asis News March 2017GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-03-01T05:00:00Z, Flora Szatkowski<h4>​LIFETIME CERTIFICATIONS GRANTED</h4><p>The following security professionals have been awarded lifetime certification status:</p><p>• John D. Case, CPP</p><p>• Peter W. Bonino, CPP</p><p>• Juan C. Diaz, CPP</p><p>• Ira M. Weiss, CPP</p><p>• George L. Franklin, CPP</p><p>• David R. Hankins, CPP</p><p>• Matthew W. Sobota, CPP</p><p>• Heather Murray, CPP</p><p>• Robert A. Cizmadia, CPP</p><p>• Bernard L. Buckner, CPP</p><p>• William E. Carvajal-Ramirez, CPP, PSP​</p><h4>NEW FOCUS ON ESRM</h4><p>ASIS named Enterprise Security Risk Management (ESRM) a global strategic priority for the association and has committed to infusing its concepts into all programs and services.</p><p>Both a philosophy and management system, ESRM uses globally established risk management principles to help security professionals manage the varied security risks facing organizations. By making ESRM a strategic objective, ASIS is looking to shift the profession from a siloed approach to security management to a more collaborative process.</p><p>“Threats today are increasingly more sophisticated, targeting organizations in myriad ways. In addition, the rapidly evolving business and compliance landscape requires a more holistic and strategic approach to managing organizational risk,” says David C. Davis, CPP, 2016 president, ASIS International. “As the only global professional association representing the total spectrum of security, ASIS is uniquely positioned to lead this effort.”</p><p>ESRM covers not only traditional security issues, such as loss prevention and terrorism, but also a broad array of topics including brand protection, business continuity, corporate espionage, cybersecurity, information security, resilience, and white collar crime. Davis goes on to note, “by embracing an ESRM mindset, our members will become more effective security professionals and more valuable members of their organizations.”</p><p>To lead this initiative, the Board of Directors has established a two-year ESRM commission, headed by Dave N. Tyson, CPP, 2016 ASIS International chairman of the board. Tyson notes that while ASIS has been involved in ESRM for years, it has never committed to driving the approach in this manner or emphasizing its vital importance to the work ASIS members do.</p><p>“The commission will develop a framework to integrate ESRM into all ASIS education, white papers, research, and other professional offerings,” says Tyson. “We believe the result will be a more empowered membership, safer enterprises, a more strategic approach to risk, and a more cost-effective security function.”</p><p>Serving alongside Tyson on the commission are Brian Allen, CPP, chief security officer, Time Warner Cable; Raymond T. O’Hara, CPP, executive vice president, AS Solution; John Turey, CPP, senior director, TE Connectivity; John A. Petruzzi, Jr., CPP, vice president of integrated security solutions, G4S; and Volker Wagner, senior vice president, Deutsche Telekom. Additional members—from across the globe, industries, and specialties—are expected to be added. ASIS will also look to collaborate with other organizations to advance the richness and value of the content it develops. For more information, visit​</p><h4>CHAPTER ANNIVERSARIES</h4><p>Congratulations to the following ASIS chapters celebrating milestone anniversaries in the first quarter of 2017.</p><p>• Quebec City 5 years</p><p>• Evansville, Indiana, 10 years</p><p>• Fort Wayne 15 years</p><p>• Cape Town 25 years</p><p>• Salt Lake 30 years</p><p>• Central Iowa 45 years</p><p>• Central Wisconsin 45 years</p><p>• Pittsburgh 60 years</p><p>• North Texas 60 years​</p><h4>MEMBER BOOK REVIEW</h4><p><em>Practical Airport Operations, Safety, and Emergency Management: Protocols for Today and the Future</em>. By Jeffrey C. Price and Jeffrey S. Forrest. Butterworth-Heinemann;; 630 pages; $99.95.</p><p>This comprehensive deep dive into the world of airports is not a tome for summer beach reading. It’s an encyclopedic guide for those with a professional interest in the commercial aviation industry. The organizational, regulatory, and technical feats of operating a modern commercial airport demand a specialized knowledge base that is staggering, and these pages are as dense with material as they should be.</p><p>As a consultant to Los Angeles International Airport, I have come to appreciate the immense complexity of a site that churns a million people a week through its terminals. The interaction of stakeholders, government entities, flight operations, regulatory compliance, and infrastructure security can be overwhelming. In <em>Practical Airport Operations, Safety, and Emergency Management</em>, authors Price and Forrest explain that today’s modern airport is not simply a series of terminals and gates; but an aerotropolis—a transport hub integrated with the commercial, cultural, and social communities of a region.</p><p>The book’s 13 chapters cover operations, safety management, airport maintenance, air traffic control, emergency planning, and more. The text is rife with minutiae, so readers may learn about navigational aids, approach light systems, and the difference between displacement plows and rotary plows in snow removal operations. For airport professionals, this book is a reference manual to be kept within reach. </p><p>The authors are up to date on recent developments to include the emerging technology of unmanned aerial vehicles (UAVs). The industry is still grappling with these systems that can be a threat to aircraft in flight. </p><p>The book’s goal is to “be used to increase overall efficiency and safety in operations at airports” and provide students of aviation management a solid foundation for understanding airport operations. The authors succeed—and then some. The writing is matter of fact and detailed, and the format is an effective mix of conventional structure, diagrams, charts, and reflection pieces by aviation professionals.</p><p><em><strong>Reviewer: Anthony McGinty, CPP</strong>, is a consultant and intelligence analyst at Los Angeles International Airport. He is a member of the ASIS Global Terrorism and Political Instability Council.</em></p>

asis News March 2017,-CPP,-PSP.aspx2017-03-01T05:00:00ZCertification Profile: Shawn Reilly, CPP, PSP News March 2017,-CPP,-PCI,-PSP.aspx2017-02-01T05:00:00ZCertification Profile: C. Joshua Villines, CPP, PCI, PSP Leads by Example News January 2017,-CPP,-PCI,-PSP.aspx2017-01-01T05:00:00ZCertification Profile: John C. Villines, CPP, PCI, PSP HQ Closed for the Holidays News December 2016,-PCI.aspx2016-12-01T05:00:00ZCertification Profile: Angela Osborne, PCI Staff Away for Thanksgiving Holiday News November 2016,-CPP,-PCI,-PSP.aspx2016-11-01T04:00:00ZCertification Profile: Terence Hoey, CPP, PCI, PSP U.S. Outstanding Security Performance Awards Held at ASIS 2016 News October 2016 Educational Seminar for Everyone Luncheon: Award Winners and Johnson Keynote’s-Petri-Ponders-a-Matter-of-Trust.aspx2016-09-13T04:00:00ZCSO Center’s Petri Ponders a Matter of Trust the Newly Elected ASIS Board Members the Beginning

 You May Also Like... Trends<p>​<span style="line-height:1.5em;">In r</span><span style="line-height:1.5em;">ecent years, security professionals have been bombarded with rules and regulations on corruption as well as court rulings on discrimination and harassment. The upcoming compliance trend centers around safety and health. A new rule on reporting workplace fatalities, injuries, and illnesses will bring workplace safety practices under scrutiny. Almost 5,000 U.S. employees were killed at work in 2014, a 5 percent increase from the number of reported fatal work injuries in 2013. And nearly 3 million people experienced a workplace injury or illness in 2014, according to the U.S. Department of Labor’s (DOL) Bureau of Labor Statistics (BLS). </span></p><p>To make data about these incidents more accessible to the public, the DOL’s Occupational Safety and Health Administration (OSHA) issued a final rule, Improve Tracking of Workplace Injuries and Illnesses, in May 2016, that requires many employers to electronically submit information about workplace injuries and illnesses to the government. The government, in turn, will then make this information available online in a public database.</p><p>“Since high injury rates are a sign of poor management, no employer wants to be seen publicly as operating a dangerous workplace,” Assistant Secretary of Labor for Occupational Safety and Health Dr. David Michaels said in a statement. “Our new reporting requirements will ‘nudge’ employers to prevent worker injuries and illnesses to demonstrate to investors, job seekers, customers, and the public that they operate safe and well-managed facilities.”</p><p>Additionally, Michaels said that greater access to injury data will also help OSHA better target compliance assistance and enforcement resources to “establishments where workers are at greatest risk, and enable ‘big data’ researchers to apply their skills to making workplaces safer.”​</p><h4>What’s in the new rule?</h4><p>Under the Occupational Safety and Health Act of 1970, employers are responsible for providing a safe workplace for employees. As part of this act, OSHA already required many employers to keep a record of injuries and illnesses, identify hazards, fix problems, and prevent additional injuries and illnesses. </p><p>Under the new rule, all employers with 250 or more employees at a single facility covered by the recordkeeping regulation must electronically submit injury and illness information to OSHA in three forms: 300 (log of work-related illnesses and injuries), 300A (summary of work-related illnesses and injuries), and 301 (injury and illness incident report).</p><p>OSHA argues that, together, these forms will paint a picture of the number of injuries, number of fatalities, lost time, total lost days, total restricted work days, and the total number of employees at each location of a company.</p><p>And OSHA will be able to use it to answer certain questions. For example, within a given industry, what are the characteristics of establishments with the highest injury and illness rates? What are the characteristics of establishments with the lowest rates of injuries and illnesses? What is the relationship between an establishment’s injury and illness data and data from other agencies?</p><p>Facilities with 20 to 249 employees in certain high-risk industries will also be required to submit information from form 300A electronically. These are 67 industries identified by OSHA that have historically high rates of occupational injury and illness, including manufacturing, construction, urban transit systems, utilities, and more.</p><p>The requirement for facilities to submit the 300A summaries electronically goes into effect on July 1, 2017. If required, facilities must submit forms 300 and 301 electronically by July 1, 2018, and will be required to submit all three forms electronically by March 2, 2019.</p><p>OSHA will upload this data, after ensuring that no personally identifiable information is included, to a publicly accessible database. The details of the database, however, have not yet been released because OSHA is still creating it.</p><p>OSHA’s mission is to protect the safety and health of workers. This new rule, OSHA’s Office of Communications tells Security Management, will support that mission.</p><p>First, as previously noted, access to injury data will help OSHA better target compliance assistance and enforcement resources to establishments where workers are at greatest risk.</p><p>“The final rule’s provisions requiring regular electronic submission of injury and illness data will allow OSHA to obtain a much larger data set of more timely, establishment-specific information about injuries and illnesses in the workplace,” the rule says. “This information will help OSHA use its enforcement and compliance assistance resources more effectively by enabling OSHA to identify the workplaces where workers are at greatest risk.”</p><p>One example OSHA gives in the rule itself is that the data will help it identify small and medium-sized employers who report high overall injury and illness rates for referral to its consultation program. </p><p>“OSHA could also send hazard-specific educational materials to employers who report high rates of injuries or illnesses related to those hazards, or letters notifying employers that their reported injury and illness rates were higher than the industry-wide rates,” the rule explains.</p><p>The practice of sending high-rate notification letters, for instance, has been associated with a 5 percent decrease in lost workday injuries and illnesses in the following three years, OSHA says.</p><p>OSHA also maintains that publicly disclosing work injury data will encourage employers to prevent work-related injuries and illnesses.</p><p>The new reporting requirements are also designed to save government time and money. The agency believes that the new rule will convince “employers to abate hazards and thereby prevent workplace injuries and illnesses, without OSHA having to conduct onsite inspections.” ​</p><h4>What else does the rule do?</h4><p>Along with the electronic reporting requirements, the rule also reemphasizes whistleblower provisions for employees to report injury and illness without fear of retaliation. </p><p>“The rule clarifies the existing implicit requirement that an employer’s procedure for reporting work-related injuries and illnesses must be reasonable and not deter or discourage employees from reporting,” the office explains. “It also incorporates the existing statute that prohibits retaliation against employees for reporting work-related injuries or illnesses.” </p><p>Including the term “reasonable” is new for OSHA, says Edwin Foulke, Jr., partner at Fisher Phillips who cochairs the firm’s Workplace Safety and Catastrophe Management Practice Group and who was the head of OSHA from 2006 to 2008. </p><p>“Before, you were required to make sure that your employees knew that there was a system to report,” he adds. Now, however, OSHA requires that that system be a reasonable one.</p><p>While it is unclear how exactly OSHA is defining “reasonable,” it does explain in the rule that “for a reporting procedure to be reasonable and not unduly burdensome, it must allow for reporting of work-related injuries and illnesses within a reasonable timeframe after the employee has realized that he or she has suffered a work-related injury or illness.”</p><p>If employers are caught discouraging employees from reporting illness or injury, they can be cited by OSHA for retaliation. “Before, the employee had to file a complaint. Now, for an employer to get cited and to be penalized, OSHA can do that in an inspection under this new standard,” Foulke says. “So this is a whole new area, and they’re going to be looking.” </p><p>Actions that could be considered retaliation include termination, reduction in pay, reassignment to a less desirable position, or any other adverse action that “could well dissuade” a reasonable employee from making a report, the rule explains.</p><p>OSHA also has taken the stance in the rule that “blanket post-injury drug testing policies deter proper reporting” of workplace injuries and illnesses. Because of this, the rule prohibits employers from using drug testing—or the threat of drug testing—as a form of adverse action against employees who report injuries or illnesses.</p><p>“To strike the appropriate balance here, drug testing policies should limit post-incident testing to situations in which employee drug use is likely to have contributed to the incident, and for which the drug test can accurately identify impairment caused by drug use,” the rule says. </p><p>For instance, OSHA says it would not be reasonable to drug-test an employee who reports a bee sting or a repetitive strain injury. </p><p>“Such a policy is likely only to deter reporting without contributing to the employer’s understanding of why the injury occurred, or in any other way contributing to workplace safety,” OSHA explains.</p><p>However, if workers’ compensation laws require an employer to conduct drug testing, then this type of drug testing would not be considered retaliatory, OSHA adds.​</p><h4>What should employers do? </h4><p>Because of potential liability and opportunities for citations, Foulke recommends that companies take several actions in response to the new rule. </p><p>For instance, employers should look at how they advise their employees to report injuries and illnesses under the record keeping standard. OSHA has said that companies can meet this requirement by posting the “Job Safety and Health—It’s the Law” workers’ rights poster from April 2015.</p><p>Employers should make sure that their reporting process is “reasonable and doesn’t somehow discourage people, because, if it is, they are going to get cited for it and maybe open themselves up to a whistleblower retaliation claim,” according to Foulke.</p><p>A whistleblower retaliation claim could be likely because this is an issue that OSHA has been increasingly focused on during the Obama administration’s second term, he says. </p><p>Employers also need to know their rights during an OSHA inspection, a process that many are unfamiliar with. For example, Foulke says that when OSHA comes in to do an inspection based on a complaint it has received, it will frequently attempt to expand the visit into a “wall-to-wall” inspection.</p><p>“If the employer doesn’t assert their rights and allows a wall-to-wall, then potentially they could have many more citations,” Foulke explains.</p><p>Additionally, the business community has expressed concerns that the new rule will force them to publicly reveal secret business details that were previously considered privileged and confidential.</p><p>“When you fill out the 300 logs and also the 300A summaries, they are going to talk about departments and processes—especially in the 301, you may have some information that may be somewhat proprietary,” Foulke says. “Employers are going to have to be very careful about what they put when they’re submitting their data, that they basically look and provide only the minimum that they are required to provide.”</p><p>And employers should also recognize how the data they submit to OSHA may be used once it is publicly available. This is because using the information from the 300 and 301 forms, analysts will be able to determine the death, injury, and illness rate of a particular company to compare it to the industry average. </p><p>“Now that data could be used by union organizers who want to try to organize a company to show how bad at safety they are,” Foulke explains. “They can take that data and say, ‘Look how many injuries and illnesses this company has.’”</p><p> “Plaintiffs’ lawyers could look at it and say, ‘Look at this company. They have all these injuries there. Obviously something is going on there, so I need to go out to that plant, find one of those employees who got injured, and throw a class action against the company for all these injuries,’” Foulke says.   ​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465