Making lemonade out of lemons: port operators’ perceptions of their port security regulation compliance

Firms often complain about the implementation of new regulations. Many regulations are perceived as an additional cost for no business value. This paper reviews the perceptions by the US and EU port and terminal managers of the business value port security regulation compliance gives their organization. Resource-based strategic theory is used as a framework for gauging these perceptions of value through the administration of a survey to all EU and US port and terminal operators on their security compliance with “best practices.” Although some managers perceive that a variety of security assets under their control are very important to their business value, most agree that it is the way security assets are deployed or the right combination of assets that is perceived to add the value. The right combination of assets, capabilities, and competencies are perceived to give an organization-enhanced value if the combination is valuable, rare, inimitable, and/or not easily substitutable (VRIN).

As of 2004, maritime firms and the ports they use are required to implement the International Ship and Port Facility Security Code (ISPS) security regulations. This code allows some freedom in the way firms and ports implement the regulations. We ask whether the security regulation compliance strategy adopted by the ports and terminal operators impacts how managers perceive how business value is enhanced by their deployment of security resources in their own ports.
Measurement of port value is difficult because firms choose ports based on a variety of factors. Factors include, but are not limited to, port location, efficiency, hinterland infrastructure, and fees (Slack 1985;Wiegmans et al 2008). Actual port security has not been found to impact port choice unless security compliance leads to port charges (Tongzon and Sawant 2007). Port choice can be used as a proxy for business value of the port (Slack 1985).
Business value and competitiveness, however, can be decreased if compliance with regulation does not occur or does not occur in a fashion that is considered legitimate for the industry (DiMaggio and Powell 1983). Under this theory, known as Institutional theory, the loss in business value is due to a loss of legitimacy. Therefore, if managers perceive value to their port from security assets, capabilities, and competencies, they will believe their ports to be legitimate in the eyes of the public and the industry, and thus they will perceive business value is impacted positively.
However, we use resource-based strategic theory as a framework to test the question whether the deployment of security resources in a port is perceived by the port's management as adding value. This theory purports that the right combination of resources, which include assets, capabilities, and competencies, can give a firm a better value if the combination of these resources is valuable, rare, inimitable, and/or not easily substitutable (VRIN). A survey is used to determine whether the managers perceive that their port security resources are BVRIN.P erceptions of value are used rather than evaluating each port's actual security practices due to the nature and secrecy of each port's security. Managers are willing to share their perceptions on the deployment of assets rather than disclosing actual deployment for obvious reasons. Furthermore, perceptions by managers of the value of their strategic decisions impacts the actual decisions they make with regard to the organization's strategy planned and implemented (Smircich and Stubbart 1985).

Resource-based strategic theory and the type of resources
To explain the benefits of Resource-Based Strategic Theory to the application of a port's security strategy, we begin by paraphrasing Grant (1991). BOrganizations take strategic actions to preserve and sustain strengths, offset weaknesses, avert or mitigate threats and capitalize on opportunities. Strategy is balance between the external environment demands on the organization and its internal capabilities. Strategic management models traditionally have defined an organization's strategy in terms of its product/service provided and the market served. Resource based theory of strategy prescribes that the strategic position of the organization is based on the resources, capabilities and competencies rather than on the services/products derived from those capabilities. Resources and capabilities, especially organizational skills and practices learned over time, can become unique to a particular organization and hard to imitate by others. Competitive advantage [or organizational value] is based on the resources and capabilities, therefore, is potentially much more sustainable than that based on product/service and market positioning. The organization's resources and capabilities can be thought of as a platform from which the organization derives various services/ products for various markets. Leveraging the organization's capabilities across markets and services/products, rather than targeting specific services/products for specific markets, becomes the strategic driver. Products/services and markets may come and go, but the organization's capabilities are more enduring. Therefore, creating strategy based on unique resources and capabilities provides a more long-term view of strategy than the traditional approach, and one more robust in today's uncertain and dynamic competitive environment.D etermining competitiveness or business value for ports is difficult as Bbeing competitive^defined in most strategy theories often implies an evaluation of competitors' and customers' reactions to decisions made by the organization. Because port security decisions have an element of compliance with regulation, competitors' or customers' reactions to port security decisions may not be the best method for port managers making those decision to determine whether value to the port has occurred. Resource-based strategic theory can be used to evaluate port strategy with regard to port security decisions because the theory focuses on security resources, capabilities, and competencies rather than a security service observed by competitors or customers provided by the port. This internal focus on the port can help overcome the sensitive nature of examining security service where comparing specific security services across ports may compromise the very security those services hope to provide. Port security decisions like other strategy decisions involve commitment to resources and development of capabilities and competencies. Once the port has developed and invested in the mix of security resources and capabilities, the port has a potentially sustainable advantage as the mix is developed over time, becomes part of the organization's procedures and may be unique to the port itself. Further, as the mix is embedded in the port's procedures and operations, it provides a long-term strategy responsive to the dynamic environment in which the port operates.
Because the resource-based strategic theory views the organization as a historically determined collection of assets or resources which are tied Bsemi-permanently^to the organization, the dynamic resources (capabilities or competencies) may generate additional opportunities over time (Collis 1994;Teece et al 1997). These dynamic resources become specific to the organization and are not easily imitated by rivals (Barney 1991). This is the source of competitive advantage or value to the organization. Because each organization's resource bundle is unique, being a consequence of it past managerial decisions and subsequent organizational experience, it follows that so is each organization's opportunity set (Lockett et al 2009). The assumptions here are path dependence and organizational heterogeneity (Lockett 2005) because resources committed are difficult to change and capabilities such as learning achieved are different from other organizations due to the experience of the organization. Furthermore, organizational heterogeneity exists for ports as no two ports are exactly alike. And, for port organizations, the mix of port security resources and capabilities can be a value to the organization because of the uniqueness of managerial decisions and subsequent experiences.
Employing the resource as the unit of analysis, the resource-based strategic theory evaluates the extent to which an organization may be able to sustain a position of competitive advantage or organizational value (Lockett et al 2009). According to Barney (1991), an advantage is sustainable if the resources/mix must have the following attributes (VRIN): V-It must be valuable. Value allows opportunities to be exploited and threats neutralized. R-It must be rare. Rare are resources that are limited and not equally distributed across the organization's current and potential competitors. I-It must be inimitable. Inimitability refers to the difficulty of replication by other organizations. And N-It must be non-substitutable. Non-substitutability implies that a resource cannot be simply replaced. Again, the resource mix must be evaluated in light of the definition of VRIN to determine sustainability of the competitive advantage or value of the organization.
Is each opportunity set, in fact, unique if similar decisions are made as a result of regulation such as port security regulations? Resource-based strategic theory can be used to provide a context for determining whether port operators perceive their stock of resources and decisions on capabilities and competencies for port security make a difference to the port's business value. In this paper, we evaluate the perception of port and terminal managers on their organizations' value by the way they deploy and bundle of port security assets, capabilities, competencies, and management of these resources. We ask them whether they perceive their mix of port security resources, capabilities, and competencies VRIN and thus, have sustainable value to the organization (or competitive advantage). Barney (1991) also proposes that resources enable firms to conceive of and implement strategies that improve their efficiency and their effectiveness and thus, the firm's value. Efficiency and effectiveness are key to sustainable port operations. Sirmon et al. (2008) adds that resources are instrumental to value but add that management must effectively bundle and deploy an organization's resources. So how resources are bundled, managed, and deployed is an important factor to business value and competitiveness. Port managers evaluating how port security resources are bundled, managed, and deployed can give insight to how port security compliance is perceived to give value, if any, to port operations.
Resource-based strategic theory has been applied in the maritime research literature. Chou and Chang (2004) used resource-based strategic theory to evaluate the Taiwan shipbuilding industry. This paper reviews the entire Taiwan shipbuilding industry rather than a particular firm. The researchers recommended strategic decisions to change as a result of identifying the core competencies in production management. Furthermore, the authors recommend a change in direction of government policy to enhance the industry. However, this paper mixes resource-based theory with other strategy theories such as Porter (1980) by not only assessing resources, competencies, and capabilities but focusing on various products and markets. The significance of the paper to the research conducted here is the acknowledgement that government policy (such as security regulations) under resource-based strategic theory has an impact on the business value/competitiveness of the shipbuilding industry. Gordon et al. (2005) explain and interpret the contribution of technology to the Port of Singapore using resource-based strategic theory. In this study, they argue that resources that contribute to VRIN to create competitive advantage and value include government policies, ample investment, and well thought out operations and technology along with unique location and natural deep harbor. Furthermore, they note that lack of resources such as small land area can be overcome with the right mix of other resources that add value such as information technology. The significance of this paper to the current study is again the inclusion of government policies adding the deployment of operations as resources which are VRIN. Thus, the compliance with a regulation such as port security and the deployment of the security resource mix into operations can be VRIN and create business value.
The final Bmaritime-type^study using resource-based strategic theory is by Pringle and Kroll (1997) who evaluated the British naval fleet in light of the theory in the Battle of Trafalgar. The study reveals that despite overwhelming superiority in the number and construction of ships in Napoleon's forces, the British sustained victory at Trafalgar due to the way the ships and sailors were deployed. The study shows that competencies and capabilities such as seafaring heritage, a winning tradition, and superlative leadership were VRIN. The significance of this study to our study is that it recognizes the limitations of physical resources alone and focuses on the importance of intangible assets to provide organizational value. Again, intangible port security resources such as capabilities in a port are critical to gaining advantage and value.
The above discussion shows that resource-based strategic theory can be applied to the evaluation of the mix of port security resources. Since the theory prescribes that the strategic position of the organization is based on the resources, capabilities, and competencies rather than on the services/products derived from those capabilities, management of the port can provide their insight on the VRIN of the port security resources, and it follows that the strategic position or the value of the organization in the industry can be evaluated. Using this theoretical framework allows us to understand the security compliance value in a port without external parties' involvement which may cause a breach in the very security that is deployed.

ISPS requirements
The International Ship and Port Facility Security Code (ISPS) is a comprehensive set of measures to enhance the security of ships and port facilities, developed in response to the perceived threats to ships and port facilities in the wake of the 9/11 attacks in the USA (IMO 2003). The Code to which the USA and the EU subscribe is an amendment to the Safety of Life at Sea (SOLAS) Convention, and it does not specify which specific measures a particular port must take but instead outlines Ba standardized, consistent framework for evaluating risk, enabling governments to offset changes in threat with changes in vulnerability for ships and port facilities^ (IMO 2003).
Port facility security should cause minimum interference to shipping. At a minimum, the port facilities must control access to the port facilities; monitor the port facilities including anchoring and berthing; monitor restricted areas to ensure that only authorized persons have access; supervise the handling of cargo; supervise the handling of ship's stores; ensure that security communication is readily available; and have a port facilities security plan and a port facilities security officer. The port facilities plan must include measures to prevent weapons and unauthorized access to the port; procedures for responding to security threats, breaches and instructions from government; procedures for evacuation and interfacing with ship security activities; procedures for reviewing and updating the plan; procedures for reporting security incidents; measures to ensure effective security of cargo and cargo handling equipment; procedures for responding to a security alert; and procedures for facilitating shore leave for ship personnel and access to the ship by appropriate persons (IMO 2003). The port facility officer is the responsible person for these activities and his/her duties include developing and maintaining the port facility plan; undertaking regular security inspections of the port facility; recommending and incorporating modifications to the port security plan; enhancing security awareness and vigilance by the port facility personnel; reporting to relevant authorities and maintaining records of occurrences which threaten the security of the port facility; coordinating with security services; ensuring that the standards for security personnel are met; and ensuring that security equipment is properly maintained and assisting ship security officers in confirming identity of those seeking to board a ship (IMO 2003).

Security resources
As stated above, resource-based strategic theory defines resources as assets, capabilities, competencies and the management of these resources. To determine, security resources in a port we review the US Coast Guard (USCG) port security best practices. We chose to use the USCG's best practices because they apply in the US and many EU ports have engaged the USCG as a consultant on port security (Sawyer 2011).
We categorize security assets/resources consistent with previous research on resource-based strategic theory as physical, ongoing management, planning and structuring management, human, technological, intangible, and financial (Chou and Chang 2004). Using the USCG list of best practices (USCG 2005), physical resources are defined as physical structures, perimeter barriers, lighting, screening and detection devices, towers, fencing, turnstiles, anti-vehicle barricades, and uniforms. Ongoing management resources are communication systems, documentation and security reports systems, patrolling systems, access systems, cargo tracking systems, security and access procedures, security incentive systems, warning and alarm systems, and checklists. Planning and structuring management resources include security-planning systems, assessment systems, dual usage asset plans, brainstorming session system and security logistics design. Human resources include employee knowledge, employee experience, employee training systems, guard forces, trained canine units, drills, and exercises. Technological resources include biometrics, software protection, electronic access control, electronic surveillance, electronic and automatic tracking, and enterprise resource planning systems (ERP). Intangible assets are location of security assets, secure capacity, complementary infrastructure, third-party security contracts, relationships with local fisherman, a safety culture, union relationships, and outreach relationships. Finally, financial resources are defined as port security fees, other revenue generation for security and safety and cost savings from security compliance (USCG 2005).
5 Methodologies and design of the study As stated above, perceptions of value are used rather than evaluating each port's actual security practices due to the nature and secrecy of each port's security. In order to collect information on the perception port and terminal managers about the BVRIN^of their security resources, capabilities, and competencies, we administer a survey instrument to all ports and terminal operators in EU ports and US ports. We study the EU and US ports as their represent similarity in economic development and economic level. Furthermore, management styles in the EU and the US tend to be similar (van Velsor and Leslie 1995) and perceptions tend to be similar (Hofstede 1980;Weber and Hsee 1998). Future studies will be required to expand to Asia and other continents. Since we are trying to measure how managers perceive the BVRIN^of the security assets deployed in their ports, we ask questions that indicate where the assets belong in the categories of VRIN. The questions asked must be embedded within the theory to have both reliability and validity (Fowler 1993). This simple method of collecting data is develop from comments from industry members in the pilot sample described below. They indicate that a simple categorization would provide the highest response rate.
The issues related to this type of data collection methodology include three concerns. The first concern is the need to have confidence in the information collected and that the information collected is not biased. The second concern is that the information measured across all respondents is consistent and comparable, i.e., reliable. And, the final concern is that the data collected under this method is consistent with other nonsurvey-based data sources or valid (Fowler 1993).
In order to ensure that these concerns are addressed, we conduct the surveys in the following manner. First, we determine the population to interview. Second, we design the questions and determined the reliability and validity of the questions across the interviewees. Third, we calculate the response rate and composition of the survey respondents to determine whether the rate led to a conclusion with bias. Finally, we comply with the rules on human subjects under the 1981 US policy for the Protection of Human Subjects (Title 45, Part 46) which means that the survey was voluntary and confidential.
The entire population of US and EU port managers and terminal operators is surveyed. A list of addresses and email addresses is obtained from the 2011-2012 IHS Fairplay Ports and Terminals Guide (IHS Fairplay 2011). IHS Fairplay makes every effort to ensure quality, accuracy and completeness of the information in this Guide. This guide contains contact information by port, both for port authority managers and terminal operators. Therefore, due to the fact that the entire population is in the survey population there is no bias due to the frame selection of the population for survey (Fowler 1993).
The survey questions are developed from various stakeholder input. The stakeholders include port authority managers, terminal operators, consultants, Baltic and International Maritime Council (BIMCO) officers, USCG operation officers, NATO officers, European industry journalists and academic experts on port security, and on resource-based strategic theory. Questions are developed to determine which security resources owned and deployed by the respondent are considered to contribute to business value of his/her port or terminal organization.
The port managers and the terminal operators receive the survey questions (See Appendix 1) either via email or letter mail. The survey instrument is sent to the EU in English, Spanish, and French so the respondent could choose in which language to respond to the survey. These languages are chosen due to the ISPS requirement that port operators have some designated personnel that can communicate in either English, Spanish, or French. The survey instrument is sent to the entire population of port authority managers and terminal operators both in the EU and the USA. Recipients with bad e-mail addresses are contacted via letter mail. Second requests are made of non-respondents via email, mail and telephone (if information is available).
The total number of EU ports surveyed (surveys sent) is 1068 in the 22 countries in the EU with a coastline. Responses received represent 21 countries-all EU countries with ports except Portugal. The total number of US ports surveyed (surveys sent) is 176 in 22 states. The responses received represent 10 of 22 coastal states with all three seacoasts and Alaska and Hawaii represented. Data collected in qualitative research such as evaluation of responses from the same port allows aggregation if they responses are similar (Miller 1986) which is what is done. Similar responses are an indicator that reliability is present in the questions because consistent measures are received in comparable situations (same port). Furthermore, since terminal operators may have operations in multiple ports, the finding of similar responses in the same port also indicates reliability in understanding the theory definitions of VRIN across stakeholders across ports. (See below for statistical analysis of reliability and validity).
We conclude that this methodology of collection of survey responses for all respondents does not bias the responses except for Portugal. Entire populations are surveyed causing no sampling bias. The letters are consistent to each respondent causing no survey interviewing bias.
Failure to collect data from a high percentage can create a bias in the information collected (Fowler 1993). Those who do not respond may represent a systematically different group from those who responded. There is no statistical test to evaluate bias of survey responses. However, non-response if it is systematic may create bias. Therefore, the higher the response rate the more likely the non-responses are not systematic but that is not given. Results of the requests for information from EU port and terminal managers represent 5.52 % and from US port and terminal operator managers represent 10.8 %. In general, total response rate for email surveys for industry surveys is found to be approximately (in two different studies), 6 or 13.35 % (Tse et al 1995;Hamilton 2003). However, due to the fact that at least one response is received from all but one EU country (Portugal) and all three US coasts and Hawaii and Alaska, we feel that there is no non-response bias in the survey findings due to the representative geography of ports and terminals that responded. Furthermore, since all types of ports must comply with ISPS that have international traffic other port characteristics should be representative in the survey responses across countries, states and regions. However, there is no New York port or terminal operator response-the center of the 9/11 incidents.
In order to ensure that the measurement across all respondents is consistent and comparable, the validity and the reliability of the survey instrument must be addressed. Validity refers to the ability of the question in a survey instrument to measure what it purports to measure (Academic.Luzerne.Edu 2005). Reliability refers to the ability of the question to provide consistent measures in comparable situations (Fowler 1993).
The type of validity applicable in the survey instrument here is content validity that focuses on the content of the information being asked (Academic.Luzerne.edu 2005). The survey instrument asks for some factual information from the respondent that can be compared with the port or company Website. In order to increase the validity of the instrument, we further have to make sure that the respondents understand the questions, know the answer, and are willing to reveal their knowledge (Fowler 1993).
In order to increase the validity, we took the following steps. The questions test on a pilot sample of EU port and terminal managers and we receive feedback as to the wording of the questions, who should be asked based on who was knowledgeable on these matters in each port organization and who would most likely share the knowledge. The findings are confirmed with the respondents to ensure that we understand the information that is shared. In reporting results, if a respondent answers that an assets/resource is unique or specific it is categorized as Brare^which is the resource-based strategic theory definition noted. In developing the survey, the stakeholders and pilot sample respondents believe that Brare^could best captured if the construct was divided into the two categories.
It is because that no two ports are alike that port managers' perceptions on their port security resource mix may differ from port to port. Reliability is in the perception of what is being measured not the resource itself. In order to ensure reliability, we ask each respondent the same set of questions. A certified professional translator translates of the instrument into French and Spanish. To ensure that the questions mean the same to every respondent and that the appropriate type of response is communicated consistently to and from all respondents, the stakeholders and the pilot sample members review the meaning of each question. Finally, we review all responses and summarize them. The results show that the respondents consistently reported the similar knowledge in the same manner.
Correlations such as Cronbach's alpha can be used to confirm reliability and validity. We calculate correlations across groups of the various respondents across the different geography of the EU and USA to see if respondents answered similarly in relation to the construct of Bno advantage or value.^The construct of Bno advantage/value^can be viewed as the control variable. So, to confirm whether they is a consistency in understanding the measures (validity) by respondents across ports (reliability) the following correlations are calculated: First, correlations between BV^valuable responses and no competitive advantage are calculated for US port authority managers, US terminal managers, EU port authority managers, and EU terminal operators. Second, correlations between BR^rare and no competitive advantage are calculated for the same groups. Third, correlations between BI^inimitable and no competitive advantage are calculated for the same groups. Finally, correlations between BN^nonsubstitutable and no competitive advantage are calculated for the same groups. These correlations can show understanding of each of the constructs of the resource based strategic theory and reliability across various ports by managers. For BV^correlations for US port authority, EU port authority and EU port terminal operators the correlations are remarkably similar at −0.152, −152, and −0.15. For US terminal operators, the BVĉ orrelation is −0.61. For BR^correlations for US port authority, EU port authority managers, and EU terminal operators also show high similarity at −0.66, −0.66, and −0.66 For US terminal operators the BR^correlation is −0.73. For BI^correlations for US port authority, US terminal operators, EU port authority managers, and EU terminal operators also show high correlations at −0.41, −0.4, −0.41, and −0.41. Finally, for N correlations for US port authority, EU port authority, and EU port terminal operators, the correlations are also similar at −0.19, −0.19, and −0.188. For US terminal operators, the N correlation is −0.42. The similar correlations confirm validity and reliability in the instrument. Since the US terminal operator correlations are similar on the I and correlate in the same negative direction on the other factors, it appears that the correlation difference in V, R, and N for US terminal operators is due to the response differences and not to a lack of understanding (validity) or inconsistency (reliability).

Results
We report the results of the perceptions of the port managers and terminal operators on whether their mix of security resources adds business value. We are grateful to these managers for providing their perception on highly sensitive security measures. Again, note that New York ports do not respond, and since they were the source of the 9/11 attacks, we respect their non-response. We evaluate the total percentages of positive responses in a given category of resources. No statistical manipulation is conducted on the data so the answers represent exactly how the managers responded. We consider any statistical manipulation of the data other than compilation of the total responds would mask the intent of the respondents. According to the resource based strategic theory as stated in section 2 above, a resource, capability, or competency adds business value or competitive advantage if it is valuable, rare, inimitable, and non-substitutable. Resource-based strategic theory can be used to provide a context for determining whether port operators perceive their stock of resources and decisions on capabilities and competencies for port security make a difference to the port's business value. Table 1 indicates a summary of the responses. It is separated into two parts: responses indicating the security asset type with no advantage or value and responses indicating security asset type with advantage or value. Furthermore, if an advantage/value is noted by respondents the type of advantage is also indicated (V, R, I, N) with a B*^in the table. Again, resources must have a B*^to indicate value/advantage under the theory. Red or italic numbers in the table indicate the opposite of the column heading. This is done to compare how assets are perceived between the USA and EU so red or italic numbers under the BEU No Advantageĉ olumn indicate that EU port and terminal operators did find value under the B*^noted V, R, I, and N columns. Again, if a column does not have a B*,^under the theory, the resources does not meet VRIN, and therefore does not provide business value/advantage.
The results are as follows: For physical assets in US ports, a majority (from 57.14 to 92.86 %) of port and terminal operators find that these security assets do not provide business value. For ongoing management resources deployed, again a majority (from 50 to 71.43 %) are not perceived as providing business value. Similarly, for planning and structuring management resources, 50 to 66.67 % perceive no business value. The same is true for security technology assets (58.33 to 81.82 %) and financial security resources (76.92 to 83.33 %).
However, it is in intangible security assets that US port and terminal managers perceive have business value. Port security capacity of the organization (75 %), complementary security infrastructure or hinterland assets (61.54 %) of the organization, the presence of safety and security culture (69.23 %), union participation in security (53.85 %), and outreach relationships (76.92 %) are all considered valuable, rare, inimitable, and not substitutable. Employee experience in security (53.85 %) is valuable, rare, and not substitutable but not inimitable. This confirms that the way assets are deployed and managed, in the case of US ports and terminals, through intangible assets, is perceived to be most effective in providing business value using a resource based strategic theory context.
Similar to US port and terminal managers, EU managers perceive that intangible security assets are very important in providing business value to the organization. Security capacity of the organization in the port (69.44 %), complementary security infrastructure (63.89 %), safety culture (61.11 %), union (65.71 %), local fishermen (55.88 %), and outreach (67.65 %) relationships, all are considered VRIN. Again similar to the perception of US managers, this perception of EU port and terminal managers confirms that the way assets are deployed and managed through intangible assets is perceived to be the most effective way to gain business value using the resource based strategic theory framework.

Conclusion
This paper adds to the maritime literature in two distinct ways. First, it sheds light on how managers perceive compliance with regulation. The maritime industry is highly regulated and having the freedom of the method of compliance, i.e., the way regulations are deployed through resources, can impact managers' perception of the regulations' impact on business value. Second, we apply resource-based strategic theory as a framework for evaluating port and terminal operators' perceptions of value and advantage. This theory, highly cited in the general management literature, can bring insight into maritime business strategy. It is argued that no two ports are alike and that port choice and port competitiveness are dependent upon many factors and differ across ports. Using resource-based strategic theory, managers look at their own stock of resources and evaluate value. Thus, we can look across many ports evaluating how each port looks at the necessary evil of compliance. Although each port is unique, ISPS applies to all ports in countries that adhere to the IMO convention. The comparison of the EU and the US management perception of business value may help understand the EU and US management focus on port security strategy. It is clear that the security of ports is crucial to ensure the safety of the goods and the economic welfare of the communities served by the ports. This study shows that although Bgates, guards, gadgets and gizmos,^are still important to maritime security in ports and terminals, it is the intangible security assets and management of those assets or the way regulation is implemented that can make the most difference in perceived value. These perceptions can impact their future decisions on port strategy planning and implementation.
Furthermore, research is needed to quantify cost-effectiveness of differing methods of compliance with security regulations and the resulting legitimacy benefit on the business value. Additionally, research is needed in maritime business on all value derived from the legitimacy of the organization. Raised as an issue in this paper, legitimacy can be gained through compliance with regulations, but it can be gained in other ways. This paper can prompt a new lens for discussions of business value.

Q1 Why you should complete this survey
We are trying to determine if US ports can receive competitive advantage (business value) from their methods and processes of security compliance with ISPS and US regulation.
Benefits to you-This research should provide companies with information on the management practices that help you beat your competition (or provide value) and make better security compliance decisions. The knowledge gained will be freely shared with you in final tabulator form. We will not reveal the nature of any individual response to any outside source.
Why you-You are a manager in a US port. Who we are-We are nonprofit university research professors from the World Maritime University (Malmo, Sweden) and Texas A&M University at Galveston (Galveston, Texas, USA).
Time to complete-The time to complete is approximately 15 min. We know you are busy and will appreciate your help with this voluntary survey.
When we refer to assets/resources, we mean only assets/resources acquired after 1 July 2004. When we refer to competitive advantage or competitiveness, we mean that which makes your company perform at a higher level than others in your same industry or market (or provide any business value).
1. Your title and company 2. Your port The following questions 3 through 9 list security compliance assets/resources by type. This list was obtained from the US Coast Guard's best practices. Please check each box that applies for each asset. The headings mean: Unique means the asset/ resource is unique from my competitors' assets/resources Valuable means the asset/ resource is more valuable than my competitors' assets/resources Not easily imitated means the asset/resource is difficult for my competitors to imitate(replicate). Non submeans the asset/resource is not easily substituted by other resources (rather than exactly imitated). Specific means the asset/resource is specific to my company and cannot be easily acquired or used by my competitors. No competitive advantage means you have the asset/resource but you are not sure it gives you a competitive advantage or business value.
3. Physical Assets/Resources include the following, etc.: