Protocols are instructions to employees for conducting their day to day responsibilities and special instructions for handling security events. Protocols are “learned” but the need to create these instructions in writing is essential for consistent performance.
Protocols begins with the management team setting security policies then instructions sets are drafted to define actions on the part of employees for each situation. Once the documentation is complete, employees should be trained on these procedures and given refresher courses or seminars periodically.
Elements of Risk
Some of the common areas of concern are:
- Employee Identification
- Visitor Identification
- If visitors should be photographed
- Will visitors require an escort
- Will the visitor be permitted to drive a vehicle on company property
- Will the Response Team be required to search visitors or their vehicles for restricted items
- Access and egress control requirements
- Surveillance ( to identify and classify incidents)
- Response team
An SDS security consultant can help you decide the levels of acceptable risks for each of these security topics. We have been conducting security assessments for over 20 years and can bring to the project experience gained by studying organizations similar to yours.
Policies translate the abstract business values of the operation’s mission statement into practical terms to shape the behavior of personnel. The goal is for personnel performance to be consistent with the company’s mission statement and values. Properly designed policies will:
- Decrease staff uncertainties about acceptable practices
- Reduce stress and conflict among employees
- Decrease Ad hoc procedures and arbitrary decisions
- Increase the involvement of employees in decisions about the operations
- Improve the quality of business decision making within the company
A good security policy will:
- Promote the activities that safeguard the assets of the company
- Maintain compliance with applicable codes for the operation of the company
- Provide legal protection for company conduct
The usual steps in drafting policy include:
1. Examine institution’s mission and values and determine how they apply to the policy.
2. Agreement on general principles by all top management
3. Obtain copies of policies from other institutions or organizations
4. Delegate the policy writing to a subcommittee or a standing committee on policy.
5. Circulate the first draft for review.
6. Meet with affected managers to discuss questions about the policy and obtain approval
7. Revise the policy based on manager input.
8. Have legal counsel review and comment on the revised policy.
9. Revise the draft again based on additional input.
10. Follow the policy through organizational channels until approved
11. Conduct educational programs so that personnel understand and apply the policy
12. Evaluate the policy after it is in use and review and revise as needed.
Policy development committees need to understand that a policy is never finished. Even though management approves the policy, it can be improved over time. New situations, new threats and methods of mitigation will necessitate policy revisions.
If properly developed a contingency plan reduces risk by either increasing system effectiveness or reducing consequences. A properly developed contingency plan mitigates exposures should preventive measures fail.
In developing a contingency plan, determine:
- What can happen?
- How will we respond?
- Who will respond?
- What equipment do we need to respond?
While the emergencies may be similar, response protocols differ dependent on a client’s response organization, risk processes, local and other regulatory requirements, etc. An SDS contingency plan is designed to meet specific client needs, and the requirements of government and regulatory agencies.
Strategies for educating company staff about policies include:
- Include the affected staff members in the policy review and revision process
- Present cases in an educational format that highlights aspects of the policy
- Distribute summaries of the policy
- Include summaries of the policy in the company’s newsletter
- Provide copies of the policy in areas where references are needed
In most instances the security policies are developed after the company is in operation. SDS recommends 3 steps for training.
An SDS security consultant will organize drills and exercises to validate elements of the security contingency plan and responses. Our exercises are a rehearsal or simulation of an emergency, in which individuals demonstrate their knowledge of the tasks that would be expected of them in a real emergency.
SDS designs each exercise to foster discussions as participants participate in the drill and resolve problems based on the contingency plans. The exercise promotes group participation in the identification of problem areas and is an excellent format to help new security personnel become familiar with established or emerging concepts and/or plans, policies, procedures, systems and facilities.
Active shooters in or near your building is the worst scenario most people can imagine. The first few minutes of an active shooter occurrence are critical to the outcome of the incident. Coordinating responses with law enforcement SDS can develop a detailed active shooter response protocol that is unique to your facility. An SDS active shooter preparation is developed working closely with you security staff and management team to ensure your employees are as prepared as possible for the event.