Physical Security Planning

By S. Steven Oplinger
From the March/April 2016 Issue

Whether facilities have a physical security plan in place or are planning to implement one, there are a few common sense things to consider. The planning, implementation, operation, and maintenance of physical security—whether for one facility or many—will benefit from facility executives taking the stance of a common sense approach to the task.

physical security
(Photo: www.extremseguridad.es)

When embarking, the first thing that needs to be identified is “the purpose” of any given part of the system. This sounds simple enough. However, for any physical security system—whether it be closed circuit video, access control, or duress, the team must identify first the overall purpose of the systems that will be deployed. Once the overall purpose has been identified, then a deeper examination needs to take place to identify each component of the systems to ensure that each device deployed has a real, defined purpose and use. The basic rule here being that if the purpose for a device cannot be clearly identified, it is probably not effective in the overall plan.

Consideration must also be given to the operators of the system—those individuals who will interface with these systems daily. There is a vast selection amount of effective technology in the security industry today; the key is fitting the proper technology to the organization’s needs. Just because it is the “latest and greatest” technology does not necessarily mean it is right for the application and needs. Facility decision-makers should invest the time in research and due diligence to determine the right technologies.

Additionally, if the systems deployed are complicated to operate, the operators begin to discontinue relying on them as a tool. Aspects related to the operation of these systems needs to be identified: Are you using in-house staff or a contract service? How many hours a day is the system actively monitored? How and when are reports prepared, and by whom? These are just some of the questions to consider.

The next point of consideration would be the stakeholders. The rule of thumb here is that anyone who potentially interfaces with a physical security program should be considered as a stakeholder—no matter how minor. Here is a list of potential stakeholders in a physical security program: facility managers, security managers, human resources departments, IT departments, owners, architects, engineers, security consultants, system operators, guard personnel, construction managers, and other trades (e.g., electrical and HVAC contractors).

On The Market:
Physical Security Trends

By Facility Executive Staff

What is an emerging physical security trend impacting commercial and institutional facilities? Wireless has become a much more commonly deployed technology, increasingly considered as a standard tool that can be deployed in a variety of applications and environments. Meanwhile, connectivity (whether referred to as the Internet of Things, connected devices, or smart devices) is poised to transform the infrastructure and performance of security equipment.

And as the market for the technology matures, integrators are expanding upon how they deploy wireless. Security professionals are taking wireless into more places than ever before and it’s enabling them to secure more doors, deeper inside their buildings.

Peter Boriskin, vice president of commercial product management at ASSA ABLOY Americas, says, “For small businesses, the challenges are less about traditional security and more about personnel management. Small businesses are looking for tools to help them manage their business. Use of the cloud will be a major opportunity for these markets. The cloud provides enhanced flexibility and the opportunity to manage access and tie that in with other management systems. For commercial properties, this could be an audit trail system of who entered and exited a building. For a medical office, it can help address code compliance so access of confidential records and materials can be monitored.”

Rob Martens, futurist and director of connectivity platforms with Allegion, says, “Remote monitoring of security equipment is an existing interest item, but it’s become a conversation around productivity as well. And many of these items are associated with the facility executive. How can they monitor and manage hundreds of doors, for instance? Additionally as the pricing of this ‘no tour’ capability comes down, we’re starting to see this connectivity move to building interiors, with electrified locks not only on exterior primary entry points but used for interior doors as well.”

While commercial and institutional facilities face many of the same challenges, requirements and budgets may vary widely. With the range of technologies available, it is becoming easier to ensure that the needs of any facility are met.

A physical security program touches many different facets of the business, whether it is a corporate office, a school or hospital campus, a government building, a mall or shopping center, or virtually any space that requires some type of security plan and implementation.

After evaluating the needs to be addressed with the security program, there are some other considerations that should be taken into account. This involves an intimate knowledge of the business and how it operates. Questions to ask about the future of the site include: Will it be expanded or remodeled in the foreseeable future? Will second (or more) locations be involved in the future planning? Is this facility standalone, or is it a part of a group of like facilities (such as a hospital or school campus)?

Many times the physical security plan and programs are predetermined by existing products or systems already in place in other facilities. Questions need to be addressed as to whether the new systems being designed and deployed are the correct systems to be interconnected with the existing systems and programs. Additionally, is the facility being planned for have any distinct needs?

Assessing The Facility And The Equipment

Answers to the above questions can come from a variety of sources, but the most common and best practice approach is to conduct a comprehensive risk, threat and vulnerability assessment. Having a comprehensive assessment performed will allow facility leaders and their security counterparts to determine where emphasis needs to be placed.

A comprehensive risk assessment will identify those areas as well as scenarios that need to be addressed. Examples of this could be: location and proximity of major travel routes to the facility (e.g., roads, railyards, airports), visitor and visitation policies, public and employee access, and delivery protocols. Does the facility involve the use of any hazardous materials? If so, security planning needs to be an integral part of the mitigation of such items.

The next step in the process should be future considerations. Earlier, the possibility of facility expansion was addressed. Thought must be given not only to expansion, but migration as well. Organizations have a tendency to change with the times; products and priorities change, as well as policies and leadership changes. These are all elements that need to be addressed in future plans.

Although no one has a crystal ball, there are things that can be done to help prepare a physical security program for the future. One of the most important considerations to address future developments involves the technology aspect of the physical security program. By staying informed of technology changes related to the products that are deployed, facilities can in effect be prepared for future expansions and product changes.

Facility executives need not become a technology or security expert, but it is important to engage the team—especially the security consultant and systems integrator, since it is their business to keep abreast of the product migrations and changes.

Manufacturers of security products are continuously improving and modifying their products, and along with that comes the dreaded “end of life” for certain products and software versions. Facility leaders should ask related questions to learn the history (and potential future) of the products they deploy. Are these products on a stable course and platform? What are the options for upgrades to new software versions and product revisions? Will there be future costs for upgrades or licensing fees? In other words, it’s important to try to identify the facility’s exposure, both technically and financially, before deploying systems.

Training And Maintenance: Crucial To Effective Operation

Probably the two most crucial aspects of a physical security system—and the two that get overlooked most often—are ongoing training and maintenance.

Generally speaking, once a physical security system has been deployed and has been deemed at substantial use some form of end-user training will occur as a part of the contract. A recommended way to achieve this is to schedule a formal training session with the following groups.

Maintenance/Facilities. These are the on-site mechanics, and they have a general idea of “how things work” at a facility. By giving them some training on the systems, these people become the first level of inspection for potential issues.

Mitigating The Active Shooter Threat

By Jeffrey A. Slotnick, CPP, PSP

Are you prepared for incidents when they happen? When incidents happen (and they will), whether man-made, natural, or technological, there is always a risk to life and limb. The key to insuring the preservation of life is to have a plan which is trained and practiced.

There are some important lessons to be learned from the recent terrorist attack in San Bernardino, CA. In the midst of the intense media for that shooting, there was not a heavy focus on just how many lives were saved. But the lives saved were the result of an intense training on the part of the Inland Regional Center. According to one of the nurses at the facility, there was an active shooter plan in place and it was practiced often.

Waiting for an emergency to occur and then trying to figure out what to do—as its happening—can lead to significant loss of life and property. When an incident occurs people are looking for leadership. This was recently one of the topics of discussion during an Active Shooter Workshop hosted by ASIS International and the National Fire Protection Association (NFPA). During the planning workshop one of the critical points discussed was organizational preparedness. So, as leaders review the level of their organization’s preparedness they should be asking the following questions:

  • Do you have a plan? Has the plan been trained and practiced?
  • Have you accomplished a baseline risk, threat and vulnerability assessment to determine which are the greatest risks to you?
  • Do you have a plan which addresses each of your potential and most likely risks?
  • If you have a plan have all employees been trained in the plan?
  • Have you educated your supporting partners such as community law enforcement and fire fighters?
  • Has the plan been practiced through table top exercises which are staff exercises for your Crisis Management team and full blown exercises which include all your employees and community partners?

Facility leaders and other stakeholders should be able to answer the above questions in the affirmative—confidently and competently. If the answer is no to one or more items, the resources below are available to create resiliency in the face of adversity. The time to think about an active shooter event and mitigate its impact is now.

The U.S. Department of Homeland Security provides resources. And, FEMA offers a number of online courses free of charge on the various subjects related to disaster preparation and response.

Meanwhile, relevant ASIS International Standards include: Workplace Violence Prevention and Intervention Standards ASIS/SHRM WVPI.1-2011; Risk Assessment ANSI/ASIS/RIMS RA.1-2015; and Organizational Resilience Management ASIS SPC.1-2009.

Slotnick is president of Setracon Inc., a Tacoma, WA firm providing security, training, and consulting services. He is a Board Certified Security Management Professional and Past Chair of the ASIS International Physical Security Council.

Many times, a security integrator receives a call with clients stating that their cameras aren’t working. And that is all the information that is given. A technician is then scheduled to visit the facility, in the blind essentially, to diagnose the problem and find a solution and repair it. Many times, the diagnoses are simple, such as an unplugged power supply or a blown fuse. These are a simple fixes, but costly, as most integrators have a minimum time charge for service calls. By having the facilities/maintenance staff capable of making some initial diagnoses, both time and money can be saved.

Administration/Supervision. Facility leaders should know how to operate their physical security systems (even if basically). Many times in a crisis situation, the operators and or guard force may be better served in another capacity (crowd or traffic control as examples). Take the time to learn how the systems are operated, and make sure the management team is trained as well.

Another good rule of thumb is to designate someone from the management or supervisory staff to become the in-house trainer. People move on to other positions, and new staff is brought in to replace them. It is prudent to have a plan in place to train them properly before they are asked to operate and be responsible for the physical security systems.

Operators. These are the first line day-to-day users of the systems, and proper training is essential. Formal training sessions should be requested for this personnel, with specific times and dates put in place. Have the person performing the training (typically the integrator) require that the operators demonstrate back to them their familiarity with the systems. This includes not only how to perform daily and usual functions, but how to react and respond in critical or unusual situations.

Lastly, it is useful to create a training video, and make copies. This serves as a great tool when bringing on new staff. Do not only make a video of the staff being trained, but rather facility executives should insist on an explanatory video of how to perform the various functions of the systems.

Maintenance is also important. Just like changing the oil in vehicles on a regular basis, checking oil and grease machinery in your factories, and inspecting critical equipment germane to operations, it is crucial to inspect physical security systems. The components of these systems often feature highly sophisticated electronics, and although most have few, if any, moving parts they are still susceptible to weather, dust, temperature changes, and just plain everyday use.

Too often, a facility has deployed the best of systems only to see them show signs of failure after a few short years because the equipment was not properly, if ever, maintained. The place to begin thinking about maintenance is at the onset of the planning. Plan for a routine maintenance program and budget for it up front. All too often, projects get funded with no forethought as to maintenance budgets. Ask what typical costs will be required for routine maintenance, and incorporate at least two maintenance visits during the warranty period.

Securing The Plan

While security systems are complex, using a common sense approach to plan for, use, maintain, and protect these systems lays the groundwork for success. Knowledge is power, so facility executives should become informed as to what their security needs are by identifying them, and then addressing them accordingly. It is important to ask questions and involve other facility stakeholders for their input and decision making, along with the outside stakeholders. By working as a team to identify, plan, design, and implement physical security systems, facility leaders foster successful project outcomes and proper use of these systems during operation when it is most important.

physical securityActive in the security industry for over 25 years, Oplinger is a systems design manager for a mid-sized integrator in Florida. He is a member of both the Security Industry Association (SIA) and ASIS International. He is currently the chairman of the ASIS Physical Security Council. Oplinger was instrumental in writing the Certified Security Project Manager (CSPM) Book of Knowledge and corresponding workshop, which he teaches for SIA. He has been responsible for the design and deployment of electronic security systems in numerous detention facilities and federal courthouses, as well as other federal facilities throughout the United States.

Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at acosgrove@groupc.com.