By Jim Vernon
As I write this article, inquiries, reviews and investigations continue to examine a growing number of major incidents across the world. Different countries, different organisations and different threats, yet the language often sounds remarkably familiar.
Failures, missed opportunities, information not shared, warning signs overlooked, lessons identified, recommendations made.
For those of us involved in counter-terrorism, explosives search or protective security and resilience, this should raise an uncomfortable question. Are we genuinely learning lessons, or are we just becoming increasingly skilled at documenting them?
Having left the sector (retired) I now find myself as a County Councillor sitting on safety and blue light services committees here in the UK.
Adapting to civil roles in local Government has been challenging.
“The objective should not be to pass the audit.
The objective should be to survive the incident”
Counter-IED professionals operate in a world where assumptions can kill. The consequences of failure are immediate, visible and often irreversible. Yet many of the assurance systems surrounding preparedness continue to focus heavily upon ‘process rather than performance’.
“The most dangerous assumption in public safety is that someone else has reported it or checked it. Good assurance verifies. It does not assume”
One of the early and important lessons in safety and assurance emerged from outside the counter-terrorism world. In 1987 the Herald of Free Enterprise Roll-on/ Roll-off car ferry left the Belgian Port of Zeebrugge with its bow doors open.
Procedures existed. Responsibilities existed. The crew existed. The system existed. What did not exist was a simple but reliable means of confirming that a critical task had actually been completed.
The individual responsible for closing the bow doors had fallen asleep in his cabin. Others assumed the work had been done. The vessel sailed. Within minutes disaster followed.
The lesson remains relevant today. Many major failures do not occur because there is no procedure. They occur because organisations assume the procedure has been verified or will be followed.
Terrorism and public safety.
“The purpose of assurance is not to prove success. It is to discover failure…before reality does”
In the Counter-IED environment we spend considerable time discussing technology, tactics, intelligence, equipment and emerging threats. All are important. However, sophisticated technology cannot compensate for weak assurance. Most blue light services in the UK have a level of interoperability built into all their plans and procedures. But increasingly now these start from or are approved, possibly funded and overseen by local government and legislation.
So huge parts of public safety have now moved into the realms of our civil servants and their processes, at a much increased level of complexity and ‘Culpability’. An example would be schools in the USA and active shooter situations.
“The public will not judge us by our plans. They will judge us by our performance when plans fail”
Every organisation involved in public safety possesses various and multiple plans. Many are excellent. The challenge is ensuring they remain current, relevant, realistic and understood. Exercises should not simply validate your crisis plans.
They should challenge them. Regularly you should stress-test them.
After 9/11 I was sent by the UK Government in a hands across the ocean mission to demonstrate to US International Airports (Chicago O’Hare/Baltimore BWI/ Little Rock AK) how we were applying our search dog teams. The TSA had not even been formed, but Police K9 teams were active at these US airports to varying degrees. So I will use dog teams’ examples here, but it’s the same for all or any crisis procedures or products.
Security officer with police dog.
At one of those Airports we visited, one Police team were there with their dogs and were quite concerned and invited us (DESA) to meet with them.
They just had their first annual re-licensing for Explosives search K9s…and two teams had failed. After several quick assessments we could see quickly the dogs were working fine. The issue was the system and the testing but compounded by their virtual lack of any effective real time Quality Assurance (QA) regime.
The big questions I put to the Airport directors who were actually paying the Police department for their K9 teams’ time, were:
”OK, the teams were trained and licensed properly a year before, they had a regular odour test of sorts to complete, and of course their annual license test. So did that mean two dogs were on an off day? Was the test regime at fault? Were those dogs maybe operating all year below par…? Were the handlers aviation trained? If not, why was it not picked up?”…IF dogs were then (and now) still being tasked to search baggage and missing explosives, who was culpable? Maybe it was the handlers not the dogs? Needless to say, they were concerned and red-faced.
It was actually a combination of factors, some glaringly obvious, others simply a sign their K9 sector process was not up to speed, nor were their systems being interrogated or developed. Repetitive task fatigue was also a factor for dog and handler. Only an experienced Assessor would spot that, yet the tasking and monitoring was being left to middle and senior managers with zero to no real K9 search knowledge themselves. They were deciding where and when to use the teams.
I have lost count of how many times I have turned up to a venue and told where to put myself to search or how they want the search carried out. This usually from a middle or senior manager, with zero knowledge of Specialist Explosives Search.
He may well have sat in on the Police briefings or spoken briefly to their POLSA (Police Search Adviser).
A DESA dog searching at Chelsea F.C. 2006.
So the dogs could detect and were working well…but their testing processes were flawed. Their handlers were not dual trained in both specialist rummage, Search and ‘Aviation’ nuances and if I am honest, Police Handler training and skill sets were inadequate for aviation roles.
For the record the USA has and did at speed develop world class training and testing standards post 9/11… So my point is your testing/assessing of the team and the dogs and handlers’ roles back then were flawed.
But truthfully, internationally, I still see the same mistakes in varying degrees today and I have visited many units worldwide from UAE to Australia and even Front Royal US Customs K9 in West Virginia and numerous LEAs to name just a few, and despite advances in Tech and Odour sciences they still ometimes make some of the same old mistakes, in their current testing standards’ Quality Assurance (QA) and on-going training methods. Quality Control (QC) is there for exactly that purpose.
Millions of dollars were spent in the USA to check dogs could detect moving targets. They even patented dogs following scent plumes (Vapour Wake) seriously… and agencies paid a premium and bought into it.
Others today are still researching K9’s olfactory sensitivity. I get asked how do we teach a dog to search?
Answer, we don’t… Dogs can already search, born blind they smell their way to the teat for milk. We just need to train them to do it in a semi disciplined way that we can understand.
So the real super glue to almost everything is dynamic QA and QC. They should never stand still and be capable of fast, if not immediate flexibility and adaption. This combined with a simple but robust Corrective Actions/Preventative Actions system (CAPA) will continually and in real time always reduce risk.
Author with FBI swamp search for buried body.
“Can we continually improve on continuous improvement”?
But it needs to be totally free from often distant senior Management influences, push back or delayed challenges from bureaucratic systems.
Results Based Management (RBM) is now becoming more prominent in many organisations including the Civil Service, and in their own publications they set a great store now on this. We agree too. But results are crucial… yes, and are a measure that you are doing things right… But it’s the whole life aspect of processes that will be key to prevention of faults or failings.
Mistakes are far more costly than prevention financially of course. But especially when searching for explosives that are specifically designed to kill.
We need therefore, to be even more aware of the need to monitor and manage projects and services, increasingly in a whole life manner, if we are to continue being safe and successful.
So, if I go back to my normal mantra of “keep it simple Jim”…
Training on drone course for IEDs, Mines Action Trust – MAT, Kosovo.
QA and QC are an underestimated, misunderstood and underutilised specialty in utilising some process heavy disciplines and sudden new applications. We simply are relying on testing at intervals and pre- checking that contractors must be financially sound and be able to produce good heavy wordage on their QMS and Health and Safety systems and their staffing formulas… and usually must have previous experience and knowledge of our activities. No solid process to bring in new blood?
Quality is a cross-functional discipline; training design teams understand training realities. Design teams identify what they deem to be critical and special characteristics, and provide those to trainers.
Design and process failure mode, and effects analysis are done with cross functional teams. Training Design problems are identified in the training centres and in customer use. Continuous improvement in design requires easy access and understanding of training establishments as well as end user/customer applications and compliance standards. In Local Government agencies particularly and especially UN organisations lots of data are generated in different systems, using different descriptions, and for different uses.
Before everyone starts emailing the Editor… Yes, I know costs play an important and vital role. But you can have a £10 model or £10,000 model in your system.
Croatia De-mining Conference 2006. Dogs–v–Hi-tech
complementing.
The QA and QC for explosives detection however remain the same in their principles. It either ‘can or cannot’ detect explosives; People, or dogs or machines are competent or not competent to search for explosives. Just as a woman cannot be half pregnant, she is either pregnant or she is not pregnant.
An effective team or process is only as good as those managing or using it.
The operational conditions and effects parameters of repetitive successful detection or prevention methods, are then dependent on the QA/QC and ideally a CAPA system to continue at optimal success ratios. The best testing in the world needs to be continually tested, monitored and assured. Not waiting until the next 6 months review comes around.
Modern threats increasingly require exceptionally strong cooperation between multiple organisations, disciplines and agencies. This is essential. Yet multi-agency working can also create lots of ambiguity.
If responsibility is everyone’s responsibility; accountability can become nobody’s responsibility.
But the environment in which local authorities in the UK and Law Enforcement Agencies (LEAs) now operate, is becoming increasingly complex. But I focus here on the skill sets of UK Community Councillors who are responsible for the scrutiny of our safety committees’ actions and plans, and those civil servants overseeing our public safety in everything from floods to terror attacks is the weakest link by far in the UK, and in other civil agencies in many countries – of that I am sure.
The Calocane knife murders enquiry (UK) as I type, has just concluded. Verdict: every single agency failed in its role and responsibility. Warnings existed. Systems existed. Committees existed. Policies existed.
But they all failed, yet all had passed their councils’ safety scrutiny models.
“A series of errors, omissions, and misjudgments at Nottinghamshire Healthcare Foundation NHS Trust meant that Valdo Calocane’s mental illness was poorly managed and opportunities to mitigate the risk he posed to the public were missed, a rapid review has concluded”.1
My own County of Nottinghamshire contains significant sporting venues, major transport infrastructure, flood risk corridors, large scale public events, aircraft over flights, prisons, tourist sites, strategic health and care responsibilities, and increasingly interconnected regional partnerships. The county is also likely to face additional opportunities and challenges arising from Local Government Reorganisation and closer regional integration. Climatic political and even religious considerations add to this complexity.
Alongside traditional risks sit newer challenges including cyber threats, critical infrastructure disruption, major weather events, community tensions, misinformation, lone-actor terrorism, and increasingly complex interoperability requirements between public agencies. That is a HUGE responsibility!
Some critical quality process management activities include:
- Corrective action
- Preventive action
- Issues management (processes)
- Non-conforming aspects or faults
- Recommendations management (processes)
- Quality compliance traceability across the training and searching/tasks life cycle
Most of these risks we are planning for may hopefully never materialise.
That’s precisely the point.
Martyn’s Law (the Terrorism (Protection of Premises) Act 2025) is expected to come into force in spring 2027.
I remember one UK airport dog section being halved as a cost saving? When I asked why? I was told, ”They hadn’t found anything all year” so they were cutting back.
It simply was not linked into dynamic risk assessment with flexibility for the current local or national terror threat intelligence. Perhaps dual skilling of handlers would enable them to be re-assigned to their second task until threat levels increased?
I suggested to one Educational Agency that they could cross train some of their teachers to be narcotics dog handlers and use them on a task as needed basis. Students would more readily accept a teacher than have Police being called in to search their lockers or students. Then of course the processes kick in again.
Actions on a find? (AoF). Do they then call in a Police officer, confiscate finds… how to audit and dispose of finds, what were the legal and insurance implications, threat of retaliation or immediate harm possibilities.
So, my keep it simple Jim… often isn’t straight forward.
CONCLUSION
Thus normal existing local authority scrutiny often fails to identify cumulative risk, fails to challenge assumptions hard enough, fails to stress-test leadership structures and fails to move beyond polite presentation cultures.
There is an element of writing Standards and Standard Operational Procedures (SOPs) and then stand back and watch and simply wait until next annual or six monthly reports are due, or until test days or periodical QA visits arrive. These are all often individual and standalone processes that in reality are administered at different stages, by different people, with different knowledge levels, with different paymasters and differing resources, different spread sheets. All interested in just making sure their little bit is done and their boxes ticked.
The future of preparedness will not be secured by producing more paperwork. It will be secured by creating organisations willing to challenge themselves honestly, test themselves rigorously and learn lessons properly.
Because compliance is not competence and when lives are at stake, the difference matters.
Currently there is a long-standing culture in UK Councils and I am sure this is echoed in many countries and agencies where members are expected to provide reassurance rather than meaningful challenge.
The same themes emerge repeatedly:
- Warning signs existed but were not escalated
- Systems became process-driven rather than outcome-driven
- Agencies operated in silos
- Challenge culture weakened
- Lessons learned became paperwork rather than behavioural change
- Governance became performative rather than operational
Here in the UK and probably worldwide there is now a serious argument that local authority scrutiny must evolve into something far more dynamic and modern evidence driven. Scrutiny should increasingly resemble aspects of Parliamentary Committee examinations, or major Senate-style hearings where assumptions are tested robustly, evidence is examined deeply, external expertise is routinely brought in and uncomfortable questioning is accepted as normal rather than viewed as confrontational.
Martyn’s Law 2026
The Terrorism (Protection of Premises) Act 2025, also known as Martyn’s Law, received Royal Assent on April 3, 2025. This Act aims to improve organisational preparedness and protective security across the UK by requiring those responsible for certain premises and events to prepare for potential terrorist attacks and help keep people safe in the event of an attack. The Act establishes a tiered approach for premises, with different requirements based on the number of individuals expected to be present. The implementation period will be at least 24 months following Royal Assent before the requirements come into force. The Home Office has published statutory guidance to assist those responsible for premises and events in understanding the requirements and how to comply with them.
(Martyn’s law now adds to these requirements in the UK). ■
ABOUT THE AUTHOR
Jim Vernon (Snr), Former Chairman and founding member of the Drugs and Explosives Search Association (DESA) dedicated to setting International standards, Quality Assurance and Assessing in mainly K9 high risk search techniques.
Jim joined the Army first as a Junior Leader in 1967 (1st Btn Grenadier Guards). He served four tours of duty in Northern Ireland two of them as a search team leader and one as Battalion sniper.
His sister was blown up (Survived) by the IRA in the Woolwich Pub bombing, during their mainland bombing campaigns in 1974. Since that fateful day Jim has spent his whole life travelling the world, often at his own expense, training and providing specialist search training and Explosives Search services… mainly to Police, Law Enforcement Agencies (LEAs) including FBI and TSA, US Customs and Military.
After forming DESA Jim was given a special award for services to Law and Order, by Professor Arthur Gibson, Chair of the then, common wealth Secretariat for Industrial Crime at Cambridge University. Other notable firsts for Jim include being the first ever Civilian to carry out explosives search of cargo and Dan Air’s passenger aircraft at Gatwick Airport.
Again as the first civilians to explosives search alongside Police and Royal Engineers at the Manchester Commonwealth Games and can claim provision of Dogs and specialist search services to three Olympic Games (Barcelona/Sydney/Athens).
Numerous others including supporting Humanitarian de-mining standards for GICHD in Geneva, he is a level 4 Lead IQA and Assessor. But after retiring twice Jim entered Politics as a local County Councillor and is now sitting on various Scrutiny committees including Fire services and Community safety in Nottinghamshire (UK).
FOOTNOTE:
- https://www.bmj.com/content/386/bmj.q1796, Valdo Calocane: Report on Nottingham killer identifies catalogue of care failings, The BMJ
Download PDF: 45-53 Jim Vernon article – COMPLIANCE IS NOT COMPETENCE – CIEDR Summer 2026
Counter-IED Report, Summer 2026