Security Policies & Procedures
Basic security policies and procedures are at the core of a sound security risk program. Former President Ronald Reagan popularized the phrase “trust but verify” when negotiating with the Soviet Union in the 1980s. Although certainly not on the same scale, that phrase can be applied everyday to ensure we provide for a safe workplace for our employees and visitors. Often times companies will have well established security policies and procedures. Unfortunately, all too often they are ignored or someone was not been properly trained. Ignoring or taking short-cuts with the small, mundane and routine policies or procedures can come back to haunt us when we’ve had a security breach, an act of violence, or a theft in the workplace.
The Way it Should Work
I recently visited a client in a multi-tenant commercial high-rise building in a mid-sized U.S. city. Ironically, my meeting with the client was to discuss threat management and workplace violence prevention. As I entered the lobby the signage directed me to the front desk to check-in with the security officer. Always one to follow instructions, I approached the on-duty security officer expecting the conversation to go something like this:
- Security Officer: Good morning. How may I help you?
- Me: Good morning. I have an appointment at 10:00 AM with XYZ Company on the 10th floor.
- Security Officer: May I have your name, the person you are here to see, and a form of photo ID?
- Me: Certainly. My name is Jim Dale and I am here to see Mr. Jones. Here is my driver’s license.
- Security Officer: I see from my visitor roster that Mr. Jones notified us to expect you. Please sign-in and wear this visitor ID badge while in the building. I will let Mr. Jones know you here.
The Way it Worked
Well, it didn’t quite go like that. After telling the security officer I was here for my appointment with XYZ Company, he provided me a temporary badge with “10th Floor” written on it. He did not verify who I was, record my name in the visitor roster, or call Mr. Jones at XYZ Company to verify my visit. Perhaps my expectations were a little high, but I was hoping for better. What if I was a disgruntled client; an abusive spouse whos’ wife works in the building; or perhaps I was casing the building for a late night burglary? Having a physical security presence in the lobby of the office building “rings hollow” if good, sound security protocols are not used. The bad guy only needs to be right one time to exploit a vulnerability. We need to be right all the time to keep if from happening.
The Devil is in the Details
In my experience the most effective safeguards are often the simple ones, those right in front of us. It’s not rocket science and does not require expensive security equipment. If we don’t adhere to the simplest of procedures designed to keep our employees safe, no amount of expensive security equipment will do.
- In a post 9/11 world many security practices have become routine.
- Training of security staff and increasing the security awareness of employees is critical.
- Negligent security is not an option. Employers must provide for a safe workplace for employees.
- Best practices exist to ensure all this happens; there is no excuse for not following them.
- See something, say something. Never assume someone else will report security violations.
Post script: I subsequently called the the building manager who supervised the security contract. I tactfully shared my observations in the hope it would become a teaching moment for the otherwise well-intentioned security officer. However, when I returned to the commercial high-risk building several months later I was disappointed to see that nothing had changed. Oh well……..
About the Author
Jim Dale is the owner and principal of Seven Citadels Consulting. Jim brings to clients more than 40 years of security and risk experience in both the private and public sectors. Formerly the Chief Security Officer (CSO) for three Fortune 500 companies, Jim is a graduate of the University of Nebraska at Omaha and was a career officer, commander, and special agent with the Air Force Office of Special Investigations. He is board certified in security management as a Certified Protection Professional (CPP), a trained threat manager and member of the Association of Threat Assessment Professionals (ATAP). He is also a member of the International Association of Professional Security Consultants (IAPSC).