Up until that fateful morning of September 11, 2001, it was common practice to design security systems, particularly involving new construction by taking architect drawings at their face value, locating and counting the number of exterior doors, checking the main and rear entrance areas, locating major work or process areas and then developing access control points, intrusion alarm points, and locating cameras and other security devices without ever considering possible threats, vulnerabilities, or environment specifics.
Bid specifications were often standard security manufacturers’ system specifications subject to a great deal of “cutting and pasting” often based on prior bid specifications from another similar project.
Wivenhoe consultants have never followed the path described above.
Indeed, every project commences with a Threat Assessment together with a site visit to assess the local geographic environment, as well as studying the existing client operation.
The benefit to the client is that before commencing to recommend security system upgrades, new systems, additional security measures, or a specific security approach, the following has been established:
1. The Credible Threat
By assessing the credible threat to the client, it will determine the level of protection required in terms of security systems and measures. Many companies fail to identify their credible threat and as a result may have ended-up with the following:
- Invested in Security Systems that were not necessary.
- Installed the Wrong Equipment & Systems.
- Installed Inadequate Security.
- Misjudged their Environment.
- Listened to a Security Entity simply interested in selling as much as possible to the company.
- Considered Security an Unnecessary Expense.
It should be noted that the level of security required to counter a significant threat level as determined by knowledgeable security professionals is substantially greater than that required to protect against lesser situations. However, underestimating the threat level can prove very costly in the event of a serious security incident where it is determined that there was inadequate security and as a result the company is facing Negligent Liability and substantial damages.
2. Critical Assets
In addition to understanding the Credible Threat Level, it is also important to identify the company’s critical assets. From a security point of view, it is considered logistically and financially very difficult, if not impossible to protect every asset, and thus it is necessary to prioritize, in order of importance, those assets which if compromised would seriously impact the company and result in operation failures.
3. Facility Operation Specifics
Security measures and systems must take into account existing facility operations to avoid situations where employees find that new security measures are directly affecting in a very negative manner the facility operation. Access control that has not been thoroughly thought out is often the culprit where employees cannot enter areas that are essential to their respective tasks and now find ways to circumvent the access control system, sabotage the system, disengage the system, or simply refuse to work under such circumstances.
It is vital that any design of a new security system, or upgrade to an existing system consider the facility overall operation and employee traffic throughout the site. Security has to take into account the potential effect on employees moving about in their respective tasks.
Failure to do so will result in staff “fighting” new security and finding ways to deactivate systems and find ways around new measures designed to protect them.
4. General Environment
Security systems and measures should also take into account the general environment around the facility, office, or school and college campus. This also includes local crime rates, urban development, nearby high-risk chemical or industrial targets, CPED (Crime Prevention Through Environmental Design), residential concerns, unusual nearby high risk facilities such as abortion clinics, temples, critical utility infrastructure and a host of other concerns.
5. Level of Security Required
The identified Credible Threat resulting from the Threat Assessment will determine the level of security required for a given facility or office complex. The level of security may involve relatively straight forward measures such as a viable perimeter protected by fencing and video surveillance, a reasonable degree of visitor control, an effective intruder alarm system and perhaps security guard patrols.
Where there is a higher credible threat level, security measures may include electronic access control throughout the facility, possible integration of video surveillance, access control, intruder alarm system, automated gate control, and other security systems and measures.
There are however, other factors in the 2024 today’s security picture that now need to be considered and incorporated into security protection for employees and infrastructure. These include provision for the following:
Active Shooter (Mass Casualty) Event
Until recently, an active shooter event was considered an unforeseeable situation and companies and organizations were not required to take special measures. That is no longer the case as such an event is now considered as foreseeable.
As a result, companies, school districts, public meeting places, etc., are required to have in place both measures to prevent or reduce the consequences of such an event and are also required to have an acceptable emergency response plan to protect everyone at their facility, campus, etc.
Failure to do so may result in Negligent Liability in the event of such an incident.
Compliance with Industrial Regulations
There is also an OSHA requirement (PER 29 Code 654) that mandates a workplace be free of recognized hazards which includes dealing with an active shooter situation as well as workplace violence.
Please note that in the event of not having in place measures that address the above and there is a security incident leading to a lawsuit, insurance companies will not provide any form of coverage, should the company or organization be found negligent in not having adequate measures and training for employees given a serious security incident.
As a responsible, reputable, and independent security consulting firm, Wivenhoe Management Group and it’s consultants practice responsible security assessments and design as described above and can point to a large number of successful assignments where this has been the case without exception.