I think DCJS regulators need to hear more than just one side of the ES-related comments (particularly where there is no proposed language or changes on the table about many of these issues), and so I offer some counterpoint to what’s been suggested.

 

On electronic security personnel needing to obtain a locksmith certification: I agree with the ES folks. Electronic security technicians and locksmiths deal with two different aspects of access control and the regulations should define each so that only one category is required for each group even where there is some overlap between the two. This wouldn’t be an “exemption” for anyone, but simply a matter of definition that would not require a lot of rework of the regulations.

 

On ES training (in particular exempting ES from needing to have certified instructors, changing ES to one category): I disagree with the way the ES folks have framed the need for changes on these matters. The actual costs are not as significant as claimed (especially when compared to other regulated categories). And the stark alternatives offered are not representative of all that can be done to make improvements. I speak to these issues as follows:

 

First, instructors are required to be certified by DCJS to ensure that a minimum standard is met by those who provide training on regulated activities. This is true for all the PSS categories and ES should not expect to be treated differently. It may be true that certain ES businesses are reputable and provide quality training, but it might not be true for all. That's why there are minimum standards-- both for instructors and for curriculum. 

 

Second, ES is not subject matter that has changed so drastically in the past few years and that now changes so often that no basic curriculum can be developed as a minimum standard of knowledge and skills. The ES folks here also talk about proprietary information and technological changes as if the fundamental electronics behind the systems have changed (they have not) and they appear to ignore the regulatory schema that is part of ensuring each registrant understands the relationship the Commonwealth creates between providers of regulated PSS activities and clients. 

 

A number of authors have produced works (e.g. Thomas Norman, CPP, PSP, CSC—Integrated Security Systems Design: Concepts, Design, and Implementatic, 2007) that provide an overview and basic knowledge about ES systems and that are still relevant today. Those are but some of the resources that could be used to develop a better basic curriculum for ES. And that’s because the minimum training for ES should not be designed to teach proprietary systems or even cutting edge technological innovation. It is not meant to make anyone “Experts” (and any company claiming that minimum compulsory DCJS training does is misrepresenting reality). The minimum is the minimum-- what are the basic things ES techs and support staff need to know for a base level of knowledge that can give the public (especially others in the PSS community) a sense of what they're dealing with? That's the same for all other PSS categories-- particularly those with only a couple of days of training. And ES should expect to be treated no differently. 

 

The real complaint appears to be that the ES minimum compulsory curriculum isn't well designed. And that's the problem that should be fixed-- not a wholesale exemption for ES businesses to be (un)regulated in a way that is inconsistent with the overall PSS regulatory schema. 

 

Third, ES businesses can conduct their own training-- if they meet the requirements to do so. All PSS businesses could claim that they can conduct in-house training without DCJS oversight and without certified instructors. The problem is that would be no guarantee that the businesses would then do so to a minimum required level. And the public (and others in the PSS industry) would then have no reason to be confident about the minimum training of ES personnel. Having a regulatory schema for training provides some checks and balances so that there are minimum standards not only for instructors but also about how training is delivered and recorded. ES folks should note that, currently, the PSS regulations do not require that a PSS registrant obtain training from an unrelated, third-party provider (a training school with no affiliation to the PSS business) even though there would be a public safety benefit there (enhanced confidence that the training records aren't falsified). The current regulatory schema strikes a balance between more strict regulation and the freedom to operate within broad boundaries. (And these broad boundaries do not—as has been suggested—prevent a non-DCJS certified business rep from coming to an ES business to demo a product or even to give technical instruction on proprietary equipment. Such training simply isn’t counted toward DCJS in-service training.) So, ES businesses can conduct their own training-- but those wanting to conduct PSS training on regulated topics are required to follow the same regulatory schema that all the other PSS businesses do.   That's as it should be.

 

On making a single category for ES: I disagree with the extremes that the ES folks have suggested, but fundamentallyagree with their overall point. A primary reason that ES has so many categories is that all ES personnel have to be vetted and categorized given the level of vulnerability ES companies create for their clientele (a position of trust with very sensitive information). But that doesn't mean that four different categories are needed. 

 

Although it's been suggested that ES salespersons need to know the technology behind ES systems, that’s debatable. You can go door-to-door to “sell” alarm systems without having a technician's level of understanding about them. You can dispatch an alarm response without knowing how to service equipment. You can handle accounts and customer service without technical knowledge about installation.  And so on. There are account and support people who help to run the ES business (deal with accounts, monitor systems, dispatch, etc.) and there are technicians who shoulder the bulk of the on-site technical aspects of the work-- the design, installation, servicing, etc. If you want your sales people to have in-depth knowledge of the technical side, then train them on it. And if your business is small and your technicians are support staff as well, then they might need both categories. But no ES company should be automatically required to have all personnel train in technical aspects of ES. 

 

Consequently, I would suggest that there should be two ES categories-- the electronic security technician and the electronic security support personnel (everyone else)(I'm still trying to figure out a good name for that category). The minimum compulsory curriculum for support staff would be largely regulatory issues (code of conduct, ethics, privacy-- that would all be included for the tech as well) but not include technical aspects of access control, installation, and equipment servicing. Having two categories is a benefit to the ES community because the ES business is not then required to send personnel to be trained on subject matter they wouldn't need for their job.

 

What does seem clear is that people who register in multiple categories have a lot of repeated training on DCJS regulatory subjects (and that might be part of the complaints about repetitive training requirements). What I would like to see is the DCJS PSS entry-level registrant that covers all the DCJS regulatory material and that works as the base DCJS registration for all PSS “regulants” and acts as a vetting good for 180 days (to also reduce multiple fingerprint submissions). Then there would be subject matter registrations (SO, ASO, PPS, PI, Canine Handlers, ES Tech, etc.) that would provide for minimum compulsory training in those disciplines. I understand this idea has been introduced before and shot down, but I think it deserves to be revisited if massive regulatory changes are being considered.

 

As for ES retraining, the “job-related subjects” should be used for both ES categories-- and as has been suggested (Betsy Clark) that could be the same type of retraining for both ES categories. But that's true because retraining is on a minimum compulsory level for ES topics-- and not addressing advanced topics, technological innovations, or proprietary information. That kind of more advanced OJT should not be confused with retraining of minimum compulsory subject matter.

 

On allowing a compliance agent to work for more than one licensee: I agree with the ES folks insofar as they have suggested that a single compliance agent should be able to work for multiple companies when those companies are owned and operated by the same “person” (using the definition in the regs). But I would disagree that there is a compelling reason to change the existing regulations otherwise. The compliance agent isn't a DCJS category so much as it is a requirement that PSS businesses organize in such a way as to have a principal or trusted employee be directly knowledgeable and responsible for regulatory compliance. That requires some level of intimate knowledge of business operations, personnel, and activities that would generally only be known and shared by businesses owned and operated by the same person. Fortunately, such a regulatory change only requires some language modifications to a few parts of the PSS regulations.

 

On using temp agencies: This issue isn't limited only to ES (really none of the issues are since the

PSS regulations are designed to be a system that encompasses various categories). The ES folks might be suggesting here that some of their employees should not need to be vetted. But people who work for ES companies are vetted and registered because of the vulnerability posed to the clients and the significant public trust given to ES businesses. The only result of such a change would be a potential reduction in public safety. (And it isn't clear that anyone is suggesting such a radical change.)  

 

What really seems to be the issue is that ES businesses want to be able to hire people without making them “employees” (primarily to avoid being responsible for paying certain benefits and compensation that might then be required). And if comments at PSSAB meetings and elsewhere are indicative of the general sense of things, that's true of other PSS businesses that do PPS and PI as well. This is where I simply ask a question: Why is it that the PSS regulations appear to require persons who work for a PSS business to be an “employee?” Why couldn't those persons be hired under some form of contract—and even through a third-party? As long as the PSS business directs and supervises the conduct of the person hired and as long as all applications and vetting have been processed with DCJS, why must the worker be an “employee?” A change to the language in the regulations that shifts the “employee” requirement to “hired or otherwise utilized” is possible (and without creating independent contractors). However, I should note that any temp agency making persons available for temp work for regulated PSS activities (where those persons are already registrants)-- and not just providing access to a general labor pool-- should need to be a licensed PSS business.

 

CONCLUSION: I urge the ES folks in particular to consider the points made here. Changes can be made to improve the circumstances of all PSS categories without exceptions and wholesale exemptions just for ES. I've begun to work up regulatory language modifications that address many of these issues across the board, and I hope to have the opportunity to share them with you all as we consider ways to make things better going forward.