ANSI Denies ASIS Petition Against BEPP Executive Protection Accreditation

Security management association ASIS petitioned standard-setting body ANSI to block a new security organization, BEPP, but lost.

BEPP called ASIS "arrogant", telling IPVM they started their group after years of ASIS not making progress in setting standards for executive protection. ASIS told IPVM they have declined to work with BEPP.

In this report, IPVM examines ASIS' petition against BEPP's accreditation and ANSI's denial of the ASIS petition, including an interview with the Chairman of the new Board of Executive Protection Professionals (BEPP), James Cameron, and comments from ASIS.

Executive Summary

Although ASIS often creates security industry standards, it has not created one for the EP industry. However, when BEPP began the standards creation process, ASIS filed an appeal to strip BEPP of its accreditation status (i.e., BEPP's ability to create standards). ASIS accused BEPP of falsifying information and claimed BEPP failed to collaborate with ASIS on its EP standard activities, in violation of ANSI guidelines.

Ultimately, ANSI rejected ASIS's claims, reasoning that because ASIS owns no EP-related standards, BEPP had no obligation to reach out to or collaborate with ASIS before applying for accreditation.

Board of Executive Protection Professionals (BEPP) Background

BEPP is a non-profit organization established in March 2021 aiming to create the first executive protection (EP) national standard in the US. The organization, which reports ~150 security industry professionals, consists of 3 groups: the commission, a technical committee, and a working group.

James Cameron, the founder of BEPP, chairs the commission, a 16-person large body that oversees the organization. The commission includes security professionals who own executive protection businesses and also a medical doctor, an attorney, and a former FBI special agent. Notably, they include 6 professionals with ASIS CPP certification, including Cameron.

BEPP Chairman Cameron is CEO of Security Concepts Group, which provides executive/personal protection to business executives, foreign diplomats, and high net worth individuals. Cameron is also a Bronze Star recipient combat veteran and worked for the US Department of State, serving as the security detail leader for the US ambassador to Iraq and Afghanistan.

The diagram below, from the BEPP website, shows how BEPP plans to create and revise the standards they are working on:

BEPP is just "driving the bus" to finally create an EP standard, Chairman James Cameron said during an ISC West interview in March 2022. This effort is reliant on the security professionals in the Technical Committee and Working Group to work through what they believe needs to be standardized in the industry:

With the process, there's a vote, so it's not the Board of Executive Protection Professionals that is saying this is the standard. We're kind of driving that bus. We've invested the monetary amount needed for the applications, the corporation all of that, but it's really the individuals that are part of the technical committee and the working group, that at the end of the process will validate, "Yes, this is what we agree to be a standard to submit to ANSI." [emphasis added]

American National Standards Institute (ANSI Examined)

BEPP is working with the American National Standards Institute (ANSI) to create an official EP standard. ANSI is "a private, non-profit organization that administers and coordinates the U.S. voluntary standards and conformity assessment system," according to its website. Notably, ANSI itself does not develop standards. Instead, ANSI positions itself as a "neutral venue" for coordinating standards and provides a framework for organizations to develop standards.

Standards Creation Examined

Creating a standard through ANSI is a two-step process. First, to be able to develop an ANSI standard, an organization must first become an accredited American Standards Developer (ASD). ANSI's Essential Requirements Section 4.1 outlines the criteria for accreditation, including that the applicant must be a legal entity (e.g. registered as a business), agree to "cooperate with ANSI in standards planning," continue to maintain any standards approved, etc. Accreditation applications are announced publically in ANSI's weekly Standards Action publication and the public can lodge comments for 30 days after the announcement.

After an organization becomes accredited, it can submit individual standards to be approved by ANSI. Developers will file a Projection Initiation Notification System (PINS) form to "indicat[e] the initiation of an ANS [American National Standards] project and its announcement for public comment."

ANSI typically does not allow duplicate or conflicting standards to exist. Section 4.2.1.1 in ANSI's Essential Requirements outlines the criteria for the approval of an American National Standard, stating:

The BSR [Board of Standards Review] shall not approve standards that duplicate existing American National Standards unless there is a compelling need. [emphasis added]

BEPP's website acknowledges this restriction:

ANSI rarely, if ever, allows for the creation of competing Standards. Since the Board of Executive Protection Professionals has formally submitted and announced its intention with ANSI to create a National Standard on this topic that prohibits others from filing to create a similar or competing Standard.

No ANSI EP Standards from ASIS

Although ASIS often issues security-related standards, it has issued no EP-related ones, ASIS confirmed to IPVM via email. ASIS is an ANSI accredited standards developer and currently has 10 ANSI published standards and other guidelines, a portion of which are screencapped below:

BEPP Chairman: ASIS Declined Creating EP Standard in 2017/2018

BEPP Chairman Cameron told IPVM that ASIS had explicitly declined to create an EP standard ~4-5 years ago. At the time, Cameron was a member of the ASIS EP Council working on creating an EP standard:

In roughly 2016, I became a member of a new EP Council for ASIS, back then they were known as councils. Now they are known as communities. I was accepted to join, and it was a limited number of people in the council. It was addressed by the fellow council members that there needed to be a standard. The chairman at the time pushed forward an application to ASIS to start an ANSI standard or guideline for executive protection. That was around the 2017/2018 timeframe.

ASIS said the proposal was "not mature" enough and that ASIS would return to consider it in the future, Cameron told IPVM:

ASIS rejected the application, saying that it was not mature enough. That was the reasoning they gave, that it wasn't a mature enough topic and they would address it at a future date. Then they just never got around to it. [emphasis added]

However, Cameron told IPVM that it is likely ASIS saw little return on investment for creating an EP standard, which is why ASIS denied pursuing creating a standard:

We were kind of assuming and told on the backchannel there's no return on investment for ASIS. So they really didn't want to put too much into it. Because it [creating a standard] is an expense, both monetary and time. They looked at EP as being such a fraction, a small fraction of security, that they didn't deem it worthy of that effort. That was unofficially what we heard in the backchannel. [emphasis added]

Cameron Leaves ASIS, Founds BEPP

This resulted in Cameron leaving the EP Council/Community as he was frustrated with ASIS' inaction:

At that time I left the community because I was pretty upset with it. I called everybody else saying that you guys are here for the name only, you guys just like to add it to your LinkedIn, but it's a do-nothing community and a do-nothing Council. If you're going to be a council, there should be something you're producing other than a quarterly newsletter.

After leaving the ASIS Council, Cameron did not establish BEPP immediately but continued to feel the need for a specific EP Standard, he shared with IPVM:

As time grows and as social media grows, I really saw that there are a lot of people that don't know how to operate in the executive protection sphere. I get a lot of questions from new people saying, "What's the best school should I go to for executive protection training?" And I don't know what to tell them. There's nothing out there for a standard for them to reference. I can tell them which ones I would prefer to stay away from due to poor business practices, but there was no standard out there. [emphasis added]

He began to reach out on LinkedIn to EP industry professionals, ultimately creating BEPP.

Cameron told IPVM BEPP and ASIS did not communicate as BEPP was being built, citing that many BEPP members saw "no value" in being an ASIS member and were happy to have a venue to potentially create a standard outside of ASIS:

There was no communication [between BEPP and ASIS] at the time and, to be honest, I would say a percentage of our board aren't members of ASIS and the reason for that is that they see that there's no value in being a member of ASIS. Some of them were actually quite happy that we were doing it independently away from ASIS. [emphasis added]

BEPP is also different from ASIS' EP Community, which has little incentive to create standards, Cameron says:

The [ASIS] EP Community is made up of individuals who own training companies or have an influence on training companies. They don't have a desire to have a standard because that'll impact how they deliver their product or service. I don't have a training company. Nobody on the board has a training company. Our interest is the betterment of the service that we deliver to the clients and to those that are in the industry on professional development and in creating a standard for people to fall back on. [emphasis added]

Cameron on ASIS "Money-Centric" and Inaction

Cameron of BEPP further explained his frustration with ASIS' inaction, characterizing ASIS as "money-centric" rather than "member-centric":

I would say that ASIS kind of has the notoriety of doing nothing. They've changed from being member-centric to money-centric. All they care about is GSX and the promotion of GSX versus helping the members like they used to. [emphasis added]

The ASIS EP Council/Community is "synonymous with inaction," Cameron says. Further, BEPP had to be careful with announcing their intention to create an EP standard to prevent ASIS from sitting on an EP standard, Cameron shared:

If we were to let them know, what our intentions were, if they would have filed within the PIN system that would have blocked us out, and they [ASIS] could have sat on that for years. We didn't want to make any announcements until we were approved. If we would have put it out there saying this is our intention, ASIS could have sat on the EP standard and locked us out of it. Then it would never come to fruition. [emphasis added]

BEPP ANSI Accredited, Initiates Standards Development

BEPP applied for ANSI accreditation on June 1, 2021. Public notice was made on June 4, 2021. On September 20, 2021, ANSI approved BEPP's request for accreditation and published a notice of the decision on September 24, 2021.

BEPP submitted a PINS form on October 1, 2021, initiating the process to create a "Standard for Providing Executive Protection."

BEPP also submitted PINS forms for 16 other EP-related standards on October 15, 2021, ranging from robotics to canine support in EP operations. The standards topics can be viewed here.

ASIS Files Petition to Rescind BEPP's Accreditation

On November 8, 2021, ASIS filed a petition to rescind BEPP's accreditation as an ANSI Accredited Standards Developer (ASD). This petition was filed over a month after ANSI had officially approved BEPP's accreditation. Further, according to ANSI's decision on the appeal, ASIS never filed a public comment in June/July 2021 when BEPP first announced it was seeking accreditation and asked for public comments.

On February 17, 2022, the ANSI Executive Standards Council (ExSC) declined ASIS' appeal:

An ANSI ExSC Appeals Panel (the Panel) has considered the appeal filed by ASIS (Appellant) challenging the ExSC’s September 20, 2021 decision to accredit BEPP (Respondent) as an ANSI Accredited Standards Developer (ASD). The Panel denies the appeal. As detailed below, the arguments raised by Appellant fail to demonstrate that the ExSC’s decision was in error. [emphasis added]

ASIS declined to provide IPVM with a copy of the petition it lodged against BEPP in November 2021, claiming the petition is "confidential." ANSI also declined to provide IPVM with a copy of ASIS' petition.

Cameron: ASIS "Asleep at the Wheel"

BEPP Chairman Cameron told IPVM that he believed ASIS was "asleep at the wheel" which is why ASIS did not petition to stop BEPP until November 2021, months after the initial comment period had ended:

Here's my professional opinion on what happened, is they [ASIS] were kind of asleep at the wheel. Our application went through. Notification went out, and nobody from ASIS saw it. But then, since we put the project forward of doing a standard for executive protection, that's when they looked and said, "Well, who are these people? Who's this BEPP?" and "Oh, we got to stop this." That's where it kind of took off down the rabbit hole for them. [emphasis added]

ASIS: BEPP Failed to Coordinate with ASIS

ASIS claims BEPP failed to "coordinate" with ASIS on the development of EP-related standards, in violation of ANSI Essential Requirements, ANSI's final decision summarizes:

The main thrust of ASIS’s appeal is that BEPP’s application in general, and the foregoing passage in particular, does not meet BEPP’s obligations under the Essential Requirements to “coordinate” with ASIS on the development of Executive Protection (EP)-related standards.

However, ANSI stated that because ASIS "has not announced any proposed EP standards," BEPP was not obliged to coordinate with ASIS:

ASIS has not announced any proposed EP standards through the ANS process, BEPP was not under an obligation to coordinate in accordance with sections 1.4 and 2.4, which apply to proposed ANS, not accreditation applications.

Further, coordination efforts only apply to proposed standards, not accreditation applications. Indeed, ASIS' appeal challenged only BEPP's accreditation and did not challenge BEPP's PINS submissions.

According to Section 4.1.2 of the ANSI Essential Requirements, accreditation applications are only required to include a statement "that details their coordination efforts to date and confirms their agreement to work together with existing developers." BEPP submitted such a statement in its accreditation application, summarizing BEPP's views that ASIS had "no interest" in developing an EP related standard:

In 2018 and 2019, robust dialogue occurred at several meetings with the ASIS Executive Protection Council, encouraging the Council to establish the standard we are currently proposing. The Council had no interest in putting forth the required effort or resources to develop an American National Standard.

During a recent May 2021 web conference hosted by the Executive Protection Council, the topic was again raised. The Council Chair reiterated that ASIS was not considering establishing a standard for this domain.

Although ASIS might have an issue with BEPP's conclusion that ASIS is "not interested" in developing a standard, it was reasonable for BEPP to infer this based on ASIS' inaction, ANSI wrote in its final decision:

While ASIS takes issue with BEPP’s conclusion that it was “not interested” in developing standards in this space, we think it was not unreasonable for BEPP to draw that conclusion based on the fact that, despite Mr. Cameron’s advocacy of several years, ASIS did not take steps to develop or announce the development of an ANS relating to EP. Accordingly, Appellant’s arguments that BEPP failed to coordinate with ASIS are rejected.

ASIS: BEPP Application Contains False Information

ASIS also accused BEPP of falsifying information in its accreditation application, according to ANSI's final decision. Specifically, ASIS said BEPP did not attempt to advise ASIS of its decision to apply for accreditation and that BEPP failed to acknowledge ASIS' previous efforts to develop an EP Standard:

In addition, ASIS maintains that the application contains false information in that BEPP in fact made no prior good faith attempt to advise ASIS of its decision to apply for accreditation or acknowledge that ASIS itself has been considering the development of documents in the area of Executive Protection (EP) for years.

Again, ANSI explained that BEPP was not required to coordinate with ASIS at the accreditation stage:

As ASIS has not announced any proposed EP standards through the ANS process, BEPP was not under an obligation to coordinate in accordance with sections 1.4 and 2.4 Coordination and harmonization of the ANSI Essential Requirements, which apply to proposed ANS, not accreditation applications.

"Arrogance" of ASIS

BEPP Chairman Cameron told IPVM he believes ASIS's arrogance made ASIS think that BEPP had an obligation to update ASIS on BEPP's efforts to create an EP standard. However, the ANSI Essential Requirements did not order BEPP to do so, Cameron says:

It was their [ASIS's] arrogance of "No, no, you should have come to us first." That's not what the standard says. The essential requirements require us to harmonize with other organizations that have an already approved or candidate standard. You [ASIS] have neither so, therefore, I have no reason or need to go to you first. [emphasis added]

Cameron says that although ASIS may argue that they were always considering creating an EP standard, ASIS never officially started the standards development process by putting in an EP-related PINS:

You can consider all you want, but until you put the PINS in, it's all hypothetical.

Indeed, ANSI's final decision writes that ASIS itself acknowledged it has "not sought approval for any ANS or even yet determined whether any ASIS EP documents will be submitted to ANSI for approval as ANS in the future."

No ASIS Appeal After Petition Denial

ASIS had 15 business days after the February 17, 2021 decision to appeal, but did not file an appeal, ANSI confirmed to IPVM:

An appeal of an ExSC appeals decision may be filed with the ANSI Appeals Board within 15 working days of the issuance of the decision. This deadline has expired and ASIS has not filed an appeal.

Declines to Collaborate with BEPP

On March 9, 2022, following ANSI's decision to deny ASIS's appeal, BEPP reached out via a letter to ASIS offering to work together to create an EP standard. BEPP informed ASIS that the first Technical Committee meeting was scheduled for March 26, 2022, and that ASIS was still invited to join if they wanted to.

However, on March 22, 2022, ASIS responded to BEPP, stating that ASIS will "politely decline the invitation."

BEPP told IPVM that, even now, BEPP is still "100% open" to working with ASIS on establishing an EP standard.

ASIS told IPVM they would not be willing to work with BEPP in the future to create an EP standard stating:

ASIS has a long track record of effectively partnering with other SDO’s [Standards Developing Organization] to develop standards. An ASIS International standard has been in the works for some time, but BEPP chose to establish themselves as a SDO to develop their own standard on EP.

ASIS Creating Non-ANSI Standard

ASIS told IPVM that it is "currently working on an ASIS International (non-ANSI) standard in executive protection." ASIS directed IPVM to the ASIS International Standards and Guidelines Development Procedures for more information. However, this is a procedures document for ASIS’s establishment of non-ANSI standards. It does not include any detail about how much work ASIS has done on this particular non-ANSI EP standard.

Next Steps for BEPP

BEPP Chairman Cameron told IPVM that this process was "nerve-wracking" for BEPP, because ASIS has far more money than BEPP does:

Everything for us was nerve-racking. I've put a considerable amount of money and time in this and ASIS is obviously a lot bigger than I am. Whether they're losing money or not, they still have more money than I do.

However, now that the appeals process is over, BEPP technical committee and working groups have started to meet. BEPP is also planning to work with Prometric to create a third-party certification for executive protection professionals, Cameron shared.

In his recent ISC West interview, Cameron encouraged any security professional interested in BEPP's work to visit the organization's website:

I would suggest anybody that's interested for information, we do post everything on ep-board.org. We are completely transparent. We put all the topics out, so people can see exactly [what BEPP is working on].

BEPP estimates the standard being complete in 2024.