Chapter 11

You Get What You Pay For (Or When Free Is Not Really Free)

Commentary and Insight on Free Security Consulting Services for Schools

Frank J. Davies, CHS-IV, CIPS, CVI    President, Aella Consulting Group, Inc.

Gregory Bernardo, CHS-IV, CDT, CVI    Vice president, Aella Consulting Group, Inc.

Abstract

This chapter explains how people and organizations may offer “free” services to schools but may misrepresent their intentions. Some persons may not be qualified to provide comprehensive assessment services. The chapter provides readers with a perspective on how schools might be considered liable for harm if they rely on unqualified consultants for school security.

Keywords

Assessment

Budget

Clery Act

Consultants

FEMA

Liability

References

Salesperson

Subject matter expert

The Need to do Something

Every time there is an incident that reaches national attention, school officials predictably receive numerous inquiries from a lot of people calling themselves experts or consultants. Often, these school officials are pressured by a moral or political need to do something. The immediacy of this pressure may cause normally responsible individuals to fall victim to predatory practices.

“Free” Consulting Services Trap

One of the most common predatory practices occurs when self-proclaimed consultants offer free services that are simply veiled attempts to prey on responsible individuals who feel a need to do something.

Free or no-cost services (such as security assessments) are typically offered by product manufacturers and product installers (sometimes referred to as integrators). This practice should always be suspected because the primary purpose for these companies is to sell a specific product or service. Pressure to purchase products and services may appear as an unspoken expectation, or the salesman may directly pressure the end user due to “all the free work I [salesman] have done for you.” In many cases, the individuals performing the free service will focus on the areas which their product or service fits, leaving other important areas unaddressed or exposed.

Qualified or Unqualified?

Another example of free services as a loss leader comes from unqualified and self-proclaimed consultants. In many states, consultants are not required to have a license. In those states, it is your responsibility to perform due diligence and determine if consultants are relevant, current, and qualified for the subject matter on which they profess to be an expert.

The recent economic conditions found many people out of work and forced many others to consider their job security. Having worked in a particular facet of the security industry for a while, some of these individuals may have felt they had the expertise to become a consultant and risk the $50 to file a Doing Business As (DBA) form at the local county clerk or $150 to form an LLC.

However, many of these individuals have worked in only one facet of the industry and are limited in their subject matter expertise and training. For example, a salesperson for a national security provider that specializes in residential security technology likely has no experience in fire systems, mass notification, active shooter, FEMA Incident Command System, and the myriad other priorities of a school or district.

Likewise, individuals from law enforcement often have a myopic view that is focused on response. While law enforcement performs this function well, generally, law enforcement personnel do not have expertise in application of technology or proactive actions.

Reality—You Get What You Pay For

Truly independent consultants, who make a living solely on consulting, do so based on their subject matter expertise. They will promote their areas of expertise and have certifications or can offer proof of their relevance in the areas that your school needs to address. Generally, a team with complementary disciplines is required to provide a holistic solution. Typically, independent consultants can only afford to do a small amount of discounted work because they have hard overhead costs such as errors and omissions insurance, which protect both the consultant and the client.

By accepting and receiving free services, you may be leaving yourself open to liability if something should happen at your facility. Consider the potential liability for this scenario:

A salesperson wants to increase sales of his or her security cameras. He has sold security cameras for many years and offers to perform security assessments to schools as a loss leader (namely his or her time). Surprise! The report recommends installing security cameras, citing a potential reduction of criminal incidents (i.e., presence of cameras as a deterrent and availability of recorded video as prosecutor forensic evidence).

Subsequently, the school spends their entire security budget and borrows additional money through a bond to install the video system.

Sometime later, the school learns about undisclosed ongoing maintenance costs (such as camera failures, maintenance for video recording servers, and annual software license fees). The school is forced to scramble to shoehorn as much of these unexpected costs as possible into an already tight school budget. As a result, the system is not fully maintained and some cameras go offline for extended periods.

Sustainable Design

If equipment and systems (such as security cameras, two-way radios, panic buttons, visitor management systems, access control, etc.) are included in the mitigation strategy, these technical components need to be incorporated into school policies and procedures, and sustainable maintenance programs need to be developed to keep the systems updated and functioning.

This creates a new liability for the school because staff, students, and parents now have a false expectation of security and safety in the affected areas.

Should the school inform the populace about the unprotected areas and subsequently alert would-be criminals? Should the school remove cameras from the affected areas? This would have the same result, in that criminals would know the area is unprotected. A more acceptable solution would be to provide security personnel in that area.

In another example, at the same school, a noncustodial parent enters the school and kidnaps their child. This scenario plays out at schools nationwide and sometimes results in life-threatening situations. However, the security camera salesperson’s security assessment report did not consider this situation because his primary expertise is myopic to a specific niche of the security industry.

To cover this scenario, the school needs to address how to help stop this type of incident from occurring and how to respond if it does. For example, one way to help prevent a noncustodial kidnapping could be to force all visitors through a single entry and confirm identity with a visitor management system tied to state and federal records system (CORI). Another facet may be to construct a secure entry where the visitor is not allowed to access any larger areas. Cameras can be a part of the check-in process and also be used in response to an incident if they are placed with both considerations in mind. Each of these areas requires specific expertise and disciplines. Schools need to build a team that covers a holistic approach to securing the school, its personnel, and students.

Liability

In the court cases we have reviewed, liability surrounding the expectation of safety was determined by answering “Was the criminal act sufficiently foreseeable to give rise to a duty?”1

The term foreseeable is generally a major point of debate2 in lawsuits and relies on a combination of criminal activity statistics for the type of facility, demographics for the location, incidents of local criminal activity,3 and other criteria. In a higher-education environment, the Clery Act helps to ensure that criminal incidents are accurately reported. K-12 institutions are not bound by the Clery Act, so criminal statistics are less accurate for those facilities and other sources are relied upon.

In a case tried in the District of Columbia in 1995 involving a teenage girl who was shot while trying to leave a cheerleading competition, the court found that the victim was entitled to a heightened duty of protection because she was a young child attending an event at a public school, over which the District of Columbia exercised custodial care; who was “particularly vulnerable to the conduct that befell her”; and was “taken from a place that we would expect to be a safe haven.”4

By using the wrong resources, schools often fail to address the wide range of known security and safety concerns and create more liabilities than they started with. In the example of the salesperson offering a free assessment, the security salesperson has little, if any, liability because the school relied on his myopic security assessment. The school and the decision maker who relied on this free assessment will be scrutinized and potentially held liable.

The Right Way

Truly effective security at our children’s schools requires a holistic approach that is not provided by the usual loss leader giveaway services. FEMA describes its five missions that make up a holistic approach: Prevention, Protection, Mitigation, Response, and Recovery. School security requires consideration of a broad range of security risks that are specific to the school, the environment, and demographics.

Assessment

The starting place for school security planning is a comprehensive risk and vulnerability assessment. This assessment needs to identify not only the physical issues that an equipment-centric salesperson would focus on but also any defects with existing policies, procedures, and plans.

Every facility has a unique layout, purpose of use, and populace which results in a unique list of risks and vulnerabilities.

Mitigation Strategy

Once the risks have been identified, weighted, and prioritized, a mitigation strategy can be developed. The mitigation strategy should incorporate existing guidelines, best practices, and well-refined policies, procedures, and plans specific to the school environment.

There is no magic bullet that will make all the risks go away. Installing cameras does not mean theft and violence will suddenly cease. There are many established best practices, but each one is a starting point that needs to be tailored to the school.

Often, several disciplines are needed to comprehensively address a particular vulnerability. One example restricts access to the interior of the school through a combination of procedural and policy changes, application of crime prevention through environmental design (CPTED),5 and the introduction of technologies to restrict access and automated positive identification and Criminal Offender Record Information (CORI) inquiry.

Similar to chess strategy, developing a mitigation strategy requires consideration of several steps beyond the obvious starting points. For example:

 In some high-risk environments, a mitigation plan may recommend the installation of magnetometers to screen students and visitors for weapons. The addition of magnetometers will create queue lines that impede the students entering the school each morning. Issues relating to American with Disabilities Act (ADA) compliance and secondary (possibly invasive) searches will need to be addressed.

 School mitigation plans should include provisions for training exercises that help the school deal with unfolding events (such as active shooter) and what should happen after an event. Training sources and coordination with law enforcement will need to be addressed.

Lastly, all risk assessments and mitigation strategies need to be updated on a regular basis. This is a cost of time and money that needs to be considered and planned for as well.

Still Considering So-Called Free Services?

No matter how well intentioned the individual offering a free service is, the old adages hold true: “You get what you pay for,” and “Nothing is truly free.”

Ask Why

Understand the motivation and purpose for offering a “free” service. Is it because they live in the district? Do they have children in that school? Do they make a commission for promoting a product or company?

ConsultantRegistry.Org (a free consultant directory and resource used by security professionals) recommends that you choose a consultant who does not have a vested stake in selling you a product.

Check References and Relevance

Do they have the credentials and experience necessary to perform the work they are offering (FEMA, DHS, American Board for Certification in Homeland Security, ASIS International, etc.)?

If they are promoting technology solutions, do they attend trade shows and product training so they are knowledgeable about the best solutions available? Do they have experience and current references to back up their claims of expertise?

Do they carry errors and omissions insurance? If not, they are probably not qualified to give advice.

Importance of Protecting Your Information

Regardless of the cost of the service, during the assessment, you are giving someone privileged access to your facility, policies, and procedures. In the early part of discussions and contract negotiation, there should be a nondisclosure agreement (NDA) that is signed by the individual you are working with and an officer of the company they work for.

In March 2013, National Union Fire Insurance filed suit against ADT Security Services, Inc. claiming that unique and confidential information in the care of ADT was used by parties to evade and bypass security equipment and monitoring services at locations in Florida, Texas, and Illinois.

If you progress, your contract should specifically spell out the acceptable use and storage of sensitive information and include a requirement for written permission prior to sharing any information with outside parties.

Author’s Recommendations

A security program that achieves all of your objectives requires a team or partnership. In the educational environment, we suggest at minimum a team with at least one representative from:

 the district and/or school administration,

 local police authority,

 local fire authority and EMS,

 internal security, and

 the information technology (IT) department.

Notice we suggest a team, not a committee. If the group considers itself a committee, it is sometimes difficult to accomplish the required tasks to achieve the desired goals. However, a team conveys common, combined goals and strategies to effectively and decisively deal with this focused issue. It is essential that the team be selected with sufficient knowledge of the institution(s) and the issues so that they can aggressively pursue sources of information. Many of these team members should be the keepers or custodians of the finished product(s).

Your team will need to formulate a plan with the individual components required to implement an effective security and safety solution. Where your team may include some truly motivated individuals, team meetings should be the primary forum for far-reaching decisions regarding assessments, planning, equipment evaluation, preparation of offerings, and any other items dealing with the overall security and safety of the institution(s).

Managing all of the aspects of the security process can appear to be a daunting task. There are so many variables to understand and deal with to give definition, operational guidelines, and compliance to a well-developed security and safety program. This is amplified by all of the different and varying circumstances found within our schools.

There are many FEMA training programs with certifications. These FEMA programs identify standards for incident management and describe responsibilities that school officials should be aware of and plan for (see FEMA: NIMS and ICS6). Many of these FEMA programs are free and should be part of minimum credentials for someone to offer advice on school security.

Your team may initially need some professional help, but use it for areas of your team’s specific weaknesses, to supplement your team, or for specific tasks. Ultimately, your team remains to take ownership and responsibility for the results.

When hiring professional help, make sure that you hire for your specific area of need and check to ensure that the professional has the appropriate and necessary qualifications for the task you assign to them.

Sometimes schools need help in getting started with this task and need help to define goals and objectives; this is a valid reason to hire a professional security consultant. Another valid reason to hire a professional is to help with the constructs of a comprehensive and legally compliant and responsive plan; or conduct a full safety and security audit or assessment if it has not be done recently or your team does not possess the skills or knowledge.

Through our experience, we have found that a well-defined role or set of tasks performed by an outside professional will pay for the cost of the professional, sometimes many times over.

Please understand, we are not advocating turning this task over to an outsider; rather, utilizing qualified help where it is needed. In our experience, we have taken assignments to “correct” schools where free advice was taken or where a company or individual has offered incorrect, incomplete, or inadequate advice and information. In all cases, the cost to “correct” has far exceeded the cost to provide the right solutions or answers in the first place.

Therefore, we implore you to consider your actions when pressured by a moral or political need to do something. Please help to share that this is not just a task; rather, it is a task to be done right, well, and comprehensively. Take your time to lay the groundwork, select your internal team, and be highly selective of your professionals and the tasks they are assigned.

1 Board of Trustees of the University of the District of Columbia v. Gaciette DiSalvo (D.C. Court of Appeals 2009).

2 A US court describes a duty of protection in District of Columbia v. Doe, 524 A.2d 30 (D.C. 1987), “where a young student was abducted from inside of her elementary school classroom and raped by an unknown intruder” on the grounds that “crimes against persons in and around the school—an arson in the school and a robbery on the school’s playground; sexual assaults and other violent activity in the surrounding area; and deficient school security —the open rear gate, broken doors, malfunctioning intercom, and presence of adult males who freely roamed throughout the school” supported a finding that the particular criminal act was reasonably foreseeable.

3 Doe v. Dominion Bank, N.A., 295 U.S. App. D.C. 385, 388-89 (D.C. Cir. 1992) (finding a duty where awoman was raped on an unsecured vacant floor of a building where other criminal activity had occurred and tenants had specifically warned the landlord about the potential danger posed by the lack of security, vacant floors, and unauthorized persons in the building). Also, Novak v. Capital Mgmt. & Dev. Corp., 371 U.S. App. D.C. 526, 528 (D.C. Cir. 2006).

4 Bailey v. District of Columbia, 668 A.2d 817, 821 (D.C. 1995).

5 Crime Prevention Through Environmental Design (CPTED) is defined by the International CPTED Association “as a multi-disciplinary approach to deterring criminal behavior through environmental design. CPTED strategies rely upon the ability to influence offender decisions that precede criminal acts by affecting the built, social and administrative environment.”

6 FEMA provides training for schools, responders, and industry professionals for the National Incident Management System (NIMS) and the Incident Command System (ICS). These systems provide standards and procedures for responses in the time of incidents, local and national emergencies to insure a common operational environment.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset