A school district in Australia wanted to guide its schools and child service facilities on preventing, mitigating, and responding to an intruder threat during operation hours. Fortunately, such incidents are still rare in Australia.
However, based on international events, particularly in the United States, administrators know that the past does not indicate what might happen in the future. In fact, many in the school district believe what starts in the U.S., especially when it comes to violence, soon finds its way around the world.
As you can imagine, the consequences of such an event can be dire. All too often, one or more teachers, staff, and students are shot and killed. After such an incident, learning is totally disrupted. The school may be temporarily or permanently closed. And the emotional impact on students, teachers, staff, and the entire community can weigh heavy for months, if not years to come.
Unsure of what steps to take, the school district turned to a security consulting and risk assessment firm. The firm suggested two steps to help prevent or minimize the threat of an intruder entering one of their schools:
Conduct a physical security assessment.
Then perform a risk assessment.
These two terms and procedures overlap and are often used interchangeably. However, upon closer inspection, we can see that they are quite different. Each is essential to help protect not only schools but all types of commercial facilities, including office buildings, hospitals, distribution centers, and other college campuses.
The Physical Security Assessment
Let’s start with a working definition of a physical security assessment.
A physical security assessment evaluates security countermeasures in place to protect a facility from criminal attack. This would include cameras, locks, fencing, alarms, security guards, etc.
In greater detail, this would mean that a physical security assessment is an evaluation conducted by security professionals that includes an inventory of the assets to be protected, what security countermeasures are in place, and identification of gaps in security and protection and recommendations on how best to improve security and safeguard them.
For the school district in Australia, the physical security assessment would likely mean visiting each of the schools in the district. For other organizations and facilities, a physical security assessment may involve analyzing any and all locations of concern. It would do the following:
Evaluate ingress and egress. How do building users enter and exit the different properties or facilities and what controls are in place if any?
Inspect current security measures in place – perimeter security, access controls, alarms, and camera surveillance systems, among others. All too often, commercial facility administrators believe they already have elaborate security measures in place, only to find after an assessment has been conducted, there are large gaps. Schools rarely have adequate security measures in place.
Interview key personnel. For schools and commercial facilities, questions should be asked about what steps – if any – are in place to deter an intruder from entering the facility, respond to an intruder in the facility, contact police, and communicate the emergency to others in the building?
Observe the facility, adjacent parking lots, sidewalks, and all interior and exterior areas and how they are used and secured during operating hours and at night. Vulnerabilities are typically uncovered throughout the physical security assessment process. However, this last step, observing how the property is used and protected inside and out, can often be one of the most revealing.
These and other actions will be taken. Upon completion, a comprehensive report will be submitted to key stakeholders and administrators. The report will describe in detail the existing security vulnerabilities that were uncovered and give an assessment of the current security measures in place, along with findings and recommendations. (See Sidebar: The Final Report.)
The Risk Assessment
Once again, a working definition is warranted:
A risk assessment involves identifying hazards that could impact a facility – natural or manmade, like – workplace violence, a hurricane, an earthquake, a plane crashing onto your facility, an active shooter, flooding, fire, etc. In other words, this type of assessment is about what could happen.
With that understanding, the goal is to prevent or minimize the chances of these events occurring. The analysis might use terms such as “minor,” “moderate,” “major,” or “critical” to describe the potential likelihoods – and consequences – of such incidents occurring. This helps prioritize the risks revealed. (See Sidebar: What Is Risk?)
A risk assessment would include localized crime demographics. Is the facility located in a high-crime area? If so, this could increase the chance of burglaries, vandalism, and intruders entering the facility.
It might also examine site location. Is the facility on a busy street or does it require access from a busy freeway or roadway? If so, should an emergency occur, it may take more time to reach the location compared to a less-trafficked area.
In some cases, drones are used as part of a risk assessment to uncover weak spots around the perimeters of the facility. Airports often use drones to look for areas where someone could get on a runway or breach building security.
The ultimate goal of both a physical security assessment and a risk assessment is to provide guidance for administrators so they can develop and sustain an effective security and risk management program. We should add that it is impossible to eliminate all risk. What we are aiming for with these procedures is minimizing it.
Sidebar: The Final Report
After a thoroughly conducted physical security assessment, the report should include the following:
Information from interviews with key stakeholders.
Internal and external observations.
A review of data protection areas such as server rooms.
Security measures currently in place including perimeter and parking security.
Lighting and the impact of vegetation on security.
Evaluation of security guard operations if they are in place.
Review of site-specific security-related documents, policies, and procedures.
A prioritized list of risk-related items – those that should be addressed as quickly as possible.
Sidebar: What Is Risk?
Typically, when we use the term risk, we are referring to potential hazards. However, for security professionals, the word takes on a much broader meaning; it refers to uncertainty. The goals of both types of assessments is to uncover and minimize uncertainties.
Johnathan Tal is Chief Executive Officer of TAL Global Corporation, an international investigative and risk-consulting firm. He served as a military field intelligence officer for the Israeli armed forces during the 1970s. Tal has also served as an antiterrorism security specialist. He is a licensed investigator, Certified Private Investigator (CPI), and Certified Fraud Examiner (CFE), and he holds a Bachelor of Science degree. He can be reached through his company website at www.talglobal.com.