All campus settings can present challenges to creating a secure environment, primarily due to their large geographical size and number of separate buildings. Given these challenges, the job of securing a campus is simply too big for a single entity.
Therefore, it is incumbent upon everyone who lives or works on a campus—not just those assigned specifically to security—to help take responsibility for creating a secure environment. There is great power and safety in numbers when people in all disciplines—administration, facilities management, police and security, even medical staff and students—understand the importance of risk mitigation and embrace the concept of working together to create a more secure environment. To achieve the buy-in that makes a top-to-bottom approach to security possible, healthcare and educational institutions must first promote a culture of safety and security in which all individuals are participants. “If you see something, say something” can’t merely be a slogan; given the realities we live with every day, it must become a mindset that drives the active participation necessary.
Regardless of campus type, one key to effective security and risk management is information sharing across departments. This will provide a larger and more diverse data set that creates a more complete view of incidents and overall trends. To accomplish this, information must be gathered from a variety of systems and sources across the entire campus. This data has to be analyzed and reviewed; however, when information is located in disparate silos this can be a tedious process that puts a strain on an institution’s resources. With information-sharing capabilities, compiling the data becomes much easier, particularly when data can be stored in a central location.
The information-sharing concept is relatively new for healthcare and education, which have traditionally operated as silos where data captured by one group or department would remain within that group. Incidents like Sandy Hook have helped shift this mindset somewhat, as individuals at all levels have come to recognize the value of sharing data.
The prevailing culture within both education and healthcare, which place strong emphasis on creating a welcoming environment, also creates a challenge for ensuring a secure campus. For example, a student living in a resident hall may report an incident, such as stalking, to his or her resident advisor, but information about the incident is not always reported to the school’s security department. Rather, the focus might be on providing the student with comfort or counseling. If a similar incident is reported to security a week later, there would be no way to connect the two incidents in a siloed system, preventing security from seeing the whole picture. On the other hand, if information could be easily shared between various departments and systems across the campus, the security department could have a more complete view of the situation and be better equipped to manage risk. This might involve investigating and monitoring the individuals involved, referring them to counseling services, or contacting external law enforcement or other relevant agencies.
Another challenge to achieving the buy-in that will drive willingness to take an active role in security has been fear of retribution or marginalization from fellow students, staff, co-workers, or supervisors. The potential public relations damage to a school or healthcare facility that can come from exposing risk has also contributed to this hesitation. Today, aided by compliance legislation, those who speak up or speak out are often praised for taking action and being good citizens within both their organization and society in general.
Technology has also played a large part in breaking down these perceptions and shifting this culture, particularly on campuses of educational organizations. Combined with traditional methods like phone calls or the “my friend says she saw something” approach, web-based portals have been especially helpful, allowing students or staff to report incidents either using their name or anonymously. The widespread use of smartphones has made web-based or text message reporting incredibly convenient, allowing individuals to report incidents as they occur from anywhere, at any time, and contributing to a dramatic increase in reporting on campuses.
Awareness and willingness to participate in security continue to increase and have had positive impacts on campus safety and security, but there is still work to be done. Unfortunately, no matter how willing an educational or healthcare institution and its employees, staff, students, and other stakeholders are to embrace the necessary top-to-bottom approach to security, without reporting tools that are easy to use, the kind of communication necessary to transform theory and willingness into action just won’t happen.
Fortunately, several modalities have emerged over the last five or so years that make it very easy to relay information to management for review and action. As mentioned earlier, security portals are excellent ways to offer reporting options, visibility for upcoming events, current events, BOLO’s (Be On Lookout), and other tools that enable every individual in a campus community to interact with security and investigations.
With the readiness to participate and the tools in place, the last element needed to create an environment of collaboration is education. Many incident and risk management solutions are relatively user-friendly and easy to use, but as with any technology there is a learning curve. Like all systems, incident and risk management solutions only work when they are used. Any software tools in use should be demonstrated—multiple times, if necessary—to overcome any intimidation on the part of personnel and ensure the highest possible adoption and usage among the campus community.
When these systems are first implemented, they bring a certain level of interest in and curiosity about their capabilities and how they will help create a secure campus environment. It is up to campus leadership to determine who will use the system, where and when they can use it, what information they can input, what level of access particular departments or other communities within the campus community are given, as well as many other important factors. Often, it is security staff who are given the first crack at using the system because they are the ones who are charged with managing incidents and tracking and documenting the related information.
Once security staff becomes acclimated to the system, they are able to collect and track hard numbers and other information from within the security department, but to get the full benefit requires more information from more sources. This leads to system use branching out to other departments, such as human resources, legal, the dean of students, medical staff, and more. So while security may be first to get educated on a solution, its use quickly spreads once people understand the power of not only reporting and documenting details of incidents, but also accomplishing the goal of collecting information in one central location where it can be analyzed to uncover trends that help increase campus-wide security and safety.
In security, an incident report triggers a response by either an internal department or external law enforcement agency. Among the pertinent information institutions need to manage risk are the type of incidents that occur, where they occur, whether there are any losses associated with incidents, and more. Security personnel can gather this information from sensors in doors, building automation systems, systems that combine video with other technology and sensors, and many more security and non-security systems to provide decision-makers with greater real-time situational awareness and the ability to take the most effective post-incident action.
For example, there may be a rash of laptop thefts in a certain facility on a campus, with each theft being reported to security staff via any number of methods or systems. Upon analyzing the data associated with these thefts, including access control data, it may become clear that in each case, a particular door was left unsecured. Naturally, if a secured door is propped open, it is easier for someone to slip into a building undetected, steal a laptop or other item and quickly exit without creating an access control audit trail.
Armed with this information, campus leaders can work with security staff to determine the best course of action for correcting the event that precipitates each theft or other incident. Depending on the resources available, this may mean posting a security officer in an area where a number of events have occurred during certain days or times. Often, organizations lack the human and financial resources to post a guard at a location, so they may instead opt for electronic resources such as installing a card reader on a door. Depending on the specific incident or incidents, the decision may be to monitor and manage a person or group of people rather than events. The narrower the focus, the more effective the response will be.
But without the data necessary to provide the full context of an incident, it’s difficult at best to determine the most appropriate course of action to manage or prevent future incidents. Regardless of the chosen course of action, the focus should be on reporting incidents to increase the effectiveness of security.
With all the cutting-edge technology available today, it’s important to keep in mind the critical role the human element plays in security. It’s long been understood that there is both great power and safety in numbers, and security is an area where this may be most true. When people work together collaboratively to create a more secure campus environment, everyone benefits. The combination of proper education and training in situational awareness and the tools and resources needed to address incidents and risk allows security management to build a highly effective security awareness program that benefits the campus community on all levels.
