Establishing policies and procedures offers a logical way to get from risks identified by a security assessment to the measures necessary to reducing and managing those risks.
Security Assessments
A security assessment evaluates the context of a building. Is it in the city or the suburbs? Who are the neighbors? What happens in the surrounding area during the day, in the evening, and overnight? How much and what kinds of crimes are committed? Are crimes committed in your building? Who are your tenants? Do you provide parking, and where? Do tenants have to walk alone to and from the parking lot?
A security assessment studies these and other issues, identifies threats and risks, and makes judgments about risks. Finally, an assessment recommends addressing certain risks in the facility’s security plan.
Then, it’s up to the security director, property manager, owner, or some combination of those three to develop policies and procedures to deal with the risks judged important by the assessment.
Some Examples
Suppose, for instance, that your security assessment recommends escorting employees to the parking lot across the street after dark.
You might accept that advice and turn it into a policy: Employees who park in the lot across the street will be escorted from the building to their vehicles when working after dark.
What does this policy mean to the security officers who will carry out the escorts? Yes, it means escorting employees. But how will that be done? What’s the procedure?
“Training is closely related to policies and procedures,” says Jonathan Lusher, ICCA, a security consultant based in Kerrville, TX, and a member of ASIS. “You’ll have to train officers or staff members to do the escorts required by the policy. You’ll also have to emphasize the key steps in the process by making them into procedures and putting them in writing.
“A property manager might refer to these measures as ‘procedures.’ Security professionals often use the term ‘post orders’ to refer to procedures. Post orders customize a security firm’s general procedures to specific installations.”
A procedure or post order dealing with escorts might say something like this: The security officer will walk the employee to his or her car in the parking lot, but the security officer will not drive the person in a security vehicle or carry the person’s briefcase, pocketbook, or other personal possessions.
A procedure like this covers many issues. It sets out the pieces of the procedure – the steps to take (and avoid) while escorting employees. The positive steps, such as “walk the employee to his or her car in the parking lot,” deal with protecting employees. The negative steps, or the things that should not be done, such as putting someone into a security vehicle or carrying valuables, deal with protecting the security officer and, by association, the owner or property manager who hired the security company.
Preventing Liability Issues
The point: It’s important you don’t create liabilities for yourself when working out procedures that execute policies.
Another example of tailoring procedures connected to a policy so they do what needs to be done without creating liabilities: Suppose the streets surrounding your office building have undergone a crime spree – a spate of muggings outside, plus robberies inside. What should you do for your tenants?
Should you set up a meeting with tenants and offer security tips? “As a policy matter, you probably don’t want to own that responsibility,” Lusher says.
Still, it seems like an owner would want to have a policy of helping tenants deal with such security problems. “I would call a meeting with all the tenants and provide coffee, donuts, and a door prize, “ continues Lusher. “Then, I would arrange for the police and other security experts to make presentations about how tenants can respond to the problem and protect their employees.”
Leases define the responsibilities of owners to tenants, and tenants to owners. Successful owners typically provide tenants with more service than might be expected under the lease – tenants expect that.
When it comes to security services, written policies and procedures must at least cover the security recommendations noted in the security assessment. At the same time, it’s important not to go so far as to create liabilities for the owner. Written policies and procedures must always strike a balance that protects everyone, including tenants, visitors, property managers, and owners.
