Security Management: Prevention and Response

How vital is security? According to Ofer Azoulay, CEO of Los Angeles-based SFW LLC (www.sfwllc.com), an emerging leader in developing and delivering critical facilities infrastructure management tools and services, “Other than the traditional important values of security and safety, such as saving lives and reducing losses to property, owners must understand that security plays a major role in productivity. An employee is more productive when he or she feels safe and secure.” Azoulay, a veteran of the Security Division of the Israeli Government, established SFW LLC with the vision of creating a company that implements the highest security measures for both private and commercial sectors, based on methods used by government agencies. Drawing on his background in Management Information Systems, Azoulay developed a conceptual framework for a Web-based infrastructure management information system, where one of the modules tracks security and safety information from a database directly onto an organization’s maps and floorplans. He offers his considerable security expertise to provide the following insightful answers to Buildings’ questions about security.Q: How is security defined today?A: I have heard many great definitions for security in the past 15 years while working in this industry. However, I would like to define security in the simplest way possible. Security is made up of two major elements: prevention and response. Prevention [is defined as] what one can do in order to minimize the chances that a manmade emergency will occur (visible security, such as guards, cameras, fences, etc.). Response is what can be done in order to reduce the damages to life and property once an emergency has occurred (procedures such as evacuation, first aid, continuity planning, etc.).Q: How have security needs changed during the past 5 years?A: The truth is that the risks and vulnerabilities haven’t changed in the past 5 years. However, we are now more aware after 9/11, so … now [businesses] are more inclined to encapsulate security into their normal operations. There is no doubt that that government agencies and private companies are starting to make significant changes in their security, in both policies and spending. Yet, as time goes by, most people naturally tend to be less concerned about security. This is a huge problem, but nevertheless very typical.Q: In assessing needs, what measures are necessary for adequate security?A: Every organization faces different types of threats. A bank may be more vulnerable for criminal activity than a grocery store; an abortion clinic may need to take different security measures than a dentist’s office; and the FBI headquarters would be a more attractive target than a typical office building. Adequate security is measured by the ability of an organization to counter the specific threats it is facing.Q: How does one implement security planning? Who should be involved?A: The first step in implementing a sound security plan is to conduct a thorough assessment. This does not mean an outside security consultant will be the answer. A consultant can only facilitate a good assessment process, but the answers are all within the organization. An organization that has a director of security may be better off utilizing him or her for this assignment, depending upon skill sets and the time commitment.The second step is to prioritize the issues that the organization wishes to deal with first. This is directly dependent on the type of threats and their severability. For example, a building with a higher risk for a car bomb would probably want to first protect its underground parking and the ability of cars to park close to the building walls. Once the priority list is completed, the organization should research all the ways to mitigate each risk regardless of the budget.Next, the organization needs to set up a plan of execution, remembering the long-term goal to address all the issues on the list. Having said that, if an organization is building a new building and CCTV is not the first priority, the conduit should [still] be included in the construction for future implementation.Finally, it is important to know that an organization can significantly improve its security through the adoption of simple security, safety, and emergency procedures. If done correctly, procedures are the most economical and effective way to enhance security. Security starts with the people.Q: Is there a list of security issues specific to certain building types?A: Although each building should have a different list, the following should provide some guidelines.Types of threats (likelihood and severability) are usually derived from: industry (products and services); geographical location and socioeconomics; neighbors (are you close to a federal building?); symbolic value; significance to a higher cause (country’s economy or infrastructure); history; the actual structure; and the number of employees and number of visitors.Elements of a sound security plan include 1) written procedures. Procedures are dynamic and must be updated on a regular basis. It is a good practice to date all procedures and prepare an audit of modifications. Also, it is important to have certain individuals, such as a security officers’ signing sheet, indicating they have read the procedures on a regular basis. Usually a well-written procedure will include a dedicated checklist of security and safety areas, such as access control, mailroom oper-ations, etc.; [an] emergency response [plan] that outlines different types of attacks, evacuation, etc.; and business continuity planning. 2) Security systems might include CCTV as a deterrent and late response; access control; X-ray; metal detectors, barricades, and fencing, etc. 3) Monitoring and ongoing operations involve training; constant re-evaluation of the assessment; continual update of procedures; regular testing and maintenance of systems; and monitoring the security and safety performance (both in-house and through a third party). 4) Security Information Systems, such as databases.Q: In organizing a security program, how does one establish direction?A: The first thing that an organization must do is simply to decide that security is a real concern. Without total management participation, there are no real chances of succeeding with any kind of implementation. Once a decision is made, the organization must set up long- and short-term objectives that are measurable. Finally, in order to successfully implement a sound security plan, an organization must assign one responsible individual who can dedicate an adequate amount of time to the project. Leaving the task of security planning to professional consultants alone will never work in the long run.Q: How important is a security “inventory”?A: The use of Security Information Systems is of great value. Fortunately, most organizations do not face emergencies on a regular basis, [but] similar to maintenance, engineering, and other facility management issues, security information typically resides within the heads of a limited number of employees. The security industry is famous for its high turnover rate, oftentimes leaving an organization in the dark when it comes to security issues. Therefore, databases and other Security Information Systems are a perfect solution [in providing continuity]. In addition, by controlling its own security information, an organization is not left to the mercy of an external security company.Security Information Systems can be beneficial to other departments as well. Access control systems can provide information about the traffic of clients/customers. A security and safety incidence database can directly relate to an organization’s maintenance and loss prevention. Daily activity logs can be beneficial when locating historical records.Q: What is the best way to build awareness among the facilities staff and building occupants, and outreach to community personnel, such as the fire department?A: This question is key to the success of a security preparedness program. Organizations that believe in security and safety should take the lead and promote awareness in their area – including [the involvement] of neighbors. Through ongoing education, involve all employees in daily security [practices]. In addition, a good director of security should have a direct channel to the local police and fire department. I know of one director of security for a hotel in California who invites the local fire department to lunch on a regular basis. The entire crew gets updated on new developments and views the property. A manufacturing plant in Iowa is providing access to its CAFM system to the local fire department, which details the location of hazardous materials, fire hydrants, sprinkler systems, etc. This type of cooperation within and outside an organization is extremely valuable, and is not expensive; rather, it’s an excellent investment in ensuring your facility is safe and secure.Linda K. Monroe (linda.monroe@buildings.com) is editorial director at Buildings magazine.