Intrusion & Access Control

 

 

https://sm.asisonline.org/Pages/Security’s-Digital-Shift.aspxSecurity’s Digital ShiftGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652019-04-01T04:00:00Z<p>​Physical security is long overdue for a digital transformation, according to a recent <a href="https://www.asisonline.org/globalassets/internal/future-of-physical-security.pdf">white paper</a> authored by experts from Microsoft and Accenture. </p><p>The white paper reports on a survey of 200 senior physical security leaders across multiple industries on digital transformation. It was written by Michael Foynes, a center of innovation global lead at Microsoft, and Mercedes Fuller, managing director, Accenture Strategy.</p><p>The paper argues that the global digital revolution, which has transformed the world, has also inadvertently created new threats. For example, the rise in popularity of social media has unintentionally provided new ways to orchestrate breaches and attacks. This reality, combined with the escalation of catastrophic climate events, means that many security teams are facing more challenges than ever.</p><p>“Combating these threats requires intelligent applications that can rapidly sift through overwhelming amounts of data that cannot be processed at the human level,” the authors write. “Recent developments in artificial intelligence and signals processing can help security catch up.”</p><p>“As tools become more sophisticated and readily available, security organizations must adopt new practices and capabilities,” the authors continue. “Failure to transform will increase the likelihood of becoming a target.”</p><p>However, while many security executives see the value of enhancing physical security with digital tools, progress in that field has been uneven at best. “We found that although security leaders see the opportunity to enhance risk management with digital capabilities, the industry is at various levels of maturity, and at worst is a decade behind,” the authors write. </p><p>The two leading challenges facing physical security operations today, according to survey respondents, were reactive threat management and intuition-led decision-making based on subjectivity. “These challenges—operating reactively and improving decision-making—make it difficult to be proactive. This puts your people, brand, and reputation at risk,” the authors write. </p><p>Microsoft Global Security has several initiatives underway to digitally transform its physical security, according to the paper. Under the code name Project Falcon, the initiatives are aimed at creating an intelligent platform that leverages data and insights to reimagine the employee experience and the delivery of security services. The company expects the initiatives to result in cost savings over the next 10 years, according to the report. IT also expects digital transformation to strengthen its global risk management, elevate employee and customer experiences, and unify groups within Microsoft.</p>

Intrusion & Access Control

 

 

https://sm.asisonline.org/Pages/Security’s-Digital-Shift.aspx2019-04-01T04:00:00ZSecurity’s Digital Shift
https://sm.asisonline.org/Pages/Accessing-Federal-Facilities.aspx2019-04-01T04:00:00ZAccessing Federal Facilities
https://sm.asisonline.org/Pages/What-is-Open.aspx2019-03-01T05:00:00ZWhat is Open?
https://sm.asisonline.org/Pages/An-Amenity-of-Necessity.aspx2019-02-01T05:00:00ZAn Amenity of Necessity
https://sm.asisonline.org/Pages/Smarter-Access-At-The-State.aspx2019-02-01T05:00:00ZSmarter Access At The State
https://sm.asisonline.org/Pages/The-Intoxication-Issue.aspx2019-02-01T05:00:00ZThe Intoxication Issue
https://sm.asisonline.org/Pages/Wellspring Of Safety.aspx2019-01-01T05:00:00ZWellspring Of Safety
https://sm.asisonline.org/Pages/Book-Review-Electronic-Access-Control.aspx2019-01-01T05:00:00ZBook Review: Electronic Access Control
https://sm.asisonline.org/Pages/SM-ONLINE.aspx2019-01-01T05:00:00ZSM Online
https://sm.asisonline.org/Pages/Access-With-A-Twist.aspx2018-12-01T05:00:00ZAccess With A Twist
https://sm.asisonline.org/Pages/Newsroom Shooting Demonstrates Vulnerabilities Of Run Hide Fight Response.aspx2018-06-29T04:00:00ZNewsroom Shooting Highlights Challenges of Securing Open Offices
https://sm.asisonline.org/Pages/VIDEO-Charleston-International-Airport-Modernizes-Security-with-Pivot3.aspx2018-06-27T04:00:00ZVideo: Charleston International Airport Modernizes Security with Pivot3
https://sm.asisonline.org/Pages/Supply-Chain-Company-Makes-Access-Control-a-Priority.aspx2018-06-01T04:00:00ZSupply Chain Company Makes Access Control a Priority
https://sm.asisonline.org/Pages/Multiple-Fatalities-In-Texas-School-Shooting.aspx2018-05-18T04:00:00ZMultiple Fatalities in Texas School Shooting
https://sm.asisonline.org/Pages/Personnel Peril.aspx2018-04-01T04:00:00ZPersonnel Peril
https://sm.asisonline.org/Pages/Take-No-Chances.aspx2018-04-01T04:00:00ZTake No Chances
https://sm.asisonline.org/Pages/Florida-Governor-Unveils-Major-School-Security-Plan-In-Wake-Of-Shooting.aspx2018-02-23T05:00:00ZFlorida Governor Unveils Major School Security Plan In Wake Of Shooting
https://sm.asisonline.org/Pages/Find-the-Fire.aspx2018-01-01T05:00:00ZFind the Fire
https://sm.asisonline.org/Pages/Call-for-Help.aspx2017-12-01T05:00:00ZCall for Help
https://sm.asisonline.org/Pages/ENDURECE-BLANCOS-SUAVES-CON-PSIM.aspx2017-11-21T05:00:00ZENDURECE BLANCOS SUAVES CON PSIM

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Terrorists-Check-In.aspxTerrorists Check In<p>​Just after 8:00 a.m. on January 25, attackers detonated a truck bomb outside the gates of the Dayah Hotel in the Somali capital of Mogadishu before storming inside. Fifteen minutes later, another truck bomb exploded, and security forces were dispatched to take control of the hotel. </p><p>The hotel, located near Somalia’s Parliament building, was said to be popular with lawmakers and government officials. That may have made it a target for the attackers—later identified as al-Shabaab, an extremist group linked to al Qaeda, whose attacks are designed to turn Somalia into a fundamentalist Islamic state.</p><p>The attack in January killed at least 21 people and injured more than 50, according to CNN. It was just the latest in a succession of recent attacks on soft targets in Africa and Europe, and it raised awareness of a global and shifting threat that no international business can ignore: the risk of an attack on a hotel where a traveling employee is staying.</p><p>Since 2002, more than 30 major terrorist attacks have targeted hotels across the world. Because of this outbreak of attacks, businesses, tourism professionals, and hoteliers themselves are calling hotel risk procedures into question.​</p><h4>Hotels as Soft Targets</h4><p>Hotels became major targets for bomb attacks by terrorists in Asia in the 2000s, and the threat has since moved to Africa. Attacks against hotels in 2015 and 2016 accounted for a third of all major terrorist attacks in the world, likely because they are considered to be soft targets.</p><p>Some hotels make more attractive targets than others, for a variety of reasons. One of these is the opportunity to harm a large number of people. Hotels are gathering places, and in addition to guests there are visitors for banquets, as well as bar, restaurant, and leisure facility customers.</p><p>Another reason a hotel might be an attractive target is that it is likely to garner international media attention. The more victims there are from different countries, the more media attention the attack is likely to generate. </p><p>Attacks on hotels also express an ideology: international luxury hotels symbolize Western culture. Jihadists often consider hotels immoral places where men and women interact, and where alcohol is easily accessible.​</p><h4>Attack Strategies</h4><p>Terrorists used three attack strategies when targeting hotels between 2002 and 2015: explosives (44.4 percent), firearms (25 percent), and a combination of the two (30.6 percent), according to the Global Terrorism Database.</p><p><strong>Explosives.</strong> There are two varieties of attacks on hotels using explosives: the human bomb and the vehicular bomb. These tend to cause the most physical destruction and injure the most people, making them effective for terrorists.</p><p>Human bombs tend to have geographically restricted limits and are mainly used in spaces that are open to guests. For instance, in November 2005 in Amman, Jordan, terrorists detonated explosive belts in the ballroom of the Radisson SAS, near the coffee shop of the Grand Hyatt Hotel, and in the entrance of a Days Inn. Fifty-seven people were killed in the attacks, and more than 100 people were wounded, according to The New York Times.</p><p>In contrast, vehicular bombs account for 31 percent of terrorist attacks on hotels. This technique is used to cause large-scale material destruction and potential chain reactions from the explosion—such as gas line bursts, fire, structural collapse, and destruction of guest and staff lists.</p><p>In 2008, for example, terrorists packed a truck with a ton of explosives and drove it into the Islamabad Marriott’s security gate. The vehicle exploded, killing 53 people and injuring 271, and officials were concerned that the building itself might collapse and cause even more injuries and damage, The Telegraph reported.</p><p>Occasionally, the two techniques are used together. One such case was in 2005 in Sharm El Sheikh, Egypt, when terrorists set off a truck bomb near the Iberotel Palace hotel while simultaneously discharging a bomb in the façade of the Ghazala Gardens Hotel. They also detonated a third bomb in a parking lot of one of the city’s tourist areas. The coordinated attacks killed 88 people, most of whom were Egyptian instead of the targeted Western tourists, according to the Times’ analysis of the attack.</p><p><strong>Assaults. </strong>Terrorists often use the assault technique, armed with automatic rifles and hand grenades, to target hotels. This method makes it easier for the terrorists to damage a wider area while also killing a large number of people as they move through the hotel and its floors.</p><p>This kind of attack occurred in November 2015 when heavily armed and well-trained gunmen drove into the Bamako, Mali, Radisson Blu hotel compound. They detonated grenades and opened fire on security guards before taking 170 people hostage, according to The Guardian. Twenty-one people, including two militants, were killed in the attack and seven were wounded.</p><p>Terrorists will also move from one hotel to another, not hesitating to take clients hostage to make the operation last longer. The duration of the siege often has a direct impact on the amount of international media coverage the attack receives.</p><p>Additionally, some assault-style attacks show that terrorists had knowledge of the hotels before attacking them. For example, in the 2009 attacks on the Ritz-Carlton and the JW Marriott in Jakarta, the attackers blew themselves up—one in a parking garage at the Marriott and the other at a restaurant at the Ritz-Carlton. Authorities later discovered, according to the BBC, an unexploded bomb and materials in a Marriott guest room that was dubbed the “control center” for the attacks.</p><p>Terrorists also may plan to conduct attacks during a hotel’s peak operation times—such as during meals or organized events. For example, the attack in Bamako took place around 7:00 a.m. when breakfast, checkouts, and security officer shift changes were taking place.​</p><h4>Travel Policies</h4><p>Not all companies have well-developed travel security policies. Predictably, companies with employees who travel more frequently for work have a more advanced travel security program, as do companies that operate in countries with elevated security risks or in remote areas.</p><p>Companies also tend to have a more highly developed travel security program if one of their employees has been affected by a security incident, such as a hotel bombing, in the past. In this current threat environment, however, all international companies should review their travel risk policies because they have a duty to protect employees when they travel for work.</p><p>The European Directive on the Safety and Health of Workers at Work mentions this obligation, as do national regulations: Germany’s Civil Code, France’s Labor Code and a judgment by the Court of Cassation, and the United Kingdom’s Health and Safety at Work Act of 1974 and the Corporate Manslaughter and Corporate Homicide Act of 2007.</p><p>The United States also addresses this responsibility through its statutory duty of care obligations detailed in the Occupational Safety and Health Act of 1970. The act requires large and medium-sized companies to define basic emergency planning requirements.</p><p>Also, depending on the U.S. state, workers’ compensation laws may have provisions for American business travelers abroad. Similar obligations apply in Australia, Belgium, The Netherlands, and Spain. And case law has reinforced this legal arsenal addressing the security of employees traveling abroad.</p><p>Under these frameworks, employers must assess foreseeable risks, inform employees of these risks, and train them to respond.</p><p>And these risks are no longer reserved for employees traveling to Africa or the Middle East; the succession of terrorist attacks in countries qualified as low-risk destinations—Berlin, Brussels, Nice, and Paris—means that many companies need to address these locations in their crisis management preparation for employees traveling abroad.</p><p>Some companies have already changed their internal procedures to address these risks, including changing the way that hotels are chosen for business travel. ​</p><h4>Choosing Hotels</h4><p>Given the current threat environment and duty of care obligations for traveling employees, corporate security managers and travel managers need to work together to choose the right hotels. No matter the choice of accommodation, security and travel managers must conduct their own risk analysis to adopt the best strategy for choosing hotels for their employees. The analysis should include the destination, the profile of the business traveler, the duration of the employee’s stay, the company’s image, and the potentially controversial nature of the project in that destination.</p><p>Once the analysis is complete, companies have four options for choosing accommodations for traveling employees: international brand hotels, regional chain hotels, apartment or house sharing, or residences that are owned and operated by the company.</p><p>The most common option is to choose hotels with an international brand whose rates have been negotiated by the company. These big-name hotels can be reassuring. However, these institutions—described by some specialists as high-profile—tend to meet terrorists’ selection criteria for targets.</p><p>These hotels are also often franchise hotels, meaning they are independent institutions, master of their own investment decisions and the management of their staff. This can make it difficult for security professionals and travel managers to get answers to important questions during the vetting process: What security procedures does the hotel have in place and what is its staff management policy? Does it subcontract its security to a guard company or have its own security team?</p><p>The second option is to choose less emblematic hotels that some would consider low-profile, such as regional chain hotels—like Azalaï, City Blue, Serena, and Tsogo Sun in Pan-Africa—or independent boutique hotels. </p><p>Hotels such as these may provide more discretion than an international brand hotel, but may come with slightly lower levels of security, which could become a problem should a crisis develop. Lesser-known hotels, for instance, may not receive as rapid a response from security forces as a luxury hotel frequented by public figures and politicians. And for travel managers, this second option could be a difficult sell to employees who might be used to staying at international brand hotels.</p><p>Another option that companies might choose is to have employees stay at a private residence through the sharing economy, such as Airbnb. Google and Morgan Stanley recently began allowing employees to use Airbnb for business travel, and the company saw 14,000 new companies sign up each week in 2016 for its business travel services, according to CNBC. </p><p>For some destinations, this is not a viable option because of the lack of accommodations, but for other locations Airbnb has numerous places to stay and even offers a dedicated website for business travelers, which make up 30 percent of its overall sales.</p><p>One location where Airbnb is a pop­ular choice is in sub-Saharan Africa where a major influx of young expatriates used to traveling and staying in Airbnbs have rooms, apartments, and houses available for business travelers.</p><p>However, this option has collateral risks, and many companies forbid employees from staying at an Airbnb while traveling because of the lack of verification and vetting of the residences, which may not allow them to meet many companies’ duty of care obligations. </p><p>Also problematic is the risk that employees will get lost while trying to locate their Airbnb, as opposed to an easily identifiable hotel. And the traveler might be unable to check in when the host is unavailable to let them in or provide a key. </p><p>The Airbnb option also raises questions for security professionals: If it’s attacked, how will local law enforcement respond? Who is responsible for contacting law enforcement?</p><p>The final option is for the company itself to provide private accommodations for its travelers. This is only cost effective, though, for high-risk destinations where companies frequently send employees to work. With this option, companies have full control over the security of the accommodations. However, this level of security comes with a high operational cost—purchasing or renting the accommodation, ensuring the maintenance of the location, and supervising essential service providers, such as housekeeping and security.</p><p>Additionally, companies that choose to provide a private accommodation for traveling employees would have the responsibility to secure the property—creating a security plan; purchasing, installing, and implementing security equipment, such as access control, CCTV, and fences; and providing security staff, either in-house or through a contract.​</p><h4>Improving Security</h4><p>In 2002, a Palestinian suicide bomber killed 30 people at a Passover Seder at the Park Hotel in Netanya, Israel, in the deadliest attack during the Second Intifada. Following the attack, Israel’s hotel industry led the charge to address security threats by tightening security regulations. These regulations required the hospitality industry to staff a chief security officer in each hotel, led to the development of dedicated educational programs on security with recognized diplomas, and ultimately provided career opportunities for skilled and motivated security professionals.    </p><p>This model is one where companies can support hoteliers by including security as a key element when choosing which hotels can be used by employees on business trips.  </p><p><em><strong>Alexandre Masraff </strong>is a security and crisis management senior advisor at Onyx International Consulting & Services Ltd. and the cofounder of the InSCeHo certification program that focuses on hotel security. He is a member of ASIS International. <strong>Aude Drevon</strong> is a security analyst with a master’s degree in geopolitics and international security. <strong>Emma Villard</strong> is a regional security advisor based in Vienna, Austria, and a member of ASIS.     ​</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Sounding-the-Alarm-at-Lone-Star.aspxSounding the Alarm at Lone Star<p>In our interconnected world, the vast majority of people within a college campus community think little of an emergency and how the institution will communicate with them—until it happens. Then, they want timely information on what is occurring, what to do, and where they can learn more.  </p><p>There is an assumption that if anything happens, everyone will receive a text message instantly, the faculty and staff will know what to do, and there will be an announcement over a public address system. Expectations are set. </p><p>Recent events, like the shooting at Oregon’s Umpqua Community College in October 2015, have students, faculty, parents, and guests inquiring about the notification equipment and procedures in place on their campus. They want assurances that the emergency systems will work when needed. </p><p>Many institutions have opt-in text messaging solutions and public address systems used for a broad range of services, including special events. In an emergency, speakers, sirens, and horns are often the first warnings received that danger is present or imminent.  </p><p>To meet the expectation of the campus community, schools must understand what emergency communications are necessary, what the law requires, and what the school can afford.  </p><p>This was the challenge facing Lone Star College (LSC) in 2010. The largest higher education institution in the Houston area, with six colleges, eight centers, two university centers, and LSC-Online, LSC provides high-quality academic transfer, workforce education, and career training programs to more than 83,000 credit students each semester, and a total enrollment of 95,000 students. It would need a robust emergency communication system to support its diverse campus community. ​</p><h4>Crafting a Solution </h4><p>When LSC decided to create its notification system, LoneStarAlert, in 2010, it used a team approach, crafting a selection committee and choosing a sponsor who could move the project forward. An LSC vice chancellor responsible for safety and security was chosen as the sponsor—an indicator of the project’s importance within LSC. </p><p>LSC then began selecting its committee members, including a cross section of the organization: administrative, college relations, compliance, emergency management, facilities, IT, law enforcement, procurement, student services, and tenants. </p><p>The committee also included individuals who preferred the status quo system at LSC, which had six colleges and six alert systems with their own name, workflow, vendor, and contracts. Having individuals on the committee who represented each of these systems made them realize that one solution with one name was a better overall system for LSC. Because of this, these individuals felt they had a voice and were being heard, making them great ambassadors for the new system. </p><p>Once the committee was assembled, LSC began assessing its environment. It knew it had different systems and various levels of sophistication because the campus had buildings that ranged from 40 to less than five years old. The buildings were also geographically dispersed among the city of Houston and Harris and Montgomery Counties in Texas, each of which has its own building and fire codes.  </p><p>To tackle this service area—approximately the size of Rhode Island—LSC first targeted the LSC-Greenspoint Center, a mid-rise atrium building with the most stringent fire ordinances of all the buildings on LSC campuses.  </p><p>LSC also targeted buildings within two colleges: LSC-North Harris and LSC-Kingwood. LSC-North Harris was chosen because it is close to a major airport and runway. LSC-Kingwood was chosen because it falls under three jur­isdictions—half the campus sits in Montgomery County, the remaining half is in Harris County, and the entire campus is annexed by the City of Houston.  </p><p>Then, over a five-year period, LSC created a mass notification system (MNS) with multiple levels of redundancy. ​</p><h4>the lone star system </h4><p>LSC implemented LoneStarAlert in 2011, consolidating its various emergency campus text messaging services under one solution. LoneStarAlert is a Web-based warning system that can send voice and text alerts to registered individuals when an emergency occurs. </p><p>The system works by issuing an alert over speakers, via a prerecorded or live message, and through e-mail messages in English and Spanish. For example, for a lockdown the prerecorded message says: “Attention. Lockdown now. There is an emergency on campus. Go into the nearest room or closet and lock the door.” Messages also instruct the campus community to wait for further instructions while they remain in a safe place. </p><p>LoneStarAlert also uses text messages of 90 characters or less—in English and Spanish. For an active shooter situation, messages say “Lockdown now. Emergency on campus. Go to nearest safe place, stay calm, and wait for further instructions.”  </p><p>More than 100,000 users are registered for the alert system, and it is only used for emergency messaging and testing of the system. Users are added through an automated system at the beginning of the semester, and users also have the option to self-register.  </p><p>This information is collected in compliance with the State of Texas Education Code Section 51.218 Emergency Alert System. The code requires institutions of higher education to gather a student’s personal e-mail, cell phone, or telephone number to deliver emergency communiques; using only LSC’s e-mail and voice mail system does not satisfy the requirement. </p><p>This information must be added to LSC’s LoneStarAlert system once provided, typically during registration. This process is repeated at the start of each semester.  </p><p>The system is also designed as an opt-out system, rather than an opt-in (choosing to participate) system, in compliance with the code. LSC does not allow this data to be used for any other purpose.  </p><p>Some users are still reluctant to regist­er for LoneStarAlert for fear that their information will be sold to third-party marketers. Ensuring this personal information is only used for emergency use not only keeps LSC in compliance with state regulations, it also shows that the institution is committed to protecting users’ privacy.  </p><p>LSC has made a commitment to closely manage this information and grant access to it only on a need-to-know basis and as authorized.  ​</p><h4>targeting the lsc population </h4><p>For an MNS to work, the institution has to think of the recipients it wants to target and ensure the system is capable of sending alert messages to those target groups. </p><p>LSC identified its target groups as employees, distribution lists (internal and external response teams), dynamic groups (created as needed), geographical locations, networked equipment, students, contractors, tenants, and guests. </p><p>LSC also needed to consider its unique status as a commuter college without campus housing. Some students, employees, and guests visit different campus locations more than once throughout the semester. Sending an emergency communication to just one given area would limit the reach of the MNS, and might miss some individuals who are en route and others who want to know what is occurring on any LSC campus.  </p><p>Instead, the system would need to be structured to send emergency messages to all registered users, regardless of their location. This system would be easier for LSC to administer and more desirable for the LSC community. </p><p>LSC also knew that accessibility and inclusion would be key to the success of its MNS. The system would need to be accessible to individuals with physical, sensory, mental health, and cognitive or intellectual disabilities that affect their ability to function independently. </p><p>The system would also need to be inclusive of seniors, those with limited English proficiency, and unaccompanied minors on campus. LSC has dual education programs for high-school students, Discovery College for children during the summer, full- and part-time day care centers, high schools, and public libraries that all provide opportunities for underage guests on campus.  </p><p>To reach these individuals, LSC would need to design its MNS to provide information online and to enroll them through LoneStarAlert. Because minors cannot be asked directly for personal contact information, LSC would have to work with leaders of these various groups to contact parents and guardians—who would then provide the information that then allowed their child to be enrolled in the system. </p><p>LSC also knew that its system would need to reach the public libraries, four-year educational partners, school systems, executive conference centers, and commercial tenants that are a part of its campus. To reach these stakeholders, LSC would have to provide instructions and a means for individuals to self-register in LoneStarAlert. ​</p><h4>choosing the right integrator </h4><p>LSC awarded its initial MNS contract to a local system integrator, Convergint Technologies. They worked together to create LSC’s wide-area MNS, which is used for any hazard or threat that poses an imminent or present danger and requires immediate action. This includes an evacuation, shelter-in-place, or lockdown scenario. Advisories and alerts that do not pose an imminent or present danger are sent out via LSC e-mail. </p><p>LSC’s MNS is deployed using Windows and Microsoft SQL Servers in a secured and high availability environment. The servers are clustered into a shared pool of monitored resources, so if a host fails, the system immediately responds by restarting each affected host from a different host. </p><p>The MNS encodes and decodes audible signals and live-voice messages transmitted across a TCP/IP local area network using voice over Internet protocol (VoIP). LoneStarAlert text, voice mail, and e-mail are delivered using a Web-based application hosted by the provider. </p><p>LSC’s wide-area MNS command system is located at the main administrative offices and is interconnected with each campus’ central control station, comprising the total system.  </p><p>Each campus is classified as a zone, and each building within a zone is considered a sub-zone. Most campuses have sub-zones that are interconnected. This configuration enables activation of prerecorded, live voice, or tone signals that can be sent to a sub-zone, zones, or the total system, providing redundancy throughout the system. </p><p>LSC police dispatch is responsible for immediately distributing voice messages or alert signals. It is authorized—and empowered—to send emergency messages to the affected populations using either prerecorded messages or live messaging via the wide-area MNS and LoneStarAlert.  </p><p>Dispatchers will send an alert when requested by an officer on the scene, or when requested by senior leadership. They will also issue an alert if there is credible information coming to the dispatch center that warrants sending a message. </p><p>As part of its initial installation, LSC included speakers for common areas with signals adjusted so the message could be heard through a closed door. However, the level of noise in the area impacts the level of intelligible voice or tone that can be heard.  </p><p>Additionally, LSC has video displays at all of its campuses where emergency messages are displayed using a digital management system. This ensures that individuals who cannot hear the emergency alerts do not miss them. </p><p>LSC also uses a buddy system where a buddy will help ensure a person with functional needs is supported, and first responders are aware of their last known positions and conditions. This information is then captured—when provided—in each campus fire safety plan. </p><p>As an additional measure, most LSC campus community members have cell phones. This enables those who are deaf or have other hearing impairments to receive emergency text messages and, where available, two-way communications using the Telecommunications Relay Service (TRS).  </p><p>The TRS bridges the communication gap between voice telephone users and people with hearing impairments by allowing users anywhere in the United States to dial 711 to be connected to a TRS operator. The operator then serves as a link for the call, relaying the text of the calling party in voice to the called party, and converting to text what the called party voices back to the calling party. </p><p>Following the initial setup, in-house resources assumed most of the responsibility for supporting the system over a five-year period. However, the system integrator supplements LSC resources.  </p><p>Additional system integrators are also used to provide support for the MNS. Sharing the service responsibilities among multiple vendors provides redundancy in the event a vendor is unable to provide services to one or more of LSC’s locations. ​</p><h4>testing </h4><p>Whether a fire exit drill or a lockdown drill, testing of emergency communications processes and systems is a base requirement. LSC has a rolling three-year sustainability and exercise program that’s part of the LSC Emergency Management Plan, which tests the LoneStarAlert and its MNS. </p><p>In the beginning, some questioned the approach and anticipated backlash from disrupting operations by testing the systems. However, LSC quickly learned that the process built confidence within the community that the school is doing its part to keep its campus safe. </p><p>Testing also gave users who were registered incorrectly and did not receive text message alerts a chance to inform LSC. Users who did receive texts and e-mail alerts could also report how long it took to receive them. </p><p>This helped LSC determine that, on average, more than 95 percent of regis­tered users received text and e-mail alerts within two to three minutes of activation. </p><p>On one occasion when LoneStarAlert was not tested during a larger emergency management drill, LSC received negative feedback, debunking the myth that testing the system during normal operations is viewed negatively. This approach has helped LSC align its MNS with its brand.   </p><p>-- </p><p><em>Denise Walker is chief emergency management officer at Lone Star College System, responsible for policy and direction on emergency management; safety and security audits; fire safety; environment, public health, and safety; and victim advocacy. She serves as the chair of the Greater Houston Local Emergency Planning Committee and is executive member of the Texas Emergency Management Advisory Committee. She is the author of several books, including Mass Notification and Crisis Communications: Planning, Preparedness, and Systems.   ​</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Training-Your-Team.aspxTraining Your Team<p>​</p><p>Whether the action is on the battlefield or the basketball court, you can be certain that the winning team owes its success in large measure to extensive training. Recognizing the importance of training to any team’s performance, the Cincinnati Children’s Hospital Medical Center set out to makes its own training program better. </p><p>The existing training program, which the director of protective services felt lacked specificity, consisted of one of the shifts’ veteran officers sitting with the new security employees and covering several department and hospital-specific policies along with administrative topics. Additionally, the new officers would be given several commercially produced security training videotapes to view, after which they were required to complete the associated tests. Following the completion of the tapes and review of the policies and administrative procedures, officers would go through brief hands-on training for certain subjects such as the use of force and pepper spray.</p><p>Once they completed these tests and training sessions, the officers would then begin their on-the-job training. Officers have historically stayed in the on-the-job phase of training between three and five weeks, depending on how quickly the officers learned and were comfortable with command center operations. When the officers completed their training program, they had to pass the protective services cadet training test as well as a test on command center procedures.</p><p>Training council. To help devise a better training program, the security director chose several members of the staff to sit on a training council. The group, which included the director, three shift managers, and the shift sergeants, met to discuss the current training program and what could be done to enhance it.</p><p><br>Through discussions with new employees, the council learned that the existing program was boring. The council wanted to revitalize the training to make it more interesting and more operationally oriented. The intent was to emphasize hands-on, performance-oriented training. The council also wanted to improve the testing phase so that the program results could be captured quantitatively to show the extent to which officers had increased their knowledge and acquired skills. <br> <br>Phases. The council reorganized training into four phases: orientation, site-specific (including on-the-job), ongoing, and advanced. Under the new program, the officers now take a test both before training, to show their baseline knowledge, and after the training, to verify that they have acquired the subject matter knowledge; they must also successfully demonstrate the proper techniques to the instructors.</p><p>Orientation training. The orientation training phase begins with the new employees attending the hospital’s orientation during their first day at the facility. The security department’s training officer then sits down with the new officers beginning on their second day of employment. This training covers all of the basic administrative issues, including what the proper clock-in and clock-out procedures are, when shift-change briefings occur, and how the shift schedules and mandatory overtime procedures function.   </p><p>The training officer also administers a preliminary test to the new officers that covers 12 basic security subjects including legal issues, human and public relations, patrolling, report writing, fire prevention, and emergency situations. New employees who have prior security experience normally score well on the test and do not need to view security training tapes on the subjects. The officers must receive a minimum score of 80 percent to receive credit for this portion of the training. If an officer receives an 80 percent in most topics but is weak in one or two subjects, that officer is required to view just the relevant tapes, followed by associated tests.</p><p>All officers, regardless of the amount of experience, review the healthcare-specific tapes and take the related tests for the specific subjects including use of force and restraint, workplace violence, disaster response, bloodborne pathogens, assertiveness without being rude, and hazardous materials. Also included in the orientation training phase are classes covering subjects such as pepper spray, patient restraint, defensive driving, and the hospital’s protective services policies.</p><p>Site-specific training. During site-specific training, officers learn what is entailed in handling specific security reports. The shift manager, shift officer-in-charge, or the training officer explains each of the reports and has the new employee fill out an example of each. Examples of reports covered in site-specific training include incident reports, accident reports, field interrogation reports, fire reports, motorist-assist forms, ticket books, safety-violation books, broken-key reports, work orders, bomb-threat reports, and evidence reports.</p><p>On-the-job training is also part of the site-specific training phase. The new employee works with a qualified security officer for a period of two to three weeks following the first week of orientation training with the departmental training officer. The new employee works through all of the various posts during this time. At least one week is spent in the command center. The site-specific phase of training culminates with both the security officer cadet training exam and the command center exam, which were also given in the original program.</p><p>Ongoing training. The ongoing training includes refresher training in which shift managers have their officers review selected films covering healthcare security and safety subjects. The training occurs during shift hours. The officers also receive annual refresher training covering topics such as using pepper spray and employing patient-restraint methods.</p><p>Another type of ongoing training, shift training, is conducted at least weekly. Managers conduct five-to ten-minute meetings during duty hours to refresh the security staff on certain subjects, such as customer service. These sessions are not designed to deal with complex topics. Managers can tie these sessions to issues that have come up on the shift.</p><p>Advanced training. Advanced training includes seminars, management courses, and sessions leading to professional designations and certifications. Qualified personnel are urged to attend seminars sponsored by several professional societies and groups such as ASIS International, the International Healthcare Association for Security and Safety, and Crime Prevention Specialists. Staff members are also encouraged to attain the Crime Prevention Specialist (CPS) certification, the Certified Protection Professional (CPP) designation, and the Certified Healthcare Protection Administrator (CHPA) certification.</p><p>Staff members are urged to pursue special interests by obtaining instructor certification such as in the use of pepper spray or the use of force. This encouragement has already paid off for the hospital. For example, the department’s security systems administrator has trained officers on each shift in how to exchange door lock cylinders, a task that would previously have required a contractor. Officers are currently being trained to troubleshoot and repair CCTV, access control systems, and fire alarm equipment problems.</p><p>Training methods. A special computer-based training program was developed to help quantify and track the success in each of the training modules. Additionally, a program was developed to present training subjects during shift changes.</p><p>Computer training. Security used off-the-shelf software to create computer-based training modules and included them in the site-specific training and ongoing training phases, both of which occur during shift hours. The training council tasked each shift with creating computer-based training modules for the various security officer assignments on the hospital’s main campus and off-campus sites. These training modules cover life safety, the research desk, the emergency department, exterior patrols, foot and vehicle patrols, and the command center.</p><p>The training council asked officers to participate in the creation of the computer-based training modules. The officers produced the training modules during their respective shifts when it did not interfere with other responsibilities.  </p><p>The group participation paid off. For example, the officers who created the command center and the emergency-department training modules not only spent several hours discussing what information should be included in the modules, but then allowed their creativity to flow by using the software to make these modules interactive. These particular modules include test questions of the material, and the program will respond appropriately to the employees as they answer the questions correctly or incorrectly. The volunteers also created tests for before and after an officer goes through each of the computer modules to track the effectiveness of the training.</p><p>Shift-change training. A major question with ongoing training is how to fit it into the officer’s routine. For most industries using shift work, difficulties arise when trying to carve out enough training time without creating overtime. The training council decided to take advantage of downtime that occurs as officers come to work ready for their shift to begin. They are required to show up six minutes before the shift. This time is now used for training.</p><p>The shift-change training is used to cover specific topics—already covered in some of the training phases—that can be easily encapsulated into a six-minute program. For example, some topics include departmental policies, radio communication procedures, command center refresher sessions, self-defense subjects, confronting hostile people, proper report writing, and temporary restraint training. By implementing the shift-change training sessions on a weekly basis, the department created an additional five hours of training per year for each officer.</p><p>One of the security supervisors created a six-minute training binder to house all of the lesson plans. Each shift supervisor uses the same lesson plan so that the training is consistent across the shifts. As with all other training, the before-and-after tests are given to quantitatively document changes in subject knowledge or skills.</p><p>Results. After implementing the training program, the training council wanted to check the initial results to see whether the training was effective. There were numerous quantifiable measurements that the council could use to evaluate the new training program, such as tracking the rate of disciplinary actions from the previous year to the current year. However, since the council desired to have a quick assessment of the training program changes, it decided to compare the after-training test scores to the before-training test scores for the computer-based training modules as well as the scores of the six-minute training tests. </p><p>To the council’s surprise, the initial tabulated scores resulted in an average before-training test score of 93 percent and an after-training test score of 95 percent. The council also found in many of the officers’ tests that they missed the same questions on both the before and after tests.</p><p>Based on these results, the council decided to make several changes. First, the test questions were reviewed and tougher questions were added. Based on the preliminary test score, the council felt that the questions were not challenging enough and might not indicate how competent the officers were with the subject matter. </p><p>The training council assigned each shift the task of revising the tests for their computer-based training modules as well as the six-minute training tests. The goal was to make the tests more challenging and to obtain more accurate assessments of the effectiveness of the training program. </p><p>The training council also reviewed how the different shifts were conducting the six-minute lessons. Managers noted that the shifts initially followed the schedule of the six-minute subjects from week to week, but then they began to conduct their own lessons without an accepted lesson plan or to forgo training altogether. </p><p>To avoid this problem, the training council determined that the training program needed to be more structured. The group created a schedule to indicate which class would be covered each week. One of the shift supervisors volunteered to take over the six-minute training program and formally structure it so that each shift would conduct training in a consistent manner.</p><p>The training council has plans to further hone the training program in the near future. The council plans to analyze the program us­ing other quantitative evaluative instruments such as an employee survey and a comparison of disciplinary action data from previous years. </p><p>In battle, it is said that an army fights as it has trained. Thus, commanders know the value of training. In the businessworld, though the stakes are different, training is no less critical to the success of the mission.</p><p>Ronald J. Morris, CPP, is senior director of protective services at Cincinnati Children’s Hospital Medical Center. Dan Yaross, CPP, is manager of protective services. Colleen McGuire, CPS (crime prevention specialist), is sergeant of protective services. Both Morris and Yaross are members of ASIS International.</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465