CONFIDENTIAL

QUALITY MANAGEMENT PLAN

Prepared for:

Sagittarius Mining Inc

General Santos City

Prepared by:

SOSA Operations Department

May - December 2019

Approved by:

SOSA General Manager _____ _______________________ _________________

CHRISTIAN JONATHAN QUINTANA Date

SOSA Director _________________________________ _________________

COL EFREN R RELLORES Date

SOSA Opn’s Manager _____________________________ __________________

RUSSEL R PEDROSO Date
 TABLE OF CONTENTS

1. INTRODUCTION

1.1 Commitment
1.2 Principles
1.2.1. Goals
1.2.2 Employee Participation
1.2.3 Problem Prevention

2. System for assuring good Management

2 .1. Assurance Program

2.1.1. Assignment of Responsibilities
2.1.2. Written Policies and Guidelines
2.2. Objectives
2.3. Developing a decisions

3. Management Planning

3.1. On Planning
3.2 On Policy
3.3. On Prevention
3.4. On Records
3.5. On Review
3.6. On Risk Acceptance
3.7. On Risk Analysis
3.8. On Risk Assessment
3.9. On Risk Criteria
3.10. On Risk Evaluation
3.11. On Risk Identification
3.12. On Risk Management
3.13. On Risk Register
3.14. On Risk Tolerance
3.15. On Risk Treatment

4. Management Commitment

4.1. Management Organization and Responsibilities

4.1.1. The General Manager
4.1.2. Agency Director
4.1.3. Operations Manager
4.1.4. Detachment Commander
4.1.5. Team leader
5. Statement and Purpose

5.1. Applications
5.2. Policy Statements

6. Quality Standards

6.1. On Human Rights Protection

6.2. On Target
6.3. On Threat Analysis
6.4. On Use of Force Continuum
6.5. On Management Approach
6.6. On Documents Information
6.7. On Integrity
6.8. On Key Performance Indicator (KPI)
6.9. On Constant Monitoring Control and Assurance
6.10. On Health and Safety Plan

7. Reporting of Security Breaches

7.1. On Reporting Procedures

7.2. On Incident Breaches Response Process
7.3. On Information Security
7.4. On Handling of Classified informations
7.4.1. Specific Rules
8. Physical Security

8.1 Access Control

8.2. Security policy
8.3. Exit Control and Movements of Assets
8.4. Handling Visitors

9. Corrective Actions

9.1. General Approach/Justification

1. Introduction

1.1 Commitment

Silent Option Security Agency is dedicated to achieve excellence in delivering professional

services to meet clients' needs. This describes Assurance Program, which is based on four
principles: client satisfaction, employee participation, problem prevention, and continuous
quality improvement. Commitment to client needs and expectations from all SOSA team
members, provides competent and timely effective solutions.

1. 2. Principles

Encourages Managers and staff to take pride in their work and responsibility for ensuring that the
work is done correctly. The program is designed to reduce the incidence of problems related to
the result in implementation, where necessary, of corrective actions and modification of work
procedures, where necessary, to reduce the incidence of future problems.

1.2.1. The principles here are based upon the following goals:

• Creating a safe and secure working environment for the employees of the institution;

• Creating a safe and secure environment for members of the public visiting the institution;

• Protecting the property of the institution;

• Protecting the proprietary information of the institution.

 Managed the utilization of tactics, techniques, procedures, and equipment, including weapons,
in such a way as to achieve both operational and risk management objectives.

1.2.2. Client Satisfaction

Client satisfaction is achieved when SOSA meets or exceeds the expectations of the client
typically established on business practice, regulatory requirements and professional standard of
care. SOSA Managers and Staff concentrate on management efforts on timely and
responsiveness.

1.2.3. Employee Participation

SOSA recognizes the value of having its employees at all levels participate in the program.
Opportunities are continuously sought for encouraging employees to improve the quality of their
work. SOSA’s General Manager encourages participative management by soliciting input from
Operations Manager and staff before issuing company policies and procedures.
1.2.4. Problem Prevention

SOSA reduces the potential problems to occur. The procedures based on the principles of
problem prevention, liability reduction, risk management, and loss prevention. The steps
necessary to assure the quality of work products and services are summarized below:

Make sure the work performed will satisfy the client's objectives;

 Perform work correctly the first time;

 Have all work checked;
 Correct errors where they occur;
 Modify work processes to reduce or eliminate future errors; and
 Demonstrate that the QC procedures have been followed through QC review

2. System for assuring good management

 To improve and identifying problems, monitoring corrective action and studying its
effectiveness will be implemented.
 To study specific root causes and analyzes objective to identify improvements in
organizational structure and function.
 The multidisciplinary approach enhanced staff cooperation and satisfaction, as well as
opportunities to solve problems jointly. Meetings are held as necessary to improve activities.
 Establish objective criteria for use in monitoring; develop plans for improvement based on
findings.
 Assess the effectiveness of plans after implementation and refine the plans as necessary.

2.1 Assurance Program

SOSA’s program consists of the following related components, summarized below:

2.1.1. Assignment of Responsibilities - The Agency designates personnel with the

 Responsibility and authority to implement the Roles and responsibility of personnel. All staff
levels have responsibilities under the program. Training and Development, awareness seminars
are part of the SOSA
 Procedures of client in relation to liability issues and loss prevention. In addition, training on
the fundamentals of project management problem/loss prevention is available.

2.1.2. Written Policies and Guidance - The company maintains written guidance

 including procedures for many commonly performed work activities. It serves to assist
Operations manager and staff to provide a quality of service that meets or exceeds the standard
of practice.
 Project processes and documents have been properly reviewed by qualified Agency Director.
Problems are communicated to the Operations Manager and corrected.
 Work Process where a need for improvement is identified.
 Analyze the problem and develop ways to improve SOSA management and operational
systems.

2.2. Objectives

To monitor the effectiveness of SOSA’s data collection on admin and operations; report
preparation designed to correct situations where corrective actions are required.

2.3. Develop a Decision

Formulated that defines conditions that would choose alternative actions. Specifies the
characteristic needs to know about the problem is defined for action.

3. Management System

Established policies and objectives and processes with discipline. Management depends on its
personnel, information and assets to deliver services that ensure safety and security. It managed
resources with due diligence and take appropriate measures to protect the clients.

3.1. On Planning

Management focused on setting objectives specifying necessary operational processes to fulfill

the security operations objectives.

3.2. On Policy

Intentions and direction of an organization as formally expressed by its top management

3.2. On Prevention

Measures that enable an organization to avoid/preclude or limit the impact of an undesirable or

potentially disruptive event.

3.3. On preventive action

Action to eliminate the cause of a potential nonconformity or other undesirable potential
situation.

3.4. On Records

Document stating results achieved or providing evidence of activities performed, to provide

evidence of verification, preventive action and corrective action.
3.5. On Review

Activity undertaken to determine the suitability, adequacy and effectiveness of the management
system and its component elements to achieve established objectives.

3.6. On Risk acceptance

Informed decision to take a particular acceptance that can occur without risk treatment or during
the process of risk treatment. Accepted risks are subject to monitoring and review.

3.7. On Risk analysis

To comprehend the nature of risk and to determine the level of risk

Risk analysis includes risk estimation.

3.8. On Risk assessment

Overall process of risk identification, risk analysis and risk evaluation

3.9. On Risk criteria

Terms of reference against which the significance of a risk is evaluated, based on

organizational objectives external and internal context.

3.10. On Risk evaluation

Comparing the results of risk analysis with risk criteria to determine whether the risk and/or its
magnitude is acceptable or tolerable

3.11. On Risk identification

Finding, recognizing and describing risks, can involve historical data, theoretical
analysis, informed and expert opinions, and stakeholder's needs.

3.12. On Risk management

Coordinated activities to direct and control an organization with regard to risk.

3.13. On Risk register

Record of information about identified risks. Compilation for all risks identified, analyzed and
evaluated in the risk assessment process including likelihood , consequences , treatments and risk
owners.
3.14. Risk tolerance

Organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve
its objectives.

3.15. Risk treatment

Modify risk, avoiding the risk by deciding not to start or continue with the activity that gives
rise to the risk. In order to pursue an opportunity, remove the risk source; change the likelihood
and consequences. Risk treatments that deal with negative consequences are sometimes referred
to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.

4. Management Commitment

SOSA management is committed to the principles and practices at the highest level. It recognizes
and accepts its responsibility to identify the quality requirements that will meet client needs and
expectations and create the business and professional environment where all employees take
responsibility for the quality of their work. SOSA’s Program focuses on preventing quality
problems.

4.1. Management Organization and Responsibilities

4.1.1. The General Manager

 Ultimately responsible for all the conduct of Admin and Operational activities.
 Authorize the issuance of thePolicy;
 Direct the implementation of objectives, plans, and policies;

4.1.2. Agency Director

Exercise direct supervision over the development, administration and implementation of the
security program, operation, maintenance of security equipment in accordance with the standards
prescribed or envisioned by the Company. Orchestrated the Development and Training of
personnel.

4.1.3. Operations Manager

Key Responsibilities

 Implementation of Company Policy.

 Coordination with SAGSS 12 on administrative matters relative to the supervision and
management of private security agency as directed.
 Submission of weekly and monthly reports and other related incidents.
 To closely supervise the conduct of Intelligence operation in order to crop up with
orchestrated efforts in addressing the problems.
 Develops and establishes security procedures for the protection of individual, group or
property of the clients.
 Supervise the Trainings and Seminars to be conducted on personnel.
 Prepares reports concerning investigations, security needs and recommendations.
 Confers and cooperates with police, fire, and civil defense authorities to coordinate activities
during emergency.
 To provide close-in security on VIP’s.
 To represent the Company on meetings with the clients.
 Overall In-Charge in the conduct of Security Operational and Admin matters.
 To perform other task on orders.

4.1.4. Detachment Commander

As a Detachment Comdr, he provides guidance and oversight on organizational

development and strategy.

 Assist the Security Manager in the formulation and supervision of operational activities.
 Received all calls/communications from Security Officers In-charge in the field for immediate
support.
 Checking DTR’s/Overtime and authorization of Security personnel
 To facilitate newly hired and rehiring of security for orientations and training.
 To closely supervise the duty performances, Physical appearances of Security personnel in the
area.
 To conduct Information and dissemination to all Security personnel on program/Policies
approved.
 Responsible on reporting of Daily Operational Activities in the area.
 Responsible for the Agency’s intelligence, surveillance, back ground investigation
and other special project.
 To perform other task on orders.

4.1.5. Team Leader

 Assist the Detachment Commander in the formulation and supervision of operational

activities.
 Received all calls/communications from Security In-charge in the field for immediate support.
 Checking DTR’s/Overtime and authorization of Security personnel
 To facilitate newly hired and rehiring of security for orientations and training.
 To closely supervise the duty performance, Physical appearances of Security personnel in the
area.
 Act as Officer In-Charge in the absence of Detachment Commander.
 To conduct Information and dissemination to all Security personnel on program/Policies
approved
 To perform other task on orders.
5. STATEMENT OF PURPOSE

SILENT OPTIONS SECURITY depends on its personnel, information and assets to deliver
services that ensure safety and security of its stakeholders. It must therefore manage these
resources with due diligence and take appropriate measures to protect them.

Threats that can cause harm include acts of terror and sabotage, espionage, unauthorized access
to buildings and premises, theft, armed robbery, fraud and corruption, vandalism, fire, natural
disasters, technical failures and accidental damage. The threat of cyber attack and malicious
activity through the Internet is prevalent and can cause severe harm to electronic services and
critical infrastructure. Threats to the national interest, such as transnational criminal activity,
foreign intelligence activities and terrorism, continue to evolve as the results of changes in the
international environment.

The Security Policy of SILENT OPTION SECURITY prescribes the application of security
measures to reduce the risk of harm that can be caused to the institution if the above threats
should materialize. It has been designed to protect SMI leaders, employees, preserve the
confidentiality, integrity, availability and value of information and assets, and assure the
continued services.

5.1. This policy applies to the following (individuals and entities) resources:

• All employees of SILENT OPTIONS

• All contractors, consultants and service providers delivering a service to the Project including
their employees who may interact with this institution.

• Temporary employees of the Project

• All information assets of the Project

• All intellectual property of the Project

• All fixed property that is owned or leased by the Project

• All moveable property that is owned or leased by the Project

5.2. POLICY STATEMENT

General

• Protect the Executive officers of SMI, VIP visitors, Consultants and all employees and visitors
to SMI against identified threats according to baseline security requirements and continuous risk
management.
• To secure the information and assets of SMI against identified threats according to baseline
security requirements and continuous risk management.

• To ensure continued services of SMI through baseline security requirements, including

business continuity planning and continuous risk management.

6. QUALITY STANDARDS

6.1. On Human rights protection

Respect, uphold and protect human rights, Clients and organizations conducting and contracting
security operations have a shared responsibility to establish policies and controls.

 Ensure suitable and sufficient operational controls based on identified risks to enhance the
occupational health and safety and the welfare of persons working on behalf of the organization;
 Ensure that the use of force is reasonably necessary, proportional and lawful;
 Conduct performance evaluations of services rendered and the achievement of objectives;
 Develop and implement systems for reporting and investigating allegations of violations on
local law or human rights, as well as mitigating and remedying the consequences of undesirable
events.

6.2. On Target

Detailed performance requirement applicable that needs to be set and met in order to achieve
those objectives.

6.3. On Threat analysis

Process of identifying, qualifying and quantifying the potential cause of an unwanted event
which may result in harm to individuals, assets , environment, or the community.

6.4. On Use of force continuum

Increasing or decreasing the level of force applied as a continuum relative to the response of the
adversary, using the amount of force reasonable and necessary. Force used should be the
minimum reasonable amount needed to eliminate the threat presented, thereby minimizing
the risk and severity of any injury that may occur

6.5. On Management systems approach

It encourages organizations to analyze organizational requirements and define processes that
contribute to success. It provides for continual improvement to increase and enhancing
professionalism of security operations while assuring the protection of human rights and
fundamental freedoms.
6.6. On Documents Information

Controlled and maintained, evidence of results achieved.

6.7. On Integrity

Property of safeguarding the accuracy and completeness of assets.

6.8. On Key Performance Indicator KPI

Quantifiable measure that uses to gauge or compare performance in terms of meeting its strategic
and operational objectives.

6.9. On Constant Monitoring, Control and Assurance.

SOSA’s consists of the following related components, summarized below:

 Assignment of Responsibilities - The Company designates personnel with the Responsibility

and authority to implement clearly defined. All staff levels have responsibilities under the
program.
 Training and Development - Quality awareness seminars are part of the SOSA employee
training program. Topics covered planning, procedures, client relationships, liability issues,
and loss prevention. In addition, training on the fundamentals of management problem/loss
prevention.
 Written Policies and Guidance - The company maintains written guidance including
procedures for many commonly performed work activities. These documents serve to assist
Manager and staff to provide a quality of service that meets or exceeds the standard of
practice.

6.10. Health and Safety Plan

Administers a health and safety program for its employees in compliance with Occupational
Safety and Health Administration regulations. SOSA provides detailed health and safety
information and guidelines for a project. Detachment Cmdr assigned in the area assist in
implementing the HASP policy, control and prevention maintenance procedures.

7. REPORTING OF SECURITY BREACHES

The objective is to prevent, reduce losses/damages and misuse assets and leakage of information
of SILENT OPTION SECURITY.

7.1. On Reporting procedures

 Burglary, theft, damage and misuse of assets in progress must be reported immediately to
the Security Manager.
 Any employee who is aware or becomes aware of any deficiencies, losses, damages and
misuse whether caused by his/her improper application of security measures or not must
immediately, in writing inform the Security Manager. The following facts must be included in
the report submitted to the Security Manager; - Serial number and description of assets - Full
details pertaining to the circumstances that led to the loss, damage and misuse of assets - &ame
of eyewitnesses
 An employee who is aware or becomes aware of any person who commits security
breach by not adhering to the security measures shall immediately inform the Security Manager.
The Security Manager shall conduct an investigation to determine the circumstances that led to
the security breach and advice the person accordingly. Should that person still not observe the
security measures even after receiving advice, the incident will be reported to the to the
immediate Director to institute corrective measures in terms of Human Resources prescripts.
 In cases where a person is aware of the irregularity suspect that his/her identity may become
known, or where the Security Manager is involved, he/she shall report the irregularity to the
Agency Director.
 Reporting of loss, damage, stolen and misuse of assets - All incidents of loss, damage, stolen
and misuse of assets of SMI must be reported by the employee concerned to the Security
Manager. - All losses of SMI assets such as safe keys, access tags etc, must be reported to the
immediate the Security Manager and thereafter to the Director. The Security Manager must
ensure lost items mentioned above are reported to the Police Service. Before any claim can be
made, a case number with a police statement on the cause of the loss or damage must be
submitted. - A written statement or where applicable, a reporting form, must be completed as
soon as possible and be handed in to the Security Manager. - The Security Manager shall
conduct an internal investigation and/or simultaneously, or at the later stage refer the matter to
the Police Service.

7.2. Security incident/breaches response process

 The Security Manager will develop and implement security breach response mechanisms for
the institution in order to address all security breaches/alleged security breaches which are
reported.
 The Security Manager will ensure that the SMI Security Officer is informed and advised as
soon as possible.
 It shall be the responsibility of the OIC to conduct an investigation on reported security
breaches and provide feedback with recommendations to SMI.
 Access privileges to classified information, assets and/or to premises may be suspended by
the Security Manager until administrative, disciplinary and/or criminal processes have been
concluded.
 The end result of these investigations, disciplinary actions or criminal prosecutions may be
taken into consideration by the Security Manager in determining whether to restore or limit the
security access privileges of an individual or whether to revoke or alter the security clearance of
the individual.
7.3. Information Security

Categorization of information and information classification system.

The Security Manager will ensure that a comprehensive information classification system is
developed and implemented in the institution. All sensitive information produced or processed in
the institution must be identified, categorized and classified according to the origin of its source
and contents and according to its sensitivity to loss or disclosure.

All sensitive information must be categorized into one of the following categories.

• Company Secret
• Trade Secret: and
• Personal Information
• Shared information and subsequently classified according to its level of sensitivity by using one
of the recognized levels of classification:

• Confidential
• Secret: and
• Top Secret

7.4. Handling of classified information

As an approved custodian or user of classified information, an employee with a security

clearance is personally responsible for the protection and control of the information entrusted to
him/her. They must safeguard this information at all times to prevent loss or compromise and
unauthorized disclosure, dissemination or duplication thereof.

Unauthorized disclosure of classified information or material is punishable.

7.4.1. Specific rules for handling classified information to be implemented that can apply to
everyone.

 Classified information that is not secured in an approved security container or officer

shall be constantly under the control of a person having the proper security clearance and
following the need-to-know principle strictly.
 And end-of-day security check should ensure that all classified information or material is
properly secured before closing for the day.
 If an employee should find classified information or material left unattended (e.g. in a
boardroom, on an office desk or rest room), it is his /her responsibility to ensure that the
information or material is properly protected. He /she should stay with the classified information
or material and notify the security manager or component. If not possible the documents must be
taken to a supervisor or another person with authorized access to that information, or, if
necessary the material must be locked away in his/her own safe or cabinet overnight.
 Classified material should not be taken home. Employees must not work on classified
information or material (e.g. Tender documents) at home without approval in writing from
delegated person.
 Classified information must not be disposed of in a waste basket. It must be placed in a
designated container for an approved method of destruction such as shredding or burning.
 E-mail and the internet create many opportunities for inadvertent disclosure of classified
information. Before sending an e-mail, posting to a bulletin board, publishing anything on the
internet, or adding to an existing Web page, employees must be absolutely certain none of the
information is classified or sensitive information.
 Classified working papers such as notes and rough drafts should be dated when created,
marked with the overall classification and with the annotation “Draft Only” and disposed of with
other classified waste when no longer needed.
 Computer diskettes, magnetic tape, CDs, DVDs, carbon paper and used typewriter
ribbons may pose a problem when doing a security check, as visual examination does not readily
reveal whether the items contain classified information. To reduce the possibility of error, SOSA
should treat all such items as classified even though they may not necessarily contain classified
information.
 Secret and Top Secret information is subject to continuing accountability. Receipts or
File will be used to control the distribution and keeping of information classified to these levels.
Each item of Secret and Top Secret material will be numbered in series and each copy also
numbered. It is also included a distribution list.

8. PHYSICAL SECURITY

Minimum physical preventative, detection, corrective security measure will be

implemented in facility for protection against unauthorized access and damage to interference
with information.

8.1. Access control.

 Access control will be applied in terms of the Control of Access to Public Premises and
Vehicle Act. Vehicles should be safeguarded and also the protection of people therein or
thereon.
 Persons without the permission of the Security Officer will not enter any of the buildings
occupied by SMI.

8.2. Security Policy

 Furnish his/her name, address and any other relevant information required by the
authorized Officer; - Produce his/her identity to the satisfaction of the authorized Officer,
 Declare whether he/she has any dangerous object i.e. Firearm in his/her possession or
custody,
 Declare the nature of the contents of any suitcase, attaché` case, bag, handbag, folder,
envelope, parcel or container of any nature which is in his/her possession or custody or under
his/her control and show those contents to the Security Officer
 Subject him/her and anything that he/she has in possession or custody or under his/her
control for examination by electronic or other apparatus in order to determine the presence of
any dangerous object(s),
 Hand to an authorized Officer anything that he/she has in his /her possession or custody
for examination or custody until he/she leaves the premises.

8.3. Exit control and movements of assets

 All vehicles (private or SMI owned) may be searched when leaving the PROJECT
occupied by SMI. Equipments, parcels, documents etc shall be taken out of the building with
official removal permit signed by authorized official.

 All identified Very Important Persons (VIPs) and their crew/team may be subjected to
access control and exit procedure in exceptional cases.

8.4. Handling of visitors

 Apart from the control of employees entering and leaving the premises, visitors will be
subjected to access control,
 When a visitor arrives at the security main reception area of the building the normal
access control procedures will be applied. When the visit/appointment is confirmed with the
host, the security officer responsible will open and refer him/her to the floor
secretary/host/receptionist. The security officer will accredit the visitor with the access card that
will be displayed visibly at all the times whilst in building.
 Visitors found in the building shall be requested to produce their visitor`s cards, failing
which, they shall be requested to vacate the premises.
 All Visitors entering the building of SMI will use the main entrance and pass through the
designated reception for necessary security checks, where the normal access control procedure
will be followed. All visitors shall park at the parking bays which are clearly reserved for
visitors.
 The host will collect the visitor from the main reception and escort them back on
departure. The security will escort the visitor to the host. The mentioned visitor will be escorted
when a notice of their visit is registered.
 Visitor will be allowed in the work station/ areas after the meeting, the host will take the
visitor back to the security/reception area.
 The employee being visited will ensure that his/her visitor does not wonder around the
project. Visitors found loitering in the building will be taken to the Security for questioning.
 In the event the visitors are a group of people attending a workshop or meeting, the host
will inform the Security Manager in writing and compile a list of all visitors to attend to that
effect submit it to the Security Manager as soon as possible.
 The reason for this practice shall be to ease unnecessary pressure at access point and to
ensure that everybody is properly registered before entry is gained.
 No Cameras that are carried by visitors allowed into the project.

9. Corrective Actions

Actions shall be consistent with the Policies and Procedures described. Any issue for corrective
action must be specified and it requires verification to be successfully corrected.

The general approach for defining corrective action requirements should involve:

 Identifying corrective action needs and causes;

 Establishing appropriate corrective action responses; and
 Verifying the timely implementation and effectiveness of the corrective action taken.

In the field, corrective action is initiated by the Operations Manager and/or Detachment
Commander. All problems should be identified and reported. All deviations from Policies and
Guidelines should be noted in the field logbooks for justification of changes. Corrective actions
should be always implemented when SOPs are not met, when non-representative conditions are
indicated, and/or when specific tasks have not been performed.

----- END-----

CONFIDENTIAL