For all that facility managers endeavor to provide a safe environment for the occupants in their buildings, not all security initiatives are as effective as they could be. Common mistakes waste time and money and actually undermine the efforts being made to improve building safety, experts say. But understanding those mistakes is the first step in avoiding them.
To start, the process used to implement security solutions often is backwards. That is, "the starting point should be an analysis of the security needs," says David Aggleton, president of security consulting firm Aggleton & Associates. Too often, the facility manager figures that what's needed is a certain piece of technology — say, a CCTV system — without taking the time to identify the assets that need protecting or to understand the threats they face, he adds. The result? The solution implemented isn't effective. "You don't really know what it's supposed to do," Aggleton says.
When it comes time to identify the assets, it's not unusual to find that some critical ones have been overlooked. To be sure, most facility managers will include the occupants and equipment housed in a building within their definition of an asset. However, they often overlook vital, but less tangible assets, such as an organization's brand or image.
Sean Ahrens, project manager, security consulting and design with AON Corporation, worked with a manufacturer of specialty apparel that kept a book to record all the information used to develop each of its products, such as its production cost and location. "The book was worth millions," Ahrens says. Even so, it was stored in an unlocked desk.
The next step is figuring out to which threats the facility is most vulnerable, Aggleton says. While terrorism often is top of mind, most buildings face greater threats from more mundane dangers, like a co-worker who becomes violent or an employee who walks off with a laptop.
After the assets and threats have been identified, it's time to consider security measures. Effective security depends on a combination of three elements: technology, architecture, and operations or policies, says William Sako, chair of Sako & Associates, a security consulting firm. "The single biggest mistake is failing to understand this," he says. Security solutions that rely too heavily on one element will be less effective than solutions that incorporate a balance of the three.
For instance, it's not unusual to find a building equipped with turnstyles, but without staff to make sure everyone uses them. Conversely, a facility manager may station a security guard at an entry, without providing a way, such as ID cards, to identify those entering the facility. "The guard has no way of knowing if people belong there," Sako says.
In addition, effective security typically comes about through increasing the layers of security the further one goes into the building, Ahrens says. So, while the lobby may be open to just about everyone, visitors may need to be escorted into the executive areas or prohibited from offices that contain sensitive information. These restrictions or barriers should make it more difficult for an intruder who has gotten into one area.
Without these barriers or restrictions, it becomes much easier for criminals to make their way through a facility. Even so, it's not unusual to find these security measures lacking.
Ahrens says he worked with one company in which he recommended that they place a barrier around the entrance area, because it was possible for criminals to enter and walk right into the rest of the building. Management resisted, due to concerns over the cost, and a feeling that the risk was low. Several months later, employees on strike, equipped with bullhorns, walked through the lobby and into the executive offices, chanting. Management later installed access-controlled doors between the reception and executive areas, compartmentalizing this area from the rest of the building.
Another area that's often overlooked in a security review is the stairwell. That can be risky. "Once an aggressor has gotten into an unsecured stairwell, it's easy for them to move freely in the building," says Ahrens. The person can be in the building unescorted, avoiding detection and security patrols.
Evaluate Vulnerabilities in Facility and Technology
