Lanxess is a leading speciality chemicals company with sales of 8.3 billion euros in 2013 and around 17,300 employees in 31 countries. These days, the company is represented at 52 production sites worldwide. The core business of Lanxess is the development, manufacturing and marketing of plastics, rubbers, semi-finished products and speciality chemicals. The responsibility for operational business at Lanxess is assumed by 14 business units, which are  geared towards the needs of the market. Our scientific editor, Heiner Jerofsky, talks to Dirk Fleischer about the tasks and objectives of security management at a globally operating chemicals company.

GIT SECURITY.com: You're responsible for corporate security at your company. What objective and strategy do you pursue as a global player in this task?

Dirk Fleischer: As the Corporate Security Department, we're responsible for the security strategy and for implementing global safety standards which, on the one hand, are legally required, and on the other, are defined by the company internally. Personally, I find it important that security is understood not as a  predominantly event-driven day-to-day business, but as process-oriented on the basis of clear objectives and analyses. Our primary objectives are to ensure compliance with the current security regulations, thereby safeguarding the assets of the company and its shareholders, as well as the integrity of our employees. In other words: security compliance, business protection and integrity.

It goes without saying that security levels in the chemical industry have to be particularly high. What should our readers see as the most important fields of responsibility, subject areas and corporate security divisions?

Dirk Fleischer: Actually numerous explicit regulations apply in our industry segment to dictate security surrounding chemical plants. Together with the security officers at the plants, we precisely analyse the prevailing national legal requirements and then jointly assess the respective security situation. In a standardised questionnaire, we audit the security measures and record the results. If required, we implement appropriate countermeasures. Although sometimes quite different in the details, there is a big overlap when it comes to security requirements: security risks must be assessed, responsibilities  clearly defined, unauthorised access prevented and deviations remedied on an ongoing basis. This regulatory process is covered by site security.

It is well known that security concepts are the result of current risk and threat assessments. In your risk assessment, where do the greatest dangers lie for your company and how do you rate the current risk and threat situation at the German sites?

Dirk Fleischer: This year we analysed the security situation and defined the following core challenges: a) Industrial and competition espionage, b) Danger of terrorist or extremist attacks and c) General forms of property crime. Against the background of the current discussion, I think a) is self-explanatory. b) has a low probability of occurring, but would be disastrous in terms of the extent of loss. Incidentally we include in this eight aspects of supply chain security. The general types of crime worry me, because for one, unrecorded crime is really high, and for two, the number of incidents has increased. We've now established a global incident reporting tool, which we use to record criminal acts that threaten our company. My impression is that the economic damage caused by "petty crimes" is huge. Now I usually get asked why I don't see cyber crime as a danger. I actually see it very much that way. But I'm of the opinion that the mode of perpetration using technical means, i.e. predominantly computers, smartphones, etc., is essentially a method and not an independent type of offence. Nevertheless, this committing of an offence using electronic means in the form of so-called  cyber crime does represent a challenge for me.

With different sites in 31 countries, securing installations, real estate, production plants and company premises against external disturbances is a real challenge. How and with what measures of property security and surveillance are you able to ensure that technical and personnel security standards work within an economically viable framework?

Dirk Fleischer: Over the last year, we've started  to define standards in a technical guideline. On the basis of the threat situation, we try to define safety objectives and then to provide guidance on how these objectives can be achieved using best practise examples. I'll give you an example: an American provision stipulates that fences around chemical installations have to be 7 feet high. During one of our audits, we notice that the fence complies with these  requirements, but that the weather situation has caused it to become completely eroded (photo can be attached). Therefore, we pursue the line of "security
by objectives" which we highlight with clear measures.

How do you recognise, prevent and, where necessary, combat business disruptions and criminal activities, such as thefts, sabotage, espionage, terrorist and extremist attacks?

Dirk Fleischer: Unfortunately criminality is ubiquitous, and with increasing complexity and criminal energy, the combative strategies are also limited. Depending on the phenomenon, we try to develop an appropriate combative strategy which is always made up of personnel, technical and process-related security. Vigilant colleagues, technical safety devices and tags can already be effective in combatting property crimes at the plants through the use of artificial DNA; they are supported by an audited receipt and release process. Being equally able to ward off an APT attack on our active directory of a state player would be a real feat of arms. I'm especially pleased that we've established an unrivalled and effectively networked and integrative security philosophy. We work closely together, with mutual trust and in a critically constructive manner with colleagues from the auditing department, IT security and the compliance team, along with other relevant players. I believe that Lanxess is exemplary in this regard.

How important do you rate the dangers of industrial and competition espionage and what advice can you give to other security managers?

Dirk Fleischer: I wouldn't like to presume I have clever advice to give, since there is already a down-to-earth and constructive dialogue among security officers. The numerous productive working groups, in which my employees are involved with colleagues from other respective companies, repeatedly deliver results at the highest professional level. Again and again, I'm impressed by how quickly and dedicatedly our networks and working groups respond to enquiries and how important the added value is. I consider the danger of competition and industrial espionage to be serious. Although we still experience traditionally led conflicts, I believe that organisations, states and also companies will compete more strongly for market potential and capital in the future, and conflicts will ensue from this. Ever increasing networking, new forms of communication and completely changed communications behaviour are a huge
challenge for us all.

How and with what measures do you ensure that safety rules, operating instructions, emergency plans and other information on security and emergency procedure reach all employees and are taken seriously?

Dirk Fleischer: I believe a high degree of safety awareness prevails in the chemical industry. Lanxess invests a lot of energy in preventing industrial accidents and involves employees here as well as at all managerial levels. Since the topic of security doesn't enter into competition with the topic of safety, we're able to use the synergies. In the last year, the Corporate Security Department alone has reached more than 3,000 employees at a diverse range of awareness events and across all managerial levels.

In the context of your security management, do you use your own security personnel or work with external companies? What qualifications do you expect from these employees and do you also provide your own training?

Dirk Fleischer: It differs internationally. In Germany and abroad, we also have our own security personnel, but we mainly use security contractors. In terms of qualification, it's vital to know which statutory requirements need to be complied with. At almost all sites, there is some kind of security legislation. Whether it be the requirement of guards with very diverse qualification levels in South Africa; the commencement of legal initiatives in India to standardise the qualification, particularly at chemical plants; or efining standards for safety specialists in operation authorisation at plants in France.

What significance do technical facilities like fire, raid and intruder alarm systems, video surveillance and access control have for the safety of people at your company?

Dirk Fleischer: Technical measures are a fundamental cornerstone of our security systems. In our view, they represent the basis of our safety thinking. Our new Group headquarters is a great example of transparent and efficient working conditions and high technical safety standards. In a so-called measures list, for example, we have defined numerous technical measures, thereby setting uniform technical standards for information security across the group. The
challenge for us is to implement consistent standards and to find the correct partner in the process. I'd very much like to see a consistent technical security infrastructure. Up to now, we've failed to find the proper approach for this.

How do you communicate the company's security philosophy and what role do the topics of employee motivation and prevention play?

Dirk Fleischer: I firmly believe that criminal activities can only be prevented with motivated, vigilant and capable employees. That's why we feel it's important in my department to reach as many employees as possible with this topic. The best fence is of no use to me if no-one is watching on the door or in the plant to see who's coming and going at our plants and what he or others in the transporter are loading. On the subject of safety, we follow the merican campaign "If you see something - say something", encouraging employees to be as open as possible about incidents or near incidents, thereby
strengthening the aspect of prevention.

What private ambitions and business aims do you have for the near future?

Dirk Fleischer: In terms of business, I'd like to see Lanxess succeed in overcoming the economic challenges. This is certain to be the case given our current strategy development and management team. Privately, I'd like to have more time for my family.