Security – It’s Key to a Successful Facility
By Greg Offner
Back in December of 2015, The I.S.C., Interagency Security Committee, published a guide for planning and managing a secure facility. The current issue of Correctional News’ theme is Electronic Security. When some hear the words “Electronic Security” they often present feelings of safety and security. Indeed, it is nice having that secure feeling so long as someone is tracking, monitoring and watching those in custody.
What keeps me up at night is the use of cameras, sensors, door position switches, alarms, etc. are sometimes presented as “all you need” for adequate security. Well, my response is, “not quite”. Electronic components have their place, however, they are not a panacea. I have taken the liberty to both “lift” and restate some of the excellent ideas and approaches recommended by the I.S.C. to share with our readers in hopes their vision of Operational Capability improves.
It’s about hardness. Trust the Hardness
The complexities of systems integration, interoperability, and the dynamic nature of facility operations and administrative functions can be vast and far-reaching. Operations don’t have to be complex, therefore integration between physical security, electronic security, prevention, and response cannot be over exaggerated as an interoperative function. Meaning, of the four-legged table; hardness, observation, intelligence (prevention) and response, are essential components of a fully integrated system. If you want to sleep tonight, trust the hardness.
Operational Capability is a process of determining current operational requirements and the development of future need capabilities, given the strategic and operational objectives of an agency or facility. Operational capability is measured by determining current operational and administrative requirements, with respect to sustainability (ability to maintain a 24/7/365 care and custody), including maintenance of current capabilities (think the four-legged table) and the development of future capabilities to support the operational objectives of your facility (never stop training), providing the maximum amount of security with the tools at hand. This process is called operational capability. Without a high level of confidence in your capabilities, you won’t sleep very well at night. Operational capability includes, but is not limited to, the following:
- Determining critical and sensitive operational and administrative needs (assets).
- Conducting risk (physical assaults, escapes, gang activity) assessments.
- Identifying vulnerabilities.
- Determining how to mitigate genuine and perceived risk.
- Managing and accepting genuine and perceived risk.
- Collaborating with Facility support organizations (Community Stake Holders).
- Determining how and when support organizations engage.
Through these considerations and putting in play the best practices, physical security and its effectiveness can be continuously assessed with its compatibility to your staff, electronic systems, your intelligence network (snitches) and your “CERT” (Critical Emergency Response Teams) staff capabilities can integrate as part of a whole, rather than a standalone function.
What does Operational Capability look like?
The theory and application of physical protection systems includes the functions of deterrence (locked doors, sally-ports), detection (electronic elements), intervention (Direct Supervision), and response (CERT). In a nutshell, these components are the basis of Operational Capability and should provide the ability to have a restful night’s sleep! Physical security involves security-in-depth, the use of multiple layers of interdependent systems such as physical barriers, IDS (Intrusion Detection Systems), CCTV surveillance, security staff, access control, lighting, etc. These techniques are designed to detect, deter, delay and/or deny unauthorized access to facilities, non-secure areas, equipment, and resources. Accordingly, best practices with an emphasis on hardness, should be placed on allocating security resources using risk management, leveraging of the capabilities of security technology, coordinating protection efforts, and regularly (at shift change) sharing information with staff.
The ISC Security Guideline, previously mentioned as the basis of this article, provides a range of components and competencies a secure facility should have in order to perform their basic level of security.
- Physical barriers;
- Intrusion detection systems;
- Access control systems;
- CCTV;
- Biometrics;
- Protective lighting;
- Security barriers;
- Secure storage rooms with safes;
- Detention grade security locks and locking devices;
- Crime prevention and security awareness;
- Security force training and management; and
- Systematic security inspection protocols.
These physical security ingredients are described in detail in the ISC Security Guideline. In addition, other ISC standards and best practice guidance, as well as the institutional knowledge of security and facilities specialists, can be used to implement security policies to meet ISC and other applicable standards (i.e., agency-specific, State and local codes, etc.). I recommend it’s use by every facility planner and agency to aid in the development of both operational philosophies and architectural programs.
How does the Operational Capability process function?
The information outlined here highlights some best practices in the areas of physical security resource management, including concepts, planning, acquisition, operation and maintenance, and the disposal of lumpy beds so your restful slumber is possible!
The organizational failure to properly integrate and align traditional physical security approaches with IT programs, systems and components will significantly increase the possibility for redundancy in programmatic efforts. Yes, most every State, Local and even Federal agencies have a propensity for a Department of Redundancy Department management style. While redundancy in many systems can be viewed as a plus, in electronics, it can also create gaps or perpetuate existing vulnerabilities in the organization’s security construct. Moreover, lack of integration between the systems can result in the under-utilization of existing or new capabilities.
To ensure success as a management-driven effort, operational leaders must ensure close and continual collaboration and coordination between organizational security offices and information technology entities/offices. Accomplishing convergence – ensuring proper resource appropriation, operational stewardship, effective asset allocation, and implementation of an expert planned multi-disciplined, technologically-integrated layered-security approach – requires a non-negotiable focus on and dedication to design by committee/subject matter experts (SMEs). If you want to stop tossing and turning at night someone needs to have the last word. Security by committee may be a variable one wants to avoid.
The Hardness of Security Electronics
Any new construction projects, facility upgrades, security enhancements and technology upgrades will be best served if they take into consideration tangential (even if previously unidentified) opportunities for value added and integration (and conversely, potential for redundancy and detrimental resource utilization/under-utilization). Requirements and capabilities training is a key variable in promoting and advancing the idea of convergence. I like to call convergence the fitted sheet for my bed. Regular collaboration between traditional security and IT professionals will identify gaps and engender technical discussions on opportunities for collaboration. Educating the senior organizational leaders/decision-makers in today’s basic security and IT concepts, advancements and trends, and highlighting integration efforts and successes serves to reinforce the necessity for multi-faceted project review processes.
Utilizing a single point of institutional entry (PIE) shared software application, centralized initial personnel and occupant tracking and staff servicing (HR, payroll, benefits, etc.) data entry, issuance of facility physical access credentials or badges, and granting of IT-based privileges (logical access) will help eliminate administrative redundancies. The key message here is strive to enhance operational effectiveness and reduce potential vulnerabilities by enhancing an facility or systems common operating picture (COP) and common operating environment (COE).
The convergence of Physical and Electronic Security
In organizations where convergence proves to be very difficult to implement on a large scale, professionals from both disciplines are encouraged to engage in a high visibility/high return on investment (ROI) inaugural integration endeavor. As an example, a plausible, “ground-floor” yet critical integration effort may include moving towards the centralized management of data entry and provisioning or credentialing processes. It’s a start toward security system convergence.
Successfully implemented and managed, the results of most integration efforts will prove immediately (or in the near-term) tangible and beneficial both to the individual employee and the organization. In support of “socialization”/advertising efforts and optimally reducing cultural resistance to future integration efforts, both are acceptable outcomes. Appropriate physical security/information technology systems collect and correlate events from existing security devices and information systems to allow staff to identify and proactively resolve potentially harmful situations. Physical security information technology integration enables numerous organizational benefits, including increased control, improved situational awareness and management reporting. Ultimately, the appropriate physical security information technology integration helps organizations to reduce costs through improved efficiency and to improve security through increased intelligence.
Getting a “Convergent” good night’s sleep!
A complete physical security information technology integration software system encompasses some basic capabilities. There are six convergent key elements, absolutes to achieve completeness of the secure system. Not necessarily in order of importance they are; a key element is having the ability to collect data from any number of disparate security devices or systems. Along with the collection, the ability of your system analyzes to correlate the data, events, and alarms to identify the real situations and their priorities. One cannot underscore the importance of event verification. You’ll want physical security information technology software that presents the relevant situation information in a quick and comprehensible format for an operator to verify the situation. You will want your convergent system to facilitate your S.O.P.’s so any situation has a step-by-step process based on best practices and an organization’s policies, and tools to resolve the situation. You’ll want physical security information technology software that tracks all of the information and steps for compliance reporting, training and potentially in-depth investigative analysis. And without saying, in our litigious culture, a physical security information technology software that monitors how each operator interacts with the system, tracks any manual changes to security systems and data and calculates reaction times for each event. Think of the above six elements as your sleep number. After all, in the final analysis it’s about getting a good night’s sleep!
Greg Offner is a Criminal Justice Consultant serving the Planning, Design and Construction Community, a valued member of the CN Editorial Advisory Board, and a regular contributor to Correctional News.
Editor’s Note: This article originally appeared in the May/June 2023 Issue of Correctional News.