In the wake of a string of high-profile shootings in towns from Colorado to Connecticut, it is clear that no facility is immune to man-made disasters and that concerns about security protocols are no longer reserved for signature buildings in major cities. From active shooters to “lone wolf” terrorists to workplace violence, facility managers (fms) across the nation can face a broad spectrum of threats to the safety of their occupants.
“Dangerous situations really can and do happen anywhere,” says Joseph Donovan, co-chair of the Real Estate Roundtable’s Homeland Security Taskforce. In fact, says Donovan, a surprisingly large percentage of such incidents happen randomly, making their occurrence more difficult to predict. For example, according to Active Shooter: Recommendations and Analysis for Risk Mitigation, an analysis of active shooter incidents from 1966 through 2012 by the Counterterrorism Bureau of the New York City Police Department, a full 26% of active shooter attacks occurred when the shooter had no prior relationship to the victims.
Whether or not a facility has dedicated security personnel in place, fms must always be prepared for a crisis situation. “Managers have a fiduciary responsibility to look out for the interests and safety of building occupants,” says Donovan. “Also, their knowledge of the facility gives them insight into how to best respond to an emergency situation while waiting for first responders to arrive.” This insight proves particularly helpful when crafting a security plan for a facility.
Fms should start by conducting a “security audit.” “All properties, regardless of size or location, face unique security challenges,” says Steve Castor, director of Global Security at CBRE Group, Inc. “Addressing these challenges requires beginning with a thorough risk assessment to determine baseline security measures necessary to mitigate risk.” This assessment can be used to create a tailored strategy that uses the policies, technology, and personnel best suited to protect the particular facility.
“When it comes to security plans, no one size fits all,” explains Mike Coleman, vice president of Commercial Real Estate for AlliedBarton Security Services. He states there are a number of considerations that must be taken into account when choosing a security protocol. For example, fms should assess whether the facility houses a controversial company or organization that makes it particularly susceptible to attack. This, in turn, affects whether a building simply requires alarm and life safety systems, or also needs outside barriers, metal detectors, access control keycards, and other technologies.
Keys Of Communication
While the latest security technologies can be powerful instruments, to be successful, fms must also employ another important (albeit more low-tech) tool: personal communication.
“Managers should reach out to occupants to discuss what type of security they expect and how they view their particular level of risk,” says Donovan. Fms should also communicate particular policies, such as evacuation procedures and protocol for recovering access keycards and identification badges from former employees. Most importantly, managers should emphasize the door is always open for questions or security concerns. “Every day the manager opens the building, there’s a potential for risk to come through the door, so it’s important to maintain an active dialogue with clients or tenants for potential threats,” says Donovan. These can include disgruntled former employees, incensed business clients, or even perpetrators of domestic violence.
“Smarter” Key Control
By James T. McGowan
More than ever today’s facility managers (fms) are relied upon to oversee security operations for their facilities. Among the factors that contribute to access control challenges are unauthorized access and lost keys. Mitigating potential threats and vulnerabilities requires a comprehensive security plan. And it is important to consider all points of entry, including perimeter gates, front doors, and interior doors. In developing a comprehensive approach to access control, fms should:
- identify potential threats;
- analyze and prioritize those threats;
- formulate objectives that mitigate the threats;
- organize and integrate people, procedures, technologies, and equipment to achieve objectives;
- continuously monitor, measure, and review performance; and
- adjust the security plan as needed.
Develop a plan. Having a key control plan is an important first step when developing a physical security strategy. “Key control” is a formal policy addressing the management of keys within a facility. When developing a key control policy, it is important to consider and establish:
- What are the security levels within a facility?
- Who are the key holders, and what are their access authorization levels?
- Where and how are keys stored and distributed?
- What procedures are followed if a key is lost, stolen, or suspected of being duplicated?
Assess the risk. Key management systems can help reduce the risks associated with lost and unaccounted for keys. If the answer to any of the following is “no,” then a smart key system should be considered.
- Is the number of keys in circulation known?
- Is it known specifically who has access to what areas?
- Can the ability to duplicate keys be controlled or prevented?
Implement and deploy. Smart key solutions can improve access control policies already in place. For example, an fm may want to give all keyholders access to main entrances, while only the IT manager will have access to the server room. A mechanical lock solution can be upgraded to implement this type of access control by taking the following actions:
- Re-key the facility by replacing mechanical lock cylinders with electronic lock cylinders.
- Program and issue smart keys to users.
- Monitor and control access by regularly auditing lock and key activity.
Beyond The Door Benefits
By installing a smart key system, fms can collect data about who has access to what areas and when. Most offerings feature software packages that allow managers to perform audits and create reports on all access activity.
Some systems offer dual functionality, where the key can also be used for security rounds and maintenance checks. This provides an additional layer of security by validating patrols occurred as required. When a guard inserts the key into a checkpoint, a record of the time and checkpoint ID is stored in its memory. At the end of the shift, the guard uploads time and attendance data from the key to the software.
An example of a facility using smart key tools is the Lincoln County Sheriff’s Office in Oregon. The Jail Division there has established itself as an innovator in the use of technology to increase security and efficiencies. Since the Lincoln County jail facility opened in 1992, there is 40% less staff and 60% more inmates. The County was seeking to manage operations in a more efficient manner. In response, the facility adopted smart key access control, and it also opted to include a checkpoint feature.
By law, supervisors are required to perform hourly inmate wellness checks. Before installing this system, staff would have to write the time and location of each checkpoint in a ledger, which proved to be inefficient and often unreliable. They installed a checkpoint tool at each cell door, and now when the staff performs hourly wellness checks, there is an electronic audit trail confirming the checks have been made. Additionally, staff receives notifications if a checkpoint is missed.
Lincoln County managers have realized additional benefits with the smart key system. Due to staff reductions, employees had to carry an increasing number of keys to perform their jobs, which violated security practices. With smart keys, employees carry only one key that is reauthorized several times during their shifts and enables them to perform only their specific duties.
With today’s advances, fms can implement comprehensive solutions to improve physical security, accountability, and key control. By using smart keys, they can capitalize on a cost-effective and flexible tool to bolster security.
McGowan is the VP of sales & marketing at CyberLock, Inc., a supplier of electronic access control systems based in Corvallis, OR.
Besides face to face communication, there should be a comprehensive notification plan in place to alert occupants of emergency situations. “Plans may involve mass notification systems, a phone tree, or simply a PA announcement, but all plans should be exercised and tested to ensure they work,” says Castor.
“Vendor relationships are also very important,” says Benjamin Comm, chair of BOMA International’s Emergency Preparedness Committee and managing director with Cassidy Turley. “You have to think very broadly about who makes up your building’s security team. Beyond official security personnel, include the janitorial staff, the parking garage staff, and even landscapers in security conversations.” Many times, those people are the first to notice something suspicious and, in the case of parking garage staff in particular, can even control access to a facility.
Fms also should establish relationships with managers of surrounding buildings. “You can never underestimate the impact that a single threat against just one person in one office could have not only on an entire building, but also on the surrounding buildings and their occupants,” says Comm. “When it comes to security, all the walls of commercial competition should come down, and collaboration should be the most important goal.”
Last, but by no means least, fms should have open lines of communication with local first responders and agencies. Fms should regularly reach out to police, fire departments, public health agencies, and other emergency service providers to ensure they are familiar with building layouts and procedures. These agencies are also invaluable for guidance on crisis situations. Castor agrees public-private partnerships are essential to effectively prepare for and respond to incidents, man-made or otherwise. “The first time you meet the local fire department should not be when they are coming in your door with an ax in their hand,” he says.
Once a security plan is in place, the next step is to test it. “Regularly review security protocol, and ensure it is functioning correctly,” says Coleman. Fms should hold evacuation drills, confirm mass notification systems work, and assess whether the security protocol continues to fit the needs of the facility.
A security plan not only should be comprehensive, it should also be flexible. Adds Castor, “Every property must be able to scale up and then scale back down security measures as the situation warrants.” Finally, Donovan recommends fms continually educate themselves using the array of resources available both online and via local agencies and commercial real estate associations. “Join a local emergency preparedness or security committee. Stay aware of recent trends. There are a lot of great resources out there, so take advantage of them.”
Markling is Chair and Chief-Elected Officer of the Building Owners and Managers Association (BOMA) International, and he is also managing director of strategic accounts with CBRE.