Avoiding duress device pitfalls

May 6, 2013
Best practices organizations should implement when using duress technology

Lack of sufficient attention to how duress devices are used and maintained has always been a risk factor, but it now has greater seriousness for those organizations that have seen their risks increase relating to aggression.  Any location where a disgruntled individual may appear - whether employee, customer or visitor - requires full consideration of the people, process and technology aspects of risk reduction and protection.

Duress devices are often known by other names that most specifically depict their usage, including panic buttons, hold-up buttons, medical or emergency alert buttons, watches, pendants, and bracelets. Access control and alarm systems also have keypad duress features that allow an individual to enter a code indicating that the person is under the direction of an intruder or that an attacker is present.

Dangers and Liabilities

Over the past year I have conducted walkthrough inspections of a number of facilities and found duress devices that had not been tested since originally installed and also some that were damaged, missing or simply considered non-operational. High risk facilities such as airports and banks usually test their alert devices at least once per day. Many retail and other organizations do have policies and procedures about testing duress devices, but there are still plenty of organizations do not regularly test them.

But device testing is not enough to fully address the risks involved—which include both personal and organizational liabilities—in duress situations.

Except for high risk facilities, in our facility walkthroughs few or no personnel who had been provided with duress devices could describe exactly what was supposed to happen when they activated the device, and some individuals had completely wrong expectations. These personnel had not received any training in how they should respond to the types of threats that they may encounter or what to do after activating the duress signal.

Liability situations include:

  • A device that doesn’t work
  • Someone who doesn’t know how to use a working device
  • Someone who doesn’t know what to do after sending a duress signal
  • Someone who counts on rescue activity that will not occur
  • Responses to the duress call (human or technological) that further enrage a hostile attacker or otherwise put the at-risk individual in greater danger
  • Someone who applies training from a previous organization or facility that is not appropriate for  the current organization or location
  • Response teams who are put at risk because they don’t have appropriate training
  • Responders who have no situational awareness enabled for them

There are several concerns with regard to procedures and training including minimizing the risk to at-risk employees (both the initial at-risk individual and duress call responders); enabling employees to de-escalate if possible and to avoid escalating the situation; and liability to the company.  A security supervisor’s perspective on liability for actions taken can be found in this article about employer liability. The company’s chief legal officer or general counsel should be consulted with regard to the legal risks involved.

There is also the risk of not having a duress device where there should be one. Most duress devices are installed when an access control or alarm monitoring system is installed. Many years can go by without reevaluating the risk picture to determine if additional duress coverage is warranted.

Duress System Design

As used here, the term "duress system design" refers to both technology design and the plan for how the technology is to be used. Such a plan is the basis for the written guidance and procedures that should be developed, and the training that incorporates drills and exercises to teach how to apply the guidance and procedures.

Implementing the full design (people, process and technology) ideally would result in:

  • Ability to de-escalate a situation while silently calling for help 
  • If appropriate, a way to safely let the at-risk individual know that the call for help was received and is being acted upon
  • A means for responders to obtain situational awareness
  • Technology that is proven to be fully functional and is regularly tested
  • Personnel who are trained in when and how to use the duress technology
  • Personnel who are much more likely to be able to remain calm and take appropriate actions

It is very important to develop design-basis scenarios, which describe the situations under which the duress device should be activated and what the individual is to do afterwards. Not all situations require the same handling.

For example, an escalating argument between two employees wouldn’t be treated the same way as a disgruntled individual with a gun. If the design documentation doesn’t capture the scenarios on which the devices and procedures were based, how can the physical design, procedures and training be evaluated for fitness to purpose? What if the threat picture changes? Are the existing measures adequate or may changes be needed?

For duress technology standards, design tips, personnel training guidance and related checklists, visit www.go-rbcs.com/duress-design.

About the AuthorRay Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is also a member of the Content Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com). Follow Ray on Twitter: @RayBernardRBCS.

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.