Security Building Blocks

With as many security threats as there are ways to mitigate them, FACILITY EXECUTIVES LOOK FOR BEST PRACTICES to form the cornerstones of successful security plans

When planning building security, facility executives have to consider threats that range from break-ins to bombs to biological agents. Given the strides in security technology, the nearly constant threat of terrorism, as evidenced by the recent bombings in London, and the increased blurring of the lines between facilities, IT and security, facility executives have more to think about than ever as they work to protect their organizations' people and property. The challenge is combining all these considerations with existing security protocol to arrive at a total security plan that protects building occupants without being overly intrusive to day-to-day operations.

While the security situation at every building is different, many best practices are applicable to any type of building in most types of organizations. From integrating security technologies, such as access control and video, to standardizing systems across an entire portfolio, these best practices can help streamline a facility's security operation.

KNOW WHAT YOU NEED

When examining how to bolster a security plan with new technology or a new system, most experts say that proceeding without conducting a risk assessment is a mistake.

"The risk assessment is the most important thing you can do for a facility," says Bill Mellin, portfolio manager for Gale Global Facility Services. "It allows you to put in a security system that best protects from threats you're most worried about, whether that be terrorism or espionage or whatever else."

The first step in a facility risk assessment is identifying the nature and operations of the building. "We do that from a loss perspective," says John Shriner, senior vice president and director of physical security for Wells Fargo. "We ask 'What are the business impacts if this facility were to go away?' Then we develop the appropriate safeguards based on the things that could cause that to happen."

For Shriner, the risk assessment process includes incorporating data obtained from the Department of Homeland security and other sources on known or suspected threats. "The information we glean from government agencies is very important to our assessment process," he says.

Working with local agencies and police is also a key step. "We work very closely with law enforcement," says Jim Weslager, vice president of corporate security for PNC Financial Services Group. "We've got a number of field officers of the FBI with whom we meet on a monthly basis. We talk to special agents regarding crime trends." Weslager says they spend time talking about national security concerns, too.

Shriner's risk assessment, or risk modeling as he calls it, involves assigning each building a score. That score drives the selection of security applications used in the building - whether the building requires access control, video, intrusion alarms or other equipment. A similar system of prioritization is in place for the buildings at Georgia Institute of Technology. Bob Lang, Georgia Tech's director of homeland security, says that his buildings are rated based on major, moderate and lesser risks, depending on the building's operation and whether the building stores potentially dangerous items.

"A major-risk building would include anything that houses chemicals or gases that would be immediately hazardous to health," he says. "For instance, phosgene - an agent potentially used in biological terrorism - is used in a lot of experiments and activities that support high level research. We have to control who goes into those buildings, and there are procedures in place for who has access."