Guard Force Management

 

 

https://sm.asisonline.org/Pages/The-Role-of-School-Resource-Officers.aspxThe Role of School Resource OfficersGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-01-01T05:00:00Z<p>​Mo Canady, executive director of the National Association of School Resource Officers (NASRO), discusses the security implications of an SRO’s role in today’s educational environment.</p><p class="p1"><i>Q. What are school resource officers (SROs) and what are some of their job functions?  </i></p><p class="p1"><b>A. </b>SROs are sworn law enforcement officers assigned by their employing law enforcement agency to work with schools. They go into the classroom with a diverse curriculum in legal education. They aid in teaching students about the legal system and helping to promote an awareness of rules, authority, and justice. Outside of the classroom, SROs are mentoring students and engaging with them in a variety of positive ways.</p><p class="p1"><i>Q. What are some of the standards and best practices your organization teaches? </i></p><p class="p1"><b>A. T</b>here are three important things that need to happen for an SRO program to be successful. Number one, the officers must be properly selected. Number two, they have to be properly trained. And thirdly, it has to be a collaborative effort between the law enforcement agency and the school district. This can’t just be a haphazard approach of, “We have a drug problem; let’s put some police officers in there and try to combat it.” It needs to be a community-based policing approach.</p><p class="p1"><i>Q. Some SROs have come under fire for being too aggressive in the classroom. What’s your take?</i></p><p class="p1"><b>A. </b>There have been a handful of incidents that have played out in the media. But, it is up to the investigating agency to determine right and wrong. I’ve been very happy with the fact that the majority of those officers involved in these incidents have not been trained by us.</p><p class="p1"><i>Q. How does NASRO train officers to deal with potential threats? </i></p><p class="p1"><b>A. </b>In our training, we certainly talk about lockdown procedures and possible responses to active shooter situations, but we don’t get too detailed. It’s really up to each agency to make those kinds of decisions. In the case of an active shooter, I don’t believe most SROs are going to wait for additional backup to get there. Most of them are so bought into their schools and their relationships with their students, that if they hear gunfire, they’re going to go try to stop whatever is happening. </p><p class="p1"><i>Q. Do SROs consider themselves security officers? </i></p><p class="p1"><b>A. </b>We’re engaged in security and it’s a big part of what we do—but it’s just one piece of what we do. Sometimes when people think about physical security, the idea of relationship building doesn’t necessarily come in there, and yet it’s the lead thing for us. We know that through those relationships, if we’re building them the right way, we may get extremely valuable information from students, parents, faculty, and staff. It’s what leads to SROs in many cases being able to head off bad situations before they happen.</p>

Guard Force Management

 

 

https://sm.asisonline.org/Pages/The-Role-of-School-Resource-Officers.aspx2017-01-01T05:00:00ZThe Role of School Resource Officers
https://sm.asisonline.org/Pages/Guns-and-Security-The-Risks-of-Arming-Security-Officers.aspx2016-11-21T05:00:00ZGuns and Security: The Risks of Arming Security Officers
https://sm.asisonline.org/Pages/The-Next-Tase-Phase.aspx2016-10-01T04:00:00ZThe Next Tase Phase
https://sm.asisonline.org/Pages/To-Arm-or-Not-to-Arm.aspx2016-08-01T04:00:00ZTo Arm or Not to Arm?
https://sm.asisonline.org/Pages/Top-Five-Design-Considerations-for-Control-Rooms.aspx2016-06-09T04:00:00ZTop Five Design Considerations for Control Rooms
https://sm.asisonline.org/Pages/Industry-News-June-2016.aspx2016-06-01T04:00:00ZIndustry News June 2016
https://sm.asisonline.org/Pages/The-Dangers-of-Protection-What-Makes-a-Guard-Firm-Low--or-High-Risk.aspx2016-03-15T04:00:00ZThe Dangers of Protection: What Makes a Guard Firm Low- or High-Risk?
https://sm.asisonline.org/Pages/Book-Review---Physical-Security-and-Safety.aspx2016-03-08T05:00:00ZBook Review: Physical Security and Safety
https://sm.asisonline.org/Pages/The-Tase-Craze.aspx2016-03-01T05:00:00ZThe Tase Craze
https://sm.asisonline.org/Pages/Police-and-Use-of-Force.aspx2016-02-01T05:00:00ZPolice and Use of Force
https://sm.asisonline.org/Pages/A-Plan-for-Polite-Protection.aspx2015-11-02T05:00:00ZA Plan for Polite Protection
https://sm.asisonline.org/Pages/Five-Factors-for-Guard-Booth-Design-.aspx2015-09-01T04:00:00ZFive Factors for Guard Booth Design
https://sm.asisonline.org/Pages/High-Stakes.aspx2015-04-01T04:00:00ZHigh Stakes
https://sm.asisonline.org/Pages/Patchy-Training-Tactics.aspx2015-04-01T04:00:00ZPatchy Training Tactics
https://sm.asisonline.org/Pages/Liability-and-Insurance-Implications-of-Body-Cameras.aspx2015-03-17T04:00:00ZLiability and Insurance Implications of Body Cameras
https://sm.asisonline.org/Pages/High-Tech-Check-In.aspx2014-12-01T05:00:00ZHigh-Tech Check In
https://sm.asisonline.org/Pages/cisco-introduces-push-talk-application-0012672.aspx2013-08-20T04:00:00ZCisco Introduces Push-to-Talk Application
https://sm.asisonline.org/Pages/aussies-consider-date-birth-guard-ids-_E2_80_98excessive-personal-information_E2_80_99-009782.aspx2012-04-16T04:00:00ZAussies Consider Date of Birth on Guard IDs ‘Excessive Personal Information’
https://sm.asisonline.org/Pages/Virtual-Reality-Racing-and-the-Final-Frontier.aspx2011-09-01T04:00:00ZVirtual Reality, Racing, and the Final Frontier
https://sm.asisonline.org/Pages/Changing-of-the-Guard.aspx2011-07-01T04:00:00ZChanging of the Guard

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Top-Five-Design-Considerations-for-Control-Rooms.aspxTop Five Design Considerations for Control Rooms<p>​Here's how to achieve optimal operator comfort in a control room.</p><p><img src="/ASIS%20SM%20Callout%20Images/control-rooms-infographic-FINAL.jpg" alt="" style="margin:5px;" /><br></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Measuring-Guard-Performance.aspxMeasuring Guard Performance<p> </p><p>A SECURITY GUARD is often the first person a visitor encounters when entering a facility. For that reason, it is important that guards are well-trained and motivated to perform their duties to the best of their abilities. To consistently train guards to do the best job they can, I developed an evaluation program for use where I work—Escuela Campo Alegre, an international English language school in Caracas, Venezuela—to measure a guard’s performance in a variety of categories.</p><p>Guards who consistently rank highly in the evaluation are rewarded. The process, which I have used successfully for five years, has enhanced both the professionalism and the work ethic of the guards who serve in my facility. It could be adapted to help other organizations.</p><p>Ten security guards secure Escuela Campo Alegre. These officers are contract personnel, but the school is responsible for their training and supervision. The security guard company cannot transfer, fire, demote, or promote any guard without the permission of the school’s security team. The same sort of evaluation could also be used for proprietary guards.</p><p>The first part of the process was to develop individual categories that would be covered by the evaluation. The next step was to develop a scoring process and the rewards portion of the program.</p><p>Categories<br>The categories are designed to give guards concrete information about their performance and illuminate any areas that require improvement.</p><p>I have found that the following eight categories give the best indication of performance.</p><p>Reports. Considering that the security manager makes important decisions based on the information provided by guards in their reports, the accuracy of these reports is crucial. Each guard is evaluated on his or her ability to take notes in an effective manner and transcribe those notes into a clear, understandable report. Several years ago, we replaced manual reports with computerized files. Therefore, guards are also evaluated on their computer skills.</p><p>Procedures. Guards must be proficient in a facility’s security procedures. The security manager evaluates each guard on his or her knowledge of the procedures and on how well procedures are followed in various situations.</p><p>For this part of the evaluation, guards are quizzed on various procedures including entrance and exit controls, use of radios, patrol techniques, CCTV protocols, and traffic and parking rules.</p><p>Knowledge. Guards must be familiar with the physical layout of the installation. For the evaluation, guards must recite and explain the emergency plans, operational procedures, and services verification list. The guard must also be able to guide a visitor through the facility. Guards must know where to find a fire extinguisher and the emergency exits as well as the central fire alarm, water pump, electrical panel, and emergency phone numbers. This knowledge is measured by going over a checklist with each guard or by giving a written test. In addition, guards are expected to know staff members. Guards are given a group of staff photos and asked to identify them by last name and department.</p><p>Appearance. In general, the best security guards care about their appearance and present themselves in a professional way. The uniform is part of the evaluation and is considered part of the equipment that guards require to perform their job appropriately.</p><p>Cleanliness. This category refers both to personal hygiene and to how the officer maintains his or her office space. In the evaluation, supervisors look to see if guards have immediate access to equipment, reports, and any other necessary items. They also determine whether the office is clean and organized.</p><p>Attitude. A positive attitude is an indispensable element in the behavior of a guard; therefore, it is a necessary part of the evaluation process. Supervisors are asked to measure the attitude of each guard during each shift. For example, supervisors note a guard’s opinion of others, sense of responsibility, and ability to accept criticism. Other factors that may come into play are whether a guard is prone to complaining and whether he or she can admit mistakes.</p><p>Public relations. In our facility, each guard acts as a public relations representative. To determine whether guards are representing our organization in a desirable manner, the evaluation contains a section on public relations. This category measures cooperation, the ability to work as a team, the discreet enforcement of authority, and self-control.</p><p>Dedication. To evaluate the dedication of a guard, we measure punctuality, project completion, and attention to daily tasks.</p><p>Scoring<br>Guards are evaluated individually and as a team for each shift they work. A supervisor must conduct the appraisal with each guard and team. To give some structure to the evaluation, we devised a checklist and scoring method.</p><p>Each category is given a numeric value. For an “excellent” performance a guard is given four points. A “very good” rating is three points and a “good” valuation merits two points. One point denotes a “regular” rating, and if a guard is deficient, no points are given.</p><p>The evaluation format clearly lays out how the points are earned for each category. For example, to obtain the four maximum points for appearance, the manager can give the guard one point for a clean and pressed shirt, one point for clean and pressed slacks, one point for a clean and pressed tie, and one point for clean and shined shoes. Supervisors are encouraged to use common sense in scoring. For example, if the guard is wearing a clean shirt, but it is not ironed, that would affect the rating.</p><p>A guard can receive a maximum of 100 points. At the end of the evaluation, a supervisor can note general observations and indicate whether the guard has committed to improving his or her performance. The evaluation form contains a box that explains the meaning of the total points. If a guard obtains 100 points, he or she is rated “excellent.” A “very good” rating is between 80 and 99 points. To garner a “good” evaluation, a guard must earn between 60 and 79 points. A “regular” rating is 40 to 59 points, and anything 39 points or lower is considered “deficient.”</p><p>Rewards<br>The company provides rewards to the guards each month. The gifts vary and are determined by the security supervisors. The reward can be as simple as a recognition certificate or a plaque honoring the guard of the month. Management might add a financial bonus or gift certificate. The highest reward, given out only for outstanding conduct, is a promotion.</p><p>The evaluation program has helped create a good working environment, which has led to extremely low turnover. Six guards out of 10 have more than five years of continuous service. Three guards have three years and the last one has two. Any organization could use a similar evaluation and rewards program to improve performance and morale.</p><p>Guillermo Guevara Penso is security manager at Escuela Campo Alegre in Caracas, Venezuela. He has more than 30 years of experience in the security field.<br></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Access-Under-Control.aspxAccess Under Control<p>​<span style="line-height:1.5em;">Companies spend significant resources on access control equipment. Estimates of the size of the global market range from about $6 billion to around $22 billion, and a recent ASIS survey indicates that 57 percent of U.S. businesses will be increasing access control spending through 2016. </span></p><p>Upfront costs are just the start. Security professionals take time to determine which doors need to be locked and when.  They decide where to install readers and decide how to pro­cess visitors. Despite the effort spent on the access control equipment layout and maintenance, over time the access control database can become mismanaged. Requests for tweaks to reader groupings and access levels are continuous. One group may want time restrictions for the janitorial crew; another group may need access to one door but want to restrict others. If these accommodations are made without regard for the overall system, over time a complicated tangle of access control levels is created. The next thing you know, security no longer controls access; access control takes charge of the organization’s security, resulting in a chaotic mess.</p><p>BB&T, a large financial services institution headquartered in Winston-Salem, North Carolina, has protocols in place that ensure appropriate and accurate administration of access control systems at its corporate locations. The Fortune 500 company has more than 1,800 financial centers in 12 states.  In addition, it has approximately 120 corporate buildings–data centers, operations centers, call centers, corporate and regional headquarters–that have access control systems. ​</p><h4>Challenges</h4><p>Regulatory developments over the last decade make it necessary to closely maintain access control data. The Health Insurance Portability and Accountability Act of 1996 and Gramm-Leach-Bliley Act of 1999 require health­care and financial organizations, respectively, to keep strict watch over sensitive and personal information. The Sarbanes-Oxley Act of 2002 forced a strengthening of internal controls within corporations. More recently, the Payment Card Industry Data Security Standard requires that companies keep tight control over credit and debit card data. </p><p>These regulations, as well as others that affect specific industries, have brought more scrutiny to the administration of access control data. Most large organizations, especially those in regulated industries, have experienced an increase in audit activity as it relates to physical access controls. This means that regular reviews of access reports are required in many cases. For this reason, it is critical that the data in a company’s access control database be clean and accurate.  </p><p>Numerous challenges can arise from failing to properly maintain an access control system. Maintenance lapses can result in thefts when, for example, terminated employees get into a facility. What good is an access control system if, due to negligence in maintaining the system, people can enter places they shouldn’t? If your access control database has been around for years and has turned into a Byzantine web of access permissions, what steps can be taken to get control over the data? </p><p>Access control database administrators must have an ongoing process of maintaining the accuracy of the data. A standards-based approach must be taken to manage any effective access control program. Standards include defining the types of users in the system–employees, vendors, visitors, temporary card users– and establishing credentials for which each of these user categories will be managed and reviewed. Once the user categories are defined, space definitions and ongoing maintenance procedures must be established. ​</p><h4>Database management</h4><p>BB&T categorizes its cardholders into three groups based on the users’ network login ID. There are employees and contractors with a company network login ID; vendors, tenants, and others without a company network login ID; and temporary users. BB&T uses the network login ID for employers and contractors because the network ID is also used in the IT security database. This allows security to match the IT access records to the physical access records. Human resource data was considered for this match, but the bank determined that many vendors, temporary employees, and contractors who have a BB&T network login ID are not included in its human resource system. Matching the network login ID covers a majority of the organization’s users. If the records do not match, the user’s access is terminated.   </p><p>For cards not involved in the matching process, BB&T identifies a company employee who can serve as a sponsor for each vendor and tenant. The company conducts quarterly reviews of those cards, during which the company sponsor ascertains whether the vendor or tenant employee still works for the third-party company and still needs the BB&T card.</p><p>All temporary cards in the system are assigned to the individuals who have the cards in their possession. The temporary cards may be used by visitors, trainees, vendors, and employees who forgot their badge at home. Information on the cardholder is housed within the access control database. Quarterly reports for all temporary cards are sent to one person who is responsible for ensuring that their temporary cards are accounted for.  ​</p><h4>Space</h4><p>BB&T has established criteria and definitions of the physical space in its environment and categorizes space into three categories: critical, restricted, and general. Criteria are established for each category of space. The critical category is reserved for high-risk, critical infrastructure areas, such as server rooms or HVAC sites. Restricted space is office space for departments that the company deems restricted. All critical and restricted space is assigned a space owner. The space owner is then responsible for approving or denying people’s access to that area. General access areas are common doors and hallways.</p><p>For each category of space, standards are established on how access is governed. For example, the data center standards might state that janitors or nonessential personnel are not granted access without an escort. Standards also dictate who can approve access to that space and how often access reports should be reviewed. For example, critical and restricted space reports are reviewed monthly or quarterly.</p><p>Access devices are grouped together based on the categories of space and the users that access the space. This streamlines the access request process and makes it easier for the requestors to understand what access they are selecting. Grouping as many readers together as possible minimizes the number of possible groupings meaning that there are fewer choices for those requesting access. It also makes it easier to ensure that access reports are accurate, and it simplifies the process of approving access and access report reviews. If all readers for critical space to a building are grouped together, only one approval would be required for critical space and only one report would need to be reviewed.  </p><p>However, in some cases, minimizing groupings may not possible. For example, one group of users may be allowed into the IT area but only a subset of that group has access to the server room that resides within the lab. In this case, groups would be categorized by the users rather than the readers.</p><p>It’s also important to make sure that access levels and device groupings don’t overlap. This can complicate the request process and the report reviews and could cause access reports to reflect an incomplete list of users who have access to a space. For example, in a building with three readers, grouping one may include the front and back doors, and grouping two may include the communications room. If, in addition to these two groupings, there is an overarching grouping three that includes all three readers, this could create a problem since each of the three individual readers belong to two different groupings. In this scenario, if a request is made to determine who has access to the communications room, rather than producing a report of the communications room reader group, an additional report of the group of all three readers would need to be provided. In many organizations, this second step is missed, causing an inaccurate representation of those with access to a specific area. This can be a major issue if discovered during an audit.</p><p>Another way to remedy this issue would be to run reader reports on individual doors, in this example, a reader report on the communications room only. Most access control systems allow for this type of report. However, in companies with a large number of individual card readers, this would require many more reports. The same users often need access to multiple doors, so combining them into groupings that don’t overlap makes more sense than running individual reader reports. As a rule, BB&T does not allow a reader that has been deemed critical or restricted to belong to more than one reader grouping. This ensures that access reports are accurate and complete.  It does, however, require that a user who needs access to a full building, such as a janitor or security officer, request access to each area of the building rather than requesting overarching access to the entire building. This is beneficial, not only for reporting reasons, but also because it requires that space owners approve all users who have access to their space and holds the space owners responsible for knowing who is entering their space. Controls in the report review process can be set up to ensure that a space owner does not remove access for a janitor or security officer. Some systems allow cards to be flagged and would require a higher level of scrutiny before access is removed. Nonetheless, this is a cleaner way to set up access levels and ensures that space owners will review a report of all users that have access to their space, which is what most auditors are looking for.   ​</p><h4>Clean-Up</h4><p>If an access control system has become muddled over time, a database clean-up is recommended. A good place to start is to deactivate all cards that have not been used in a specific timeframe, such as the previous six months. Thus there will be fewer cards to review. Then, security can find a common piece of data with another database in the company that provides a match of current employees. Human resource or information security data is best to determine whether active cardholders in the system still work for the company. Of the remaining cards for nonemployees, visitors, tenants, and contractors, security should research whether the card users can be associated with a manager or employee within the company. Security can work with these internal partners to implement an ongoing review of access cards. ​</p><h4>Maintenance</h4><p>Performing a regular match of human resource or information security data ensures that cards are deactivated for users whose information does not match that on the card. If a user is not captured in the match, that person should be assigned to a sponsor for quarterly review to determine whether any credentials need to be terminated. Access reports should be reviewed for all nongeneral space to ensure that users still need access to the designated areas. Such reviews should take place at regular intervals–not more than quarterly. An important piece of the access request process is to ensure that all necessary information is captured to support the new standards and to support the report review. For example, if the request is for a visitor, security should capture the name of the person who will have that card in their possession during the request.   ​</p><h4>Automation</h4><p>BB&T is working to upgrade the auto­mation of its access control request and audit reporting system by the end of 2015. It is considering software that automates the entire access control database management process from the onboarding human resource system to the access control system. This would include a software interface that would be fully integrated with the information security credentialing system. The ideal software would fully integrate with the access control system where approved access is automatically provisioned with no human intervention.</p><p>Cost is a major factor in implementing such automation. Some companies choose to automate pieces of the process. Some use a simple Web portal form that sends e-mails to approvers and ultimately e-mails the request to the team that provisions access or provides a dashboard for the access control team to view requests. Many companies have integrated with human resource or information security data to update their access control system, which allows for the automatic deactivation of cards for terminated employees, vendors, or contractors. Others have found a way to automate the report reviews. Few access control manufacturers provide these additional software tools in combination with their access control software. Some will work with or direct their customers to third-party solutions, while others are beginning to see the need for automation and are incorporating pieces into their standard software package, such as more robust reporting capabilities.  </p><p>These efforts may seem daunting, but once the standards are set and the database is cleaned up, ongoing maintenance is initiated, and some level of automation is implemented, the system will be under control. It is imperative that security professionals see beyond the equipment and installation and not rely solely on these for protection. A sound maintenance program ensures that, should access control processes be called into question, security can be confident that the company’s program is under control.  </p><p>--</p><p><em><strong>Briggette Jimenez, CPP,</strong> is physical security manager at BB&T where she manages the company’s security command center, security operations, and workplace violence prevention programs.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465