Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

church security

Why We Need to Switch to a Risk-Based Security Model – School Stabbing at Franklin Regional, Active Shooter Incidents at Fort Hood (twice), LAX, and The Washington Navy Yard.

When I turned on the news today, I was in the middle of writing an article on the 2nd Shooting
at Ft. Hood from last week, and then saw that there had been a violent knife attack at a
Pennsylvania high school, with 20 casualties and at least eight injured critically, the next day,
there was a hate crime shooting at the Jewish community center in Overland Park, Kansas.

Once again, we see violence on a mass scale, the FBI has been brought in, and next will come
information on the victims.   With two major events, in two weeks, what can we deduce about the
security in place at both Franklin Regional High School, Pennsylvania, and Fort Hood, Texas.

        NEWS FLASH:   THE CURRENT SECURITY MODEL IS NOT WORKING!

CURRENT SECURITY MODELS

Disaster preparedness is improving,  Emergency Management is working, but security is
still not where it needs to be.  It is a systemic problem based on the fact that security around
the U.S. is still locked in a REACTIVE mode, not a PROACTIVE mode.

The main reason for this reactive mode in security organizations, is because most security
officers come from a law enforcement background, with a model which is based on crimes
and arrests, and it is totally REACTIVE.  A crime happens and police officers go into action
and arrest the perpetrator(s).

CRIME HAPPENS    =    PERP IS IDENTIFIED    =   PERP IS ARRESTED

Unfortunately, this reactive model does not work for preventing security incidents and mass violence
because it is INCIDENT DRIVEN, not Risk-Driven.  It focuses on individuals, not on a more holistic,
generalized view of Threats, and it totally leaves Solutions (Controls) out of the equation.

After studying pages of after action reviews, post-incident analyses and media sources, the one
recommendation that makes sense is that organizations need to switch to a RISK-BASED,
PROACTIVE mode for security to work
.

This was highlighted in a remark made by a Pentagon official, commenting on the 2nd Fort Hood
Shooting on April 2, and the fact that new DOD recommendations for security, had just been released.

“After the Navy Yard shooting in September 2013, another round of recommendations were made
to improve security at all DOD installations, however, a  Pentagon official said that the new
recommendations had not yet been put into effect at Fort Hood.
 At Fort Hood, very little 
had
changed from 2009
regarding security procedures for soldiers at the entrance gates.”

The question for the Department of Defense is “how could this happen again at the same military
base?  
I took extra time to study the 89-page document called An Independent Review “Protecting
the Force
”, one of 3 reports created after the initial Fort Hood Shooting, whene 13 were killed, and
43 injured.

If you look at the recommendations, they are very bureaucratic and procedural.  They could have
been written by an efficiency expert, not by anyone with a background in security, and covered things
like policy changes, and having screening for clergy and psychologists, and improved mental health
programs.   These are all important, but they do not provide a secure environment.

The LAX after action analysis’ Number One recommendation was to change
the security focus to a Risk-Based approach
.

 


RISK-BASED SECURITY

The problem with a reactive approach is that you can’t screen and lock down everyone. At Fort
Hood, for example, there are 80,000 individuals living on the base, and probably hundreds of
visitors who go in and out every day.  It’s impossible to assess the mental health, and the
‘intentions’ of all of them.

FortHoodAmbulances-Medium

That’s why a Risk-Based Approach works – because it focuses on the potential threats and then evaluates the existing controls to see whether they offer the required amount of protection based on the likelihood of the threat occurring.

You stop violent events by controlling access and by controlling weapons.  No matter how unpopular they are, you use metal detectors at certain points, you use security officers at key entrances, you control entrances and exits.

Once the event starts, you can improve security by having faster notification (panic alarms), ability
to block, or disable weapons and attackers, adequate transport, better emergency response, but to
avoid the violence, you need to have strong access control.

The Risk-Based approach makes use of annual risk assessments that are holistic in nature. They
are not done in stovepipes, they include the entire organizations, they include input from staff
members, visitors, students, vendors, soldiers, patients on how they see security from their point
of view, which is always dramatically different from management or administration.

A risk-based approach requires an organization to:

  • Define potential security risks.
  • Develop standardized risk assessment processes, for gathering and
    analyzing information, and use of analytical technology
  • Risk-Based Security focuses on PREVENTION OF NEW INCIDENTS
    whether they are active shooter, general violence, etc.
  • Enhances security’s ability to rapidly respond  to changes in the threat environment.

MORE BANG FOR THE BUCK

According the LAX (LAWA) after action report, “Simply adding more security does not
necessarily provide better security.
  Determining priorities and where to achieve great
value for the dollars invested requires regular, systematic assessment of the likelihood
and consequences (risks) associated with a range of threat scenarios that morph and
change more quickly now than ever before. 

Collaborative engagement in a security risk assessment process across the community builds
the buy-in needed to develop and sustain a holistic security program over time. Leaders must
be open to challenging established practices and demonstrate a willingness to change direction”
.

Making the switch to a Risk-Based security program is the best recommendation for those who
want to protect their staff, students, patients, vendors, clients, soldiers, and visitors from a mass
casualty event, or for all the organizations who don’t want to have a terrible incident happen in
the first place!

 Caroline Hamilton, friend of Patty Garitty (Soup Kitchen voluteer)

Caroline Ramsey-Hamilton

President, Risk and Security LLC

Caroline@riskandsecurityllc.com

 

www.securityinfowatch.com/blogs

www.riskandsecurityllc.com



Why Workplace Violence is Always a Catastrophe

Workplace violence incidents are one of the most damaging events that can happen to any organization.  The good news is that workplace violence is one of the few threats that companies can actually prevent before it happens.

Unlike earthquakes, hurricanes, floods, war, and explosions, workplace violent incidents can be prevented if the organization makes a commitment to educate their employees, and give them the knowledge they need to address a potential problem with a co-worker before it gets to an explosive level, for example, making the active shooter drills part of the security program.

In many ways, workplace violence is worse than other kinds of violent incidents because it always involves a major violation of trust, and it also has a malicious component, where the perpetrator is deliberating focusing on violence against a fellow human that they know personally and may have directly worked with, sometimes for year.

According to OSHA, workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases are reported every year.

As well as the violation of trust and the violence itself, the incidents usually terrorize both the victims and other employees, especially those who know violent individual and are left to wonder how they failed to recognize the danger signs.

Some organizations report that employees, even those who weren’t hurt in an incident, exhibit PTSD-type symptoms following an incident.  And the company’s reputation is often damaged, just from the publicity of the event.

One of the main controls that protect against a violent incident, is doing a Workplace Violence Assessment.  This specialized risk assessment involves interviewing employees at all levels of the organization, looking at the OSHA guidelines, such as those detailed in OSHA 3148, (www.osha.gov/Publications//osha3148.pdf).

The assessment also includes making sure that every violent, or threatening incident gets reported in a standardized way, that all the incidents are tracked, and that there is a de-escalation process that can be easily followed to prevent someone from getting to a violent stage.

There are new programs available that automate the Workplace Violence Assessment process and make it into a simple and standardized
project.  To review a standardized, data-based, Violence Assessment Report, go to:   www.riskandsecurityllc.com/.

 

 

 



What Churches Need to Know About Security Risk Assessment!

the problems that churches face has changed since the 1950s.  Churches were considered “safe”, but the Sikh temple shootings in Wisconsin, shootings in Colorado Springs Churches, and the burning of black churches, have changed the security posture of churches.

Take a look at violence in churches today.  In 2008, the FBI recorded 23,547 crimes attributed to location code for “Church/ Synagogue/Temple”.  Deaths from church attacks rose 36% in 2012 according to the January 30, 2013 edition of Christianity Today.  Guns were used in nearly 60 percent of all “deadly force incidents” at churches since 1999 according to Carl Chinn who has been tracking these incidents.

Arson incidents are so widespread that the Dept. of Justice has a National Church Arson Task Force, and “Arson at churches has been a problem for a long time,” said Patrick Moreland, an executive with the Wisconsin-based Church Mutual Insurance Co., which insures 63,000 houses of worship.

No church leader, or church member wants their place of worship to become a crime scene, as the country watches it unfold on CNN.  And there’s a pro-active way to analyze a church’s security profile

And determine:

  • How Likely the Church is to have a Violence Incident
  • What Other Churches in the area are experiencing
  • What the Threat Level is in your Geographic Area
  • Exactly What Controls You Need to Add to Stay Safe

A Security Risk Assessment is a quick, easy to use model that can take streams of data and information and use these actual events to produce a simple report that can track the threat levels, and match these to potential and existing controls to see how existing controls can be implemented, what new controls need to be added, and how to do it all in a cost-effective way.

One of the key points of a security risk assessment is that it measures solutions in terms of COST-EFFECTIVENESS.  No one wants to over-spend on something and not have enough money left for a critical security element.

Out in the field, we often find that controls are not effectively implemented, or they are not 100% implemented, and if there’s even a 10% gap, it’s just like the control never existed at all.

And you don’t need to be an expert to perform a security risk assessment on your church, school, temple or summer camp.  There are new automated software applications, like Church Facilities Risk-Pro, similar to the app on your iphone, that will do the assessment for you, showing you the data you need, and even writing and formatting the reports for you.

The Control Reports become a blueprint for improving security and can become part of a 3-year plan that will protect the physical facility, the congregation, and the entire community.




top