Why Good Policies & Procedures Can help Keep Your Business Safe

PenEvery security business, no matter how large or small, must have a policy and procedures manual.

The manual should set out, in clear and concise detail, the things that are important to the business, and how employees are to conduct themselves within the business.

It is often said that employees are the lifeblood of any organisation and that without trustworthy, competent employees, a business cannot function.

As we all know, in the security industry, many employees work either by themselves or have limited contact with fellow employees during their shift. This means that much of their work is unsupervised. Because of this, it falls upon employers to make sure that all employees are properly schooled and trained before letting them work autonomously.

While employers spend hours training their employees about the right way to do things in the field, what about the right way to do things in or around the office? How much time is spent on those things? Probably, not enough.

While there are no hard and fast rules that dictate what should or should not be included in a business policy and procedures manual, here are some that I think are compulsory inclusions.

The first thing that should make its way into any manual is basic information about the working day. It sounds trite to say, but somewhere within every manual must be written a statement that shifts start at 9.00 a.m., 5.00 p.m. and 12.00 a.m. and that employees are required to be onsite, properly attired and with requisite equipment, by the relevant starting time. You might be surprised to know how infrequently business hours are actually recorded in writing.

The manual should state that lunch is taken between the hours of 1.00 p.m. and 2.00 p.m. (or whatever relevant hours apply). If morning or afternoon tea breaks are provided, then mention should also be made of them. Any other break periods, or relevant times during the day in which work is not required to be performed by employees, should also be included. If employees are required to sign in or ‘clock-on’, then that should be stated, along with a notation that pay will be docked for late starters.

The manual should also include a fully-itemised leave policy. While the law prescribes minimum compulsory amounts of leave available to all employees each year (annual, sick, carers, long-service leave), you can control the method by which leave is applied for, and granted. In large organisations, applications for leave are usually channelled through a human resources department. While most smaller organisations will not have a dedicated HR manager, the principle remains the same. One person within your business should be responsible for receiving applications and then either approving or rejecting them.

By keeping all applications streamlined through one individual, your business can keep close tabs on staffing numbers, resources and budgets. The deadline by which leave applications must be submitted, to whom they must be submitted, and the process that your business will consider when deciding whether or not to grant the request, should form the basis of a written leave policy and should be incorporated into your manual.

Your business should also develop and record a behaviour policy. This policy should incorporate your expectations for your staff. You can include whatever matters you want (such as appearance, standard of dress and use of language within the office). The policy should also detail how a breach of that policy will be dealt with.

It should also set out what you consider to be intolerable behaviour within your business premises. Vilification or harassment of any type should be the cornerstone here. Sexual harassment, racial vilification, age, religious or other forms of discrimination are unacceptable in any workplace. Your policy should make it clear that your workplace is no different.

Again, the consequences of a breach of this policy should be clearly set out. You should ensure that all your employees are not only familiar with this policy, but are also schooled in it. One of the best ways to do this is by running annual seminars at which you identify the types of incidents that you would consider to be in breach of your policy, and to explain how such incidents would be dealt with. You should encourage your employees to discuss and identify such matters as incidents of discrimination, as they are not always obvious.

Given that many security companies engage in work that requires employees to carry firearms, an essential element of any policy and procedures manual will be the incorporation of a strict policy for their handling, distribution, retention and storage. Very few policies and procedures will be as significant for your business as this one.

The policy should set out, in precise detail, the sensitive nature of firearms treatment within your organisation, and how a breach of that policy will be dealt with. The policy should reiterate some fundamental elements of firearms training (such as a no-alcohol policy) and how firearms are to be handled and stored in the field.

Because of the significant nature of this policy, you should also tie it into your employment contracts. Sanctions for failure to comply with the policy (which, in the case of serious breaches, should include summary dismissal) should be set out both in the policy and in the employment contract.

You should also develop an electronic communications policy. Most business and workplaces now furnish staff with a computer, an email address, a mobile telephone and access to the Internet. They are provided for the benefit of, and on behalf of, the business. Employers need to be aware that an email or text message communication can bind a business in contract in exactly the same way as a formally-executed letter. An unauthorised or flippant email, sent from any email address linked to your server, can be as legally binding on your business as a letter penned and executed by your CEO.

As more and more court cases are being fought over whether a communication was authorised by the organisation from which it originated, there appears to be one constant, and that is, that responsibility for controlling the flow of information out of a business rests with the business. And, if the business is incapable of controlling that flow, it cannot blame anyone but itself if the content of the communication is not to its liking.

Significant damage can be caused by the misuse of all forms of communication. While there is no doubt that this has always been the case, and that businesses have always been liable for damage caused by their miscommunication, chances are that, in this age of electronic communication, it will happen more and more.

Twenty years ago, businesses could communicate over a distance in only three ways – by telephone, fax, or letter. This meant that businesses could more easily monitor what was coming in and going out. Twenty years on, and methods of communication are more prevalent and more immediate. In 2012, almost every person employed by an organisation is furnished with an email address. Almost all of those email addresses will have a signature with the name of the person and the organisation’s details incorporated into it. What this means is that, to the outside world, every person within that organisation represents that business, and that all email communications emanating from that address are official.

This is a frightening concept for those who understand how quickly a contract can be formed at law, and how much damage an unexpected and unwanted contract
can cause.

More often than not, damage can be sheeted home, not just to the employee, but also to the business. Your policy should therefore set out the manner in which all facilities provided by you (including mobile telephones) may be used and, more importantly, the manner in which they may not. As part of this, you might consider whether (if practical), all emails pass through a central point for approval prior to being sent from your office. You might also consider limiting the use of mobile telephones within the office, and restricting non-essential internet use to lunch or break times. While these might seem like drastic steps, they confirm how seriously you consider the issue to be. Whatever controls you choose to impose, they should be clear, concise and recorded in writing.

By having a properly-prepared and updated policy and procedures manual, security businesses can help themselves on a number of fronts. Firstly, they can educate their staff to behave in a manner acceptable to the business. Secondly, they can reduce confusion and tension in the workplace by setting standards, referrable not to some arbitrary decision, but to properly-formed and documented policies. Thirdly, they can help to protect the business.

For example, if the business is sued by a disgruntled, former employee on the grounds that a fellow employee engaged in discriminatory behaviour, then the business might be in a position to defend such a claim if it could establish that it had a discrimination policy in place; that the policy was known by, and regularly communicated to, all staff; and that, by engaging in discriminatory behaviour, the employee acted on his own accord and in direct contravention of the policy.

These suggested inclusions in your policy and procedures manual are brief and are by no means exhaustive. However, they are examples of matters that most security businesses should consider as being sufficiently important to the health and well-being of their organisation, that they deserve to be formulated, reduced to writing and, most importantly, communicated to staff.

Justin Lawrence
Justin Lawrence is a partner with Henderson & Ball Solicitors, 17 Cotham Road, Kew, Victoria, and practises in the areas of Commercial Litigation, Criminal, Family and Property Law. Henderson & Ball has Law Institute of Victoria accredited specialists in the areas of Business Law, Property Law and Commercial Litigation. Justin Lawrence and Henderson & Ball can be contacted on 03 9261 8000.