Thanks for your loyal readership on our Travel Security blog series! As with each week, let’s take a moment to review what we’ve covered:
In Installment 1, we introduced the basics of Travel Security; why it is important, the concept of Duty of Care, and the role that the security practitioner should play in the preparation, planning and response of a holistic Travel Security program.
In Installment 2, we discussed the responsibilities of both the traveler and the practitioner performing the “CP” functions as it pertains to Pre-Travel tasks. We discussed Travel Intelligence, the six categories of Pre-Trip Planning, and insurance issues.
In Installment 3, we discussed Travel Security Specifics; international travel best practices, secure communications and OPSEC, anti-crime and anti-kidnapping principles, and the use of facilitators; all from the perspective of both the practitioner conducting the travel and the practitioner performing the “CP” role.
In Installment 4, we will discuss some of the most overlooked, but (in our opinion) useful aspects of an effective Travel Security program – the activities conducted post-trip. These activities are critical in enabling an effective quality management program that institutionalizes lessons learned and intelligence gathered in order to support future international travel. We will discuss the post-trip activities, how to conduct an effective post-mortem meeting, and the reports that should be completed (whether they are required of your customer or not).
George Santayana is famous for coining the quote, “Those who do not remember their past are condemned to repeat their mistakes”. While this is applicable in many aspects of life, to the security practitioner this is especially true. As professionals, we are always looking for ways to codify and memorialize those tactics, techniques and procedures (TTPs) that make us more successful or efficient. Conversely, we are also looking to glean the valuable lessons learned from what didn’t go well, so that we can implement corrective actions that prevent those mistakes from occurring again.
When an element comes back from an international trip, the temptation is to relax, let our guard down, and move the entire experience from the “To Do” list to the “Done” category. Giving-in to this temptation, at best, can cause you to miss valuable nuggets that can be useful for future activities. At worst, it can be downright dangerous.
Developing, implementing, and adhering to a comprehensive post-travel security program feeds directly into a good Quality Management System (QMS). Key to any effective QMS is establishing processes and procedures that add value at every stage of production. Formalizing a process to implement, sustain and improve methodologies into your overall business model is a key goal in the post-travel phase of travel security. Post-travel activities ensure that both you and your company are better off after the trip than before and that your activities did not draw unwanted/nefarious attention.
Key among post-travel tasks is the recovery of personnel and equipment. Here at 7Spears, the priority is customer, equipment, then personnel. In short, we understand the value and necessity of giving our guys/gals time off to recover from a trip. But, that can only be done after the customer and kit is taken care of.
Operational Security (OPSEC). Underpinning all post-trip activities is the concept that, just because the trip is over, does not mean that the risk to operational security has also subsided. In fact, we believe that the OPSEC danger is greater during the post-trip phase because it is not at the forefront of everyone’s consciousness. 7Spears has a policy whereby all electronic media is isolated and scrubbed for viruses, key loggers, and any other malicious or tracking software. We remove (or transfer to the CP) any mission essential information (photographs, notes, reports, etc.) that may remain on our devices. We basically return all electronics to a “clean” state.
Underpinning all post-trip activities is the concept that, just because the trip is over, does not mean that the risk to operational security has also subsided.
Additionally, for the next 10 days after we return, we make it mandatory that all 7Spears’ employees (even the ones who did not travel) and the ICs who helped with the mission, raise their alert posture and implement surveillance detection routes and protocols. By doing so, we are able to ascertain whether we have attracted undue attention or brought a “CI virus” back with us from overseas travel. Finally, we stay mindful of our social media and electronic signature to ensure that we don’t inadvertently disclose proprietary information that we have worked so hard to safeguard during our travels.
Finances. Top of the to-do list when coming home is to get the administrative task of funds reconciliation taken care of (Yes, we can hear the collective groans from all of you). It is vitally important that, as soon as possible, credit card accounts, per-diem, payroll, OPFUND and invoices are reconciled. 7Spears is proud to say that we operate at a NET+30 (or quicker) timeline for our ICs. We appreciate it when our customers/clients are able to do the same. Critical to us maintaining this cycle is our ability to reconcile all accounts as quickly as possible. For that reason, it is at the top of the list.
Equipment. Besides the “clean scrub” of electronics that we discussed in the OPSEC category, we also consolidate all equipment to perform recovery tasks. All items are inventoried, comparing them with the pre-travel inventory list. Any new items acquired during the trip are added to the inventory. Equipment is cleaned and inspected. Any broken items are annotated and scheduled for repair or replacement. Batteries are replaced and (when applicable) items are charged.
The Post-Mortem Assessment / After-Action Review
A key component to the Quality Management System (QMS) is the ability to demonstrate institutional learning. This is a fancy term that means that your organization has the processes in place to both learn from your mistakes and sustain those things that already produce value (either in terms of time, money, reputation, or customer satisfaction). The tool used to accomplish this is the Post-Mortem Assessment (PMA); more commonly known as the After-Action Review (AAR). A properly constructed AAR answers four key questions:
- What was supposed to happen?
- What actually happened?
- What went well and why (sustain)?
- What went wrong and why (improve)?
A successful AAR will be conducting in a non-attributable environment where the opinions of everyone involved in the operation are solicited, heard, discussed, and valued. This includes those who played a “support” role in the CP, everyone on the team, and (sometimes) the client/customer who received the benefits of the trip being conducted. Rather than nit-picking on inconsequential items, the AAR should stay focused on those issues that impacted the results (value) of the mission. Often, there is a negative connotation to the term AAR. But it should be noted that the AAR should spend just as much time focusing on the things that went well (should be sustained) as it does on those things that need improvement.
Finally, the AAR results should be reviewed transparently by all participants and memorialized for future review and implementation. Leadership evaluation of these memorialized reports helps identify if an organization/team is consistently repeating the same mistakes, if there is a common problem across multiple disciplines, or if there is a reduction in quality on things the team/organization used to do well. There are as many ways to format a formal AAR as there are authors who write them. We have found it useful to use the ISSUE, DISCUSSION, RECOMMENDATION format to report on each topic.
We’ll close off the AAR section by offering the reminder that you should never bring up an issue that doesn’t have an accompanying recommended solution – even if the solution is that more research needs to be done, with a NLT due date.
In addition to the AAR, there are several other reports that should be completed prior to closing out the trip. These reports should be done independent of whether the client requires them or not. As with the AAR, these reports should be memorialized and integrated into the organizational knowledge of the team/company – whether that is in the form of a physical library of notebooks and paper copies organized for easy retrieval, or a digital library that is resident on the company server. There are countless additional reports that could/should be included. Some suggestions are:
- Any proprietary reports required by contract or the customer. EX: Threat/Vulnerability Assessments, Procedure Reviews, Business Continuity Plans, Crisis Contingency Plans, etc.
- A folder of maps, brochures, guides, conference materials, etc from the trip.
- Country Entry/Exit reports. You should carefully document the actual process that the traveler went through to get both in, and out, of the country. Specific mention should be made of those things that were unexpected or different than the pre-travel intelligence. Detail both the immigration and the customs process. Were there specific, unexpected, items that were confiscated/prohibited upon arrival or departure? Was the exit tariff more than planned? Could you have gotten an entry visa upon arrival, even though the research said it must be done prior to leaving your home country? Were bags x-rayed? Were biometrics taken? You should be as thorough as possible with the intent that the reader can walk through the entry/exit process with you through the report.
- Hotel Security Assessment. You should conduct a security assessment of the hotel that you stayed in. Did it meet the minimum required security standard for your team/client? Would you recommend that hotel for future stays? If not, were there other hotels that you would recommend?
- Country Operational Overview. You should create a report that highlights the challenges and advantages of conducting specific security functions in the country visited. Were there political, cultural, or customary issues that helped or hindered the mission you had to conduct? Were there security issues that cannot be changed or mitigated and should be better planned for on future trips? Annotate the typical “facilitation fees” that were paid for the various functions where they were required.
- Key Personnel Registry. You should ensure that you keep a list of personnel that were key to the facilitation and execution of your mission. More than just a rolodex of business cards, you should annotate any “personal data” specifics as well. Does a key facilitator have a birthday coming up? Did a hotel security manager have a daughter about ready to go to college? What gifts resonated with the individual? Were there promises made for follow-up activities or products? If used and followed-up properly, this information is extremely useful in building bonds and networks that can have high payoff for future missions.
- Personnel Counseling Forms. 7Spears is big on mentorship and leader development. To that end, we perform both written and verbal one-on-one counseling with all of our employees/ICs. For employees, these counselings are used for professional growth and promotion. For ICs, they are simply formalized recommendations or advice of what could be sustained or improved to better themselves as security practitioners. The advice and recommendations given to ICs can either be heeded or discarded at the sole discretion to the IC.
- Communications Overview. What communications worked? What didn’t? How efficient was it to send/receive encrypted/secure communications? How available/reliable was the internet connection? Did the VPN work and was it stable? What recommendations are there for future trips?
The CP Perspective
Everyone has come home, safe-and-sound….WHEW! Now it’s time to get busy wrapping up the trip. This “wrap up” has several pieces and parts.
- Finances: We keep a spreadsheet that logs ALL funds in (income) and ALL funds out (bills/payments), as well as an estimated profit that we established during our pre- planning stage. We list every vendor in this spreadsheet, how much we were quoted for each product/service and totals. After everyone returns, we collect receipts for everyone and everything and get to work completing the spreadsheet. Unfortunately, it takes several days after everyone returns home for some of the credit cards/bank accounts to update charges on their websites, so it takes time and patience for this spreadsheet to balance and close out. As soon as we are able, we complete an invoice to send to our client/customer and ask for a net+30 payment. We also work closely with our ICs to help them complete their vouchers and settle their OPFUND in order to process payroll. This spreadsheet continues to be a living and breathing document until our income is received and we are able to make all payments and balance. Once all finances are complete for each trip, we then are able to move the document off of our “desktop” and save it to our server. We will also continue to monitor our accounts VERY CLOSELY online for fraudulent activity and unexpected vendor payments.
- Equipment: Have I been shown every single piece of equipment that left our office? Does it work or do I need to order a replacement/schedule a repair? Do I need to plug items in to re-charge them, or replace batteries? Were there items used from our med kit that need to be replenished? This is no time to become lazy…our team members rely on complete kits and working equipment.
- AAR Notes: During the trip, I will keep my own notes in order to contribute to the AAR. The CP has a unique perspective on how successfully a trip is conducted, and the feedback can be useful to all team members.
- Subscription Cancellations: If I have turned on an international cell phone roaming plan, now is the time to turn it off. This is also the time to let our travel/medevac company know that our team has returned, safe and sound.
- Data collection: Were there pictures taken during the trip? Were there any surveys taken or questionnaires completed? What data was collected? Now is the time to collect ALL trip data from every team member in order to consolidate into one digital file. That way our team members can have access to all info as they work on completing their reports.
- Client/Customer satisfaction: This is one area where we practice our elevated level of customer service. At 7Spears, we leave our ego at the door, and always welcome criticism (and praise!!). We contact our customers and ask for feedback on their perceived level of care and service. We can always improve and we are always looking for ways to knock our clients socks off. If we are not meeting expectations, then something needs to change, and QUICK! However, we’ve found that if we ask the proper questions and prove to our clients that we strive to serve them, then they are comfortable trusting us to share their honest feedback. Our email is monitored several times a day, watching for any questions, issues or feedback that our clients wish to give. We will answer their calls/emails at any time of the day or night, to ensure that they know we are here for them, even after the mission is complete.
While pre-travel activities are critical to the success of the current trip, post-travel activities set the foundation for success on all future trips. Having an established and thorough post-travel process feeds directly into an efficient Quality Management System. It is important to not just “complete the mission” during the trip, but carry that Mission First! mantra through the recovery process. Doing so increases safety and security, cares for personnel and equipment, addresses the fiscal aspects that are critical to mission accomplishment, and memorializes those areas of our tactics, techniques, and procedures that should be sustained or could be improved. Conducting thorough and effective post-mission activities set the stage for successful client and key personnel relationship managment and truly are the hallmark of individuals and organizations who understand the full travel security cycle.
- chron.com – A great resource on Quality Management, specifically tailored to the small businesses market, but applicable to individuals and large businesses as well. This resource guides you through an introduction to the Quality Management System, and gives guidelines on how to build a QMP for your organization.
- https://www.cebma.org/wp-contant/uploads/Guide-to-the-after_action_review.pdf – A great introduction to the AAR and good tips/tricks on how to implement an AAR effectively.
- https://www.bcdtravel.com/wp-content/uploads/sites/40/2015/04/Paper_TRM_DK.pdf – Looking for a step-by-step guide to devloping a Travel Risk Management (TRM) program for your organization? Look no further. This great primer will guide you through the minefield to creat a successful TRM that you can sell to your stakeholders!
“Life is a journey – Let’s travel it safely!
P.S. We love collaboration! Please leave a comment, disagreement, or point of discussion in the comments below. If you liked this article, please feel free to share it on social media! If you need more detailed assistance on challenges specific to your family, group, or company, please contact us via the “Contact Us” link or email info@7SpearsSecurity.com. And don’t forget to subscribe to our blog to continue the collaborations process (just fill out the form on the right)!