(Infrastructure maintenance with Tunde Obileye)
Providing a safe and secure workplace requires facilities managers and senior executives to critically evaluate the level of security measures needed to reduce the physical risks and vulnerabilities of their buildings. This calls for a comprehensive planning approach.
There are generally three categories of security safeguards to look at in any given situation depending on requirements. They are physical security, Information security and operational security.
Physical security involves action taken to protect lives and property against potential threats. This may include active and/or passive measures. Passive measures will include effective use of architecture, landscaping and lighting to improve security. This is done to deter, disrupt or mitigate against any danger. Active measures involve using systems and technology to detect, report and react against threats.
Information security requires protecting the confidentiality, integrity and availability of data from any form of misuse by anyone within or outside a facility. Some key elements include limiting information to authorized persons and preventing unauthorized changes to or the corruption of propriety data.
Operational security is the process of creating policies and procedures and establishing controls which require identifying, controlling and protecting interests associated with the integrity and unhindered performance of a facility. A major aspect is having trained security personnel to protect and enforce the security procedures and policies governing the operations of a facility. It is important to note that well-conceived and implemented policies will ensure the resistance of a facility to threats.
Having identified these categories, the following steps should be taken to determine how to ensure each category receives the necessary attention.
Security Assessment: A risk assessment is required to identify threats and determine the extent all activities of the facility can run continuously and uncorrupted. It also involves looking critically at the assets and determining the level of protection each one is given. To avoid a weakness in the security plan, a comprehensive risk assessment is required from an overall security standpoint as part of a risk mitigation strategy. Budgeting is also an important element to consider when conducting a risk assessment. This allows for informed decisions to be taken on the allocation of capital resources.
Mitigation Responses: As part of a mitigation response strategy, security plans should be updated periodically to ensure they are still fit for purpose and in line with corporate objectives. A common mistake by facilities managers when reviewing security plans is the failure to provide adequate administrative support for security systems in place.
An example is where CCTV cameras have been deployed, there is a need to ensure a balance with the number of security personnel available to monitor the cameras on a 24/7 basis. Consideration must also be given to the time needed to review, archive and store any digital or analogue information available from the cameras.
Training: Training measures must be linked to every identified risk and vulnerability. These measures can then be tailored along with physical and operational initiatives. Consulting with a security expert can assist facilities managers in determining the most effective plan of action based on each client’s individual circumstances.
Technology: Facilities managers should consider the use of technology where it can be effectively deployed. A major misconception I have observed is that a single technology can provide comprehensive security for any organization. This is very unlikely. Multiple technologies integrated into all operational and information systems are more result-oriented.
Culture: The senior management has the responsibility to ensure a corporate culture is created that embraces, reinforces and demands security practices that are consistent with the built environment. As part of this culture is the need to understand human dynamics because this involves anyone who interfaces with operations, including, facility operators, maintenance personnel, customers, delivery people, clients and visitors.
The human element affects everything with regard to security and reliability. Within each organization, responsibility for policy compliance should be defined. Therefore, all policies and procedures must take into account the human variable.
Best practices require that security be treated as a fundamental value.