Mr. Marrocco, what role have security professionals played in tackling the Covid emergency?

Covid has marked new horizons. The frenzy and urgency of the situation has highlighted how security and its professionals demonstrate - and need to demonstrate - different engagement and reaction times to everyone else. My colleagues and I have had to work tirelessly, but particularly we have been called upon to show that in 24, or a maximum of 36 hours, we can react, understand, apply and actuate the Prime Ministerial Decrees, adapting our decisions to each of the six decrees that have been issued in just three months. Essentially, security professionals have shown that their added value lies in being able to act calmly in the field, evaluating the risks and opportunities, but particularly the available resources. But to do so, you cannot improvise. There’s a need for continual preparation and constant updating. Today’s security professionals need to be an expert particularly in terms of “Integrated Security”, so they need to make decisions that consider security in the workplace, the confidentiality of information, operational continuity, cyber security, the expected result being total protection and safety. I’ll give you a real world example. A professional responsible for security at a large banking firm had to deal with the Covid-19 pandemic by interpreting and applying the various Prime Ministerial Decrees, but these also needed to be adapted to all the regional sub-protocols. In making decisions, they have also had to respect the GDPRs regarding the usage of thermal scanners and sensitive data management for example, as well as rules regarding the management of dangerous waste, for the used masks. In implementing Smart Working, we have had to guarantee an adequate level of cyber security, the continuous operation of customer services, as well as conformity with Italian Law 81/2017.   So our skill-set involves the ability to summarise, select, screen and work quickly in a multi-disciplinary framework. Particularly when it is not possible to have a preventive plan, as in this case.

Was Italy ready to face this tsunami in terms of its resources?

The large-scale businesses in our country are ready, or rather they were already prepared before, having security professionals on staff who simply needed to apply their skills in a different way during the health emergency.

Those most at risk are the small- and medium-sized firms, with no security professionals and still no desire to invest in high-profile consultants. It is often the owner, the small-scale entrepreneur, who decides what to do, aware of the risk of sanctions. Unfortunately, it’s a very Italian approach. They prefer to risk being sanctioned rather than trust someone to provide professional consultancy, mistakenly seeing this as an unnecessary cost.

In recent months, various technologies - thermal scanners for example - have found new fields of application. Large firms have asked security professionals for reliability and conformity reports regarding individual products before buying and installing them, while small firms simply trust in their common sense, making decisions that are mainly of an economic nature. In our country, there is unfortunately not enough of a focus on security professionals. We have the UNI 10459:2017 standard which identifies the skills, competency and ability of security professionals, a standard that also envisages certification recognised at European level, but the numbers of certified professionals are so low as to be almost insignificant.

What has this emergency taught us? What do you hope to see happen in the sector?

I hope that this situation has served to highlight and promote the role of security professionals as guarantors of the solutions adopted to protect both business people and citizens. Even with a regulation, it cannot only be the good will of the individual that guarantees its application, especially because there is a sort of conflict of interest between the obligation to comply and the resulting economic interest.

This culture is lacking in Italy: the person who defines the distance between two tables in a bar is often the bar owner, not a security expert, who is the only one able to guarantee the customer correct application of the regulation. One way to overcome this insane habit of ‘risk-taking’ might be state subsidisation. If the same incentive policy we see for energy saving or construction bonuses were applied to security investments, allowing for the recovery of costs with fiscal benefits of 100% or 140%, as is the case for IT investments, it would probably be easier to convince companies to spend. Today, without incentives, security is borne as a cost. This is a view that needs to change, and one that both sector professionals like ourselves and the technology manufacturers understand is urgent.

We need to ensure that this market is recognised and that, above all, the importance of the quality and skill of its professionals is recognised. Just as in the health arena, the advice of a pharmacist, however competent, cannot be compared to the diagnosis and prescription of a doctor, the application of a regulation or protocol by an expert cannot be compared with the good sense of the small business owner or plant supplier. In this sense, the Italian market is not yet mature, and for this reason AIPROS hopes that the state decides to promote concrete action so as to encourage development of this culture.