By S. Steven Oplinger
From the March/April 2016 Issue
Whether facilities have a physical security plan in place or are planning to implement one, there are a few common sense things to consider. The planning, implementation, operation, and maintenance of physical security—whether for one facility or many—will benefit from facility executives taking the stance of a common sense approach to the task.
When embarking, the first thing that needs to be identified is “the purpose” of any given part of the system. This sounds simple enough. However, for any physical security system—whether it be closed circuit video, access control, or duress, the team must identify first the overall purpose of the systems that will be deployed. Once the overall purpose has been identified, then a deeper examination needs to take place to identify each component of the systems to ensure that each device deployed has a real, defined purpose and use. The basic rule here being that if the purpose for a device cannot be clearly identified, it is probably not effective in the overall plan.
Consideration must also be given to the operators of the system—those individuals who will interface with these systems daily. There is a vast selection amount of effective technology in the security industry today; the key is fitting the proper technology to the organization’s needs. Just because it is the “latest and greatest” technology does not necessarily mean it is right for the application and needs. Facility decision-makers should invest the time in research and due diligence to determine the right technologies.
Additionally, if the systems deployed are complicated to operate, the operators begin to discontinue relying on them as a tool. Aspects related to the operation of these systems needs to be identified: Are you using in-house staff or a contract service? How many hours a day is the system actively monitored? How and when are reports prepared, and by whom? These are just some of the questions to consider.
The next point of consideration would be the stakeholders. The rule of thumb here is that anyone who potentially interfaces with a physical security program should be considered as a stakeholder—no matter how minor. Here is a list of potential stakeholders in a physical security program: facility managers, security managers, human resources departments, IT departments, owners, architects, engineers, security consultants, system operators, guard personnel, construction managers, and other trades (e.g., electrical and HVAC contractors).
On The Market:
A physical security program touches many different facets of the business, whether it is a corporate office, a school or hospital campus, a government building, a mall or shopping center, or virtually any space that requires some type of security plan and implementation.
After evaluating the needs to be addressed with the security program, there are some other considerations that should be taken into account. This involves an intimate knowledge of the business and how it operates. Questions to ask about the future of the site include: Will it be expanded or remodeled in the foreseeable future? Will second (or more) locations be involved in the future planning? Is this facility standalone, or is it a part of a group of like facilities (such as a hospital or school campus)?
Many times the physical security plan and programs are predetermined by existing products or systems already in place in other facilities. Questions need to be addressed as to whether the new systems being designed and deployed are the correct systems to be interconnected with the existing systems and programs. Additionally, is the facility being planned for have any distinct needs?
Assessing The Facility And The Equipment
Answers to the above questions can come from a variety of sources, but the most common and best practice approach is to conduct a comprehensive risk, threat and vulnerability assessment. Having a comprehensive assessment performed will allow facility leaders and their security counterparts to determine where emphasis needs to be placed.
A comprehensive risk assessment will identify those areas as well as scenarios that need to be addressed. Examples of this could be: location and proximity of major travel routes to the facility (e.g., roads, railyards, airports), visitor and visitation policies, public and employee access, and delivery protocols. Does the facility involve the use of any hazardous materials? If so, security planning needs to be an integral part of the mitigation of such items.
The next step in the process should be future considerations. Earlier, the possibility of facility expansion was addressed. Thought must be given not only to expansion, but migration as well. Organizations have a tendency to change with the times; products and priorities change, as well as policies and leadership changes. These are all elements that need to be addressed in future plans.
Although no one has a crystal ball, there are things that can be done to help prepare a physical security program for the future. One of the most important considerations to address future developments involves the technology aspect of the physical security program. By staying informed of technology changes related to the products that are deployed, facilities can in effect be prepared for future expansions and product changes.
Facility executives need not become a technology or security expert, but it is important to engage the team—especially the security consultant and systems integrator, since it is their business to keep abreast of the product migrations and changes.
Manufacturers of security products are continuously improving and modifying their products, and along with that comes the dreaded “end of life” for certain products and software versions. Facility leaders should ask related questions to learn the history (and potential future) of the products they deploy. Are these products on a stable course and platform? What are the options for upgrades to new software versions and product revisions? Will there be future costs for upgrades or licensing fees? In other words, it’s important to try to identify the facility’s exposure, both technically and financially, before deploying systems.
Training And Maintenance: Crucial To Effective Operation
Probably the two most crucial aspects of a physical security system—and the two that get overlooked most often—are ongoing training and maintenance.
Generally speaking, once a physical security system has been deployed and has been deemed at substantial use some form of end-user training will occur as a part of the contract. A recommended way to achieve this is to schedule a formal training session with the following groups.
Maintenance/Facilities. These are the on-site mechanics, and they have a general idea of “how things work” at a facility. By giving them some training on the systems, these people become the first level of inspection for potential issues.
Mitigating The Active Shooter Threat
By Jeffrey A. Slotnick, CPP, PSP
Are you prepared for incidents when they happen? When incidents happen (and they will), whether man-made, natural, or technological, there is always a risk to life and limb. The key to insuring the preservation of life is to have a plan which is trained and practiced.
There are some important lessons to be learned from the recent terrorist attack in San Bernardino, CA. In the midst of the intense media for that shooting, there was not a heavy focus on just how many lives were saved. But the lives saved were the result of an intense training on the part of the Inland Regional Center. According to one of the nurses at the facility, there was an active shooter plan in place and it was practiced often.
Waiting for an emergency to occur and then trying to figure out what to do—as its happening—can lead to significant loss of life and property. When an incident occurs people are looking for leadership. This was recently one of the topics of discussion during an Active Shooter Workshop hosted by ASIS International and the National Fire Protection Association (NFPA). During the planning workshop one of the critical points discussed was organizational preparedness. So, as leaders review the level of their organization’s preparedness they should be asking the following questions:
Facility leaders and other stakeholders should be able to answer the above questions in the affirmative—confidently and competently. If the answer is no to one or more items, the resources below are available to create resiliency in the face of adversity. The time to think about an active shooter event and mitigate its impact is now.
Meanwhile, relevant ASIS International Standards include: Workplace Violence Prevention and Intervention Standards ASIS/SHRM WVPI.1-2011; Risk Assessment ANSI/ASIS/RIMS RA.1-2015; and Organizational Resilience Management ASIS SPC.1-2009.
Slotnick is president of Setracon Inc., a Tacoma, WA firm providing security, training, and consulting services. He is a Board Certified Security Management Professional and Past Chair of the ASIS International Physical Security Council.
Many times, a security integrator receives a call with clients stating that their cameras aren’t working. And that is all the information that is given. A technician is then scheduled to visit the facility, in the blind essentially, to diagnose the problem and find a solution and repair it. Many times, the diagnoses are simple, such as an unplugged power supply or a blown fuse. These are a simple fixes, but costly, as most integrators have a minimum time charge for service calls. By having the facilities/maintenance staff capable of making some initial diagnoses, both time and money can be saved.
Administration/Supervision. Facility leaders should know how to operate their physical security systems (even if basically). Many times in a crisis situation, the operators and or guard force may be better served in another capacity (crowd or traffic control as examples). Take the time to learn how the systems are operated, and make sure the management team is trained as well.
Another good rule of thumb is to designate someone from the management or supervisory staff to become the in-house trainer. People move on to other positions, and new staff is brought in to replace them. It is prudent to have a plan in place to train them properly before they are asked to operate and be responsible for the physical security systems.
Operators. These are the first line day-to-day users of the systems, and proper training is essential. Formal training sessions should be requested for this personnel, with specific times and dates put in place. Have the person performing the training (typically the integrator) require that the operators demonstrate back to them their familiarity with the systems. This includes not only how to perform daily and usual functions, but how to react and respond in critical or unusual situations.
Lastly, it is useful to create a training video, and make copies. This serves as a great tool when bringing on new staff. Do not only make a video of the staff being trained, but rather facility executives should insist on an explanatory video of how to perform the various functions of the systems.
Maintenance is also important. Just like changing the oil in vehicles on a regular basis, checking oil and grease machinery in your factories, and inspecting critical equipment germane to operations, it is crucial to inspect physical security systems. The components of these systems often feature highly sophisticated electronics, and although most have few, if any, moving parts they are still susceptible to weather, dust, temperature changes, and just plain everyday use.
Too often, a facility has deployed the best of systems only to see them show signs of failure after a few short years because the equipment was not properly, if ever, maintained. The place to begin thinking about maintenance is at the onset of the planning. Plan for a routine maintenance program and budget for it up front. All too often, projects get funded with no forethought as to maintenance budgets. Ask what typical costs will be required for routine maintenance, and incorporate at least two maintenance visits during the warranty period.
Securing The Plan
While security systems are complex, using a common sense approach to plan for, use, maintain, and protect these systems lays the groundwork for success. Knowledge is power, so facility executives should become informed as to what their security needs are by identifying them, and then addressing them accordingly. It is important to ask questions and involve other facility stakeholders for their input and decision making, along with the outside stakeholders. By working as a team to identify, plan, design, and implement physical security systems, facility leaders foster successful project outcomes and proper use of these systems during operation when it is most important.
Active in the security industry for over 25 years, Oplinger is a systems design manager for a mid-sized integrator in Florida. He is a member of both the Security Industry Association (SIA) and ASIS International. He is currently the chairman of the ASIS Physical Security Council. Oplinger was instrumental in writing the Certified Security Project Manager (CSPM) Book of Knowledge and corresponding workshop, which he teaches for SIA. He has been responsible for the design and deployment of electronic security systems in numerous detention facilities and federal courthouses, as well as other federal facilities throughout the United States.
Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at firstname.lastname@example.org.