Retail Loss Prevention Policy

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Retail Loss Prevention Policy

Updated: 6 April 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization. Many times things we do online will impact people’s lives physically, financially, and emotionally.

Note: This policy assumes the person signing has some or all retail operations under their management structure.

  • I will report security incidents, concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline as soon as possible and safe. If they are not available and I feel unsafe, I will contact law enforcement.
  • I will engage the organization’s safety and security leadership in all retail project planning, regardless of the scope or location of the retail activity.
  • I will engage third-party event security and event safety professionals if our organization does not have these professionals on staff, as soon as new retail project planning starts.
  • I will gather requirements and plan and fund all safety and security requirements for any retail project or retail event outside of our regular retail locations.
  • I will gather, plan, and fund all cyber and online retail loss prevention requirements for any new or sustaining retail activities of the organization.
  • I will make sure all retail activities that involve credit cards are Payment Card Industry (PCI) 4.0 compliant and independently verified before starting, and verified on an ongoing basis.
  • I will make sure all retail activities that involve cash have a cash movement and audit procedure involving at least two employees who are rotated throughout the retail activity.
  • I will make sure all retail activities that involve physical inventory incorporate physical inventory protections before opening, during retail hours, and after closing.
  • I will not manage any safety and security operations unless that is my department role — I will leave these operations to trained, certified, and licensed professionals.
  • I will make sure there are controls to prevent unauthorized individuals from accessing the retail environment.
  • I will make sure there is an emergency plan in place (not just calling 911).
  • I will make sure there is security consideration for any unique cyber security elements of the retail environment.
  • I will make sure media and social media impacts are considered in planning.
  • I will make sure Behavior Threat Assessment Management (BTAM) and location threat information (e.g., CapIndex) are addressed during all retail hours.
  • I will make sure anti-theft devices, lockdown capability, cameras, and panic buttons are core technologies in place for all brick-and-mortar retail operations.
  • I will exercise and test our retail loss prevention capabilities on a quarterly basis, covering all retail locations at least once per year.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.