From the outset let me state that I served in the Fire and Rescue Service with the finest and most dedicated professionals, every service will say the same, it is a vocation. Sometimes some lose their way on the journey. Over the last few months I have been processing learning outcomes and performance criteria for a number of CAMOR courses progressing through the SQA qualification approval process.
One course in particular ‘Employee Vulnerability and insider Risk’ prompted some reflection about my 30 years in the Fire and Rescue Service and some of the issues that I and others had to address. In those three decades, we addressed issues punitively with small d-discipline (a robust talking to) or Big D- Discipline (a more formal route). We addressed the non-malicious insider compromising station security, we addressed the malicious insider deliberately compromising the safety of their colleagues and we suffered reputational damage by those using their uniform and position in the community to gain on a personal level.
The fire officers of my generation reacted to these misdeeds when discovered. Did we have a formal insight in the areas of Employee Vulnerability and Insider Risk? Were we taught at an appropriate management level to see it coming or identify it? I would suggest not.
I spent a very happy last three years of my service attached to the organising committee of the XXth Commonwealth Games, Glasgow 2014. Specialist Venue Operational Plans and Event Operational Plans had to be disseminated to large numbers undertaking operational duties over the Games Time Delivery period. Yes, specific fire officers had Security Clearance or had undergone Developed Vetting and were a trusted pair of hands but were we as prepared as we could be? Did those at the sharp end have the training to identify vulnerabilities in their staff and a recognition of conduct issues and/or capability issues which could have led to damaging events.
The eyes of the world are on Scotland and Glasgow at COP 26 in a few months time. I have no doubt that the higher-level external threats and vulnerabilities will be well addressed by all the Blue Light Services.
Has Employee Vulnerability and the risk posed by those who may wish to cause harm internally been addressed to the same degree or is it something to be addressed IF it happens?