The key to securing a company going global is to focus on intelligence, risk mapping, and regulatory compliance.
When the owners of Cemex, a cement manufacturing company in northern Mexico, decided to expand in 1992, they turned to corporate security for guidance. Twelve years later, the company has operations in 30 countries and conducts business in seven languages.
The key to securing a company going global is to focus on intelligence, risk mapping, and regulatory compliance, according to Antonio Gaona, corporate security manager for Cemex.
When company owners decided to expand, Gaona knew that security’s mission would also need to adjust, he told attendees at the ASIS International European Security Conference in Berlin. “We decided early on that it was not about loss prevention but about intelligence,” Gaona said. “You won’t see a lot of people stealing sacks of cement, they’re heavy.”
Instead, security focused on gathering information about possible causes of disruptions to global operations. This meant conducting due diligence on regional and national issues—including politics, religion, and even climate—that might impede business.
Cemex has translated its intelligence into a computerized risk map of the challenges the company faces in each country where it operates. The map is interactive, so security personnel can educate senior executives on the company’s current security status around the world and in specific locations.
In 1992, that map was small and included only Mexico and its potential security risks, such as drug smuggling. As the map evolved, it became more complex and eventually incorporated a companion lettering system that helps security managers keep global risks in perspective. Each country in which Cemex has a manufacturing plant or other facility is ranked as an A, B, or C country, with A representing the highest risk, and C the lowest.
Cemex uses the lettering system to distribute its resources effectively. Most countries in the Middle East, for example, are categorized as A countries. Gaona hires a security expert who lives and works in these countries to help corporate security protect Cemex’s interests there.
For B countries, Gaona hires a regional expert who may not live in the country but who can operate there if necessary. This approach works well for B countries, according to Gaona, because there are fewer security challenges in these nations. Examples of B countries include Poland, Ireland, and Hungary.
Cemex does not dedicate a security person to C countries but instead monitors them from corporate headquarters. C countries—such as Switzerland and Singapore, for example—have few inherent risks.
The system helps Gaona and his eight-person corporate security staff handle their global responsibilities. He turns to outsourcing for whatever else is required, using the lettering system as a way of designating the amount of help corporate security needs from experts in that country.
“We were not going to hire people everywhere in the world to run our security program,” said Gaona. “But as corporate security, we had to have the capability to support the company wherever we were. This meant operating a global network of resources that can assist you when you are really stuck.”
No country’s designation is permanent, Gaona pointed out. Most recently, the company shifted Germany and the United Kingdom from the B to the A group. In these countries, computer security issues and terrorism threats have become an issue. Cemex has also faced increasing challenges complying with security regulations in these countries.
A critical element of his company’s global security program, according to Gaona, is regulatory compliance in all countries, but especially in the United States. “No matter what your business, you can’t conduct trade within the United States unless you understand homeland security and all the regulations that go along with it,” said Gaona.
Compliance with regulations, even voluntary ones, is more than just smart security. “Being compliant with regulations makes the U.S. government more receptive to Cemex,” Gaona said.
In addition, Gaona tells senior executives, compliance saves the company money by expediting cargo, avoiding bureaucratic delays, and preventing fines. According to Gaona, security has saved the company more than $80 million through the compliance program alone.
The risk mapping, country contacts, and government good will all come into play during an emergency. Gaona has used these tools to successfully evacuate Cemex employees from more than 20 international incidents ranging from political upheavals to natural disasters.