorded and brought to the attention of the Branch Manager and country Security Director / Manager so they can be investigated and rectified.
-
All ammunition must be recorded in the inventory, showing (as a minimum) the number and caliber of rounds in stock and on issue. All firearm licenses and competency certificates must be held securely and be subject to regular audit, sufficient to ensure compliance with local legislation.
-
All firearms and ammunition must be issued and returned on signature and the use of firearm issue registers is mandated.
-
The business must provide adequate facilities on branch to enable the safe loading and unloading of firearms after issue and before return.
-
Firearms must never be issued for personal use and must not be stored away from Company premises unless the business has a process for doing so which is authorized by Group Security, and each instance is authorized in writing by the country Security Director / Manager. Such written authorization's must then be held on file for audit purposes.
-
Audit Photos
BRANCH SECURITY & EQUIPMENT INSPECTIONS
-
All branches and security equipment must be subject to a regime of regular checks and inspections to ensure optimum performance and compliance.
-
Daily security inspections must be conducted to confirm that all security features and equipment are in place and in full working order. These inspections are to be recorded and a procedure must be in place to ensure that any defects or faults found are escalated and urgently rectified, and that management is alerted if urgent rectification is not possible so that alternative mitigating action(s) can be taken.
-
Weekly security inspections must be personally undertaken by branch management to confirm that all security features and equipment are in place and in full working order, and also to assess and confirm the accuracy and quality of the daily inspections being conducted on their behalf. These weekly inspections are to be recorded and a procedure must be in place to ensure that any defects or faults found are escalated and urgently rectified.
-
Periodic security inspections must be undertaken by member(s) of the security function to verify that a) all security features and equipment are in place and in full working order, and b) to verify that the required daily and weekly inspections are being done. These periodic inspections are to be recorded and a procedure must be in place to ensure that any defects or faults found are communicated to branch management to enable urgent rectification, and that they are escalated to senior management as appropriate.
-
Audit Photos
BRANCH SECURITY
-
Systems and features must be in place to provide a sufficient level of security to prevent and detect unauthorised access to branches and provide sufficient response time in the event of attack. The required standards of branch security are relative to the values held and are stipulated in the premises specification document.
-
Access Control systems must prevent unauthorised access and so the use of PIN codes and proximity cards alone or together is not sufficient unless another layer of security is also in place (e.g. biometrics).
-
No individual must be granted ‘access all areas’ of any cash-holding facility / location, irrespective of rank or seniority.
-
CCTV systems must record activity at all points of entry, search, cash processing workstations and secure areas.
-
Alarm systems must be in place to detect intruder and fire incidents, and these must be easily distinguishable from each other, such that employees are able to take the appropriate action in response to either.
-
Interlocks comprising two or more doors must be in place to enforce single-person access to every secure area. For the avoidance of doubt, an acceptable interlock is one where it is only possible to open one of those doors at any given time. Acceptable alternatives to interlocks would be (for example) a non-return turnstile, but any such alternatives must be approved by Group Security before deployment. Any interlock (or turnstile, etc.) identified by the security inspections (see section 3 above) as not working correctly must be treated as a priority and fixed within 24 hours, with mitigating arrangements deployed until it is fixed.
-
Access to any secure area must ultimately be controlled from within or from a remote NCC and such access must not be granted unless positive identification is possible.
-
Appropriate anti-ram protection must be in place on branch perimeters and exposed secure-area walls, to mitigate the threat of forced access.
BRANCH DESIGN & BUILD
-
All new branch designs or material security upgrades / expansions must be approved by Cash SEC prior to submission for ‘capex’ to ensure they meet the minimum required standards for their intended purpose and level of cash holdings. These required standards are relative to the value of the holdings in each branch category, and are set out in the Premises Specification Document.
-
Does the existing branch location meet the required standards set out in the Premises Specification Document.
-
100% segregation of access, concrete lid separating the occupiers or (concrete walls if other occupier on same floor), installation of seismic detectors on adjoining walls/ceilings.
-
Premises design -Stand alone premise required above 60m USD
-
Smoke Cloak or equivalent protection in the bays and exposed ground floor secure areas.
-
Detail the construction of the roof area not covered by concrete, include details of alarms above the roof and whether there are armed guards on site whenever the branch is operational.
-
Audit Photos
SECURE-TO-SECURE ROUTES
-
Secure-to-secure routes are also known as ‘trunk’ or ‘high-value’ routes and must adhere to the following principles to mitigate the risk of catastrophic loss
-
Vehicle loading or unloading must only take place in secure areas. Where loading or unloading is required at non-Brinks premises, then the senior security person within the business is responsible for approving each specific location (in writing) as being fit for use as a secure area.
-
Crews must have no access to the cash en-route (i.e. between the points of loading and unloading), and no security keys must be carried on board the vehicle while it is operational (see MSP 1).
-
Vehicles must not be permitted to stop en-route - i.e. between the points of loading and unloading. The only exceptions to this requirement are those routes which cover such long distances that they necessitate breaks or overnight stops. In these cases, such stops must only be at recognized and approved secure locations where the cash and vehicles can be securely housed. These locations must be individually authorized in writing by the most senior security person in the business unit - e.g. Director, Head of, Manager - and endorsed by the Regional Security Director. Each such authorization must include a written procedure to facilitate the stop(s) in a safe and secure manner.
-
All secure-to-secure routes must be operated with a minimum two person crew unless authorized otherwise by Group Security. (Applications to be made via the Operating Limit Procedure).
VEHICLE DESIGN & OPERATION
-
VEHICLE DESIGN & OPERATION: All new vehicle designs or material upgrades / expansions must be approved by Cash SEC prior to submission for ‘capex’ to ensure they meet the minimum required standards for their intended purpose and value of loadings. The fundamental requirements for cash vehicles are set out in the ‘Vehicle Specification Document’, which specifies the requirements relative to the value of anticipated loadings.
-
Sample vehicle inspection report
-
Cash storage areas must be separated from the crew / driver compartments.<br>1. The vehicle must have a vault compartment.<br>2. The keys to the vault compartment must never be left in the lock whilst the vault is not being accessed.
-
Effective Vehicle Tracking Systems (electronic or manual) must be used and vehicle positions monitored by communicating with vehicles at regular intervals en-route.<br>1. Vehilces must either have GPS (or other) tracking systems which can be monitored at a central point NCR etc.<br>2. If no tracking system is fitted branched must operate telephone monitoring of vehicles throughout their trip. Records of the tele monitoring must ne retained on branch.
-
All vehicle access and internal cash storage / crew compartment doors must be fully interlocking.<br>1. This is applicable to all high value CIT/ATM vehicles.<br>2. This does not apply to low value vehicles (softskin).
SURVEILLANCE
-
All crews must be subject to a regime of regular checks and inspections to ensure their full compliance with operating procedures and security protocols designed for their protection and to minimise the risk of attacks and consequent losses.
-
Covert and Overt surveillance of operational crews is to be conducted to ensure that “on the road” and “across the pavement” procedures are being complied with. Findings must be photographed, reported and notified to management to enable appropriate coaching and / or disciplinary action to be taken.
-
This surveillance is to be undertaken by members of the security function of the business on a periodic basis and must be in addition to any surveillance conducted by operations management.
-
The head of the security function and his operational counterpart within the business must stipulate and enforce the minimum levels of crew surveillance to be undertaken by his department. These minimum levels are then to be documented in the business unit’s security plan and thereafter monitored and reported on, on a monthly basis (in the Business Unit Monthly Security Report).
-
Sample report
VEHICLE SECURITY INSPECTIONS
-
All cash-carrying vehicles must be subject to a regime of regular checks and inspections to ensure optimum performance and compliance and to ensure that no vehicle is used on operations if any of its security features or systems is not working.
-
Daily security inspections of every vehicle are to be conducted to confirm that all security features and equipment are in place and in full working order. These inspections are to be recorded and a procedure must be in place to ensure that any defects or faults found are immediately reported in writing and rectified. Issues must be escalated to management if rectification is not possible, so that the vehicle can be prevented from undertaking operations unless adequate mitigating action(s) can be taken.
-
Weekly security “walk round” inspections must be personally undertaken by branch management on a selection of the cash-carrying vehicles on the branch fleet, to confirm that all security features and equipment are in place and in full working order and also to assess and confirm the accuracy and quality of the daily inspections being conducted on their behalf. These weekly inspections are to be performed in sufficient numbers to ensure that every vehicle is seen during the month, and the inspections are to be recorded. A procedure must be in place to ensure that any defects or faults found are escalated and urgently rectified, or that the vehicles are removed from operations.
-
Periodic security inspections must be undertaken by member(s) of the security function on cash-carrying vehicles, to verify that a) all security features and equipment are in place and in full working order, and b) to verify that the required daily and weekly inspections are being done. These periodic inspections are to be performed in sufficient numbers to ensure that all vehicles are inspected at least quarterly. The inspections must be recorded and a procedure must be in place to ensure that the findings are any defects or faults found are communicated to branch management to enable urgent rectification, and escalated to senior management as appropriate to ensure that defective vehicles are removed from the operation.
-
Any vehicle with defective interlocks is not to be used for cash-carrying duties.
-
Audit Photos
STANDARD OPERATING PROCEDURES
-
All cash businesses must have Standard Operating Procedures (SOPs) in place in order to ensure the operation is as efficient, safe and secure as possible.
-
SOPs must be written by Operations;
-
SOPs must be verified and endorsed by the Security Department in the business;<br>1. Both operations and security must sign off all SOP's.
-
SOPs must be regularly reviewed by the Operation to ensure currency and accuracy is maintained;<br>1. When a change is made to the method of operations these changes need to be reflected in revised Sop's signed off by both ops and security.
-
Operational employees must be trained in and conversant with the SOPs to enable them to comply fully with their content;<br>1. New employees must be trained on relevant SOP's.<br>2. When changes are made to SOP's all relevant staff must undergo training.
ANTI-DURESS PROCEDURES
-
Where the risk of duress attack exists, procedures designed to ensure a secure and effective response to duress situations must be written, trained, practiced and regularly reviewed.
-
The risk of Duress attacks (generally, or Tiger-Kidnap specific) does not exist in your location.<br>1. Answer No unless there clear credible threat that has been communicated to the region and is subject to ongoing mitigation activities.
-
If yes, do you have in place procedures which are designed to ensure a secure and effective response to duress situations, which are written, trained, practiced and regularly reviewed.<br>1. Should be marked NA unless there is a very clear threat which has been communicated to region, the AME region policy is not to adopt the Tiger training process.
SCREENING & VETTING:
-
All employees must be screened and vetted in accordance with Group Minimum standards to ensure, so far as is possible, that no one is able to join or remain with the business with the intention of stealing from it, or aiding and abetting others to do so.
-
1. All countries must have a clearly documented procedure for the initial vetting of all employees and subsequent re-vetting.<br>2. Where possible criminal record checks should be conducted.<br>3. Where possible credit checks should be conducted to establish level of indebtedness, as a matter of policy employees should be asked to state their commitments at the time of the pre-employment interview.
-
Employees must be regularly re-screened and re-vetted during service
-
Any employee being promoted or appointed to a secure-area position (e.g. Vault Officer, Branch Security Officer, NCC Controller, etc) must be re-vetted before the appointment is confirmed and before he / she is able to undertake such duties).
-
In countries where proof of identification is limited or restricted (e.g. where passports , national ID cards or birth certificates are not readily available or reliable), then the business must ensure that home visits to positively identify an applicant are undertaken before his or her employment is confirmed.
POLICE RELATIONSHIPS
-
An effective relationship must be maintained with the Police and other law enforcement agencies to ensure that beneficial intelligence to prevent attacks is exchanged, and that the business receives the best possible police response if and when attacks
-
Name of Police chief and Police hotline number
-
1. RSM has established relationships with senior police officers both centrally and across the branch network.
-
2. Branch Managers have established a working relationship with the police force where the branch is located.
-
3. A comprehensive set of SOP's exist both centrally and at the branches to ensure rapid response to emergency situations.
-
4. NCR operatives and Branch Controllers must be trained in how to deal with an emergency situation and have immediate access to full SOP's
SECURITY FUNCTION
-
A security function resourced appropriately in relation to the size of the cash business and its local risk environment is essential to ensure that the business is able to manage the attendant risk and implement the business’ security plans.
-
Does the business have a security function appropriate to its’ needs?
-
Is that function independent of the operation in that it reports directly to the MD, Country Manager or equivalent?
SITE SURVEYS:
-
All service locations (including secure loading / unloading areas) must be surveyed and risk assessed to ensure that the level of risk being assumed is acceptable to enable the commencement / continuance of service. Sites must therefore be surveyed
-
Sample Site survey report
-
A record of the risk assessment must be documented, maintained and available for external review,
-
When customer-contracts are signed, any service commitment must be subject to satisfactory survey of any / all service locations in any of the above circumstances. Contracts should include the requirement for customers to take any reasonable actions identified by site survey as being necessary to mitigate the risk of attack.