In Mississippi, a mall owner was found negligent for injuries awoman sustained after an assailant attacked her in a parking lot ofa shopping mall. A patron walking by saw the attack and reported itto security, who upon initial response found the assailant holdinga knife and the victim in the vehicle. The security guard called anassociate security guard for assistance then left the scene. Thevictim survived with non-life threatening injuries and was awarded$40,000 in damages.

The mall owner appealed, arguing that the the contract securitycompany was at fault. However, the appellate court affirmed thelower court's decision, citing that the mall owner could notdelegate his liability to the security company. While the exposurefor this did not end up being financially catastrophic, this isjust one of many examples of the necessity to manage servicesprovided in the areas of maintenance, janitorial and security forcommercial, healthcare and public enterprises.

Assessing exposures

In an ever-changing world, identifying the risks for serviceproviders and how those risks may or may not impact the operationis critical. Some of these risks, while still a challenge tomanage, are easier to identify than others. Here are four exposuresto look out for:

1. Slips, trips and falls

Slips, trips and falls are an anticipated risk in mostoperations, yet remain a challenge to mitigate and manage as notedby The National Center for Injury Prevention and Control. TheCenter also reported falls as the number one cause of non-fatalinjuries in the United States for 2013. Maintenance and janitorialservices provide opportunities for prevention of these losses bytheir diligence in managing the risks. These opportunities can beextended to provide a defense against liability where consistentresponse management and documentation of those responses isclear.

2. Technology

Technology creates an ever-evolving landscape for society, andthe impact on risk is no different. With cellular technology andwearable electronic devices, privacy and security are a concern forall industries. Maintenance, janitorial and security personnel intheir roles typically have access to areas that are not open to thegeneral population for that organization. Instituting a check andbalance system to avoid alignment of control or the ability tomanipulate the information shared will assist in mitigating thepotential exposures, as well as deter those who may view thissecurity as an opportunity.

3. Employee relations and hiring practices

Employee interaction and relations play a role in any workforce,and notably in these fields. Maintenance, janitorial and securitystaff are roles in which there is a great deal of interaction withothers not necessarily under the same management (whetherinternally or externally). The level of independence in these rolesand volume of interactions creates an opportunity for employeerelation situations such as discrimination, harassment and ahostile work environment. Having strict procedures includinginvestigation of every allegation/complaint, a response to thecomplainant, as well as a zero tolerance disciplinary process inplace helps insulate the organization from liability.

Hiring practices and discrimination concerns arise in allindustries with the security service industry posing an interestingchallenge. While the Americans with Disabilities Act requires thatan applicant or employee be evaluated for the job based on theessential functions of that job, the question arises: What are theessential functions of providing security services? The EEOC'sMiami district office recently found a security guard wasdiscriminated against after being let go based on a patroncomplaint that this guard had only one arm. Having clearly definedphysical requirements and essential functions of all roles withinan organization is the best way to mitigate this type ofdiscrimination exposure.

4. Personnel authority

Security roles continue to be a way enterprises can ensure thesafety of their patients and patrons. In providing these services,some inherent risks arise. A majority of security personnel areprivate citizens with no civil authority, but rather the sameauthority as a member of the general public. This creates a uniqueset of exposures, including harassment, false detainment andassault. While the involvement of security should be to protect theproperty and safety of those within the enterprise, the levels ofresponse should be relative to the threat posed.

Policies should delineate response levels and identify thecircumstances when these responses are appropriate. Securityexposures take on different roles in patient and domesticsituations. Security services should focus on de-escalation of asituation when possible; however, certain circumstances orinstances may be out of their level of expertise or ability. Inthese situations, security personnel must focus on the threat posedto both the aggressor, as well as to the victim, and the publicwhen present.

Janitorial and security staff may be first responders dependingon the threat posed or situations that arise. It is important thatthe appropriate personal protective equipment be provided inaccordance with OSHA Guideline 1910.132. This guideline providesfor a hazard assessment and identification of the necessarypersonal protective equipment for those hazards faced. Thesehazards typically include CPR and first aid treatment. Firstresponders may also be involved with hazardous clean-up situations.To determine the regulations that apply, as well as the personalprotective equipment required, hazard assessments should becompleted and potential exposures identified.

Managing risk

The initial response to a situation is the most critical elementin managing risk. Whether the loss involves a security issue,clean-up situation or maintenance problem, how the clients,employees, patients, and public interactions are handled will setthe stage for the public impression. In situations where there ismedia involvement, having a public relations (PR) policy andresponse protocol will ensure the message sent promotes the imageand brand of the enterprise. PR firms are able to assist in boththe development of these protocols, as well as provide immediatesupport and guidance when situations arise. Besides PR, here areother ways to manage risk:

1. Establishing a program

Financial management of risk relates to the decisions on what toinsure, what to self-insure and any combination therein. In aself-administered, self-funded program, a key decision on theprogram set-up is whether to involve a third-party administrator(TPA), and if so, at what point. It's important to decide:

• How is bringing a TPA onboard going to affect front lineresponse?

• Will a TPA be an effective extension of the message passed alongto customers, patients or patrons?

• If a TPA will not be involved, are appropriate personnel andtraining available to manage these losses?

2. Risk transfer vehicles

A comprehensive risk transfer program is also another strategyto manage risks. It provides an opportunity to transfer risk insituations where outside partners or vendors are involved. Aneffective risk transfer program not only requires proof ofinsurance in line with the contractual insurance requirements, butalso goes to the next level, ensuring what is being supplied on thecertificates is actually in place and in compliance with thecontractual language.

Maintaining certificates of insurance in and of itself is not asuccessful risk transfer program for multiple reasons:

• The additional insured status provided may not be in compliancewith the requirements.

• The certificate could be issued in error (in that it provides noguarantee of coverage or insurance based on the standarddisclaimer).

• What is interpreted to be “similar language” on a manuscriptform may not be the same coverage that was requested via thecontract language and the known ISO additional insuredendorsements.

3. Supplemental insurance coverage

When risk transfer is not an option, services are being providedinternally or there is a desire to insure a risk — there arevarious coverages available. General Liability and Workers'Compensation insurance are the coverages most commonly associatedwith the above-mentioned risks; however, there are a few othersthat also could also be beneficial including Crime, EmploymentPractices Liability and Professional Liability.

Crime coverage provides protection against employee theft anddishonesty. Third-party crime coverage can also be added. Insituations where janitorial, maintenance and security services areprovided by outside vendors, this coverage can be required viacontract to enhance the risk transfer program.

Employment Practices liability is coverage to protect an insuredfrom their wrongful acts against employees or potential employeesin employment situations. By adding third-party coverage to anemployment practices policy, additional coverage is added to coverwrongful acts (like discrimination and harassment) by employeesagainst non-employees such as clients, customers and vendors.*

Professional Liability insurance or errors and omissionscoverage is for enterprises that offer professional and personalservices. It provides protection in the event that a client isharmed from a service such as security or advice provided for whichan enterprise, mall or facility is held legally liable.

Janitorial, security and maintenance services pose unique risksto the enterprises they serve when interfacing with customers,patients and the general public — regardless of whether they'redirect employees, or employees of a vendor providing theseservices. A thorough assessment of the exposures, risk transfervehicles and supplemental insurance coverage can help mitigatethose risks.