In Mississippi, a mall owner was found negligent for injuries a woman sustained after an assailant attacked her in a parking lot of a shopping mall. A patron walking by saw the attack and reported it to security, who upon initial response found the assailant holding a knife and the victim in the vehicle. The security guard called an associate security guard for assistance then left the scene. The victim survived with non-life threatening injuries and was awarded $40,000 in damages.

The mall owner appealed, arguing that the the contract security company was at fault. However, the appellate court affirmed the lower court’s decision, citing that the mall owner could not delegate his liability to the security company. While the exposure for this did not end up being financially catastrophic, this is just one of many examples of the necessity to manage services provided in the areas of maintenance, janitorial and security for commercial, healthcare and public enterprises.

Assessing exposures

In an ever-changing world, identifying the risks for service providers and how those risks may or may not impact the operation is critical. Some of these risks, while still a challenge to manage, are easier to identify than others. Here are four exposures to look out for:

1. Slips, trips and falls

Slips, trips and falls are an anticipated risk in most operations, yet remain a challenge to mitigate and manage as noted by The National Center for Injury Prevention and Control. The Center also reported falls as the number one cause of non-fatal injuries in the United States for 2013. Maintenance and janitorial services provide opportunities for prevention of these losses by their diligence in managing the risks. These opportunities can be extended to provide a defense against liability where consistent response management and documentation of those responses is clear.

2. Technology

Technology creates an ever-evolving landscape for society, and the impact on risk is no different. With cellular technology and wearable electronic devices, privacy and security are a concern for all industries. Maintenance, janitorial and security personnel in their roles typically have access to areas that are not open to the general population for that organization. Instituting a check and balance system to avoid alignment of control or the ability to manipulate the information shared will assist in mitigating the potential exposures, as well as deter those who may view this security as an opportunity.

3. Employee relations and hiring practices

Employee interaction and relations play a role in any workforce, and notably in these fields. Maintenance, janitorial and security staff are roles in which there is a great deal of interaction with others not necessarily under the same management (whether internally or externally). The level of independence in these roles and volume of interactions creates an opportunity for employee relation situations such as discrimination, harassment and a hostile work environment. Having strict procedures including investigation of every allegation/complaint, a response to the complainant, as well as a zero tolerance disciplinary process in place helps insulate the organization from liability.

Hiring practices and discrimination concerns arise in all industries with the security service industry posing an interesting challenge. While the Americans with Disabilities Act requires that an applicant or employee be evaluated for the job based on the essential functions of that job, the question arises: What are the essential functions of providing security services? The EEOC’s Miami district office recently found a security guard was discriminated against after being let go based on a patron complaint that this guard had only one arm. Having clearly defined physical requirements and essential functions of all roles within an organization is the best way to mitigate this type of discrimination exposure.

4. Personnel authority

Security roles continue to be a way enterprises can ensure the safety of their patients and patrons. In providing these services, some inherent risks arise. A majority of security personnel are private citizens with no civil authority, but rather the same authority as a member of the general public. This creates a unique set of exposures, including harassment, false detainment and assault. While the involvement of security should be to protect the property and safety of those within the enterprise, the levels of response should be relative to the threat posed.

Policies should delineate response levels and identify the circumstances when these responses are appropriate. Security exposures take on different roles in patient and domestic situations. Security services should focus on de-escalation of a situation when possible; however, certain circumstances or instances may be out of their level of expertise or ability. In these situations, security personnel must focus on the threat posed to both the aggressor, as well as to the victim, and the public when present.

Janitorial and security staff may be first responders depending on the threat posed or situations that arise. It is important that the appropriate personal protective equipment be provided in accordance with OSHA Guideline 1910.132. This guideline provides for a hazard assessment and identification of the necessary personal protective equipment for those hazards faced. These hazards typically include CPR and first aid treatment. First responders may also be involved with hazardous clean-up situations. To determine the regulations that apply, as well as the personal protective equipment required, hazard assessments should be completed and potential exposures identified.

Managing risk

The initial response to a situation is the most critical element in managing risk. Whether the loss involves a security issue, clean-up situation or maintenance problem, how the clients, employees, patients, and public interactions are handled will set the stage for the public impression. In situations where there is media involvement, having a public relations (PR) policy and response protocol will ensure the message sent promotes the image and brand of the enterprise. PR firms are able to assist in both the development of these protocols, as well as provide immediate support and guidance when situations arise. Besides PR, here are other ways to manage risk:

1. Establishing a program

Financial management of risk relates to the decisions on what to insure, what to self-insure and any combination therein. In a self-administered, self-funded program, a key decision on the program set-up is whether to involve a third-party administrator (TPA), and if so, at what point. It’s important to decide:

  • How is bringing a TPA onboard going to affect front line response?

  • Will a TPA be an effective extension of the message passed along to customers, patients or patrons?

  • If a TPA will not be involved, are appropriate personnel and training available to manage these losses?


2. Risk transfer vehicles

A comprehensive risk transfer program is also another strategy to manage risks. It provides an opportunity to transfer risk in situations where outside partners or vendors are involved. An effective risk transfer program not only requires proof of insurance in line with the contractual insurance requirements, but also goes to the next level, ensuring what is being supplied on the certificates is actually in place and in compliance with the contractual language.

Maintaining certificates of insurance in and of itself is not a successful risk transfer program for multiple reasons:

  • The additional insured status provided may not be in compliance with the requirements.

  • The certificate could be issued in error (in that it provides no guarantee of coverage or insurance based on the standard disclaimer).

  • What is interpreted to be “similar language” on a manuscript form may not be the same coverage that was requested via the contract language and the known ISO additional insured endorsements.

3. Supplemental insurance coverage

When risk transfer is not an option, services are being provided internally or there is a desire to insure a risk — there are various coverages available. General Liability and Workers’ Compensation insurance are the coverages most commonly associated with the above-mentioned risks; however, there are a few others that also could also be beneficial including Crime, Employment Practices Liability and Professional Liability.

Crime coverage provides protection against employee theft and dishonesty. Third-party crime coverage can also be added. In situations where janitorial, maintenance and security services are provided by outside vendors, this coverage can be required via contract to enhance the risk transfer program.

Employment Practices liability is coverage to protect an insured from their wrongful acts against employees or potential employees in employment situations. By adding third-party coverage to an employment practices policy, additional coverage is added to cover wrongful acts (like discrimination and harassment) by employees against non-employees such as clients, customers and vendors.*

Professional Liability insurance or errors and omissions coverage is for enterprises that offer professional and personal services. It provides protection in the event that a client is harmed from a service such as security or advice provided for which an enterprise, mall or facility is held legally liable.

Janitorial, security and maintenance services pose unique risks to the enterprises they serve when interfacing with customers, patients and the general public — regardless of whether they’re direct employees, or employees of a vendor providing these services. A thorough assessment of the exposures, risk transfer vehicles and supplemental insurance coverage can help mitigate those risks.