Healthcare

 

 

https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspxSupply Chain StrategiesGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-02-01T05:00:00Zhttps://adminsm.asisonline.org/pages/holly-gilbert-stowell.aspx, Holly Gilbert Stowell<p>​Take almost any product you have purchased in a store or used at home or work in the last week. Chances are, that object moved thousands of miles from where it was originally manufactured to the place where it was ultimately purchased or delivered to you. Organizations have intricate supply chain networks that are constantly moving every day around the world, and having an efficient supply chain security program ensures that movement of goods is not interrupted or compromised. </p><p>Security professionals must take a detailed look at the vendors who supply their assets and understand how those goods will be handled and ultimately implemented into their company’s operations or services. Following is a look at how a children’s hospital in Alabama applied supply chain security best practices to weather an unexpected storm, as well as provide for day-to-day operations. In addition, supply chain experts discuss lessons learned from their own experience of conducting risk assessments, following standards, and vetting suppliers and transporters to better protect company property. ​</p><h4>Alabama Children’s </h4><p>When a snowstorm hit Birmingham, Alabama, on January 28, 2014, the city was caught unawares. The snowfall, which quickly turned to ice, left thousands stranded on highways or in their offices. Children were stuck at school, their parents unable to pick them up. The event became known as “Snowpocalypse,” and news service AL.com called it “the winter storm that brought Birmingham to its knees.” </p><p>Hospitals were affected by the storm as well, including Children’s of Alabama. The pediatric center encountered vulnerabilities in its supply chain during that event it hadn’t previously considered, says Dennis Blass, CPP, PSP, director of safety and security at the hospital. </p><p><strong>Lessons learned. </strong>Every year the hospital conducts a hazards vulnerability assessment for its supply chain to find out where it can improve safety and security. “Once you identify your hazards and your vulnerabilities–the things that are dangerous to you or the things that you’re weak in–then you start peeling those back,” he says. “If we identify hazards that we need to correct, then we probably are going to create a management plan to correct those issues.” </p><p>Many displaced people in the community turned to the hospital for shelter when they had nowhere else to go. “We have a very prominent position in the Birmingham skyline, so if things look bad, the hospital looks like a place to go and get help–as it is,” Blass says. There were also clinic patients who had come to the hospital that morning for a routine checkup, planning to leave; many of them were stuck because of the snowstorm, which began around 10:30 a.m. local time.</p><p>Instead of being filled to the normal capacity of 300 people—the number of beds in the hospital—there were roughly  about 600 people who spent about 48 hours at the facility to ride out the storm.</p><p>The number of people at the hospital exposed one unforeseen vulnerability—obtaining clean linens from its supplier, which is separated from the hospital by a chain of mountains. “The supplier can wash the linens, but they can’t deliver them to us…we ended up making it, but that was a close call,” says Blass.</p><p>“We could handle supplies for patients, but we had a lot of people who just came to the hospital because it was a warm place to be,” according to Blass. “That had impacts on the amount of food that got consumed, and it had impacts on the amount of linens we went through. Just things that people need, supplies like toilet paper, things you don’t think a lot of.” </p><p>For those who weren’t patients, the hospital served smaller meals than normal; “sandwiches and soup, as opposed to meat and potatoes,” Blass says, to stretch resources. </p><p>The main drug supplier for the hospital is located in the same region, so obtaining critical medicine was not a concern during the storm. The hospital also has plenty of diesel fuel tanks, and can go for days without restocking. Only the insufficient linens, which must be sent off to a facility for proper sanitation before being returned to the hospital, turned out to be an issue.</p><p>“We did an after-action report on that experience, so we…put it in our emergency management plans for the future,” he notes.</p><p>The hospital’s emergency plans help ease any supply chain shortages. The institution follows the hospital incident command system (HICS) which assigns temporary duties to leadership during an emergency. For example, during the snowstorm, the chief operating officer of the hospital assumes the role of incident commander; an information officer is assigned to keep the community informed of hospital activities; and the plan also incorporates a medical officer, logistics chief, and planning chief. </p><p>During the incident, this system helped ensure proper patient care and as few gaps in the supply chain as possible. “Food was getting tight,” Blass says, and the food warehouses are not located near the hospital. “Because of the command structure, leadership can say, ‘okay you have a company credit card, we’ll contact the bank and raise your limit from $500 to $5,000 or whatever you need.’”</p><p>The U.S. Joint Commission, which certifies and accredits healthcare bodies, requires that hospitals have a group with representatives from various divisions that evaluates the standard of care they are providing to patients. Alabama Children’s has an environment of care committee that meets once a month to complete this requirement. “Our environment of care committee looks at things like safety, security, and resource management,” says Blass. “We have to meet the Joint Commission’s standard, and it surveys us every three years.” </p><p>Representatives on the team at Alabama Children’s include staff from the pharmacy, medical team, facilities, human resources, dining services, and more. This team ensures that there aren’t any gaps in the supply chain that would interrupt the hospital’s daily operations. As a rule, Blass says that having enough supplies for 96 hours will allow the facility to continue operating smoothly and efficiently. This includes a variety of items that the environment of care team must carefully think through and document. “You’re talking about water, fuel, basic sanitary supplies, and then you start talking about medicine and those things necessary for a hospital to run,” he says. </p><p>And there can be more than one type of each supply, a detail that, if overlooked, could mean life or death. “We have pumps that pump air, we have pumps that pump blood, we have pumps that pump saline, we have pumps that do many different things. You have to have all the things needed to make those supplies work for 96 hours,” he notes. </p><p>Keeping track of inventory is critical to determine whether the hospital has a sufficient supply of each item. Blass says that the hospital is moving toward a perpetual inventory system, where a new item is ordered as soon as one is pulled off the shelf. </p><p>There is a downside to stocking too many items, which is why it’s a delicate balance between having 96 hours’ worth of supplies and more than enough. “Space is expensive. And if you want to have enough water for four days, how much water is that? Where do you put it? How do you keep it fresh?” He adds that the hospital must be thoughtful in its policies and procedures on maintaining its inventory to avoid any issues.  </p><p>Thankfully, Blass notes, t​he 2014 snowstorm only lasted 48 hours. “The size of the surge exceeded our plan, but the length of the surge was shorter than our plans, so it all worked out,” he says. </p><p>And not every element of securing the supply chain is tangible; the information and communication pieces are also critical. “Every day we’re getting blood supplies in, and other kinds of materials that must be treated very carefully,” he says. Special instructions need to be followed in many cases. For example, there may be medicine that must be stored at a precise temperature until 30 minutes before it’s dispensed. That information must be communicated from the pharmacist to the supplier, and sometimes to security, who can give special access to the supplier when it delivers the drugs. </p><p>Blass is a member of the ASIS International Supply Chain and Transportation Security Council. He helped develop an American National Standards Institute (ANSI)/ASIS standard for supply chain security, Supply Chain Risk Management: A Compilation of Best Practices Standard (SCRM), which was released in July 2014. The standard provides supply chain security guidelines for companies, and has illustrations of what exemplary supply chain models look like.</p><p><strong>Best practices.</strong> Marc Siegel, former chair of the ASIS Global Standards Initiative, also participated in the creation of the ANSI/ASIS standard, which provides explanations of how to look at managing risk in the supply chain. “It’s based on the experiences of companies that have very sophisticated supply chain operations,” he tells Security Management. “The companies that put it together were really looking at having a document that they could give to their suppliers, to help them look at themselves and think of things that they should be doing and preparing for.” </p><p>Siegel is now director of security and resilience projects for the homeland security graduate program at San Diego State University. He promotes supply chain mapping, which takes a risk management–based approach to supply chain security. “Traditionally, a lot of security people have looked at supply chain as logistics security,” he says, “whereas companies with major supply chain considerations have been moving more into an enterprise risk management perspective.” These organizations take an across-the-board look at risks that could create a disruption in the supply chain, asking themselves what the specific things are that could interrupt or prevent them from manufacturing or delivering their product. </p><p>Siegel says there is a disproportionate focus on bad actors and intentional acts as threats to the supply chain, when more often it’s a natural disaster or accident that causes the most significant disruptions. “The broader risk management perspective is also looking at, ‘Is there a potential for a storm, is there a potential for political disorder, or instability in a region, that can cause a delay in processing?’” Only then, he says, are companies efficiently mapping out all the factors that could introduce uncertainty.</p><p>Maintaining a broader perspective will keep organizations from fixating on two of the most common hangups in supply chain security. “You have people who fixate on ‘everything is a threat,’ and you have people who fixate on ‘everything is a vulnerability,’ and if you only fixate on those two things you’re going to miss a lot of stuff,” Siegel says.</p><p>Blass agrees. “When we start that annual hazards vulnerability assessment, I’m going to look through the standard and notes I’ve written myself to make sure I’ve got everything covered,” he notes. “You can never rest and say, ‘well, we’re safe and secure and we don’t have to do anything else,’ because the threats keep changing.”   ​</p><p>--</p><h4>Sidebar: assess risk<br></h4><p> </p><div>​For the co​rporation that produces the F-35 fighter jet and other advanced technologies for the U.S. government, supply chain security is of utmost importance. “The threats that we face are universal in nature due to the size and the complexity of our supply chain,” says Vicki Nichols, supply chain security lead for Lockheed Martin’s Aeronautics business. </div><div><br> </div><div>Lockheed Martin Aeronautics assesses the supply chain in a number of categories, but Nichols works most closely with cargo security. “The threats there are cargo disruption, unmanifested cargo, and anti-Western terrorism,” she notes. </div><div><br> </div><div>The division conducts a risk assessment of its international suppliers. “We look at what type of products they provide us and how vulnerable that product is to manipulation or intellectual property theft, and we look at country risk,” she says.  </div><div><br> </div><div>The company sends a questionnaire to its suppliers, and comes up with an overall score for each of them based on 10 criteria, including country risk and transportation mode. In many cases, it also sends field personnel to evaluate the supplier’s facility. “If we know we have eyes and ears going in and out of the facility, and those people are trained to recognize red flags, then we know we have a lower threat because of our presence,” she says. </div><div><br> </div><div>After one such site check at a facility in Italy, Lockheed Martin Aeronautics determined that the use of technology was warranted to further enhance security. “The concern was that the area was known for introduction of unmanifested cargo—weapons, cargo disruption,” she notes. “We began to look at tamper-evident technologies, and track-and-trace devices that would allow us to know if someone had opened or tampered with the freight.”  </div><div><br> </div><div>Lockheed Martin has a corporate supply chain security council that meets at least once a month to provide updates and discuss any issues that arise. Representatives from the company include human resources, personnel security, physical security, and counterintelligence. Stakeholders from major partner organizations are also invited to participate.</div><div><br> </div><div>Lockheed Martin Aeronautics also works closely with law enforcement and federal intelligence sources who disseminate relevant information to the company. “We subscribe to some intelligence data that is cargo-specific, so we issue a spotlight report about three times a week just to keep people engaged and aware of the threats in the supply chain,” she notes. </div><div><br> </div><div>Supplier engagement is also critical, Nichols says, so the company stays in touch with about 120 suppliers internationally. </div><div><br> </div><div>Sometime in 2017, Lockheed Martin Aeronautics plans to purchase a software management tool that will release supplier questionnaires in the native language for countries it does business with. It will tap existing resources such as “Supplier Wire” to offer training to the supply base. “This will be another evolution on how we can engage, rather than just sending them to a website,” Nichols says. “I think it’s important for our supply base to see how seriously we take security, so they will take it seriously as well.”​</div><div><br> </div><h4>sidebar: consult standards<br></h4><p> </p><p>​Laura Hains, CPP, operations manager, supply chain security and consulting at Pinkerton, member of the ASIS International Supply Chain and​ Transportation Security Council, says that companies should research whether their partners and suppliers are following major supply chain security protocols, like those put out by ASIS, and others such as the Transported Asset Protection Association (TAPA) standards for trucking companies. “TAPA is one of the big authorities on trucking, so if a company says they are TAPA certified, that to me says that they follow protocol,” she says. </p><p>Other standards include the National Strategy for Global Supply Chain Security which U.S. President Barack Obama signed in 2012 and was designed to enhance public-private partnerships. Arthur Arway, CPP, author of Supply Chain Security: A Comprehensive Approach, says the framework seeks to combine input from government and industry on protecting the transport of goods to and from the United States. “I think the government is far more willing to seek out subject matter experts and all the different modes and companies that may transport goods into the United States for their help,” he says. Arway adds the document is relatively recent, and that it could take a while before it is widely adopted. </p><p>Though terrorism is an uncommon threat to the supply chain, it must always be a consideration. Hains gives the example of vehicular attacks. In Nice, France, on July 14, 2016, Tunisia native Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd of Bastille Day festival-goers. That attack killed 86 people and injured more than 400. New York police also warned of possible vehicular terrorism against the 2016 Macy’s Thanksgiving Day Parade. “A small company truck—that could be a target,” notes Hains. “So everybody has to think about terrorism because it’s out there.”</p><p>Another standard at the national level seeking to combat terrorism within the supply chain is the U.S. Customs Trade Partnership Against Terrorism (C-TPAT). The program is voluntary for private industry, but Arway says the national standards as a whole are seeing global adoption.​</p><p>“Standards have come a long way in how they’ve been able to incorporate security into the movement of goods,” he notes. “Many countries have accepted these programs into their own supply chain security programs.”​</p>

Healthcare

 

 

https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspx2017-02-01T05:00:00ZSupply Chain Strategies
https://sm.asisonline.org/Pages/Radioactive-Remedies.aspx2017-02-01T05:00:00ZRadioactive Remedies
https://sm.asisonline.org/Pages/The-Top-Ten-Challenges-for-ED-Security.aspx2016-12-01T05:00:00ZThe Top Ten Challenges for ED Security in 2016 and Beyond
https://sm.asisonline.org/Pages/Guns-and-Healthcare.aspx2016-11-23T05:00:00ZInfographic: Guns & Healthcare
https://sm.asisonline.org/Pages/Speedy-Surveillance.aspx2016-11-01T04:00:00ZSpeedy Surveillance
https://sm.asisonline.org/Pages/Patient-Zero.aspx2016-07-01T04:00:00ZPatient Zero
https://sm.asisonline.org/Pages/Hide-Hide-Hide.aspx2016-07-01T04:00:00ZHide. Hide. Hide.
https://sm.asisonline.org/Pages/Book-Review---Hospital-and-Healthcare-Security.aspx2016-03-11T05:00:00ZBook Review: Hospital and Healthcare Security, Sixth Edition
https://sm.asisonline.org/Pages/BCHS-Protects-Patient-Data.aspx2016-02-12T05:00:00ZBCHS Protects Patient Data
https://sm.asisonline.org/Pages/On-the-Record.aspx2016-01-14T05:00:00ZOn the Record
https://sm.asisonline.org/Pages/Industry-News-December-2015.aspx2015-12-01T05:00:00ZIndustry News December 2015
https://sm.asisonline.org/Pages/Inoculating-Against-Violence.aspx2015-11-30T05:00:00ZInoculating Against Violence
https://sm.asisonline.org/Pages/Culture-of-Caring.aspx2015-09-01T04:00:00ZCulture of Caring
https://sm.asisonline.org/Pages/Fuga-de-Información-Médica.aspx2015-06-10T04:00:00ZFuga de Información Médica
https://sm.asisonline.org/Pages/Swiping-Medical-Data.aspx2015-06-01T04:00:00ZSwiping Medical Data
https://sm.asisonline.org/Pages/Threats-to-Health.aspx2015-03-16T04:00:00ZThreats to Health
https://sm.asisonline.org/Pages/A-Deadly-Map.aspx2014-12-01T05:00:00ZA Deadly Map
https://sm.asisonline.org/Pages/News-and-Trends-December-2014.aspx2014-12-01T05:00:00ZNews & Trends
https://sm.asisonline.org/Pages/lax-lab-safety.aspx2014-11-01T04:00:00ZLax Lab Safety
https://sm.asisonline.org/Pages/leave-the-LEDs-On.aspx2014-11-01T04:00:00ZLeave the LEDs On

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Threats-to-Health.aspxThreats to Health<p>​<span style="line-height:1.5em;">Joseph Sweeney served as a New York Police Department officer for 21 years and ran his own security company—witnessing the full range of crimes and sticky situations that the Big Apple has to offer—but he never guessed what challenges were in store when he became the director of hospital police at Bellevue Hospital Center in 2010. “You can’t shut the doors and walk away. You have to deal with whatever happens. It’s a 24-7 business, and you can’t turn anybody away,” Sweeney says. “It’s like being in charge of a small city.”</span></p><p>Today, healthcare security directors like Sweeney are in charge of small cities with growing crime rates. According to a 2014 crime survey conducted by the International Association of Healthcare Security and Safety (IAHSS), the rate of violent crime in American healthcare facilities rose by 25 percent from 2012 to 2013, and the rate of disorderly conduct jumped by 40 percent. </p><p>Jim Stankevich, a past president of IAHSS, tells Security Management that the survey results reflect the need for comprehensive physical security in hospitals, especially visitor management systems—a tool that he admits isn’t always conducive to the open environments of traditional hospitals.</p><p>“Every hospital technically should know every person that enters a facility, why they’re there, and where they’re going, whether it be a contractor, vendor, patient, or visitor,” Stankevich says. “The problem is many hospitals are over 50 years old, and they probably have up to 50 entrances on the ground level, which makes it kind of impossible for them during normal business hours to really control that access.”</p><p>Sweeney points out that the hospital industry—even the security aspect—is a customer service business. “There’s an emphasis on the patient experience, and we’re a part of that,” he says. The balance between creating an open, customer-oriented environment and keeping those customers safe is a challenge, Sweeney notes.</p><p>The increase in active shooter scenarios, crime numbers, and the routine threats hospitals face on a day-to-day basis all combine to make physical security at healthcare facili­ties more important than ever. Whether it’s at a metropolitan hospital, a network of nonprofit healthcare facilities, or a research-based medical center, security directors have to employ a combination of training and technology to keep their small cities secure. ​</p><h4>Medicine in Manhattan </h4><p>Bellevue Hospital Center was founded in 1736 and is the oldest continuously operating hospital in the United States. In 2013, it housed 828 beds, and more than 115,000 people visited its emergency room. More than 80 percent of Bellevue’s patients are from New York’s medically underserved population.</p><p>Sweeney, who oversees the peace officers stationed throughout Bellevue, says the hospital’s open atmosphere presents a number of challenges when it comes to securing the facility. Many buildings in New York require identification and screening upon entering, but Bellevue’s open environment during daytime hours allows people to come and go freely, he explains.</p><p>“In a sense, we’re the softest target left, especially in Manhattan,” according to Sweeney. “You go to any other building in Manhattan and it’s difficult to get into, but the hospital is the one place that’s open. That’s the philosophy here, and I don’t disagree with that. But it does make it more challenging for security.”</p><p>Hundreds of patients, visitors, doctors, and staff move in and out of Bellevue every day, and Sweeney says one of the most difficult parts of keeping everyone safe is managing the wide variety of people who come and go. </p><p>“These are folks who are outpatients or they’re presenting themselves to the hospital for some type of service, but they have some sort of psychiatric issue, and it’s very challenging to deal with, but we can’t turn them away.” Sweeney notes. “I’d say the biggest challenge for anybody in the healthcare industry is dealing with somebody who’s emotionally disturbed or even just upset—people are sick and dying, their loved one is sick or in pain or dying, and it’s a very challenging environment.”</p><p>Indeed, the IAHSS report found that 93 percent of assaults in healthcare facilities were directed at employees by patients or visitors. This is why Belle­vue’s security officers are thoroughly trained to de-escalate almost any situation, Sweeney explains.</p><p>“We’re a part of the patient experience, and we’re a part of making sure that these people get the care that they need,” he says. “At the same time, we’ve got to keep the place safe.”</p><p>When Sweeney first came to Bellevue, no identification was required to access any area of the hospital. Over the past five years, he’s helped implement restricted access areas within the hospital with the help of access control technology while still committing to providing a positive experience for visitors, he explains.</p><p>“We couldn’t survive without the technology,” he says. “It’s really allowed us to focus our people where they need to be, and that’s important to have a good balance because this is a people business.”</p><p>For example, areas in the hospital with psychiatric patients are equipped with silent panic buttons that alert security officers of an incident. “When you’re dealing with a psychiatric patient, you don’t want to escalate the situation,” Sweeney notes. “You don’t want to call and say, ‘Hey, police, this guy is getting aggressive, come and help me.’ Just saying that makes the person more aggressive.”</p><p>Access control technology also helps keep vulnerable patients safe. Patients in Bellevue’s brain injury unit who are unable to make informed decisions for themselves are fitted with electronic tags, and security officers are notified if a patient attempts to leave his or her designated area. The hospital also uses the tags on infants in the maternity ward to track where they go and automatically lock the nursery doors should someone attempt to leave with a baby. </p><p>When it comes to preparing for out-of-the-ordinary incidents, Sweeney says he puts more emphasis on training security officers to think outside of the box rather than to follow specific protocols for a certain emergency, whether it’s a natural disaster, active shooter, or bioterrorism incident. </p><p>“We have that ‘what if’ mentality, so that if something happens we’re not totally taken by surprise,” he explains. “Those real-life drills of what we’ve done in those circumstances have trained us for the next one.”</p><p>And Bellevue has certainly seen its fair share of real-life drills. Sweeney recalls closing and evacuating the hospital during Hurricane Sandy in 2012, working around power outages and staffing shortages caused by blizzards, and more recently, housing a patient infected with the Ebola virus. </p><p>“A lot of the different things we had to deal with during Sandy, we had already had little pieces happen before, whether it was a telecommunications failure, or a power failure, or elevators knocked out,” he explains. “We’re trained to take each experience, whether it’s a real experience or a drill, and put it in our toolbox and make it adaptable so that when something similar comes along we know how to handle it.”</p><p>And although staff and security were given additional training on how to deal with potential Ebola patients, Sweeney says a lot of the same protocols—creating clean zones and hot zones and suiting up in personal protective gear—were brought over from previous bioterrorism training.​</p><h4>Pittsburgh’s Provider</h4><p>Jeff Francis jokingly calls the University of Pittsburgh Medical Center (UPMC) “one of the biggest companies that people have never heard of.” UPMC is a nonprofit network of 21 full-service hospitals and hundreds of ancillary facilities throughout western Pennsylvania. The hospitals treat more than 690,000 emergency patients annually and have more than 5,100 beds. </p><p>Francis, the security director of UPMC’s facilities, was a police officer in the Pittsburgh region before he joined UPMC a decade ago. Like Sweeney, he says he was surprised by the wide variety of threats that needed to be managed.</p><p>“Hospitals are the confluence of pretty much every risk factor that can exist as far as the propensity of violence is concerned,” Francis says. “In a hospital, you have a lot of controlled substances, you have a lot of behavioral health issues, and a hospital by its nature is a very high-stress environment in terms of patients, their families, and even the staff.”</p><p>UPMC’s security team is made up of more than 500 security professionals, including 130 armed police officers—the organization’s campuses have their own police departments. Francis is in charge of developing and maintaining the infrastructure needed to keep staff, patients, and visitors safe. </p><p>Security is assessed on a facility- by-facility basis, and Francis says he relies on access control and analytics systems to keep each location secure. Some facilities, like UPMC’s children’s hospital and behavioral health facilities, are 100 percent access controlled and have multiple layers of screening, he explains. </p><p>“Every visitor is screened by metal detectors, as well as assuring that you are registered there ahead of time so you have a reason to be there, so we confirm that there is a patient for you to see and a patient is expecting you,” Francis says. “In those cases, everybody gets a badge, you have to check in, check out, and you’re monitored pretty closely.”</p><p>On top of those precautions, the chil­dren’s hospital screens each visitor against a sexual offender registry upon entry. </p><p>Francis notes that finding a balance between protecting vulnerable patients and allowing visitation can be tricky. “We can’t lock these things down like a prison,” he says. “If someone is coming to visit a sick relative in a hospital, they don’t want to be treated the same way as if they’re going to visit a prisoner. So we have to maintain this balance between this open therapeutic environment [and managing] all these risk factors that make hospitals dangerous.”</p><p>Facilities with fewer at-risk patients are more open, Francis says. During business hours, people can walk in freely, and during off hours visitors must sign in and out. </p><p>With such a wide variety of healthcare facilities to secure, Francis relies on data-driven decision making. UPMC hospitals use D3 Security incident management software that tracks not only security and police activity, but also specific statistics, such as the number of people who enter through metal detectors, the percentage of those people who carry in banned items, and what those items are. This type of data allows Francis and his team to address trends in individual hospitals or throughout the UPMC system. </p><p>“Training topics are determined by the types of issues that we’re seeing in tracking,” Francis explains. “We’ll see spikes in certain incident types through our informational analysis, and we know we need to address that through training or other remediation processes.”</p><p>UPMC also uses risk assessment tools on individuals suspected of being a danger, Francis says. “If we have a reason to suspect that this person is prone to a violent act, technology is at the forefront for our risk assessment of that person,” he explains. “Have they been violent in the past? Do they have a criminal record? How many incidents do we have across the system that might involve that patient?”​</p><h4>Research and Recovery</h4><p>St. Jude Children’s Research Hospital in Memphis, Tennessee, is more than just a healthcare facility. The 27 buildings on its 62-acre campus house cutting-edge medical research teams and equipment, a convention center, 67,000 young patients annually, and extended-stay housing facilities for the families of those patients. </p><p>St. Jude is 100 percent donor funded and it treats children with cancer at no cost to the family. Shawn Young, the security systems coordinator at St. Jude, says he tries to be a good steward with the donor money while keeping the unique campus secure.</p><p>The combination of vulnerable patients, visitors, and researchers coming and going at all hours makes access control and visitor management vital to campus operations, according to Young. The entire campus is fenced in, and guests must check in with a security officer. Visitors are encouraged to preregister, and once they’re approved, their credentials are taken, they receive a badge, and are escorted to the correct building. </p><p>More than 600 doors at St. Jude are fitted with card readers, and Young says a staffed control room monitors entry and exit points at all hours. Guards are also present at the three extended-stay facilities on campus. </p><p>St. Jude uses video cameras for both security and treatment, which can be challenging in hospital environments due to the Health Insurance Portability and Accountability Act (HIPAA) privacy laws. Doctors and technicians use live video feeds to keep an eye on patients who need extra supervision. “We’re not recording any of it, but it’s really the first time in the history of the hospital that we’ve actually used video for any kind of clinical care and monitoring any kind of treatment,” Young says. </p><p>In the six years since Young started working at St. Jude, the campus’s video footprint has doubled—more than 400 cameras are coordinated throughout the campus. “We’re large and it looks like we’re going to get even larger,” he says. </p><p>In fact, a new combination research and treatment building partially opened last year. The first floor serves as a convention and collaboration center, the second floor is a traditional surgery and intensive care facility, and higher floors will house a computation biology department and a proton therapy unit—one of 14 in the United States. Young says the multiuse building presented some unique safety challenges, but he’s been involved in the security design from the start. This collaboration allowed Young to lay out the placement of cameras and card readers, he explains.</p><p>“We have a great relationship with our design and construction department, and we’re lucky to be pulled into these before we have a set plan in place,” Young says. “We were involved almost from the very beginning.”  </p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/a-campus-response-crisis-0013278.aspxA Campus Response to Crisis<div class="body"> <p>One typical sunny afternoon in south Florida in 2013, a man entered the administration building of a private university. The man walked straight by the receptionist, announcing the name of the university employee he came to see and emphatically stating that the woman was his wife. The receptionist was concerned by the man’s demeanor. She noted that he was not wearing an employee ID and had not stopped to obtain a visitor’s badge. The receptionist called security and told them the employee’s name. Security contacted the employee, who informed them that she was in the midst of a divorce and that her husband was both verbally and physically abusive. Security called the police.</p> <p>For many universities, the story would end there. But security’s second call was to the university’s Campus Response Team (CRT). The team was notified by radio and all team members in the administration building placed the facility in lockdown until the campus was cleared by security and by the police. After the police arrived, they escorted the man from university property without incident.</p> <p>The entire CRT met immediately after the incident to formulate an action plan. The plan included partnering with security and police for extra patrols around the administration building. The CRT disseminated the husband’s photo and description to all reception areas and security personnel. A trespass warning was posted on campus to warn staff and students that the man was banned from campus property. The CRT provided extra safety measures to the university employee, including a panic button alarm, a parking space close to her workplace entrance, and a security escort to and from her car. The employee was also referred to counseling and support services, as well as to a community-based support program. The CRT followed up with the employee at regular intervals to determine whether more assistance was required. After these interventions, the employee obtained a legal no-contact order against her estranged husband, and she has not required additional university support since.</p> <p>This type of incident, which threatens the safety and security of a campus, occurs almost daily at the more than 4,100 colleges and universities in the United States. To be prepared for these emergencies, respond correctly, and recover quickly, the university developed a security and safety plan that includes players from local emergency services, contract campus security officers, and staff and faculty of the university. Well-trained players from law enforcement, fire and rescue, and campus security are commonplace in academic settings. What makes this safety model special is the addition of existing professionals drawn from staff and faculty that comprise the CRT. This combined relationship has proven to make the university environment safer and has been cost effective.</p> <p>The CRT also helps the university comply with federal laws. For example, the team improves campus compliance with the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act. The team also helps the campus embrace the concepts of the National Incident Management System, which helps agencies work together in crisis management. The team is proactive, pragmatic, cost-effective, and an extension of the overall educational mission.</p> <p>The CRT is an integral part of the campus violence prevention program. The CRT implements important parts of the violence prevention plan, such as disseminating clear policies, promoting threat awareness, providing rapid response, and aiding in recovery.</p><p><strong>TEAM MEMBERS</strong></p><p>It is important to note that the CRT is not designed to replace the existing campus law enforcement or security presence, but to assist and enhance their ability to keep the campus safe and secure. The CRT is available to receive reports of potential violence from students, staff, and faculty. They are trained to respond when violence does occur to minimize the effect of a violent attack until the arrival of first responders. CRT members are not trained to confront aggressors; however, they are trained in campus protective measures such as assessing potential problems, calling emergency services, communicating via the radio to other CRT members, and directing campus lockdowns, emergency evacuations, and emergency drills.  </p><p>The CRT is typically composed of 10 to 20 campus volunteers, depending on the size and layout of the campus, who come together to address incidents and threats to campus safety. CRT members have an interest in campus safety, have a feeling of ownership of the institution, and have a skill set that allows them to help maintain a safe campus environment. Often the CRT will include subject matter experts from the campus, such as professors of emergency management, criminal justice, psychology, or medicine, along with individuals who have previously worked in a related field. For example, some members have police, fire, nursing, counseling, or military experience. Other members may be laypersons that volunteer to be on the team because of an interest in campus safety or to improve their own skills in team building and emergency response. A liaison from the campus security force is also assigned to the team. One of the major advantages of the CRT is that it harnesses a broad scope of the best and brightest minds from the campus that can come together to discuss pending issues, assess threats, or respond to actual events until the arrival of first responders. All members of the CRT have an interest in the safety, security, and well being of campus staff and students.</p><p>Regularly scheduled meetings and training sessions allow CRT members to keep up to date on campus safety, physical security, and special events. The team also participates in simulated responses to real-life scenarios.</p><p>It is important that other campus personnel and the student population know who the CRT members are and that the CRT members are readily identifiable and are immediately accessible. To ensure the CRT is visible on campus, the team concept is discussed during student, employee, and faculty orientation and CRT members often attend student and faculty meetings to present safety briefings and discuss safety and security issues. In addition, team members are readily identifiable by a red lanyard with white “CRT” letters and a “CRT” identification badge that is affixed to the lanyard worn around the neck.</p><p><strong>POLICIES</strong></p><p>The CRT members are well versed in the campus violence prevention policy. This policy clearly states the institution’s stance on violence prevention and discusses every aspect of the issue. For example, violence is defined as classroom disruptiveness, bullying, physical violence, threats, dating violence, or stalking. These policies are provided to the student body and understood by all parties within the campus environment. The policies are accompanied by the penalties and discipline that offenders should expect if violations occur.</p><p>The policies and procedures are designed to minimize access to the campus by intruders and unwanted persons. For example, students and employees must display IDs while on campus property, and vehicle identification placards must be visible at all times.</p><p>Additionally, other target hardening methods are employed by the university, including limiting points of access to campus buildings and requiring all visitors to check in at reception and display visitor identification badges while on campus property. Locks that can be engaged from the inside are present on all offices and classrooms. As part of the security program, interior classroom windows are required to have the window blinds open during classroom hours. This “always open” window rule allows staff and security to easily perform classroom safety checks. </p><p>Security officers are required to patrol the buildings and grounds at differing times so that patrol times do not become routine or predictable. If a potential threat is identified by the CRT, other security methods may be employed to provide additional protection. For example, if a threat against a specific class or instructor is suspected, security might place a panic button alarm in the classroom, move the class meeting location to a room closer to security, or increase monitoring of the classroom or office by security or administration. Specific parking spaces in proximity to secure entrances and security escorts may also be made available to staff or students upon request.</p><p><strong>AWARENESS</strong></p><p>The CRT model also stresses threat awareness on campus. This is important in an educational environment where there are typically large groups of people in close or even semi-confined quarters such as a classrooms, auditoriums, and sporting events. The CRT is critical in helping students, staff, and faculty remain vigilant and provide an avenue to report any suspicious or threatening activity. It is important that the CRT and campus security foster a relationship with the students and campus staff that is open, approachable, and responsive. To do this, the CRT has developed a protocol for responding to reports of potential issues or problems. When a threat or suspicious activity is reported to the CRT or other safety authorities, the team will meet, address the issue, and develop a response or action plan. A CRT member will contact the reporting party to let him or her know that the complaint was taken seriously and thoroughly investigated. If possible, the reporting party is advised of the outcome of the investigation.</p><p><strong>TRAINING</strong></p><p>Every security incident has distinct elements. By training for different scenarios and meeting to discuss safety threats, the CRT can be more prepared to respond when a threat occurs. Each team trains a minimum of once each year with the campus director of safety and security. Examples of training topics include “CRT Concepts and Basic Procedures,” “Emergency Communication Methods,” and “Prevention and Response to Workplace and Campus Violence.” This training typically includes classroom lecture, scenario-based practical drills, discussion, and feedback. This training is documented and maintained by the university for review and Clery Act compliance purposes. </p><p> In addition to this training, each individual campus CRT and its members are required to meet monthly for training and to discuss safety and security updates and issues. Meetings usually include training, dissemination of pertinent information, and discussion of potential safety issues or violations. The CRT meeting also provides a forum for members to share their specialized knowledge with other members such as proper radio procedures, hurricane and storm preparation, first aid skills, and communicating effectively with stressed or depressed individuals. Throughout the year, each CRT will also perform live training scenarios such as campus lockdowns, fire drills, bomb threats, and other emergency responses. Minutes are recorded at each meeting and are submitted to the director of safety and security so that proper documentation is maintained. </p><p><strong>RESPONSE</strong></p><p>Typically an incident that is already discussed in university policy such as a fire alarm or intruder on campus would proceed in a predetermined fashion. CRT members would call 911, notify security, evacuate, or lock down—depending on the threat—and return to normal after first responders secure the scene. When unusual incidents or threats arise, the CRT truly shines. In these cases, 911 is called, the campus is secured until emergency responders arrive, and the team assists the first responders. After the incident, the team will meet to debrief and discuss how to prevent this type of problem in the future and make suggestions for appropriate responses and potential policies. </p><p>The CRT is at its strongest when proactively meeting to discuss potential issues and preventing future problems. This allows the team to formulate an action plan. These plans often include engaging the combined services of the CRT, campus security, reception, and other affected university employees. The CRT will often recommend that additional safety precautions be employed such as increasing security officer presence, requesting extra patrols or services from local law enforcement, limiting access to certain buildings, and providing extra services such as the panic button alarms, special parking, or security escorts mentioned earlier. The CRT may also request that student services provide counseling and community assistance information to those in need of such services.</p><p>Different CRT members may take the lead depending on the nature of the action plan. For example, while being counseled for poor attendance and failing grades, a student commented to his professor that he was having personal problems outside of school that included “girlfriend problems and money issues” and that he wasn’t “able to focus on anything lately.” He told the professor that “maybe he would be better off dead.” The professor immediately brought this to the attention of a CRT member. The CRT met and formulated an action plan that included the campus president, student services, and the university student outreach counselor. The student was directed to counseling and other community-based services. The student continued to be monitored by the student outreach counselor and is now doing well at home and in school.</p><p>Often times the CRT will convene and respond to reports of safety violations, potential conflicts, or even physical security issues such as fire hazards, unauthorized entries, or upcoming special events. It is important that the CRT work in concert and not separately from the campus police or security authority. An example of the CRT working with local law enforcement is when the team assists the police by disseminating crime prevention information on campus or collaborating with the local police, campus security personnel, and campus staff by developing a security plan to be used when the campus hosts a special event.<br> <strong><br> RECOVERY</strong></p><p>Just as important as preparation, training, and response is the recovery process. After an event or incident, the CRT will meet and hold a debriefing. The CRT discusses the effect of the incident and whether the campus community will have difficulty returning to normal operations. The team also addresses what resources may be required for continued response and what support the CRT can give to first responders. The discussion also includes any challenges confronting the organization of the CRT and what lessons can be learned from the event. For example, after a large campus graduation ceremony was held, the CRT debrief included recommendations for additional security, locations where security officers were most needed, and the addition of an emergency command post for future similar events.</p><p>One of the most pressing issues confronting academic security professionals is how to provide the safest campus environment and still be fiscally responsible. As public safety and security resources become more limited, it is necessary for institutions to reach out to volunteers to develop cost-effective and innovative techniques to improve campus safety. The CRT finds strength in the fact that it combines the knowledge, commitment, and perseverance from those professionals who are already committed to the institution and to demonstrating the effectiveness of the CRT and are willing to commit even more.</p><p><em>Gregory Richter is Director of Safety and Security, Keiser University. He is a member of ASIS International.</em><br></p> </div>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Book-Review---Religions-Institutions.aspxBook Review: Keeping Religious Institutions Secure<p>​​<span style="line-height:1.5em;">Butterworth </span><span style="line-height:1.5em;"></span><span style="line-height:1.5em;">Heinemann; </span><span style="line-height:1.5em;">Elsevier.com; 210 pages; $34.95.</span></p><p>A respectable resource for those providing security oversight to churches, mosques, and synagogues, <em>Keeping Religious Institutions Secure</em> addresses threats of violence aimed at houses of worship.</p><p>This comprehensive compilation of information and references goes into great detail, so it will be useful to novice security managers and those with no security background. There are many good examples of steps to take to properly manage and evaluate security in general.</p><p>Charts and examples throughout the book define important points, while drawing the reader’s attention to them. The information is up to date and helps readers gain an understanding of the issues and the security risks associated with religious institutions.</p><p>Information from other sources is referenced appropriately and extensively, and numerous end notes direct the reader to them; however, more original content might have enhanced the book.</p><p>The author’s stated intent is “to provide religious institutions with a basic understanding of risk, methods of protection, and other considerations they need to take into account in order to keep their facility, property, and users secure.” Mission accomplished.</p><p>--</p><p><em><strong>Reviewer: John M. White, CPP</strong>, is president/CEO of Protection Management, LLC; a retired law enforcement officer and a published author. He serves on the ASIS Healthcare Security Council.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465