Planning Your Security Program

Building owners today are confronted with endless options to protect their properties—from traditional locks and keys to high-tech security systems like retinal scanners and fingerprinting devices. But, for some applications, the basic approaches and solutions—not the bigger ones—are better.

With the correct knowledge and tools to steer clear of certain situations (see Access-Control Systems: Avoiding Common Pitfalls), building owners and managers are well equipped to proceed with developing an access-control program that meets their needs. To ensure maximum security and a solid ROI, building owners, managers, and/or engineers should take the following steps when planning and implementing a security program:

Step 1) Determine Security Needs

A solid security program begins with a plan unique to each building and its needs. Building owners and managers should develop specific objectives for their security programs, as well as a thorough plan that supports their goals. At the basic level, this should include the actions being prevented (e.g. theft, destruction of proprietary information, etc.) and the things being protected (e.g. personnel, property, and/or information).

The security program should be broken down into several steps. Top priorities should be addressed first; second- and third-tier concerns should be implemented in subsequent phases. In doing this, building owners and managers have the opportunity to evaluate their accomplishments, as well as the importance of each successive phase. Once developed, the plan should serve as a roadmap for identifying and implementing the proper security solutions.

Step 2) Explore Options

It's important that business owners and managers have a solid understanding of the various security solutions available today, including when to use them and how they should be maintained. Traditional solutions can be just as effective as sophisticated solutions, especially when they're used correctly.

Conventional locks and door closers. While simple, conventional locks should be the first line of defense in preventing access to restricted areas, consider this adage: "Locks are to keep honest people honest." More often than not, locks do their job and keep individuals out of restricted areas. While people may enter an unsecured area out of curiosity, few will actually force themselves in.

It's important to note that all locks are not created equal. Commercial office buildings should utilize Grade 1 locks (commercial grade), which are durably built and able to withstand greater abuse and higher traffic. Doors used frequently should be inspected throughout the year to be sure they're operating correctly; doors used less frequently should be evaluated annually.

All doors that are operated by a key in a commercial office building must also have a door closer (a mechanical device that closes a door that's been opened). These devices are imperative—they ensure that doors close and latch each time. Door closers are especially useful for frequently used doors.

Deadbolts. Deadbolts—locking mechanisms providing more security than conventional locks—should be used to prevent access to critical areas, as well as to other "off-limits" areas. These typically include critical areas subject to chemical, biological, or radioactive threats, or areas with highly expensive or complex data systems. Some of the most common critical areas: mechanical areas with access to water supplies, communication systems, and emergency-power generators; rooftops; and other interior spaces, such as lobbies, mailrooms, loading docks, storage areas, and entry areas. Doors with deadbolts must be locked with a key, but there are usually very few doors in a commercial office building that have deadbolts. Doors utilizing deadbolts should be randomly checked to make sure they're being locked, and tenants should be encouraged to do the same.

Restricted key systems. Restricted key systems—locking systems that restrict key duplication to registered individuals—are another basic solution that provides heightened security. Restricted key systems are used in buildings of all sizes and types—from small businesses to large universities—and whenever building owners/managers want to restrict the duplication of keys. Building owners and managers should ask themselves: "Do I care if the individuals carrying this key are allowed to make a duplicate key without my approval?" If the answer is "yes," then building owners or managers should strongly consider using restricted key systems.

When working with restricted keys, it's important to stick with a well-known, trusted brand. Beware of lesser-known brands: While they may seem appealing for one or more of their features, they typically don't provide replacement parts and service in a timely fashion—a major inconvenience that could lead to increased costs.

Standalone access control. Standalone access-control systems utilize battery-operated locks and are programmed at the door to permit access to specific individuals. These systems are becoming more and more popular because they fit a specific niche, such as satellite offices or bank branch locations. They're smaller and less complex than sophisticated security systems, and they're favorable because they're not hardwired. Consequently, they cost thousands of dollars less than an integrated access-control system. These products typically work best on doors that don't require constant monitoring, because they can only be programmed at the door.

Newer versions of standalone access control come with many added benefits, like the ability to delete and add single access codes to lock out certain individuals without affecting other users, and they can restrict access to individuals during certain time periods. The systems also provide a report of activity, which is helpful if a security-related incident occurs.

Integrated access-control systems. Integrated access-control systems provide the highest and most sophisticated form of access control. Integrated access-control systems are more robust than standalone versions and should be used when it's more cost effective to program the locks and produce reports from a central location vs. at the door. This is because it would either take too long for the system administrator to travel to the doors to do programming or obtain a report, or because it would be too conspicuous for the system administrator or security director to stand at the door.

There are many options with these products, and many can be quite sophisticated, such as systems that monitor hundreds of doors and thousands of users, so it's important to be sure the solution supports your overall security program.

Step 3) Obtain Feedback

After writing a security plan and obtaining a solid understanding of the types of products to use, it's crucial to review the security plan with trusted peers and consultants. Such advisors can include security professionals and other respected building owners, property managers, or building engineers. Many experts are happy to provide feedback and their thoughts. Moreover, explaining the business' goals, any assumptions or concerns related to building security, and how a new system could benefit an overall security program can yield a wealth of new knowledge, advice, and insight.

Step 4) Implementation and Review

With the proper access-control systems in place, building owners and managers should work with their tenants and others in the building to ensure that these systems are used properly. Simple and complex solutions alike may be unsuccessful if tenants and others fail to support them.

Constantly reinforce the importance of locking doors. Doors with deadbolts also require a conventional lock and a key. Most security specialists recommend randomly checking the doors to make sure they're being locked, and encourage tenants/others to do the same.
When using electronic access-control products, encourage all users to use a card or fob that leaves an audit trail. While some products can identify whether a key has enabled an individual to bypass the system, it typically can't identify the individual who used the key, whereas a card or fob can.

While there is no panacea for avoiding today's complex security challenges and solutions, increased knowledge and a disciplined and consistent process can make a company's implementation of an appropriate security solution an easier and less stressful experience. A willingness to take a careful, thorough approach to a security program can help tackle some of the toughest security challenges, avoiding confusion and other issues down the road.

Tom Glavin is president at Chicago-based Glavin Security Specialists, a leading security and locksmith consultant.