How to Layer a Comprehensive Security Plan

Security Command Center
Many large buildings I have reviewed will have a security command center located in an area separate from the lobby or loading dock. This is the area where a facility evacuation or other emergency will be monitored or controlled. Does your command center have a separate HVAC system? Does the command center have back-up power? Are there simple, easy-to-read emergency action plans in the command center for the staff to use, or do you expect the staff to remember what steps to take in an emergency? The emergency action plan should include, at a minimum, plans for handling:
o Fire
o Elevator entrapment
o Flooding
o Local natural problems (earthquakes, tornados, etc.)
o Hazardous material spills
o Medical emergencies
o Loss of electrical power
o Armed intruders
o Hostage situations
o Bomb or terrorist threats
o Suspicious packages
o Workplace violence
o Civil disturbance

The odds are in your favor that you may never have to handle one of these emergencies, but wouldn't it be easier to sit down and develop a simple plan of action beforehand than to try and figure out a plan as the emergency goes down?

High-risk Areas
Now we have gotten into the building, where are the strategic areas of the facility that require greater security coverage? Does your company or any some of your tenants rely heavily on technology? You may have carefully secured the server rooms, but how secure is the phone room where all phone lines and Internet access come into the building? I have reviewed far too many buildings where the computer/server rooms are beautifully secured with even biometric systems and the phone room was found unlocked right off the main lobby in a semi-public area. A person wanting to disrupt your business or have access to your secrets just needs access to that phone room. Make sure the phone rooms are secure and monitored.
What other strategic areas are in your building? It could be a filing room, a safe, a money counting room, etc. What work area is the most important to your business or function? Be sure to place an additional layer of security around these strategic areas. This layer can take the form of physical or electronic access control, CCTV monitoring, intrusion alarms or security staff. Post signs at each of these strategic areas indicating "Authorized Persons Only."
Depending on the level of risk in your building, another security concern comes with mail and other deliveries. If you have a high-risk building, does your mail get delivered and handled in a separate messenger center? Does this message center have a separate HVAC system? Does the staff in the message center have adequate training and access to safety equipment such as gloves, masks and plastic bags? Does the staff have training in how to handle suspicious packages and who to contact in the event a suspicious package is found?

Levels of Response
Now that you have layered the security of your facility you have one additional concern. What will your security levels of response be? What we have described so far are the layers of security planned for your building on the average workday. What if your facility comes under some form of alert? A neighborhood protestor or a disgruntled ex-employee may direct a threat towards your building, company, tenant or area.
You need to develop a plan for additional layers of security in the event of such threats. Will you add security staff? Will you shut down some access points? Will you increase access control? Will you increase package inspections? By having an increased security plan already in place with your staff trained in their new duties, when a threat comes around, you are ready and don't have to start planning on the fly.
As you can see, planning the security of your facility comes in layers of organizational, mechanical and natural security. By using all these areas of physical security, you can develop a security program that is both effective and cost effective.

About the Author: Richard D. (Rich) Maurer is a senior associate in the Security Services Group of Kroll Inc, the risk consulting company. He has more than 30 years of experience as a law enforcement and security manager. He also is the vice-chairman of the ASIS Physical Security Council. Rich manages risk analysis as well as security reviews of government, corporate, hospital, retail and educational facilities nationwide. If you have questions, Rich can be reached at rmaurer@krollworldwide.com or at 678-232-8768.