Query the Access Control Expert

Oct. 27, 2008
Fire protection and access control

NFPA 730 Guide for Premises Security
Q:What kinds of general recommendations are included in NFPA 730 and what do they have to do with access control?

A: NFPA 730 is a guide that describes construction, protection, occupancy features, and practices intended to reduce security vulnerabilities to life and property. NFPA defines a guide as "a document that is advisory or informative in nature and that contains only non-mandatory provisions. A guide may contain mandatory statements such as when a guide can be used, but the document as a whole is not suitable for adoption into law."

NFPA 730 applies to both new and existing buildings, structures, and premises and provides guidance for designing a security system for buildings or structures occupied or used in accordance with the individual facility chapters. Facilities are divided into the following categories: educational, health care, one and two family dwellings, lodging, apartment buildings, restaurants, shopping centers, retail establishments, office buildings, industrial, parking, and mixed use facilities.

In addition to suggesting duties of security personnel, the guide addresses exterior and interior security devices and systems, physical security devices, security personnel, and security planning. The guidance provided is based on how the building will be used.

It recommends that each security program be based on a seven step security vulnerability assessment.

  1. The guide recommends that you form a team of personnel from all organizational areas.
  2. It urges you to develop a profile of the facility and the people using it. To do this, you need to identify the assets (i.e., people, property, information and products); physical features and operations; laws, regulations, and corporate policies; social and political environment and internal activity (i.e., community resources, crime statistics, internal activities, and loss experience); and, review the "current layers of protection" (including both site security features and safety measures).
  3. Assess the threat by classifying critical assets, identifying potential targets, analyzing the consequences (effect of loss, including any potential off-site consequence), and potential threats (by identifying potential adversaries and what is known about them).
  4. Next you need to conduct a threat vulnerability analysis to identify actual and potential threat scenarios and estimate a relative security risk level. You determine this by evaluating the severity of the consequences of an adversarial event, the potential for such an attack, and the likelihood an adversary has of success in carrying it out.
  5. Define specific security counter-measures by considering all the information gleaned from the previous four steps, including characterization, threat and vulnerability analysis. An effective counter-measure is one that drives improvements to mitigate the defined threats and results in a reduction in the security risk level.
  6. Assess risk reduction by taking into account the countermeasures defined in Step 5, reassess the relative security risk levels developed in Step 4, and consider additional security risk reduction measures where appropriate.
  7. Document findings and recommendations in a report and track the implementation of these accepted recommendations.

Brad Shipp is a former Executive Director and Training Director for the NBFAA where he authored several NTS courses, including the Access Control Certification course. His involvement in the access control industry dates back to 1974 and, in 1986, he became an instructor for the NBFAA National Training School. Shipp has served on several law enforcement, regulatory and industry association boards and has been honored for his service by the False Alarm Reduction Association and the International Association of Security and Investigative Regulators. Send in your access control questions to [email protected].