|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Protection on Display0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Eight Steps to Better Align Your Incident And Crisis Management|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465In the Public Interest|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Managing Age Diversity|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465A Head Start on Insider Threats|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Security Gender Gap2016-05-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Business of Travel Safety2014-06-01T04:00:00Z|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Legal Report Resources May 20162016-05-01T04:00:00Z|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Book Review: Breakthroughs in Decision Science and Risk Analysis2016-05-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Q&A: Soft Targets2016-04-01T04:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now Security Gender GapGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>From the 2016 ​ASIS International Compensation Survey​</p><p><img src="/ASIS%20SM%20Callout%20Images/11-15%20Snapshot%20C2.jpg" alt="11-15 Snapshot C2.jpg" style="margin:5px;width:880px;height:1160px;" /> </p> Report Resources May 2016GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p><strong>​</strong><span style="line-height:1.5em;"><strong>Compensation.</strong> An employer does not have to compensate employees for meal periods during the work day if the employer does not predominantly benefit from the time employees spend eating, <a href="" target="_blank">a federal appeals court ruled</a> in a case involving a county prison and corrections officers.</span></p><p><strong>Privacy.</strong> <a href="" target="_blank">The Senate passed legislation</a> that would give European Union citizens the right to challenge the misuse of their personal data in U.S. court under the Privacy Act of 1974. The Judicial Redress Act (H.R. 1428) was hotlined by the Senate because it was a prerequisite of a law enforcement data-sharing umbrella agreement between the EU and the United States.</p><p><strong>Cybersecurity. </strong>President Barack Obama signed two executive orders to create a <a href="" target="_blank">Commission on Enhancing National Cybersecurity</a> and to establish a <a href="">Federal Privacy Council</a>. The commission is charged with making detailed recommendations to strengthen cybersecurity in both the public and private sectors. The council will develop recommendations for the Office of Management and Budget on federal government privacy policies and requirements, and coordinate and share best practices for protecting privacy and implementing appropriate privacy safeguards, among other duties.</p><p><strong>Earthquakes.</strong> President Obama signed an executive order that <a href="" target="_blank">creates new earthquake safety requirements</a> for federal buildings. Under the order, agencies responsible for the design and construction of a new building or an alteration to an existing building must ensure that it is designed, constructed, or altered in accordance with appropriate earthquake-resistant design and construction codes and standards.</p><p><strong>Discrimination. </strong>Washington state senators <a href="">voted to defeat a bill</a> that would have repealed a new rule that allows transgender people to use public restrooms that correspond with their gender identity. The rule was issued by Washington’s Human Rights Commission after Washington enacted a law prohibiting discrimination based on a person’s sexual orientation or gender identity in 2006. </p><p><strong>Reporting.</strong> A New Jersey appeals court <a href="" target="_blank">reinstated two former security officers’ convictions</a> of official misconduct for failing to report that other security employees were stealing thousands of dollars in parking fees. A previous judge had thrown out the former New Brunswick Parking Authority security officers convictions because there was no written policy in their Security Procedures Manual—or adopted by the parking authority—that the officers were required to report other officers’ thefts to the parking authority.</p><p><strong>Discrimination.</strong> A condominium complex in Vail, Colorado, and its management company will pay $1,020,000 to settle charges of sexual harassment, national origin discrimination, and retaliation brought in <a href="" target="_blank">a lawsuit by the U.S. Equal Employment Opportunity Commission</a>. The suit claimed that the complex violated federal law by allowing a housekeeping manager—Omar Quezada—to sexually harass Mexican female employees, including attempted rape.</p><p><strong>Policing.</strong> The U.S. Department of Justice (DOJ) <a href="" target="_blank">filed a lawsuit against the city of Ferguson, Missouri</a>, alleging a pattern or practice of law enforcement conduct that violates the First, Fourth, and 14th Amendments and federal civil rights laws. The lawsuit follows a DOJ investigation of the city’s police department and municipal court, which was launched following the fatal shooting of an unarmed black 18-year-old, Michael Brown.</p> Review: Breakthroughs in Decision Science and Risk AnalysisGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Wiley;; 328 pages; $130.</p><p>Decision and risk analysis is the discipline comprising the philosophy, theory, methodology, and professional practice necessary to address important decisions in a formal manner. It includes many procedures, methods, and tools for identifying, clearly representing, and formally assessing important aspects of a decision. </p><p>In <em>Breakthroughs in Decision Science and Risk Analysis</em>, Dr. Louis Anthony Cox and 14 contributors have written a valuable text that describes the current state and recent advances in decision and risk analysis. Besides addressing breakthroughs in the psychology and brain science of risky decisions, it also includes methods for deciding what actions to take when information is sparse and useful probabilities cannot be determined.</p><p>Written for the decision and risk analysis professional, it is in no way an introduction to the topic. The authors cover the various elements that make up the discipline, including psychology, economics, statistics, engineering, and more. </p><p>Numerous discussions explain how decision and risk analysis can be applied to make better policy and management decisions, using empirical evidence, as opposed to gut feelings. Those in the field will find this a valuable reference.</p><p>--</p><p><em><strong>Reviewer: Ben Rothke</strong>, CISSP (Certified Information Systems Security Professional), PCI QSA (Qualified Security Assessor), is a principal eGRC consultant with the Nettitude Group.</em></p> on DisplayGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">While driving from Toledo, Ohio, to New York City in November of 2006, the two drivers of an art transport truck stopped for the night in Pennsylvania at a Howard Johnson Hotel. They parked the truck in an unlit parking lot adjacent to the hotel, out of sight of the hotel’s rooms and the main office.</span></p><p>In the morning, when the drivers returned to the truck, they found the locks on the truck broken and the painting inside, Goya’s Children with Cart, valued at $1.1 million, gone. </p><p>The authorities were notified and an extensive publicity campaign was launched to locate the painting. The Guggenheim Museum, which had planned to display the painting in its upcoming exhibition Spanish Painting from El Greco to Picasso: Time, Truth, and History, released a joint statement with the painting’s home museum, The Art Museum of Toledo. </p><p>The two museums said the painting would be “virtually impossible to sell and therefore has no value on the open market,” in an effort to prevent a clandestine sale. They also announced that the painting’s insurers were offering a reward of $50,000 for any information leading to the recovery of the painting.</p><p>The strategy worked, and the FBI received a tip which led to the recovery of the painting less than two weeks later. It was in “good condition” and appeared to “be unharmed,” the FBI said in a press release announcing the Goya’s recovery.</p><p>That tip came from Steven Lee Olson, 49, who reported that he discovered the painting in his basement. Olson was a self-employed truck driver, and was later charged with stealing the painting himself. </p><p>Olson contacted the FBI, but not for the reward money. “I really wanted to get rid of it,” he told U.S. District Judge Dennis M. Cavanaugh in a court proceeding. After stealing the painting with his neighbor, “they realized it was more than they could handle,” Olson’s attorney, Joe Ferrante, said to the AP. </p><p>The two men pleaded guilty to conspiring to steal the painting. Olson, who had a criminal record, was sentenced to five years in prison for his crime and his neighbor, Roman Szurko, received one year and a day.</p><p>While the painting was successfully recovered and eventually returned to Toledo where it’s displayed today, the theft brought new awareness to the security concerns associated with museum special exhibitions.​</p><h4>Planning</h4><p>Located in the middle of America in Bentonville, Arkansas, Crystal Bridges Museum of American Art is well aware of the challenges that come with transporting art to and from various museums. </p><p>The museum, which opened in 2011, has a collection that spans five centuries of American art ranging from the Colonial era to the current day. Its masterpieces include Asher B. Durand’s Kindred Spirits, Norman Rockwell’s Rosie the Riveter, and Andy Warhol’s Dolly Parton—to name a few. </p><p>In addition to its vast collection, the museum also hosts a wide variety of special exhibitions each year. Planning for these exhibitions starts years in advance, says Niki Ciccotelli Stewart, Crystal Bridges’ chief engagement officer. </p><p>“Right now we have an idea for our large exhibition space of what we’re doing through 2018,” she explains. “We’re green-lighted through 2017 with some yellow lights in late 2017, 2018, and 2019.”</p><p>Crystal Bridges receives a variety of proposals for special exhibitions, which are originally looked over by the curatorial and exhibitions teams to determine what value the exhibition would have for visitors, whether the content is appropriate, and whether the exhibition fits the larger arc of the stories the museum wants to tell with its programs.</p><p>“We’re telling stories about the founding of America,” Stewart says. And since Crystal Bridges is a relatively young museum, it has to consider what its visitors will want to see—such as American Chronicles: The Art of Norman Rockwell, which drew thousands of visitors to see 50 original paintings and 323 Saturday Evening Post covers by the artist.</p><p>Once the curators and exhibitions team have decided that an exhibition is a good option for the museum, they start discussing the viability of the exhibition itself—the size of the art, the kind of climate it will need, and the security conditions needed to display it.</p><p>This is when Director of Security Geoff Goodrich is brought into the discussion to review the initial draft of what requirements Crystal Bridges will have to meet in order to host the exhibition. Goodrich analyzes the contract not just to see what the security requirements are, but what the impacts will be on the museum’s facility, how the exhibition will be shipped, and the security requirements necessary, such as the number of physical security officers and cameras in the gallery.</p><p>One of the most important parts of the process is determining how many security officers need to be present in the exhibition gallery based on the layout of the gallery and how the artwork will be presented. For instance, certain exhibitions make visitors want to touch the artwork. These exhibitions might merit more security officers.</p><p>“We have a folk art exhibition coming up later this year, and it’s a very touchy-feely exhibition,” Goodrich says. “It’s folk art from years past and now, so for some people it’s like going to a giant craft show. And when they go to a craft show, they get to touch everything. But this is antique stuff…and whether it’s something handmade or a quilt hanging on a wall, people want to have that sense of touching.”</p><p>This means he’ll have more staff patrolling in the gallery than he would for another exhibition coming to Crystal Bridges that features photography and video. </p><p>Additionally, Goodrich will consider what level of explanation an exhibition might require. Security staff are often the most visible museum staff, so visitors may look to them to explain portions of an exhibition.</p><p>“Knowing that early on allows me to plan my staffing, if I need to hire some additional staff members or shift people around—it gives us a plan to be able to get in on a budget process a year early,” he explains.</p><p>After Goodrich has an idea of how many security officers will need to be on staff for the exhibition, the exhibits designer and curatorial department begin planning how to display the artwork itself.</p><p>They come up with an initial plan and then sit down with Goodrich to look at the proposed layout of the exhibition to identify any issues, such as safety from the fire marshal’s standpoint. “As we all know, 90 percent of the time there’s always something,” Goodrich says. </p><p>To help mitigate this problem, Crystal Bridges has made a collaborative effort to work with the local fire department to bring in the fire marshal for regular walk-throughs throughout the planning process.</p><p>“Not just to make sure it’s up to code, but also to decide this is a smart thing to do,” Goodrich says. “Even though it does meet code, is it smart? Is this the wise way to do this?”</p><p>Sometimes this results in great advice from the fire marshal on small changes that can be made to ensure that the exhibition is displaying the art in a secure manner that also creates a safe environment for visitors.</p><p>For instance, the fire marshal may walk through the exhibition space with Goodrich and other facilities staff and recommend adding another exit to the layout. The additional exit may not be necessary for the space to be code compliant, but would provide easier access out of the exhibition space in the event of an emergency.</p><p>During this process, Goodrich also looks at the layout of the exhibition gallery to determine “pinch-point areas,” where a group of people might gather in front of one painting and create a bottleneck for people to go around. </p><p>If this is the case, and it will interrupt the traffic flow of the gallery, Goodrich can work with the exhibition team to change the layout to reduce congestion—keeping the art safe while also improving visitors’ experience.</p><p>After determining the design of the exhibition—from the wall placement to the entrance and exit—Crystal Bridges then looks at how to place security cameras throughout the gallery and how lighting will impact those cameras. The museum just upgraded the cameras in its special exhibition space so they are all digital and have infrared capabilities. </p><p>“Which means they can see in the dark so we can do lower light levels and still have excellent video quality,” Goodrich says.  </p><p>At this point, the planning phase is complete and Crystal Bridges just has to wait for the exhibition itself to arrive—one of the most difficult aspects of the process.</p><p>“It’s hard to get everything here, easily, because of where we’re located,” Goodrich explains, as the museum sits in the bottom of an Ozark ravine in a relatively rural area. “So most things come to us over land.”​</p><h4>Transporting</h4><p>In the Goya theft case, the truck drivers transporting the painting parked their truck and left it unattended, overnight, in the parking lot. For many security professionals, that scenario is unimaginable if not panic-inducing. </p><p>Fortunately, not all art handlers operate that way. Instead, many require that art shipments be monitored from pick-up to drop-off without overnight stops in between. One company that provides this service in the United States and Canada is FedEx Custom Critical, a freight carrier under the FedEx umbrella.</p><p>As part of Custom Critical, FedEx has a White Glove Services Department that “handles anything that is special care,” says Carl Kiser, operations manager for the department. </p><p>The department has an internal staff that handles customer service and makes the arrangements for pick-up and delivery of art work for clients.</p><p>The drivers, however, are contracted out and must pass a background check before being hired for the department. Drivers pick up shipments, transport them to their destination, and drop them off. They do not, however, pack or unpack artwork.</p><p>As part of this contract service, clients can request certain requirements through White Glove Services, including temperature controlled trucks and single shipment on a single truck.</p><p>That “in and of itself is a security measure because there are no unnecessary stops along the route,” Kiser says. “The freight goes from the point of origin straight through to delivery, if that’s what the art customer wants.”</p><p>Drivers—who often operate in teams for art shipments—are also required to monitor the freight at all times so the truck is never left unattended. “That’s critical in making sure that nothing happens to that shipment,” Kiser says.</p><p>As an added layer of security, when a driver is contracted to pick up a shipment, the department sends the museum or client a Positive Driver Identification (PDI). The PDI contains photos of the drivers that are approved to pick up the shipment, ensuring that the driver who shows up to pick up the shipment is not an imposter.</p><p>The teams of drivers work together, trading off driving duties while one sleeps in the cab of the truck on what are typically long drives across the United States or into Canada. The department will also work with clients who want to send a courier or an escort vehicle with the shipment—a common practice in the art world.</p><p>If drivers need to stop, or there’s a delay in when a museum can unload a shipment, they have the option to use one of FedEx’s freight locations to secure the truck overnight in a gated, locked facility. </p><p>To ensure that trucks are traveling on the approved route and on schedule, the White Glove Services Department monitors the progress of trucks once a shipment is picked up by using a GPS tracking system. </p><p>“We have the system set up to send back a service failure notification if the truck is running more than 15 minutes behind the allotted schedule,” Kiser says. “And then our agents would investigate to find out what’s going on, and then notify the customers so they’re aware of the status of that load throughout the entire shipment.”</p><p>If there are no service failures en route, the department would notify the customer when the shipment arrived at its destination, had been signed for, and delivered. </p><p>However, if there is a problem, the department has Qualcomm wireless communication devices in each of its trucks, which use a satellite connection to send messages back and forth to the truck from the department’s headquarters.</p><p>“So if there is a scenario that occurs, we have tracking on that truck and we also have the ability for the contractor or driver to reach out to us to let us know that something’s taken place,” Kiser says. “Or they call us directly. </p><p>We are a 24/7 facility that can respond to a situation at any time of the day <span style="line-height:1.5em;">or night.”</span></p><p>These situations can include anything from a traffic jam to a storm that could be slowing or stopping the truck altogether. If it’s an emergency situation, such as a truck getting into an accident, the department has escalation procedures in place to alert Kiser and FedEx’s security group to respond. It can also alert the authorities if a law enforcement response is necessary.</p><p>For especially sensitive shipments, the department also offers a device, called SenseAware, that can be placed inside the shipment itself to provide tracking information directly to <span style="line-height:1.5em;">the client. ​</span></p><h4>Exhibiting</h4><p>Once Crystal Bridges knows the arrival date for an exhibition, its exterior security team will assist with the delivery—via truck—entering its receiving area, which is designed to allow a 52-foot truck with a cab to enter and then be sealed off with a gate.</p><p>“That way we have a secure area for them to offload the art,” Goodrich says. “Once the truck is here, then we have a process in place where our receiving clerk will shut down the whole dock area.”</p><p>The clerk will send out an e-mail and a radio alert that the receiving dock area is closed, except to essential personnel who are involved in offloading the truck. Signage is posted in the museum’s elevators so staff are aware of the closure, and only approved personnel using access cards will be allowed into the receiving area.</p><p> Based on the contract with the lending institution, additional security measures might also be required once the exhibition reaches Crystal Bridges, such as having security officers present in the gallery while the artwork is being installed. </p><p>However, with the improvement of access control capabilities at museums, many lending institutions are not requiring this, Goodrich says. </p><p>“Only those people who are directly related to the exhibit can enter, and they only enter through one designated door to get into the gallery space to work,” he explains. “So that limits the need to have a physical body there.”</p><p>Goodrich also places temporary cameras in the gallery while exhibitions are being installed in case a worker is injured while installation is taking place. “If somebody gets hurt, we still have video of the activity in the space for our records,” he says.”</p><p>While installation is taking place, Stewart works with Goodrich to educate security staff about the exhibition so they can answer questions and engage with visitors. Stewart will meet with security staff on a Wednesday when Goodrich has created a standard time for different departments to come in and brief the security team on what they’re doing. </p><p>For her brief, Stewart provides security staff with a program of what exhibitions are coming up and printouts of information about the exhibition, such as what pieces of art will be included and who the artists are.</p><p>After the exhibition opens, Stewart goes back for another Wednesday briefing to discuss what security staff are seeing in the gallery—how people are moving through the gallery, what kinds of questions staff are being asked, and what behaviors they’re seeing.</p><p>For instance, when the Rockwell exhibition was at Crystal Bridges, 120,000 people came through the museum to see it. Managing the crowds became a major challenge, and security staff had to work closely with the exhibitions team to manage the flow of people to prevent overcrowding in the gallery.</p><p>Another challenge came with Crystal Bridges’ State of the Art: Discovering American Art Now exhibition, which featured 102 different artists from across the country and took over the entire footprint of the museum. </p><p>“We had art on the pond, art in the stairwells, art in the hallways, so it was very engaging and textured,” Stewart says. “Everyone wanted to touch the art, but that wasn’t allowed, so it created an operational challenge for staff.”</p><p>Crystal Bridges met this challenge by deploying more security staff to the galleries, so they could engage with visitors, answer questions, and enforce the no-touching rule. </p><p>“We really had to be ready for lots and lots of questions from visitors, and our security team was energized rather than annoyed by that,” Stewart adds.</p><p>With 35 special exhibitions under its belt and more slated for the rest of 2016, Crystal Bridges is now sending its own special exhibition to other institutions. State of the Art made its first stop at the Minneapolis Institute of Art in February and will stay there until the end of this month, when it will travel to Telfair Museums in Savannah, Georgia.</p><p>And the trucks transporting it won’t be making any unattended overnight stops along the way.  </p> BeautyGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">In 1994, Soviet-born artists Vitaly Komar and Alexander Malamid began an audacious project. They partnered with marketing firms to conduct a scientifically valid poll to study the artistic preferences of people living in 10 countries: China, Denmark, Finland, France, Iceland, Kenya, Russia, Turkey, Ukraine, and the United States. The polls, along with town hall meetings and in-person focus groups, were designed to determine what the world’s people find aesthetically pleasing about art.</span></p><p>The artists then created the paintings that people in each country found most and least pleasing. The artists hoped that the research would expose a modern concept of art that would reflect each country’s evolving vision of what is beautiful. What they uncovered was something else entirely. </p><p>Fascinating commonalities emerged. Diverse people from locales as different as Kenya and Iceland preferred a remarkably similar portrait: a green and lush landscape that includes some trees, a little open space, water, people, and animals. (The entire <a href="">gallery of the paintings​</a> can be found via the online version of this article.)</p><p>Some argued that the study meant nothing at all, that it merely reflected a preconceived notion of art. The survey indicated not what images people prefer but what images they think indicate great art. </p><p>Other experts contended that the study had uncovered something profound. Denis Dutton, professor of the philosophy of art at the University of Canterbury in New Zealand, wrote in his 2010 book, The Art Instinct, that the survey was just the latest study indicating that our view of art is not learned or cultivated, but instead quite primal. </p><p>The ideal visual image for most people includes the presence of water or the evidence of water nearby, an unimpeded view to the horizon, grasses and trees in thickets with open spaces between, evidence of animal life, and a diversity of flowering plants. “These preferences turn out to be more than just vague, general attractions toward generic scenes: they are notably specific,” Dutton told an interviewer. “African savannas are not only the probable scene of a significant portion of human evolution, they are to an extent the habitat meat-eating hominids evolved for.”</p><p>Further research indicates that the most attractive vistas are viewed from a slight incline, affording viewers “a prospect from which they can survey a landscape, and at the same time enjoy a sense of refuge.”</p><p>Security professionals won’t be surprised to learn that at the core of most human endeavors, including art, there is a yearning for safety. We are happiest and most comfortable when we feel secure.</p><p>Art preferences reflect the desire to be safe, and this month’s cover story explores the efforts required to keep the art itself safe. Assistant Editor Megan Gates discusses the program at the Crystal Bridges Museum of American Art in Bentonville, Arkansas. Security managers there understand the profound importance of protecting both the art and the patrons who enjoy it.</p> the Public InterestGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">Global shrink costs retailers at least $119 billion a year, and that number continues to grow due to shoplifters and dishonest employees, according to the most recent Global Retail Theft Barometer report. This issue isn’t just confined to the retail industry, though; municipalities with warehouses that service water, sanitation, school, police, fire, and transportation services are losing millions of dollars each year to inventory theft, often at the hands of employees within their own logistics operations. </span></p><p>Municipal facilities typically are not as well supported with the state-of-the-art physical security technologies and advanced inventory and property management systems used by for-profit businesses. Municipalities face numerous issues that compete for a limited budget, and city warehouses and logistics operations are often assumed by city leadership to be running smoothly and don’t receive the security funding they may need. </p><p>However, a closer look at municipal supply chain facilities reveals that many are leaking public funds due to preventable gaps in security. Stolen inventory not only costs the municipality the item’s value, but also the cost of replacing the equipment—often at double the original price.</p><p>Various factors make warehouses an attractive target, and poor workplace culture often contributes to lax security. But security professionals can use sound methods to implement a quality security program at even <span style="line-height:1.5em;">the most dysfunctional facility.​</span></p><h4> An Attractive Target</h4><p>Many items in municipal warehouses are replacements for infrastructure around the city that will fail over time. For example, if a sewer system is installed and there’s a particular valve that is unique to that system, project managers know that by the time the valve needs replacing it will be off the market. Therefore, four extra valves are purchased at the time of installation and will be put on a shelf in the municipality’s warehouse. Eventually the valve will fail and need to be replaced. If the extra inventory is not available, that entire section of the sewer system might need to be replaced, costing 10 times the amount of the valve.  </p><p>All of these custom parts and supplies are stored at warehouses throughout the municipality and can be appealing to thieves. The abundance of copper, brass, and electronics is tempting for criminals—a copper fitting can cost $5 to $7 each, with a scrap value of $2 or $3. They are small, so someone could fit 20 of them in a pocket and walk out of the warehouse without being noticed. </p><p>Specialized products, like plumbing parts and pool chemicals, can prove to be even more lucrative targets. Thieves can sell off chemicals meant to treat the municipality’s pools to hotels or apartment complexes looking to save a buck. Even custom-made parts have value. For example, an apartment complex may be required to install a particular type of valve that costs $50,000 on its grounds. After 40 years, it’s time for the valve to be replaced, but someone can provide the part needed for only $12,000. Less scrupulous contractors wouldn’t bat an eye at this; once the valve is in the ground, nobody will ask where it came from.</p><p>It’s also common to see crimes of opportunity—if an employee sees five copper parts sitting on a shelf collecting dust for years, it’s tempting to take one because nobody will know it’s missing, and there are still four others. ​</p><h4> A Culture of Complacency </h4><p>Warehouse personnel at one municipal facility spent weeks counting inventory and filling out inventory control cards in the weeks leading up to an independent audit. Auditors compared their sample list to those cards, accepted the count on the cards as accurate, and moved on, finding no wrongdoing. However, warehouse personnel had been instructed by managers to change the number in the inventory database to match the floor count because fluctuations in the count were assumed to be system input errors instead of loss from theft. </p><p>This culture is difficult to correct. In commercial warehouses, when an employee is not following procedures, it is relatively easy to release that person. But in the municipal world it’s a much harder process. It’s very hard to fire somebody, or to even look into an event without stirring up a lot of problems. </p><p>It’s not uncommon to have parts in a warehouse that have been on the shelf from before the facility’s employees were born. In the private sector, profit is a huge driving force. If money isn’t being made and products aren’t being moved quickly in and out of warehouses, the business will fail. Commercial warehouse managers are held accountable for their inventory control, because companies can’t afford to lose tens of thousands of dollars of merchandise a week. </p><p>There’s not the same level of accountability at the government level because it’s not a profit-driven entity. At municipal warehouses, the loss is not really a driving factor in making sure that parts are accounted for and properly taken care of. Because of this, a combination of employee complacency and a lack of strong inventory practices can lead to waste that can go unnoticed for years.​</p><h4> Building a Program</h4><p>Developing a structured approach that addresses the specific needs of municipal warehouses is critical because it keeps management involved and provides clear and consistent guidance to all employees throughout the municipality. An effective security program is dependent on a strong training and managerial foundation supported by robust physical security, up-to-date technology, validated processes, outside quality assurance, and well-defined controls. </p><p><strong>Senior management.</strong> The strongest tool for validating the success or failure of logistics warehouse inventory control programs is an engaged and proactive administrator. Senior management is ultimately responsible for warehouse operations, but the problem at the municipal level is that city managers don’t feel invested. After an outside investigation was conducted in one city, 15 people lost their jobs, including the director, who had been with the city for 20 years. He didn’t steal anything, but he allowed $4 million in inventory to walk out the door during his tenure there.</p><p>Absent leadership is viewed by staff members as an open invitation to bypass protocols and clears the way for fraud and abuse. It is imperative that managers manage from the front line. They must view, review, and fully understand every process at every location. This is the only way to identify and correct or account for variations in local logistics, security, and management functions. </p><p>Property management, including inventory and warehouse functions, is a primary task that should be performed by experienced and accountable managers. While managers do not need direct inventory or logistics experience, they do need to have strong managerial skills and a full understanding of security and process controls. Such skills are critical to understanding the general challenges associated with the inventory and property management process.  </p><p><strong>Quality control.</strong> Inventory processes are not self-monitoring. They need continuous validation and control. Left unchecked, they rapidly lose direction and drift off course. This is especially true in municipalities with multiple remote facilities since these normally depend heavily on peer-to-peer validation, which assumes that everyone fully understands each process element and knows how those elements fit together as part of the overall function.</p><p>Inventory audits may not be efficient in helping detect sophisticated theft, either. Because large municipal inventories requiring manual reconciliation can take weeks and cost tens of thousands of dollars, most municipal audit programs only sample a random, small portion—often less than 1 percent—of inventory. These issues can overlap to hide systematic insider wrongdoing.  </p><p>The implementation of process-based compliance checks that can be carried out in person or remotely is paramount. Depending on the number of operational sites, management should conduct checks weekly to ensure compliance and collect change recommendations.  Additionally, team members at every level should be given the opportunity to reflect and comment on process changes and make suggestions to improve efficiency. </p><p><strong>Employee training. </strong>The linchpin to building and maintaining a successful operation is training employees. In many property management and inventory support programs, training is often restricted to a couple of hours of introductory instruction or a few days of on-the-job training. Employees rarely receive formal training and depend on other employees when developing process understanding and proper procedures. </p><p>Staff working in municipal warehouses often operate in an environment that is characterized by a dependence on decentralized controls using site-specific processes, dependence on internal accountability, and the use of antiquated physical security and inventory control technology. There is often a lack of external oversight, as well as inconsistent tracking and reporting procedures.</p><p>Unfortunately, the vast majority of inventory theft and misappropriation at the municipal level is the result of illegal behavior by internal staff, often over extended periods of time. Because they know the facility, understand the inventory process and its weaknesses, and are least likely to garner suspicion, long-term employees are the ones most likely to successfully defraud their organization. For employees, the knowledge that senior leadership will almost never set foot on a job site minimizes the importance of functional accuracy and accountability and opens the door to fraud.</p><p><strong>Physical security.</strong> Effective security in an inventory support environment is not a single function. To be most effective, security should become part of a culture consisting of threat understanding, personnel awareness, and technology support designed specifically to counter threats unique to property and inventory warehousing and management. It is an ordered process with each step dependent on the findings of the previous step. </p><p>Property management and inventory security is unique among security functions and requires specialized skills. Unlike normal physical security plans, property management and inventory control plans deal with security as just one function of a complex, layered protection concept. If the internal security team lacks the specific experience and skills to successfully design a property management and inventory control security program, the company should consider hiring an outside consultant.  </p><p>A specialized property management and inventory security program will have custom prevention and response framework designed to identify internal and external security risks. A threat awareness campaign for management and warehouse staff should clearly explain the threat, define reporting methods, and create an overall atmosphere of security awareness. Finally, a physical security plan should combine physical security, technical surveillance, access controls, and personnel compliance. </p><p><strong>Technology.</strong> In addition to providing protection, technology can provide critical insight into the state of a facility’s physical security; however, tools such as surveillance technology and advanced access control should not be viewed as comprehensive solutions.</p><p>Access control programs are, without question, the single most common security point of failure at the municipal level because the biggest threat to a facility’s wares comes from a current or former employee gaining after-hours access using a copy of a key he or she acquired. </p><p>One of the most frustrating and preventable fraud-related issues stems from weak software control. Inventory control software tends not to be backward compatible, requiring site-specific modifications to data entry processes. Using multiple versions of the same security software forces differentiations in handling inventory and security protocols between sites and opens a program up to abuse.  </p><p>For example, one operation had seven different versions of an inventory control software system spread across 10 sites. This required 10 unique data entry processes, none of which reported activity in the same method or format. There was no way to follow and track inventory from a central point. Managers at one warehouse checked their inventory for a certain part and came up empty. The managers believed they didn’t have the part, so they went online and ordered it. There was no way for them to know that there were 25 of those parts in a warehouse across town. Those 25 parts, meanwhile, look like surplus and are thus an attractive target for thieves.</p><p>User access can also lead to discrepancies in software systems. For example, if administrators and employees with unfettered access are allowed to modify counts within inventory control software, they should be required to have a second person validate the change to reduce the possibility of fraud. </p><p><strong>Site-specific processes. </strong>The inability or unwillingness of warehouse and inventory support teams to follow approved processes and operational protocols is the most frequently identified inventory management point of failure. This failure starts at the top when senior management makes the assumption that new policy directives, published as a common set of standardized operational procedures, will be automatically and effortlessly implemented and understood. </p><p>However, in organizations where more than one inventory warehouse is used to support operations, it is rare to find any two facilities that follow the same procedures. When change is introduced, there is a strong propensity for local supervisors and employees to view the change as unnecessary or intrusive. This is especially true when employees or supervisors feel threatened by the change or are left in the dark as to why the change is needed. </p><p>The weak link is not the policy itself but management’s failure to involve facility personnel in process development. Physical facility layout and technology variations among sites are unavoidable; even facilities built using the same conceptual plans vary. These variations can be minor, requiring slight deviations from stated protocol, or so significant that the standard procedure has little or no applicability. Involving experts from each facility helps the process development team identify issues as each protocol is being developed or modified and allows the team to amend the process and overcome site-specific issues. </p><p><strong>External assessments</strong>. Obtaining a comprehensive operational and security assessment is vital to protecting valuable inventory. Internal process monitoring, especially in environments with a history of ignoring or modifying procedural requirements, can be extremely ineffective, opens the door to fraud and abuse, and can compromise safety and security. </p><p>Internal assessment resources can be selective in their evaluations and protective of senior staff. There is a tendency to use other municipal resources to conduct an audit, but municipal personnel from other operations may still feel pressure to provide specific findings. </p><p>Teaming with an outside security and loss prevention partner can help to capture risks before they become problems. Professional security teams are not affected by internal politics and are more likely to provide an unbiased assessment of personnel issues. </p><p>To address all of these issues, municipalities should consider establishing a hybrid team consisting of external subject matter experts and evaluators and internal audit and management evaluators.  </p><p>This quality assessment team can provide more than a summary of findings. The team should work directly with warehouse managers to develop, implement, and manage a viable, cost effective, multi-stage security architecture that blends technical, operational, and awareness functions. After completing this process, the team can develop a support strategy that carries the organization through the corrective action process. Recommendations should be detailed enough to offer resolution for any security vulnerabilities they find but not so specific as to tie the process to an exclusive vendor or organization. The end result will be an efficient and effective municipal organization with an invested management team that values employees while also protecting inventory.  </p><p>--</p><p><em><strong>Robert Jasinski </strong>is director of executive protection for Lowe's Companies in Mooresville, North Carolina. <strong>Marshall K. James </strong>is director of training for JGW Group in Reston, Virginia. Jasinski and James are both members of ASIS International.</em></p>


CS​O Roundtable ​Webinar (Webinar)

05/16/2016 - 05/17/2016
Security Practices in a High Rise Environment​​ (Education)​

05/18/2016 - 05/19/2016
Security Force Management​​ (​Education)​

La Evidencia y el Testimonio dentro de las Investigaciones Privados​​​ ​(Webinar)

05/22/2016 - 05/24/2016
9th Annual CSO Roundtable Summit​​ ​(Webinar)​

05/23/2016 - 05/26/2016
ASIS Assets Protection Course™​ (Web​inar)

Soft Targets in 2015 and 2016​ ​(Webinar)​

05/31/2016 - 06/03/2016
IE/ASIS Program: Effective Management for Security Professionals (Education)​