Compiled By TFM and ASIS International Staff
Published in the August 2009 issue of Today’s Facility Manager
In conjunction with hearings of the Senate Homeland Security and Governmental Affairs committee last month (July 2009), the Government Accountability Office (GAO) released a report that examined the state of security in federal buildings. The report was extremely critical.
Citing “substantial security vulnerabilities in training for Federal Protective Service (FPS) officers,” GAO investigators were able to send components for an improvised explosive device (including liquid explosives and a detonator) through security checkpoints at facilities including the offices of a U.S. senator and a U.S. representative, as well as agencies such as the Departments of Homeland Security, State, and Justice
According to Mark Goldstein, the GAO’s director for physical infrastructure, “Once GAO investigators passed control access points, they assembled the explosive device and walked freely around several…floors of these Level IV (buildings that employ more than 450 federal workers and have high public exposure) facilities with the device in a briefcase.”
Help Is On The Way
This is not the first time periodic checks at government facilities have exposed such gaping security breaches. Fortunately, there are serious efforts being made to prevent this problem from happening in the future—in both the public and private sectors.
ASIS International, the leading organization for security management professionals worldwide, announced a new focus on May 8, 2007: to embark in standards development both nationally and internationally, in addition to the development of guidelines.
ASIS entered the standards development world after its members around the globe—risk management, security, preparedness, and continuity practitioners alike—implored the organization to support compatible standards to promote consistency and reduce trade barriers.
While ASIS develops guidelines that are suggested practices, the organization also develops standards that are the benchmark of best practices for the development of incident preparedness and security and operational/business continuity management within public and private organizations.
The work of preparing ASIS standards and guidelines is carried out through the ASIS Standards and Guidelines Commission and Committees. ASIS standards and guidelines are developed within a voluntary, non-proprietary and consensus based process using—to the fullest extent possible—the knowledge, experience, and expertise of ASIS membership, the security industry, and materially affected parties.
Guideline For Facilities
In June 2009, ASIS released its Facilities Physical Security Measures guideline. Its purpose “is to introduce [those] who may or may not have a security background to the main types of physical security measures that can be applied to minimize the security risks at a facility.” The guideline is not aimed at a specific occupancy, but facilities and buildings in general.
The guideline outlines eight main categories of physical security measures used to protect facilities: physical barriers; physical entry and access control; security lighting; intrusion detection systems; video surveillance; security personnel; security policies and procedures; and crime prevention through environmental design (CPTED). The emerging field of security convergence is also addressed.
“The guideline assists in the identification of physical security measures that can be applied at facilities to safeguard or protect an organization’s assets—people, property, and information,” says Mark Geraci, chairman of the ASIS
Commission on Standards and Guidelines. “Of all our work in the standards and guidelines areas, this guideline, in all likelihood, will have the greatest impact on, and be useful to, the vast majority of facility managers and security practitioners.”
To choose the right physical security measurements and apply them appropriately, it is important to conduct a risk assessment, such as described in the ASIS General Security Risk Assessment guideline. This guideline provides a seven step process that creates a methodology by which security risks at a specific location can be identified and communicated, along with appropriate solutions.
The risk assessment, accompanied by a basic understanding of physical security measures provided by the Facilities Physical Security Measures Guideline, makes it possible, either alone or with the help of security consultants or vendors, to select and implement appropriate physical security measures to reduce the assessed risks and accomplish the protective task.
ASIS is an American National Standards Institute (ANSI) accredited Standards Development Organization (SDO). ASIS also actively participates in the International Organization for Standardization (ISO). ASIS is involved in numerous national and international standards bodies to ensure it is the voice of security professionals in developing global security standards.
The ASIS International 55th Annual Seminar and Exhibits, to be held inAnaheim, CA, from September 21 to 24, is offering more than 160concurrent sessions organized in 16 tracks. The sessions cover a rangeof security topics and critical issues as well as core securitymanagement best practices and strategies.
Sessions include “Premises Liability Cases: Negligent Security withinParking Garages and Lots,” “Mass Emergency Notification Systems for aCorporate Campus or High-rise,” and “Full and Multi-building Evacuationas a Terror Response Component.” Additional sessions include“Everything You Ever Wanted to Know about Electromagnetic Pulse (EMP)Attack on Critical Infrastructures,” and “Shelter in Place, Are youReady for the Wait?”
There are also three sessions on security architecture and engineering.The first focuses on basics of security design and summarizes thephases and tasks of security systems designs and projectimplementation. The second session, “Systems Design and Engineering,”explores how to achieve a good design and establish requirements forhardware and software, operation and technical procedures, and facilitysupport and construction. The third session, “System Implementation,”looks at basic system component tests that will indicate if a system isperforming as required.
Several sessions focus on various aspects of workplace violence.
“The value that ASIS delivers cannot be overstated,” says ASISPresident Michael R. Cummings, CPP. “You’ll be armed with—and energizedby—the latest knowledge, technology, and strategies to deal withtoday’s challenges. You’ll return to work with new ideas, newapplications, and new contacts.”
Keynote speakers at ASIS 2009 include Condoleezza Rice, secretary ofstate and national security advisor to President George W. Bush, andactor, author and pop culture icon Ben Stein.
Rice, a Senior Fellow on Public Policy at the Hoover Institution andprofessor of political science at Stanford University, served as the66th secretary of state from 2005 to 2009. She will speak on Wednesday,September 23, at 8:00 a.m.
Ben Stein has had a varied career, spanning from presidentialspeechwriter, best selling author, lawyer, economist, collegeprofessor, columnist, game show host, and actor. He played the boringeconomics teacher in the 1986 movie “Ferris Bueller’s Day Off.” Steinwill speak at the event on Tuesday, September 22, at 8:00 a.m.
Networking opportunities include the Get-Acquainted Mixer, OpeningCeremony, luncheons, and the President’s Reception. The ASIS Foundationis sponsoring the 13th annual Golf Classic and a Bowling Bash.
More than 22,000 security, business, and government professionals from90 countries are expected to attend ASIS 2009. This year’s show willfeature more than 281,000 net square feet of the latest securitytechnology and innovations, providing a showcase for some 850 companiesdemonstrating cutting edge products and services.
For additional information regarding ASIS 2009 and to see the completeSeminar Overview, which includes daily schedules and descriptions ofthe sessions, visit the Web.
The most recent ASIS American National Standard, “Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use,” published in March 2009, provides a comprehensive management framework to anticipate, prevent (if possible), and prepare for—and respond to—a disruptive incident.
The Organizational Resilience (OR) standard specifies requirements and provides guidance for organizational resilience management. It focuses on resilience—the adaptive capacity of an organization in a complex and changing environment, as well as protection of critical assets.
“The OR standard uses a comprehensive approach to the management of risks associated with intentional, unintentional, and naturally caused disruptions,” says Geraci. “It provides a complete suite of tools to build a strategy for dealing with risks compatible with the mission and needs of the organization, as well as addresses the core elements and criteria of the Department of Homeland Security’s PS-PREP program.”
Organizational resilience emphasizes the synergies between the functions of risk, security, preparedness, continuity, and emergency management. This avoids “siloing” risks and allows the organization to build both a proactive and reactive approach to managing risks tailored to its size, activities and business/operating environment.
Designed to be business friendly, the OR standard uses the globally tested and proven management systems approach. It can be integrated with quality, safety, environmental, information security, risk, and other management systems within an organization. Organizations that have adopted a management systems approach may be able to use it as a foundation for the OR management system as prescribed in the new American National Standard.
Other ASIS Standards and Guidelines initiatives include: Business Continuity Management, Physical Asset Protection, Workplace Violence and Intervention Prevention, Risk Management, Pre-employment Background Screening, and Private Security Officer Selection and Training.
These and other standards and guidelines will be featured in several sessions at the ASIS International 55th Annual Seminar and Exhibits, held in Anaheim, CA, from September 21 to 24. One session, “Standards and Guidelines Commission Update,” will present an overview of the latest developments. For more information on this event, see the accompanying sidebar which appears at the right.