Components of facility security
- Procedure and Equipment
- Attack and Threat Assessment
- Security Countermeasures
- Audits and Critical System Checklist
The following is an example of a few aspects that would make up a campus’ facility security guide.
Personnel and Procedure
The facility security guide is composed of various ways to improve security, including the utilization of personnel, facility layout, equipment, and technology mechanism. Personnel includes individuals who visit and work within the facility, as well as facility security officers. Every individual who enters the facility should be briefed and vetted to the facility's security procedures. Depending on the level of clearance and access, the briefing, training, and vetting should be adjusted accordingly. The Encyclopedia of Espionage, Intelligence, and Security (2004) highlights some of the procedures and steps that should be integrated into the facility security guide. For example, when hiring facility security officers they should undergo several checks. These can include the potential officer’s financial and credit history, family and domestic history, criminal and police records, as well as a drug test.
The extensive examination is critical to selecting officers that will best fit the responsibility of protecting the facility. Security officers are not the only ones that should receive extensive checks and tests, but contractors should as well. According to Weidner, Ted (2004), a construction project allows subcontractors to access the area. With changing personnel and high turnover, management and security officers should anticipate a higher need for security equipment and protocol to prevent unauthorized access. When evaluating the facility’s layout for security risks, the positioning of equipment and spaces should be taken into consideration. Before moving on, the best thing to do is a physical security risk analys. To know more, read our guide on risk assessment checklist. If there are several tiers of security access the placement and security equipment should reflect the tier. For example, in heavily restricted areas of maximum security, the physical space should be isolated from less sensitive areas and the security equipment should include surveillance, detection equipment, access codes, biometric scanning devices, closed-circuit monitor television, alarms, and so on.
Additionally, if there was a breach in security, the pertinent protocol should be communicated to designated officers and outside responders to assess as well as respond to the detection. In addition to security threats and unauthorized users accessing the facility, similar steps should also be taken in the event of a fire, earthquake, pipe burst, etc.
Audits and Critical System Checklist
Audits are objective inspections of an organization, in this context, it evaluates prospective threats that could impede the security of a facility and its operations. It critically assesses the effectiveness of the facility security guide and its applications. By identifying possible points of unauthorized access and disruptive events, it can also provide proposals as well as a response plan to improve the facility's security. Security officers and managers of the facility can aid the audits by providing facility-specific technical details. Additionally, if possible audits should be included during the construction of the site.
As a result, not only will the facility layout be better suited to your facility, but it will aid in neutralizing any risks or threats during the construction period. Citing Weidner, Ted (2004), in a typical facility security audit the auditor will examine the facility’s utilities, structure, envelope, interior, access, vertical transportation, fire control, HVAC, electrical, and communications. When investigating the facility’s utilities the auditor will check the evacuation plan, continuous-operations needs in the event of a power shortage or evacuation, emergency generators, backup water, internet firewall, and encryption systems. Moving on to the structure, the auditor will inspect the security of physical barriers and its perimeter protection. When assessing the envelope, the auditor will evaluate the integrity of blast-resistant walls and bullet-proof glass as well as designated pressure-release panels and access points. During the point when an auditor examines the facility’s access and control points, they will look at the personnel and the application of security training, monitoring, and security systems for employees, visitors, contractors, and security officers.
Additionally, with vehicle transportation, fire control, HVAC, and electrical components to the facility, the auditor will identify any security hazards and code violations that would endanger the individuals and the facility’s safety. Finally, when the auditor gets to the communication aspect of the facility security, they will test the facility’s automation systems and integration to public and emergency communications. After a facility security audit is completed, the results and response should then be communicated to the proper officers and individuals. This communication is key to updating the facility security guide to meet the audits.
Attack and Threat Assessment
Depending on the purpose and contents of the facility, different possible attacks and threats may arise. Additionally, after assessment, it will also aid in improving potential security measures and minimizing potential security threats. As Weidner, Ted (2004) highlights, threats to the facility can occur at access points, areas in the facility (both physical and intangible) where it’s security could be breached. Some common examples include a door, gate, roofs, email inbox, and the internet. Physical access points can be controlled through staffing security officers at entrances, closed-circuit television cameras, and sensors.
They can all aid in both detecting threats as well as neutralizing them. Even in the event of a natural disaster, backup generators and water storage units can be kept within the facility to offset security risks. With intangible access points such as the internet, risks can be controlled through staffing as well as implementing automated systems. Information Technology officers and Backend Engineers can impose firewall and security software as tools to prevent security risks. Additionally, they can set precedents for new employees through cybersecurity and facility security training. By educating individuals within the facility about the threats to certain access points, there will be a heightened awareness of how to deal with the threat as they are presented it.
The best way to neutralize possible threats, once the security system is set up, is to come up with a facility maintenance checklist and to go through it periodically to ensure perfect functioning of the facility and the security system.
In tackling prospective and current threats, many companies have looked to integrate technology into their security futures. In Payant and O. Roper’s Handbook (2010), they highlight several ways technology has developed the security industry. With technology and the Internet become more prevalent in the workplace environment, it reduces the cost of modems, wires, cable installation, and maintenance. It provides managers with more flexibility and the ability to outsource tasks and reduce operations costs. Monitoring larger and more complex systems are also easier as they can become centralized in a network or laptop.
Being remotely controlled it also expands the possibility of collaboration and flexibility. However, the Internet also acts as an additional access point that can be breached. If an unauthorized user from the Internet were to penetrate the facility's servers they could have access to data and information. In addition to the Internet, technologies such as Smart Cards, Biometrics, Video Analytics, and the Three-Step Identification Process have all improved security measures for facilities. Within a facility security guide, managers and designated officers should look towards these tools as a means of heightening security, especially in more restricted areas. Smart Cards, unlike other magnetic strip or proximity cards, are able to store personal information on it. This allows facility users to use their card in a variety of ways, in addition to access to the building. It also acts as an additional way to monitor facility members as there could be more services and actions that can be monitored from a multi-function smart card.
Additionally, with more personal information, it allows access to individual’s information in the event of an emergency or in the case of card theft. With Biometrics, security can become more organized and verified. Through fingerprints, retinal scan, and other biometric inspections, the individual will be more verified. This prevents data theft, impersonation, as well as card loss. Though it can take time for technology to become assimilated and implemented across a larger organization, it can dramatically improve security and monitoring. There is a moving trend to combine many of these individual security processes into a three-step identification process. Consumers are starting to become use to a two-step verification process, but highly secure facilities are taking on a three-step identification process
Through this visitors, employees, and personnel are identified by a biometric indicator, their smart car, and then a password. This is thought to be one of the most secure tools to integrate into a facility. Finally, video analytics and intelligence videos use programmed sensors to visualize objects and match behavior. The programs are set to recognize certain patterns and behaviors and anything that deviates would trigger an alarm for security officers to investigate. Organizations should consider adding this tool to their facility security as it would operate in real time and reach all areas that are monitored through closed-circuit security cameras. Additionally, it could save on operation costs as there would need to be fewer patrol guards. Technology is continuously evolving to find ways to improve, automate, and link various security tools together.