Category Archives: www.riskandsecurityllc.com

New App does a Workplace Violence Baseline Assessment

Posted on by 0 Comments

New Workplace Violence Prevention App helps companies do an OSHA Violence Baseline Assessment

DATELINE:    Boca Raton, Florida,  March 12, 2013

Workplace Violence in US companies is a problem that is getting worse.  Workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases was reported annually during this time.

The latest figures show that high-risk organizations like hospitals, behavioral health treatment, home health workers and late night retail establishments are at a dramatically increased risk for experiencing a violent incident at work.

OSHA, and over thirty state government regs recommend that companies do an annual Workplace Violence Basement Assessment, but these are time-consuming and difficult to manage.

To solve the problem,  Risk & Security LLC has released a new web-based app, Workplace Violence Risk-Pro©, which makes security directors into Risk Professionals!

OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care &

Social Service Workers)and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!.  Workplace Violence Risk-Pro©  is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, and automated web-surveys  based on the exact OSHA Directives.

The new program gives human services and security professionals a quick and easy way to conduct a workplace violence baseline assessment that will pass an audit!

The Risk-Pro©  model has been used for easy software applications with the Department of Defense and over hundreds of organizations, hospitals, maritime organizatons, and local, state and federal government agencies.

About Risk & Security  LLC

Risk & Security  LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk.  It specializes in consulting on risk assessment projects and global application development of risk solutions.  Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective countermeasures.

The team of risk and security experts is led Caroline Ramsey-Hamilton, who has created more than 40 software programs, and conducted more than 200 specialized security risk assessments in a variety of environments, including companies in the United States and around the world, including in Abu Dhabi, Hong Kong, Japan, South Africa and Qatar.

Why Workplace Violence is Always a Catastrophe

Posted on by 0 Comments

Workplace violence incidents are one of the most damaging events that can happen to any organization.  The good news is that workplace violence is one of the few threats that companies can actually prevent before it happens.

Unlike earthquakes, hurricanes, floods, war, and explosions, workplace violent incidents can be prevented if the organization makes a commitment to educate their employees, and give them the knowledge they need to address a potential problem with a co-worker before it gets to an explosive level, for example, making the active shooter drills part of the security program.

In many ways, workplace violence is worse than other kinds of violent incidents because it always involves a major violation of trust, and it also has a malicious component, where the perpetrator is deliberating focusing on violence against a fellow human that they know personally and may have directly worked with, sometimes for year.

According to OSHA, workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases are reported every year.

As well as the violation of trust and the violence itself, the incidents usually terrorize both the victims and other employees, especially those who know violent individual and are left to wonder how they failed to recognize the danger signs.

Some organizations report that employees, even those who weren’t hurt in an incident, exhibit PTSD-type symptoms following an incident.  And the company’s reputation is often damaged, just from the publicity of the event.

One of the main controls that protect against a violent incident, is doing a Workplace Violence Assessment.  This specialized risk assessment involves interviewing employees at all levels of the organization, looking at the OSHA guidelines, such as those detailed in OSHA 3148, (www.osha.gov/Publications//osha3148.pdf).

The assessment also includes making sure that every violent, or threatening incident gets reported in a standardized way, that all the incidents are tracked, and that there is a de-escalation process that can be easily followed to prevent someone from getting to a violent stage.

There are new programs available that automate the Workplace Violence Assessment process and make it into a simple and standardized
project.  To review a standardized, data-based, Violence Assessment Report, go to:   www.riskandsecurityllc.com/.

 

 

 

The Active Shooter Threat and Why We Need to Stay Situationally Aware

Posted on by 0 Comments

2012 will be remembered as the Year of the Active Shooter, where terrible tragedies across our country refocused people on issues surrounding gun control.  In many ways, it’s that old argument about whether the needs of the many outweigh the needs of the few.

In many schools and hospital, it could be argued that the needs of the many to be safe, and NOT TO GET SHOT,  outweigh the needs of the few – to possess assault rifles and high capacity magazines, which allow them to kill a large number of people with almost no effort.

No matter what side of the debate you fall on,  the debate has certainly brought the debate back from and center.

And along the way, it took the Active Shooter threat from a phrase that only a few security people knew about, into a phrase that was trending on the web and Twitter.

The Department of Homeland Security made a variety of resources available to deal with the Active Shooter Threat (many can be found at  http://www.dhs.gov/active-shooter-preparedness) with tools includes a video, and booklet.

Whether you are an elementary school, like Newtown, a movie theatre, like Aurora, a regional mall, mountain resort or anything else, the number one way to counter the Active Shooter threat is to increase security awareness of the staff.

I have had teachers tell me  “my job is only to teach, I shouldn’t have to be responsible for security, too”.

Unfortunately, everyone has to be responsible for good security, or we are all at risk.  And again, there’s the trade-off (aka, the risk calculation):

Measure the inconvenience of having to keep your eyes open and be willing to report any suspicious behavior VS. being a casualty of a mass shooting, or having someone you know killed.

Looks like a pretty easy calculation to me:

Small Amount of Effort (no cost) = Big Increase in Security !!

Make sure you friends, family and staff are aware of the Active Shooter Threat!

Will the Risk of the Sequester Affect Security Budgets in 2013?

Posted on by 0 Comments

Every time the TV is on, every anchor is crying about the dreaded Sequester.

Will it have an impact on security budgets?  I have seen security budgets, especially for the facilities security departments, swing from almost unlimited budgets after 2001, to bare bones in 2009 and 2010, and thought they were trending back up for 2013.

Now, with the uncertainty about what a Sequester  actually is, (please note my use of the capital “S”), how will it affect our security departments?

Obviously, the most obvious casualty are the government contractors who’s contracts may be arbitrarily cut, and civilian managers of federal programs will see lost days and furloughs.

The trickle-down effect will probably extend to state, county and municipal governments, too.   So that means it’s even more important to start budgeting new security controls so that the most important get the funding!

One of the themes we go over in our webinar programs is how important it is to create a COST JUSTIFICATION and Return on Investment information so that you can create a business case for every control you need to improve security.

And one more thought on the Sequester – we often see an increase in crime, white collar crime and fraud when things are unsettled and people aren’t sure what’s going to happen next.

Maybe it’s a good time to do another risk assessment?  Maybe the Sequester is the next new Threat!

 

 

Another School Shooting Means We Learned Nothing from Newtown

Posted on by 0 Comments

Almost one month and two days since the tragic school shootings at Sandy Hook Elementary, where 20 young first-graders were shot by a crazy person with an assault rifle.

That day was one of those moments that you never forget, it’s seared in your brain and you probably know EXACTLY where you were when you heard the news start to trickle out.  I was at Toys R Us with my son and we were buying presents for his young twins.  I was checking Twitter and I saw a brief mention of another shooting.  At first it said, 3 individuals and possibly children, then 5 individuals,  then 12 children and by the time our shopping trip was over, so were the lives of 26 people, mostly innocent little first-graders. And it was only a week before Christmas.

As a security person who’s done lots of security assessments, you can’t help thinking, “What went wrong?”  “What could have prevented this atrocity?”  And there are dozens of potential solutions and who knows what might have made a difference.

Then there’s the day that President Obama signed 23 Executive Orders to tighten up background checks on potential gun owners,  keep track of who purchases guns, requiring federal agencies to make more background-check data available, requiring federal law enforcement to trace guns recovered in criminal investigations, and providing more training for police, first responders and school officials.  During his announcement, he said, “Let’s do the right thing!”.

We all want to do the right thing, but what IS the right thing, the one thing that will make a difference and significantly reduce gun violence in America?

These Executive Orders are a great start, but we all know the push-back that will come from Congress and the gun lobby, who still want to sell guns, even after they see a photo of a little girl shot, not once, but eleven times.

This was also a big wake up call for schools.  The public schools, colleges and universities seem to wake up every ten years and worry about security, and then they quickly forget and back into worry about academics instead of security and gun violence. Teachers want to TEACH.  Teachers often say, “Security is not my job, my job is to teach and I shouldn’t have to do anything else”.

But SCHOOL SECURITY has to be a process, not just a quick fix.  All security has to be a process.  The process starts with a clear policy.  There has to be an approved policy, whether that policy is a federal guidelines, like FEMA 428, “Primer to Design Safe Schools”, or whether it’s a security policy that mets a schools specific needs.  Without a policy, you have no place to start.

There have to be procedures written up, announced, handed out in 3-ring binders, and accompanied with education and training including drills.

There has to be training and education so people know what to do in an emergency, where to do, who to call, and how to respond.

There have to be annual security risk assessments to gauge the current threats, and measure the effective controls, and make the security program a process of continual improvement.

Without the foundation of policy, procedures, training, education and security assessments, it’s not a security program, it becomes just a grab bag of solutions that may or may not work.

For example – here are just a few of the point solutions we heard about today, endorsed by their own lobby groups:

  • Arming teachers with more guns.
  • Banning all guns on campuses.
  • Securing the school perimeter with chain link fences.
  • Doing more and better background checks.
  • Adding cameras which are constantly monitored.
  • Have an armed School Resource Officer on every campus.
  • Security Awareness courses for teachers.
  • Security awareness training for parents.
  • Giving teachers panic alarms.
  • Improving mental health services.
  • An assault weapons ban.
  • Banning high capacity gun clips.

If it was your children’s school or college, which of these elements would you choose?

Schools are a great leveler of our culture.  Everyone has personal experience with schools.  Everyone went to school once, and many have children in schools, or friends in schools, or know staff and teachers who work in schools, so schools are like a touchstone.  But you could also say “Hospital”, or “Train Station”, or “County Offices” or “Movie Theatre” and to protect these things, there has to be a security program in place.

We, as the security community, are the guardians of society.  We protect things of value.  And nothing has more value than our children.  Security has many other names like safety and emergency planning, and disaster recovery and loss prevention and risk management and violence prevention and information protection, just to name a few.

As a global security community, we should make our voices heard in this great debate, because we have the experience to know what works and what doesn’t and your voices are needed now, more than ever.

This is also a time where the public discussion of security breaks through the chatter and focuses attention on something that is critically important to everyone.   Security professionals have always networked and learned from each other’s experience.

Let’s talk to each other more about what works and share this with the rest of the country.

They need us.

About the Author, “Caroline Ramsey-Hamilton is a leading expert in assessing risk facilities security, workplace violence and security for hospitals, cybersecurity, nuclear security,  and also measuring compliance with security standards like FEMA 426-428, Joint Commission, HIPAA and OSHA. She has developed security programs with the National Security Agency, the U.S. Department of Defense and the National Institute of Justice, the Department of Homeland Security and many other agencies, and has developed a school security risk program with Eastern Kentucky University.

Caroline is a member of the ASIS Physical Security Council,  the ASIS Information Security Security Council, and on the Board of the South Florida chapter of  IAHSS (International Association for Hospital Safety & Security) She received the Distinguished Service award from the Maritime Security Council, and the Anti-Terrorism Accreditation Board’s  Distinguished Service award in 2011. You can reach Caroline at caroline@riskandsecurity or thru her web site at www.riskandsecurityllc.com.  She posts breaking security & risk alerts at www.twitter.com/riskalert.

What do Benghazi and Newtown have in common? Flawed Security!

Posted on by 0 Comments

After the attack on the Benghazi mission and the tragic mass shooting at Sandy Hook Elementary, its apparent that what these two terrible incidents have in common is that security was not adequate.

In Benghazi, after the hearings and the pundits and speculation, the bottom line is that there was insufficient security.  In-place security controls were not sufficient to deter an attack, and the emergency controls were also not sufficient to recover and deal with the emergency attack.

In Newtown, at Sandy Hook Elementary, security was inadequate.  Security people often say that security is just as good as the weakest link, and despite adding new security controls, it was defeated because of the glass entry.  The shooter wasn’t allowed in so he simply broke the glass.  That slowed him up by 2 minutes, maybe. Also backup security controls were non-existent.  The shooter was observed and still there was no effective response.

There are three elements to security – DETER, DENY and RESPOND:

DETER – means to make the facility look too difficult to attack, and so the attacker thinks it’s too hard and goes away.

DENY – means that it is impossible for the attacker to get into the facility to launch an attack.

RESPOND/PROTECT means that after the attack is launched, the facility can defend itself, or to protect the individuals and/or property inside the facility.
Both Benghazi and Newtown did not deter, didn’t deny access, and didn’t have an adequate security response.

The Newtown shooting showed that this school, like many others across the country, had a false sense of security, because while some security elements were in place, the shooter easily entered the school, making the other elements irrelevant and  him to inflict mass casualties.

In both cases, the response was not adequate, it was ‘too little too late’.  And ‘too late’ means the attack can’t be stopped or contained.

The WHY is easy, because the security budget was inadequate.  These facilities did not have adequate risk assessments that could have demonstrated the critical assets contained within them.  What is more critical than classrooms of 6 year old children?  What is more critical than a State department facility with a U.S. ambassador inside?  Yet both didn’t have the protective security controls they deserved because their wasn’t enough budget for enough security.

Another element these incidents have in common is that they are both government facilities.  Yes, one was the Federal government and one was a local school district – but they both had the same problem of being short on budgets.  And when organizations are short on budgets, security is one of the first things to get their funding cut, or reduced.

Every facility needs a SECURITY risk assessment up front, how else can you allocate the funding and make sure that there is ENOUGH security in place to protect our most critical assets, our children?

Assessing School Security Takes on New Dimensions after Sandy Hook Tragedy

Posted on by 0 Comments

After 30 years of security risk assessment experience and working with hundreds of schools, hospitals, facilities, I have to say that schools have not taken school security seriously.

Obviously there are the social pressures including mental health screening, proposed assault weapons bans, gun owner screening, etc., but these are the thing that won’t change overnight. EVEN IF THEY ARE LEGISLATED, it takes time to implement, and
implementation may not be perfect.

TODAY IS THE DAY TO DO A SCHOOL VIOLENCE ASSESSMENT – not tomorrow, not after new gun laws, not after the holidays — TODAY.

There are indicators you can look for to see if your school is at risk of an active shooter incident. And ways to be prepared if the unthinkable happens and an active shooter comes to your school.

Strong, simple access control is the most effective solution, and yes, this may mean that
a plain glass front door or window is not enough. Glass is easily broken, and yes, it means that all staff must be a little more accountable, and it probably means a red phone or connection to the local police.

There is a simple school risk assessment program that will give guidance on what you need to do TODAY, what controls you need to implement, what threats are most likely to occur. These can be accessed on the www.riskandsecurityllc.com website.

Some things are preventable, some aren’t. But lockdown drills, alarm systems, and active monitoring of cameras are just a few of the 60 controls every school should have in place to protect our precious children.

 

About Caroline Ramsey-Hamilton

Caroline Ramsey-Hamilton is a leading expert in assessing risk in different areas, including security risk assessments, workplace violence and security for hospitals, cybersecurity, nuclear security, and also measuring compliance with security standards like FEMA 426-428, Joint Commission, HIPAA and OSHA. She is currently working on a universal set of easy security tools that will make it easy to assess risk in a variety of companies, agencies and business. Her company, Risk & Security LLC, works with more than 500 clients around the world using a program that standardizes site surveys and assessments and makes it easier to compare facilities and measure their level of security. Caroline is a member of the ASIS Physical Security Council, the ASIS Information Technology Security Council, the Security Assessment Risk Management Association (SARMA), and a Board member of the IAHSS (International Assoc. for Hospital Safety & Security) in Florida. She received the Distinguished Service award from the Maritime Security Council, and the ATAB Distinguished Service award in 2011. You can reach Caroline at caroline-hamilton@att.net or thru her web site at www.riskandsecurityllc.com She posts breaking security & risk alerts at www.twitter.com/riskalert.

 

Maybe we’re just tired of “Serious”.

Posted on by 0 Comments

After watching the Sunday political shows, every journalist asks, “Why is the media so focused on the Petraeus Investigation?”

I have a defense for this:  we’re all tired of the REALLY IMPORTANT STUFF.

After the election, which felt like it lasted over a year, and then the worry about the impending disaster of the fiscal cliff (please, don’t say “PHYSICAL CLIFF”), maybe everyone is exhausted by the urgent and important issues and would just like a good old fashioned sex scandal. And we got one!

An amusing, lightweight story, where the main players are stereotypes themselves, the attractive, social-climbing women, the glamorous jet-setting generals, who take time out of fighting terror to send out sexy emails, is a delight after all the serious reporting of the last four months.

I think we should be able to enjoy it a little, and as Mr. Bennett said in Pride & Prejudice, ” For what do we live, but to make sport for our neighbors, and laugh at them in our turn?”.   And it’s the General’s turn!

Why the State Department Needs Better Threat-Risk Assessments

Posted on by 0 Comments

Obviously, the tragedy in Libya this week focused the world’s attention, not just on the bodies of our countrymen returning home, but made me wonder about the risk assessments and threat assessments that are routinely done in these extremely sensitive locations.

Unfortunately, the threat assessments tend to be more political forecasting and less about the reality of the situation on the ground.  One problem with these simple manual threat/risk assessments is that they take too long to complete.  Maybe they spend a few days looking at the physical controls, and then a week writing up a report, and much of it may rely on anecdotal incidents or reports of questionable value.

That’s why I am a believer in automating these threat/risk assessments, and in a potentially dangerous area like the whole country of Libya, they should be at least weekly, or bi-weekly, or even daily when tensions are running high.  It allows you to get a quick assessment in less than 30 minutes, and allows for quick updating, which is critical in situations like this week.

And no, I don’t believe a threat/risk assessment would necessarily PREVENT a terrible tragedy like the death of an American Ambassador, but I do think that having these updated assessments allows for safeguards to be continuously checked, measured and improved, and also may expose weaknesses that can be exploited by a terrorist group when the opportunity presents itself.

The practice of running continual assessments is not used very often, but when it is, it’s very effective because when the situation goes south, you already the blueprint of what to do right in front of you, and it allows better decision support under such stressful conditions.

The information-sharing done by different groups can be wrapped up in the risk assessment and combined, so that maybe a higher threat condition can be identified, in time to relocate, leave the country, or whatever else it takes to protect the lives of our diplomatic staff.