See Something, Say Something: ASIS International Conference Review

I recently had the opportunity to attend the 59th Annual ASIS International 2013 conference in Chicago, Il.  ASIS (American Society for Industrial Security) had over 20,000 security professionals from around the world.  I got a chance to visit the Chicago History Museum, The Field Museum, and I walked about 30,000 steps a day!  I needed this to get away from such serious topics and intense discussions by passionate security personnel.  

Despite this worldwide contingent of security, I personally felt overwhelmed and insecure due to the large numbers of people in one place.  The weather was very nice in Chicago and the networking luncheons were excellent.  I attended many valuable seminars, and I’d like to share some of what I learned which will be useful in the library system:

Identifying Risk and Vulnerability

Physical security managers must to be able to evaluate the probability or likelihood of a vulnerability using some formal means or methodologies.  It isn’t based on opinion or perception; however the actions or beliefs of employees may be affected by perception affecting the vulnerability.

Perceptions are often influenced by a persons’ feeling of being “in control.”   A good example is the use of a door lock.  When doors are locked, people feel safer, when they are unlocked, they feel vulnerable. When employees feel in more control, there tends to be less perceived risk.  A company’s perception of vulnerability may not be the same as employees who deal directly with vulnerabilities.  The feelings of vulnerabilities are also influenced to some degree when these questions can’t be answered:

• Who is the adversary (Who are we afraid of?)
• What is their objective when creating a disturbance and can we prevent it?
• What is their capability to cause harm and would they?
• What experience/knowledge do I have to prevent the problem?
• What actions do managers take to keep me safe?

Since risk is not static, it must constantly be evaluated.  The ways to evaluate risk is formulaic.   

Here at the library, I use a formula:  R (Risk) = P (Probability) x I (Incidents).  That is why documentation is so important.  I gather the probability based on local crime stats, neighborhood issues, and historic factors, vulnerability.  The incident numbers equal the informal and formal incidents in the library during a period of time.  This information gives me information to provide advice to administration on issues of training and increased security needs.    When I do not have that incident information, it is difficult to make an accurate risk assessment.  It can’t be made on anecdotal evidence.

Prevent, Mitigate, And Manage Litigation Against Security

This training was very important to me as we have contract security officers at libraries and I need to ensure that I am doing everything I can to ensure that they act in accordance with the post orders, contract, and library policies.

Security Guard Negligence

The first part of this session was a discussion on what is negligence which is the primary way a company can be sued for the actions of a security guard.  Negligence is defined here as a combination of “a duty to provide, a breach (didn’t provide), a causation (someone committed a crime or failed to do the right thing) and someone is injured.  To prove neglect, a jury would have to believe that the event was forceable and the prevention was reasonable.  Ordinarily, the contract company is responsible; however, in many instances the client can also be named as a responsible party.

When this becomes an issue is when I as a security manager fail to identify/assess the risks, take steps to minimize those risks, and failure to ensure the guards are trained and supervised.  Since the guards are at other locations, this requires a team effort.  

Premise Liability

This session started out with two examples: 

Example One:  A building complex in which the building had poor CPTED (Crime Prevention through Environmental Design): plants and bushes overgrown and around the building creating blind spots and hiding places.  Outside lights inoperative and no security lights in place.  The local police provided a security survey and made recommendations to improve CPTED.  The advice was ignored.  A woman walking by the complex was beaten and raped.  The building management was sued for negligence and lost.

Example Two:  Security guards were forced by management to multi-task.  They were made to run errands for employees, cleaned up after guests, and made to do menial tasks that no one else in the company wanted to do.  The guards were demoralized, unhappy, and turnover was very high.  Security had a list of banned customers; however because they didn’t care and were too busy doing other things, they didn’t notice when a local banned gang member entered the facility and started fighting with rival gang members.  The injuries that resulted let to a lawsuit in which the building management was charged with “failure to protect.”

Ways to counter premise liability:  Training of staff and security; appropriate policies and procedures, disciplinary action for violations of policies, adequate supervision, legal support and advice, and documenting inadequacies with a comprehensive action plan.

See Something, Say Something

In combination with the Department of Homeland Securities, 2010 See Something, Say Something campaign, http://www.dhs.gov/if-you-see-something-say-something%E2%84%A2-campaign.

This program is a modification of the DHS program in which security managers are being encouraged to start locally in their organizations.  This is an active campaign in which staff members are encouraged to report anything that might prevent crime, mitigate injury, or stop a violent act.  Staff members are encouraged to report odd behaviors, theft, or suspicious objects.  Managers and security are encouraged to identify vulnerabilities and provide solutions.  An example of a solution given was a security manager noticed that in a particular office where there were frequent complaints of minor theft, employees left purses and valuable items out in the open frequently.  The security manager left cards which stated that the items mentioned could have been taken and should be secured. After distributing numerous cards, in less than six months, the organization reported a 30% reduction of internal theft and misplaced items.   

Also, if we can prevent a security incident SEE SOMETHING, SAY SOMETHING.

I learned much more besides these topics, and hopefully I will be able to share the training I received from the Department of Homeland Security, the Justice Department, and OSHA.