Our guide to security best practices in 2016
Here are some tips to help your security profile stay in top shape
When it comes to security for bigger business and how to best manage physical security in commercial properties, the question we most often get asked is this: What is best practice in security?
It’s not an easy question to answer off the cuff because security best practice is when security appropriately addresses the risk profile of the property.
And as each property will have a different risk profile, what might suit one location could be totally inappropriate for another.
(If you don’t know the risk profile of your property, here is a good place to start).
That said, properties that score consistently well, will always combine at least three elements in their security management strategies. Here they are:
The human element is our staff, visitors and contractors doing the right thing at the right time.
It is our security guards and our patrol services that lock our doors and check our properties at night.
It is people doing their part to keep people safe and properties secure.
This is what tells us what we should be doing and when.
When staff can come and go, when alarm systems should be set and what time the guard should come by and check on us. It sets the expectations that everyone should follow and the minimum standards for security. When documented properly, they become the foundation for security for the property.
These are the security systems, technologies and work practices that are used in our propoerties. Our alarm, CCTV, access control, keying and duress systems and the associated wires and devices that make them work. It extends to scheduled maintenance and test procedures to ensure they work properly day after day.
Security systems don’t have to be electronic. They can also be documented processes such as standard operating procedures, and service level agreements. They can detail what steps to take in the event that CCTV footage is required or explain how staff should leave in pairs after hours. They enforce the security related rules and regulations of a property.
People aside, let’s look at what would be considered security best practice for a commercial or industrial property in Australia today.
BEST PRACTICES IN SECURITY FOR 2016
1. Policies and Procedures
As we have touched on already, these set the expectations in relation to security standards for the property. They will typically comprise a series of documents that address security in one way or another and could include:
- Security management plans
- Staff employment contracts
- Open and close procedures
- Contractor induction procedures
- Service or supply agreements
- Security standing orders
- Exit interview processes
- Visitor management processes
- Emergency management plans
- Other security specific policies
The purpose of these documents is to ensure that people at every level understand exactly what the organisations expectations are of them. A business that has any sort of security focus will have some or all of these policies and procedures in place today.
The policies and procedures set the standards but it is the systems we implement that make them work:
a) ALARM SYSTEMS should be installed to provide coverage of all points of building entry, internal passageways and to rooms or offices that are accessible from outside.
Each zone should report individually and the system should have battery backup for at least 4 hours in the event of a power disruption. All staff should have unique user codes that are kept confidential.
b) ELECTRONIC ACCESS CONTROL should be installed to each point of building entry. It should provide access only during scheduled work times and should log and record all system events. It should also be used to separate work areas from common areas or any areas that are accessible to the public. Expand the systems to also include data or computer rooms and anywhere valuables or sensitive information is stored.
Access cards that are lost need to be reported and immediately disabled.
The use of electronic access control does not demonstrate mistrust, but good staff management. Security concerns aside, there are potentially Duty of Care considerations that also need to be managed. It is not in anyone’s interest to have staff on site outside of regular work hours without prior knowledge or authority.
c) CCTV should be used at the main points of entry to record visitor and staff movements. It’s almost impossible to provide blanket coverage of any building so the first priority needs to be on the high traffic areas. CCTV footage should be recorded at a minimum of 8 frames per second and archived securely for 30 days. Ideally, the CCTV storage will have redundancy in place so that if a hard drive fails, the data is not lost.
Considering the breadth of CCTV equipment available in the market today, they need to be application appropriate or there is a real risk of them not meeting expectations.
d) KEYING SYSTEMS need to be restricted, meaning that the keys will be unique to the building and copies are only provided with the appropriate written authority. Keys need to be properly secured when not in use and a system implemented that tracks who has access to a key and for how long. Every key should be able to be accounted for at a moment’s notice.
Poorly managed key systems can result in building-wide re-keying which can come at significant cost.
e) DATA INTEGRITY needs to be a focus for all business. Securely backing up your data each day is just as important as locking the front door each night. And if a single point of failure can hurt the business, then your systems need to be upgraded so that this is not the case.
f) A SECURITY MANAGEMENT PLAN should be in place so if your property does experience a security breach or any other serious incident, there is a plan in place to not only deal with it, but to recover from it.
e) ACCOUNTABILITY is about ensuring people are accountable for their actions by reinforcing what is expected at every level. This is achieved through the use of employment, visitor, contractor and supplier agreements that spell out the do’s and don’t’s of being on the premises.
f) ELIMINATE OPPORTUNITY wherever possible. People are prone to do silly things if opportunity presents itself. Deprive people of opportunity and much of the risk of loss will go with it.
This is what we would determine is best practice for security in 2016.
There are many other items that may need to be considered, but these would be the most commonly implemented.
If you are unsure exactly what you might need, I am only a phone call or email away.