Menu Close

Recent SVAs (Security Vulnerability Assessments)

What is an SVA?

An SVA of which there are several different methodologies, was first developed by Sandia National Laboratory, a Division of the Department of Energy for the purpose of protecting Nuclear Power Plants throughout the U.S. Sandia National Laboratory utilize the term RAM (Risk Assessment Methodology) and have developed several different RAMs for non-nuclear fields such as Water Treatment, Community/Municipality, Chemical and others.

Additional SVA methodologies have been developed by the Department of Homeland Security, American Chemical Society, etc. Essentially, an SVA is a review of how well your facility, office complex, college, school district, property, etc., is adequately protected against security incidents. The normal stages of an SVA include the following:

  • Threat Analysis
    Identification of credible threats – who or what should the facility be protecting itself against. In many situations, there is a tendency to over react, assess situations that may not apply to a particular facility, or miss completely real threats that do.
  • Identification of Critical Assets
    Who or what should be protected most – unfortunately, from a logistical viewpoint, it is not possible to protect everything within a
    facility. Critical Assets are those that if compromised would effectively halt operation of the facility, as well as causing serious damage.
  • Identification and Measurement of Likely Consequences
    It is important to be able to measure and understand the consequences of various scenarios related to specific breaches of security ranging from infrastructure damage, or the destruction of operations machinery to the loss of key personnel, critical formulas, invaluable inventory that might take weeks, months, or even years to replace.
  • Provision of Sound and Viable Security Recommendations
    A professional SVA will also provide sound and viable security recommendations, based on accurate security design criteria, a credible and adequate level of protection and a wealth of experience in what security measures work in given situations and what does not work.Over many years, it is astonishing the mistakes that are made in implementing costly and unnecessary security systems that do not adequately address actual vulnerabilities and which may have been chosen for all the wrong reasons.

    It has also been proven on many occasions that it is not necessary to invest excessive sums of money on sophisticated, advanced, and supposedly state-of-the-art security systems which may be totally impractical for a facility and often do not meet suppliers’ claims. (As standard practice, the Wivenhoe Group do not recommend security system and equipment that has not been in successful operation for at least twelve months in the field)


Wivenhoe Management Group had been requested to carry out an SVA (Security Vulnerability Assessment) for the school district that comprised several schools (high school through middle school to elementary). School Districts are always interesting and challenging. The first step is to carry out a threat analysis involving a myriad of factors to establish a credible threat level. Key factors in evaluating a school district include the following:

  • Area Crime Analysis
    Our consultants utilize both local police crime reports for the subject area and a CAP Index Crimecast report covering a three mile and six mile radius of the main facility. These reports indicate the likelihood of crime and loss occurring at the facility. Crime factors include Homicide, Rape, Robbery, Aggravated Assault, Burglary, Larceny, and Motor Vehicle Theft.
  • School Incident History (Ideally Over 5 Years)
    Records of incidents at one or more schools provide invaluable information on security problems that have been reported involving
    students, faculty, staff, parents and outside suppliers.
  • Local Demographics
    It is always helpful to understand the demographics surrounding a particular school. The mix of young, old, family oriented, single
    persons, life style, density of housing, types of housing and other factors will, from experience indicate items to be aware of in
    developing a credible threat analysis.
  • Security Legislation
    In addition to Federal guidelines from such agencies as the FBI, DHS, DOJ, and others, many States have enacted and established specific regulations concerning school security and safety. Wivenhoe Group consultants are well versed with such legislation which
    can certainly affect the level of threat assessment.
  • Identified Threat Scenarios
    Based on a careful assessment of the client facility or facilities in the case of the PA School District project, the consultant team were able to identify a number of serious threat scenarios that were communicated to the client and which added greatly to the threat assessment.
  • Nearby Targets of Influence
    The threat analysis also takes into account nearby targets of influence which could lead to the school district being a diversionary target to draw local, state and Federal law enforcement personnel away from what might be a more important target in the event of a terrorist attack. The school district being secondary.
  • Current Terrorism Threats
    U.S. intelligence assets have known for some time that schools in the U.S. are considered priority targets for terrorist groups, particularly for Organizations such as Al Qaida, ISIS-K, the Haqqani and sections of the Taliban. These groups are regrouping in Afghanistan as confirmed by the Department of Homeland Security (DHS) and further endorsed by various European organizations.

    Schools are also listed as high priority targets for terrorists by the FBI. In addition, interrogation of terrorist survivors of the Beslan School Hostage event in Russia, where some 380 persons were killed, (including 156 children and more than 1,200 injured) revealed that Al Qaida had been involved. At the time it was believed that Al Qaida considered the event as a “dress rehearsal” for attacks on schools in the U.S.

  • Existing Security Systems & Measures of
    Carrying out a comprehensive review of all existing security systems and measures also contributes to establishing a credible threat level by comparing all systems and measures against Security Industry accepted standards and practice, as well as whether those systems provide an adequate level of protection for the facility.
  • Mass Casualty Situations
    The DHS now defines what was previously referred to as an Active Shooter event as a Mass Casualty event. A major change that affects many organizations and particularly schools is where previously a Mass Casualty event was considered an unforeseeable risk, that is no longer the case. A Mass Casualty event is a foreseeable risk and organizations, particularly school districts must now take steps to minimize and/or prevent such an event.

    They absolutely must be able to respond quickly and responsibly, following specific guidelines developed by Federal Agencies, State Authorities and Local Law Enforcement. As a result, threat assessments for schools must include a Mass Casualty Event.

  • Police Presence
    Threat Assessments are certainly influenced by the local police presence in terms of how quickly local police can respond to a security emergency, the size of the local police force, any relationship between the facility and the police and in the case of schools, whether there is an officer assigned to the school.
  • Results of Interviews with School Personnel and Outside Parties
    Wivenhoe consultant teams will interview a variety of facility staff and personnel. In the case of school districts, such interviews include Faculty, Groups of Students in middle schools and high schools, Administrative Staff, School Maintenance Staff, and key figures such as principals and assistant principals, the Superintendent, School Business Manager, etc.

    The interviews are in strict confidence and consultant teams do not reveal who said what. As a result, it is not unusual to discover information that contributes greatly to the threat analysis and ultimately to SVA recommendations.

  • High Profile Parents
    Where there are high profile parents with children at one or more schools within a school district, the potential risk of certain scenarios taking place become elevated.
  • Authority Guidelines (Federal Agencies, State Department of Education, etc.)
    Many school districts now operate under Authority Regulations.
    These regulations which include mandatory infrastructure rules, security emergency response, mass casualty response guidelines and other required systems and procedures are incorporated into the threat analysis.
  • Geographic Location
    The geographic location of a facility can play an important role in the threat analysis, as well as the size of schools in terms of number of students. As an example, Mass Casualty events can take place anywhere within the U.S., there have been more such events in schools within or close to major metropolitan centers as opposed to suburban areas.
  • Many More Specific Factors
    Many other factors will be taken into account in assessing a credible threat level for a specific facility or in this particular case, a School District.
  • Vulnerability Level
    Arriving at a Credible Threat Level allows the consultant team to then compare the Vulnerability Level against existing security systems, security measures, accepted security standards and practice, level of training in emergency response, etc., as to how well the facility provides an adequate level of protection for everyone associated with the facility.


Based on the Threat Assessment and studying in detail the existing security systems and measures, the consultant team identified general priorities as follows:

  • Improve Building Access Control
  • Improve Parking Site Control
  • Improve Interior Building Control
  • Improve and Integrate Electronic Security
  • Expand and Integrate Physical Security Interaction
  • Improve Security Procedures
  • Implement a Written Security Policy Document

Specific Observations and Recommendations concentrated on the following:

1). Mass Casualty (Active Shooter) Issues

Mass Casualty (Active Shooter) is without question the most serious vulnerability facing any School District today and this was certainly the case with this client. The consultant team found issues ranging from Unprotected and Accessible Classroom Glass Windows and Vehicle Access to Student Play Areas and Entry Points to Lack of Live Drills and Emergency Response Training, Student Drop Off and Pick Up Arrangements and Terrorist/Active Shooter Access Tactics.

2). Alarm/Access Control Systems

It was found that there were several different alarm systems with failed door contacts where the school district would be unaware of a student exiting an exterior door, or a forced entry, etc. Alarm systems and electronic access control systems were not integrated. It was also found that there was no effective monitoring of systems during the school day and limited to no monitoring at night.

3). IP Camera Surveillance Systems

The consultant team identified several areas where there was limited or no surveillance in operation. There was no central monitoring set up and remote monitoring via a computer device was restricted to very few staff. There had been no training on the system for authorized staff members and the local police had not been given remote monitoring access to the camera system.

In general, the team found that a fairly new and costly camera surveillance system was not being operated correctly, did not integrate with either the alarm systems or electronic access control systems, was not based on good security design criteria, did not follow accepted security industry standards and practice and there was little monitoring of the cameras.

4). Need for Professional Security Manager

It was found that there was no overall control or leadership with respect to security and a clear lack of communication related to security throughout the organization. It was recommended that a professional security manager position be created.

5). Dress Code

It was observed that many female students were dropped off by parents from vehicles and then left to walk a number of pathways to respective schools. A high percentage of these female students wore short skirts or other provocative attire that would attract predators (it was established that the general area included various child molesters and predators).

As the pathways were adjacent to shrubbery and trees in a number of areas and out of sight to both parents and staff, the risk of an incident was elevated. A recommendation was made to establish a uniform dress code that would reduce the risk of possible incidents.

6). Auditorium Security

One of the schools included a very modern and sizeable Auditorium that was also used by the general public for a variety of non-school events. Upon investigation, a number of problems were found with security systems and physical measures in the protection of persons in the auditorium.

7). Written Security Policy

Although there was an Emergency Response Plan, there was no written Security Policy Document covering all aspects of security for faculty, staff, and students. When interviewing groups of faculty staff, groups of students and various members of administrative staff, the consultant team found there was a general lack of knowledge concerning security measures, security protocols and responsibilities.

Since carrying out the SVA, the school district has implemented many of the security improvements recommended and they have asked Wivenhoe Group to assist them with security for a new school now underway.

%d bloggers like this: