Security Regulations: Chaos in a Three-Ring Binder

Longtime CSO Bob Hayes has documented the reams of regulatory red tape growing in the shadows of 9/11. Is security soon to become a highly regulated activity?

When I got back from meeting with Hayes in Atlanta, I called the White House to ask about the report that was allegedly created by the presidential task force on citizen preparedness. The White House press office didn't know; someone there referred me to the Department of Homeland Security, which referred me to the Federal Emergency Management Agency, which referred me back to the White House. Later, when I told Hayes this, he wasn't surprised. He said that was exactly his point.

"I have a headache every time I get into this. It's so complex, and there are so many people working on it, and obviously nobody is talking to anybody else," he says. The job of making sense of the mess would, it seems, fall squarely on the shoulders of the CSO. But, like most CSOs, Hayes doesn't have a law degree. He has no background in picking apart executive orders and figuring out what they mean for whom. He doesn't know the first thing about following the complex process of how a bill becomes a law becomes a set of regulations and, in time, becomes a fine for noncompliance. He is trying to chart the dimensions of a dense forest at a time when, he fears, everyone else is looking only at the trees.

"All the functions in a companyshipping, distribution, product safety, environmental, food service, everyoneare going to get some notice of individual things happening," Hayes says. Someone needs to coordinate this vision and oversee the whole onerous load of compliance. It could be the legal department. But the chief security officer, theoretically, is the one person in the organization who best understands how to actually improve security in a holistic way.

"The question is, Will corporate security be in a position to respond or assist or, theoretically, lead?" he asks. "I'm just not sure security is ready."A Little Help (or Hindrance) from Your FriendsThe answer to the chaos, it might seem, is for industry groups to step in and help their members sort out the new regulations and guidelines. In fact, that's what industry groups are trying to do. Hayes has a binder full of thick printouts of security guidelines being developed and issued by organizations such as the American Trucking Association, the National Food Processors Association, the American Bus Association, the Cosmetic Processors and Transporters Association, the Freight Transportation Security Consortium andthe thickest section of allthe American Chemical Council, which has been frantically developing security guidelines in an attempt to stave off controversial new regulations Congress is considering.