Compiled By TFM and ASIS International Staff
Published in the August 2009 issue of Today’s Facility Manager
In conjunction with hearings of the Senate Homeland Security and Governmental Affairs committee last month (July 2009), the Government Accountability Office (GAO) released a report that examined the state of security in federal buildings. The report was extremely critical.
Citing “substantial security vulnerabilities in training for Federal Protective Service (FPS) officers,” GAO investigators were able to send components for an improvised explosive device (including liquid explosives and a detonator) through security checkpoints at facilities including the offices of a U.S. senator and a U.S. representative, as well as agencies such as the Departments of Homeland Security, State, and Justice
According to Mark Goldstein, the GAO’s director for physical infrastructure, “Once GAO investigators passed control access points, they assembled the explosive device and walked freely around several…floors of these Level IV (buildings that employ more than 450 federal workers and have high public exposure) facilities with the device in a briefcase.”
Help Is On The Way
This is not the first time periodic checks at government facilities have exposed such gaping security breaches. Fortunately, there are serious efforts being made to prevent this problem from happening in the future—in both the public and private sectors.
ASIS International, the leading organization for security management professionals worldwide, announced a new focus on May 8, 2007: to embark in standards development both nationally and internationally, in addition to the development of guidelines.
ASIS entered the standards development world after its members around the globe—risk management, security, preparedness, and continuity practitioners alike—implored the organization to support compatible standards to promote consistency and reduce trade barriers.
While ASIS develops guidelines that are suggested practices, the organization also develops standards that are the benchmark of best practices for the development of incident preparedness and security and operational/business continuity management within public and private organizations.
The work of preparing ASIS standards and guidelines is carried out through the ASIS Standards and Guidelines Commission and Committees. ASIS standards and guidelines are developed within a voluntary, non-proprietary and consensus based process using—to the fullest extent possible—the knowledge, experience, and expertise of ASIS membership, the security industry, and materially affected parties.
Guideline For Facilities
In June 2009, ASIS released its Facilities Physical Security Measures guideline. Its purpose “is to introduce [those] who may or may not have a security background to the main types of physical security measures that can be applied to minimize the security risks at a facility.” The guideline is not aimed at a specific occupancy, but facilities and buildings in general.
The guideline outlines eight main categories of physical security measures used to protect facilities: physical barriers; physical entry and access control; security lighting; intrusion detection systems; video surveillance; security personnel; security policies and procedures; and crime prevention through environmental design (CPTED). The emerging field of security convergence is also addressed.
“The guideline assists in the identification of physical security measures that can be applied at facilities to safeguard or protect an organization’s assets—people, property, and information,” says Mark Geraci, chairman of the ASIS
Commission on Standards and Guidelines. “Of all our work in the standards and guidelines areas, this guideline, in all likelihood, will have the greatest impact on, and be useful to, the vast majority of facility managers and security practitioners.”
To choose the right physical security measurements and apply them appropriately, it is important to conduct a risk assessment, such as described in the ASIS General Security Risk Assessment guideline. This guideline provides a seven step process that creates a methodology by which security risks at a specific location can be identified and communicated, along with appropriate solutions.
The risk assessment, accompanied by a basic understanding of physical security measures provided by the Facilities Physical Security Measures Guideline, makes it possible, either alone or with the help of security consultants or vendors, to select and implement appropriate physical security measures to reduce the assessed risks and accomplish the protective task.
ASIS is an American National Standards Institute (ANSI) accredited Standards Development Organization (SDO). ASIS also actively participates in the International Organization for Standardization (ISO). ASIS is involved in numerous national and international standards bodies to ensure it is the voice of security professionals in developing global security standards.
The most recent ASIS American National Standard, “Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use,” published in March 2009, provides a comprehensive management framework to anticipate, prevent (if possible), and prepare for—and respond to—a disruptive incident.
The Organizational Resilience (OR) standard specifies requirements and provides guidance for organizational resilience management. It focuses on resilience—the adaptive capacity of an organization in a complex and changing environment, as well as protection of critical assets.
“The OR standard uses a comprehensive approach to the management of risks associated with intentional, unintentional, and naturally caused disruptions,” says Geraci. “It provides a complete suite of tools to build a strategy for dealing with risks compatible with the mission and needs of the organization, as well as addresses the core elements and criteria of the Department of Homeland Security’s PS-PREP program.”
Organizational resilience emphasizes the synergies between the functions of risk, security, preparedness, continuity, and emergency management. This avoids “siloing” risks and allows the organization to build both a proactive and reactive approach to managing risks tailored to its size, activities and business/operating environment.
Designed to be business friendly, the OR standard uses the globally tested and proven management systems approach. It can be integrated with quality, safety, environmental, information security, risk, and other management systems within an organization. Organizations that have adopted a management systems approach may be able to use it as a foundation for the OR management system as prescribed in the new American National Standard.
Other ASIS Standards and Guidelines initiatives include: Business Continuity Management, Physical Asset Protection, Workplace Violence and Intervention Prevention, Risk Management, Pre-employment Background Screening, and Private Security Officer Selection and Training.
These and other standards and guidelines will be featured in several sessions at the ASIS International 55th Annual Seminar and Exhibits, held in Anaheim, CA, from September 21 to 24. One session, “Standards and Guidelines Commission Update,” will present an overview of the latest developments. For more information on this event, see the accompanying sidebar which appears at the right.