Security: A Blueprint for Reducing Risk

Feb. 7, 2006
Discover which three areas to focus on when instituting a new security plan - or beefing up an existing one

Nearly 5 years have passed since the events of 9/11 when the world watched New York City’s landmark twin towers topple - with many inhabitants still trapped inside.

The tragic events of that day spurred increased vigilance and security measures in commercial facilities nationwide. Some measures boosted building security for the better; others wound up being excessive and impossible to sustain over any period of time, both practically and financially.

The U.S. building industry has become much more aware of what it takes to create a good security management program, but the question of what’s necessary vs. what is too much still remains. “There is no cookie-cutter approach to security,” says Russell W. Riddell, director of school security, planning and design services, at Ithaca, NY-based The Thomas Group, a Tetra-Tech Co. “Each [building] has unique circumstances.”

Instituting a new security management plan or beefing up an existing plan will only enhance a facility’s safety level. While elements will vary depending on building type and function, Riddell says every building security program assessment should examine three key focus areas:

  1. Physical systems. What systems do you have in place?
  2. Operations. How are you applying the systems to effectively provide security?
  3. Education and training. Are you explaining security systems and procedures correctly to
    employees and tenants?

“The principles of security management are the same. How they are applied and instituted vary depending on the needs of the facility,” notes Gee W. Cosper, president and CEO of Gee Cosper & Associates, Baltimore. “There might be site-specific issues that you have to deal with, but the overall conceptual philosophy in security management and how to protect a facility are generally the same.”

Understanding Liability
Premises security has been an evolving issue for building owners and managers since the middle of the 20th century.

Statistics from premises loss studies conducted by Insurance Services Office Inc., the University of Maryland, and Liability Consultants Inc. showed that in the period between 1958 and 1982, the insurance industry averaged three premises security claims per year, with an average settlement of $293,000.

In the 10-year period between 1983 and 1992, the average amount of annual claims rose to 26, while the average settlement reached $545,000. In the next 10-year period between 1992 and 2001, the statistics skyrocketed - with averages of 109 annual claims and settlements of approximately $1 million. These figures do not include any terrorism or 9/11 losses.

Building owners and managers are not expected to guarantee the safety of their tenants, visitors, and guests, but they are required to exercise reasonable care to protect them from foreseeable events. “Courts are imposing increasingly higher duties on building owners and managers to protect tenants,” notes Stephen G. Bushnell, product director, real estate, for Fireman’s Fund Insurance Co.’s Commercial Business Division, Novato, CA. Bushnell adds that municipalities and states are imposing more statutory requirements for building owners/managers, and that growing numbers of industry association standards also influence the level of duty and liability incurred at the ownership/management level. Often, the focus of duty extends beyond the safety measures inside a building.

Bushnell stresses the importance of identifying foreseeable events based upon such things as the level of crime in the neighborhood and what it means to the building in question (and its tenants). “You need to ask yourself if your building’s environment is a moving target,” he says. “If crime or terrorism [are] foreseeable - not just in your building, but in your neighborhood - you have to understand the liabilities in the area where your property is located.” For example, your building might be crime-free, but assaults might have occurred in the parking lot across the street. Or perhaps a block away, someone is hiding in shrubbery outside an office building, confronting and harming tenants. If you don’t do something about the safety of the tenants walking to that parking lot, or take into consideration the assaults occurring on the next block, you don’t have a defense, Bushnell says. “The duty for a building owner or manager is to have some security to keep that from happening in their building,” he points out.

Building owners and managers have a great deal of liability when it comes to building security, but they’re not alone. Anyone contracted to provide security services has liability, too. Say a shopping mall owner contracts with a security company to provide surveillance and protection for a busy parking area. The risk needs to be transferred from the building ownership or management team to that security contractor.

“The expectation a tenant or visitor has of the level of security for an area is critical,” Bushnell says. “It sets the level of duty that a building owner or manager has - what kinds of events are foreseeable in your building and area, and how you can best protect your tenants and visitors from those events. If you are in a nice suburban office building, the standards of security are going to be different than a building in a central business district with a lot of crime going on around the edges.”

Close to Home
It’s the everyday security breaches that make a comprehensive, effective security plan a must for every facility. While terrorism still makes prominent headlines and remains a possible threat to buildings and their occupants, you’re more likely to face such everyday crimes as theft, violence, and fraud.

Because of the high concentration of people on-site - and in some building types, a transitory population - commercial and institutional buildings are ripe targets for criminal activity. It’s not just limited to high-rise, multi-tenant office buildings: mixed-use facilities, shopping centers, hotels and motels, office and college campuses, and busy hospitals are at risk, too.

“We have to be careful of the day-to-day threats,” says Carlos X. Villarreal, vice president of national security and life safety for Chicago-based Trizec Properties Inc.

For example, consider creepers - individuals who enter multi-tenant buildings or hotels and seek out empty offices to steal laptop computers, handbags, briefcases, and other items of value. Building access controls have helped curb this behavior to some extent, Villarreal notes, and while it is not as prevalent as it used to be, it is still relevant.

Facilities with busy public areas can foster pickpockets who look for purses hanging on the back of chairs or open tote bags with visible wallets. Parking lots or structures always present the possibility of assaults or smash-and-grab thefts from parked cars.

What about workplace violence? According to Geoff Craighead, vice president, high-rise and real estate services, at Securitas Security Services USA Inc., Los Angeles, in the last 4 out of 5 years, Corporate 1000 security directors listed workplace violence as the No. 1 threat, ranking it higher than terrorism. “Terrorism went up, but workplace violence remains a primary concern,” he explains. “If you start adding up all the incidents you hear about in the news, you realize it really is an issue.”

In-Depth Analysis
Once you understand your level of liability and determine possible security events for your building, it’s time to assess your security needs or reassess your current security management program. Do this at least once per year.

Craighead says a security analysis can help building owners and managers better understand how and if their current security program meets their building’s needs. There’s more to providing a safe building than installing the latest system full of bells and whistles.

“Look at your program and your building,” he says. “Assess potential threats in building and perimeter control, tenant and visitor access, package acceptance and mail delivery, security staffing and training, and tenant security awareness.”

When it comes to analyzing your needs based on possible threats, the options for security are limitless - both in physical security and site-based options. “There’s a smorgasbord of concepts. But each facility owner or manager has to make the decision to fit their culture and their budget,” Cosper notes. “My advice to clients when we experienced 9/11 was to start implementing policies and practices [they] should have had in place before.”

But, there is also such a thing as overkill. Too often, facilities professionals install more physical security than necessary, leaving a building with expensive, under-used, or unused systems. “Don’t incorporate anything into a security management program that you can’t sustain,” Cosper says.

At The Thomas Group, Riddell is immersed in security design daily and sees much technology going unused in installations. And, much of it was installed after 9/11.

“The initial reaction [was] that we needed to rely on technology,” he says. “A lot of technology application after 9/11 might have been misspent or misused. There is a moment to step back, take a deep breath, assess what you are trying to accomplish, and look at whether technology should be a supplement to a plan or if it should be a foundation for a plan. If you skip over the assessment process and go right to design, you might be misusing funds.”

Security by Design
Before you install a flashy system or upgrade your current security equipment, keep this in mind: A building’s environment sets the framework for good security programming.

A thorough analysis includes focusing on a concept known as CPTED (Crime Prevention Through Environmental Design). CPTED’s basic premise centers around the idea that the proper design and effective use of the physical environment can lead to a reduction in the incidence and fear of crime.

Basic tenets of CPTED include lighting design, clear sightlines, landscaping for visibility, and natural access control. CPTED creates opportunities for tenants/occupants to maintain vigilance of their space and to make it uncomfortable for trespassers to move into the space. A space created with CPTED principles makes a facility and its surroundings more open, more visible, and more occupied.

“These are principles you can put into play without necessarily having a security officer,” Cosper says. For example, Cosper says that simple CPTED maneuvers include ensuring that parking areas and walkways have ample lighting if they are used at night, and low shrubbery so surprise confrontations can’t occur.

In the design of security programs for K-12 schools, Riddell regularly uses CPTED as a stepping stone. The security design team looks at areas in a school where people aren’t necessarily welcome. To deter would-be thieves from breaking into the building after-hours, for example, a design plan would have planting areas 3- to 4-feet wide featuring “ornamental-yet-hostile” vegetation underneath accessible windows. The plants might be nice to look at, but the 3-inch spines on them would likely have possible intruders thinking twice about breaking and entering.

At one high school, administrators reported between 50 to 60 vandalism incidents in the student parking lot. They turned to The Thomas Group for a budget-minded (but effective) solution. “We looked at the site and asked, ‘What’s the best way to get natural surveillance?’” Riddell recalls, adding that the firm decided to make use of the school’s large student body as a means of built-in surveillance.

“We moved the student lot to the front of the cafeteria, which is used 6 or 7 periods of the day for lunch and study halls, and created an adjacent outdoor patio,” Riddell says. “We oriented the parking layout so that students sitting on the patio could see down the rows of cars.”

It worked. After the change, school administrators noted that vandalism incidents plummeted. They now deal with only two or three occurrences each year.

“That’s an example of designing a facility to create a natural security environment without putting cameras [around] the perimeter of the building,” Riddell says. “There’s no doubt that there are areas where technology applications need to be the first and foremost thought, but it doesn’t mean that’s the case in every facility when you take a comprehensive approach. They may only need a few cameras and an access control system that maintains a secure perimeter. That’s why CPTED is getting a closer look.”


A Checklist for Security and Fire/Life Safety
Determining preparedness requires asking probing questions about security policies and procedures, potential threats, the quality of technology, and the knowledge and capabilities of the property’s security staff. Periodic security surveys are recommended to assess the security status of any building. To assess potential threats, examine the effectiveness of current security measures in the following 10 areas:

-Building and perimeter controls, including entry to under-building parking garages.

-Access control of tenants and visitors to the building, including access to loading docks by delivery persons, contractors, and vendors.

-Package acceptance, mail delivery, and removal-control measures.

-State of existing physical security measures:

  • Architectural features.
  • Lighting systems.
  • Locking and key-control systems.
  • Access control, intrusion detection, and alarm systems.
  • Closed-circuit television systems.
  • Communication systems.

-Security staffing and training.

-Building policies and procedures.

-State of post orders and security instructions.

-Building emergency plan:

  • Building emergency procedures manual.
  • Building emergency staff preparedness.
  • Occupant training.
  • Floor warden program.
  • Evacuation drills.

-Tenant security awareness and communication of the security and life-safety program to tenants and vendors.

-Background checks of building staff, including security, engineering, janitorial, and elevator technicians.

Source: Securitas Security Services USA Inc.

Perimeter and Access Control
Equipment that enhances perimeter and access control security is a major consideration once you start weighing your technology options and budget.

“In an ideal world, you would have 360-degree coverage,” Cosper says. “This means anyone entering your grounds or building would be monitored. You would have an outer perimeter of security that ensures only authorized people get in, whether they are employees, patients, or visitors using a visitor pass.”

Security professionals at Trizec place an emphasis on exterior protection and surveillance at its 52 Class-A office buildings in New York City; metro Washington, D.C.; Atlanta; Houston; Dallas; Los Angeles; and Chicago, Villarreal notes. He says the Trizec security team has improved the way it uses its equipment, upgrading to digital recording devices and color cameras - both of which provide more visible detail.

“If I had to pick one requirement, I would say that it’s exterior camera protection to act as a deterrent,” Villarreal says. “You want to be able to detect what is happening outside your building. If you have an effective CCTV exterior program with someone who knows how to use it to monitor and record properly, it’s a big step in the right direction.”

Trizec has also stepped up its focus on access control in the past 5 years. Many buildings have turnstiles to control access to elevator banks, and all have mandatory visitor registration procedures in place. “Before, you could walk into any of our office buildings,” Villarreal says. “Now, guests have to be pre-registered in many cases. You can’t just walk in off the street.”

Visitor registration has come a long way. The option for Internet registration (where tenants log on to a website and register their visitors) is now available. When the person arrives at the registration desk, his or her name is already in the system. Security officers can then click on the name and issue a badge.

A badge policy is also a good thing to extend to employees/tenants, too. It’s important to identify people you’re not familiar with, and a badge policy helps you do this, Cosper says.

The key to a successful badge policy is buy-in from the top down. Everyone should wear a badge, including the CEO. “It is important that leadership sends the message that ‘this is a policy, and we all are going to participate,’ ” Cosper explains. “The message has to come from the CEO.”

Riddell notes that if a badge policy involves card readers, replacement costs for magnetic cards and the readers need to be factored into the budget. Scratched cards might not read properly; a strategically placed piece of gum or a few drops of super glue in the reader can disable the system.

Proximity card readers with smart-card capability might require a higher upfront investment, but they pay off, Riddell says. These durable machines have high-impact casings that deter vandals. “In all the installs we’ve done in the past 4 or 5 years, we haven’t had more than a handful of proximity readers fail or be vandalized,” Riddell notes. Also, where we put in card readers, we put in cameras for facial recognition. That way we have a visual record of the person presenting the card.”

Proximity card readers with keyless entry have another advantage: Through a single phone call and remote access from the administrator, the system can be shut down. “We do not specify any system for any school that does not have remote access,” Riddell says. “It could be Web-based capabilities; it could be an intranet. I have worked with districts that have given their local law enforcement agencies access via redundant password access. It gives them the opportunity to view the campus through the surveillance system.”

 A Self-Inspection Checklist
Building owners and managers have a duty to protect tenants and guests. Regularly inspecting a facility for security breaches and trouble zones is a necessity. Some “musts” for any routine inspection program include:
  • Secure and inventory all keys while individually assigning and inventorying master keys.
  • Control access to roof and all mechanical spaces.
  • Trim landscaping to maximize visibility and eliminate hiding spaces.
  • Maximize nighttime illumination as necessary.
  • Inspect all emergency exits at least monthly.
  • Inspect all access control systems at least monthly.
  • Train personnel to constantly monitor CCTV systems.
  • Audit actual security practices in comparison to policies.
  • Maintain written records of all security complaints, actions, and resolutions.
  • Conduct an annual security risk analysis, including review of area crime statistics. Upgrade/update security policies as needed.

SOURCE: Fireman’s Fund Insurance Co.

Key Relationships
A close relationship with local law enforcement and life-safety agencies is a crucial part of any security program. Throughout the security and facilities management industries, there has been an increased effort in developing relationships between public law enforcement (police, fire, local FBI, etc.), private security officers, and building owners and managers. Don’t wait to meet these folks until there is an incident in your building. Build a relationship with them now.

“There wasn’t a lot of outreach on both ends prior to 9/11,” Villarreal notes. “Now, there are networking sessions, programs, and associations that you can join where you can get to know each other. It’s all done [locally].”

Villarreal says that besides the obvious agencies, facilities professionals should also make acquaintance with the protective service advisor (PSA) of the U.S. Department of Homeland Security. The PSA in each city is directly responsible for that city’s critical infrastructure. “That’s someone you should get to know,” he says. “[He/she] can be an excellent resource.”

The relationship factor extends beyond getting to know your local safety professionals. Tenants have needs and expectations when it comes to security, and a building owner or manager should be aware of these. Security experts stress the need for a “marriage” between the facilities manager and major tenants. Tenant buy-in is a crucial part of implementing and maintaining a successful strategic security plan.

“Good tenant relationships, in general, involve a dialogue with your tenants,” Bushnell notes. “What if a tenant has a complaint? What if they want stronger locks? What if they are concerned about intruders? Having a dialogue is critical. A good building owner or manager has a good dialogue with tenants to assure them that the security provided meets [neighborhood risks], etc.”

Essential Awareness
The best way to encourage this dialogue is to actively promote security awareness in the building. Distribute a building security checklist to all tenants. Provide them with written security policies and emergency management procedures. Inform them of identified potential risks in the neighborhood. Enlighten them as to what building management would do if there is a security breach.

“You take away a lot of potential liability through that communication,” Bushnell says.

It’s important that tenants and employees understand what the building’s security policy encompasses, Cosper notes. The simplest way to do this is through security-awareness sessions. Go over new polices and practices. Explain what building occupants can do if they see something suspicious or see someone not wearing a badge. Make it brief, Cosper says, no more than an hour. But be sure to do it at least once or twice per year.

Trizec Properties holds brown-bag lunches for its tenants and invites members of the local police or fire departments to present such topics as safety awareness, evacuation procedures, and other pertinent issues. “Training is a big component,” Villarreal says. “You need to help tenants and employees be observant and know what suspicious activity is.”

While no facility has the budget for every technologically advanced system or sophisticated training program, everyone can do more to enhance its security initiatives. “The more you do - every thing you do - enhances your program,” Cosper says. “Sometimes it’s a business decision, or sometimes it’s from a practicality standpoint that something cannot be implemented. You can’t always secure your whole perimeter, but with every little thing you do, you’re building your security management program.

“You have to develop what is right for your building and what is right for your culture, and you have to sustain it.”

Robin Suttell ([email protected]), based in Cleveland, is contributing editor at Buildings magazine. The March 2006 issue of Buildings will feature more information concerning design aspects involved in security.

Voice your opinion!

To join the conversation, and become an exclusive member of Buildings, create an account today!

Sponsored Recommendations