1. Help is Available

School security cannot be managed in isolation and no principal can be expected to have the range of expertise and expanse of knowledge necessary to address the many aspects of security and emergency management. Don’t try to reinvent the proverbial wheel. Use other schools and agencies as resources; draw on reputable material available online, such as from www.edpubs.gov or www.ncpc.org; and invest in professional specialist advice from independent consultants (see Figure 27.1).

2. Security Means Different things to Different People

The term security is often interpreted in different ways. In the context of schools, security implies a stable, relatively predictable environment in which staff and students may pursue teaching and learning without disruption or harm, and without fear of disturbance or injury.¹ In essence, managing school security requires the implementation of a range of strategies to manage risks to five key areas:

1. People (staff, students, visitors, contractors, etc.)

2. Information and Data Protection (records, examinations, etc.)

3. Property (teaching resources, cash, equipment, etc.)

4. Activities (teaching and learning, extracurricular, fund raising, etc.)

5. Reputation (goodwill of staff, parents, community, etc.)

3. There are Two Essential Questions in Security Management

There are two fundamental questions that must be asked in determining the most appropriate strategies to reduce the security-related risks to the school and its population:

• What are we trying to protect? (the asset/resource)

• From whom are we trying to protect it? (the threat source)

Determining the appropriateness of security strategies to reduce or eliminate the risk depends on the answers to the first two questions, and two more:

• What are the objectives of the threat source? (e.g., steal for personal gain, escape undetected, attract media attention, for “entertainment,” satisfy malice or revenge, etc.)

• How might they set about achieving their objectives? (e.g., break into the library and steal the large-screen TV)

4. There is a Science to Understanding and Managing Risk

Security-related risks always comprise two elements; without either there is no risk:

(a) the likelihood the nominated risk event (or threat) will occur (e.g., theft of a data projector)

(b) the level of harm or consequences within a specific context (e.g., the seriousness of injury to staff, the amount of financial harm to the school, the level of damage to the school’s reputation, etc.)

The International Standards Organization (ISO) publishes standards that clearly define structured processes that should be used to understand risks, including security-related risks. Following the processes outlined in ISO 31010 and ISO 31000 provides a defensible and scientifically robust basis for risk management decisions. Using these standards effectively doesn’t have to be complex; it simply requires a structured and consistent approach (see Figure 27.2).

5. There are Many Dimensions to Consequences

The consequences of any particular risk event are always contextually based and multi-dimensional in character. For example, the consequences to a public school and its associated Department/Board in relation to theft of property are different—the school suffers the inconvenience of the loss of the item, but the Department/Board may need to meet the actual cost of the replacement. The nature of the harm suffered as a result of a risk event is dependent upon the nature of the event, but might include personal consequences (physical and/or psychological injury), direct and indirect financial loss, damage to reputation/goodwill, human resource impacts (e.g., attracting and retaining good staff), and potentially legal consequences associated with regulatory breaches or civil action.

6. There are Two Sides to Security Vulnerabilities

Vulnerabilities are those things that increase the likelihood that a risk will be realized, and/or increase the consequences should it be realized. For example, the lock on the external door to the art room may be faulty, making it easier for someone to break in and vandalize the room. Similarly, the absence of a policy with respect to staff challenging trespassers may lead to staff being at risk of assault or the school at risk of litigation for negligence.

7. Planning is Essential to Effective Security Risk Management

Schools cannot always control all of the security-related threats to which they may be exposed, but effective security planning is essential to reducing the likelihood of many foreseeable events, as well as reducing the consequences should a threat be realized. Start strategically and then drill down to the detail on critical issues first—a single piece of paper with the outline of a strategic plan may help avoid the most serious of consequences. Wherever possible, integrate security into operational plans, rather than having it as a separate consideration.

8. There are Key Considerations in Every School Security Management Plan

The range of security-related risks and strategies applicable to mitigating them will vary significantly, but there are several key considerations in every school. The underlying test that should be applied to every security strategy includes three basic questions: is it philosophically compatible with the school and the community it serves; is the strategy operationally appropriate and workable; and is the strategy fiscally responsible in the context of the risks being addressed? It is goes almost without saying that it also essential that the strategy be lawful. For example, locking a nominated fire exit path with a chain and padlock would not be legal in most jurisdictions. Some of the key strategies that might be considered include:

• Security site assessments

• Mass notification and communication strategies

• Perimeter security and surveillance

• Access control with campus lockdown

• Visitor management

• Physical security information management (PSIM) for entire districts

• Alarm monitoring of duress buttons

Other strategies that may be considered commonly within higher risk contexts include:

• Intercom/door release for identification of visitors

• Wireless duress pendants

• Driver’s license scanning and predator database verification for visitors

• Video monitoring and recording systems

• High-resolution IP digital video cameras

• Metal detectors

• Timed locking hardware

• Emergency call stations

• Visitor and access control auditing (via database)

9. Written Security Policies are Important, and Provide a Solid Foundation to Defending Litigation

Policies not only document the school’s position and requirements in relation to routine and extraordinary matters but also serve to guide important decision making. Developing and implementing effective security policies is a progressive process and starts with the first policy statement. Don’t wait until you have a comprehensive manual; every policy you complete puts you in a better position to effectively manage security-related risks, as well as consequential risks such as civil litigation. Keep the policy statements short and develop separate procedures applicable to the relevant stakeholders. For example, a general “security philosophy” policy statement might read:

Sample School is concerned about the safety and welfare of our staff, students, volunteers, visitors, and contractors, as well as the protection and preservation of property, equipment, information, and the reputation of our school. It is Sample School’s policy that all staff, students and their families, contractors, and visitors will be made aware of all security-related responsibilities and obligations relating to their school-related activities (on and off campus), and will discharge those responsibilities and obligations to the best of their abilities.

10. Security Procedures are Role Dependent

It is self-evident that the tasks to be performed by staff in an active shooter situation will be different from those of students. But even within the staff group, responsibilities will vary and it is important that clearly documented procedures be developed for all stakeholders who may be impacted by a given situation. Procedures facilitate the implementation of policy, so the policy statement (and those of related policies) should be the guiding reference for each procedure.

11. Related Procedures Should be Compiled into Instruction or Rules

Whether it is staff, students, contractors, or parents, stakeholders often have limited time and are subject to competing priorities. For any given task or event, there may be a number of security-related procedures and it may be useful to consolidate the key points into a set of instructions or rules, which are sometimes referred to as standing orders or standard operating procedures (SOPs). These instructions should also be reviewed whenever procedures are updated to ensure that they remain current.

12. Your School will have Some Policy and Procedure Differences from Other Schools

No matter how similar schools may seem, there will necessarily be differences in procedures, if not policies, related to specific security-related incidents and emergencies. However, there are certainly some areas that need to be addressed by all schools. These include:

• Bomb threats (see Figure 27.3)

• Fires

• Utility failures

• Severe weather

• Weapons

• Active shooter

• Assault

• Workplace violence

• Bullying

• Hostage situations

• Radiological and chemical incidents

13. Security Strategies Need to be Able to be Escalated and Deescalated in a Consistent Manner

The nature of security strategies appropriate for a school will be dependent upon a wide range of variables, but specifically the nature of the threats to which the school is exposed. For example, if there have been a series of thefts of property some additional security patrols may be implemented. But when is it appropriate to reduce them again? By having a hierarchy of security levels and standard procedures/actions applicable for different types of threat, decision making becomes much easier and defensible. A typical set of security levels might carry the following descriptors:

• Routine Security

• Enhanced Security

• Security Alert

• Incident Response

• Post-Incident Security

The levels and terms should be relevant for the school and incorporated into procedures and contracts as applicable.

14. Not everyone Needs to Know Everything About Your Security

Security plans, policies, and procedures are essential, but they detail requirements for many potentially serious situations. As such, they should be subject to qualified distribution. The term “need-to-know” should be applied with care and consideration. Certainly, putting all the school’s security policies and procedures on the Internet for anyone to access represents a serious vulnerability and must be avoided.

15. Policies and Procedures should be Reviewed Regularly and After Events

All security policies and procedures should be subject to regular review and updated to ensure that they remain current with operational, regulatory, and societal changes (e.g., every 2 years). Whenever a serious event occurs that requires security procedures to be followed, those procedures, the overarching policy, and all related policies and procedures, should all be subject to review, and updated as may be appropriate, to better meet security risk management objectives. All security-related policies should be reviewed whenever there is a change in senior management to ensure that they remain consistent with executive requirements for given situations.

16. It’s Ok to Make Assumptions as Long as they are Documented and Tested

Most security management strategies are based to some extent on assumptions. This only becomes a problem if the assumptions subsequently are proven to have been flawed and were not adequately tested before being accepted. Where assumptions are involved in security risk management in schools, it is important to explore whether the assumptions are valid under the range of conditions likely to be encountered and that these details are recorded. For example, a routine communication strategy may rely on email and two assumptions involved with this are that the recipients have timely access to their email and that there is network connectivity to send and receive the message.

17. Regular Drills are Important, but Desktop Exercises can be an Invaluable Insight for Difficult-to-Rehearse Scenarios

Schools regularly practice fire evacuations and lockdown drills, and necessarily these need to be based on fairly predictable scenarios. However, events can and do occur at the most difficult times or under less-than-ideal circumstances. While it might not be possible to do a physical drill that incorporates difficult conditions, it is important to have considered them, and engaging with other agencies and stakeholders to undertake desktop exercises can reveal important issues. Take, for example, an actual situation at a school where an active shooter caused a lockdown just at the end of class for the day. Police had roads blocked, with some parents at the school and others unable to reach the school. Some classes had been released and some were still in their rooms. How would your school handle this situation?

18. The Composition of Off-Campus Emergency Kits should be Reviewed Regularly and Kits Updated

It is important for a range of resources to be accessible by staff and emergency services personnel, should they not be able to be accessed on school property due to an incident. It is important that the kits be reviewed and updated regularly to ensure they remain current. Seek advice from your local emergency services and law-enforcement agencies about your situation, but an off-campus emergency kit might include:

• Crisis response team roster and contact information

• Emergency staff contact card

• Map of the school and floor plans, including locations of utilities, shut-off valves, and hazardous materials

• Aerial photos of the campus

• Maps of the surrounding neighborhood

• Emergency plans

• Designated command posts and staging areas

• Evacuation and reunification site details

• Keys and access control cards/tokens

• Operating procedures for key equipment and systems, such as sprinklers and alarms

• Broadcast notification strategy, including username and password, if applicable

• Transportation routes and contacts

• Student/teacher rosters and emergency data

• Roster of special needs students, including details of those with specific disabilities requiring consideration

• Yearbooks and student photos

• Checklists and forms

19. The Locations of Off-Campus Emergency Kits must be Known by, or Accessible to, Emergency Services Personnel and the School Management Team

Given the nature of the contents and need for timely access, the locations for off-campus emergency kits must be carefully chosen. It may be appropriate to have kits at different locations that may be more easily accessed after hours or during school hours. Having alternative locations that are known by emergency services personnel and the school management team is an important strategy in preparing for an emergency.

20. Security Awareness has Two Dimensions

Security awareness is the process through which stakeholders are made conscious of, and accept, their roles and responsibilities related to the management of security-related risks at the school. These two dimensions are equally important, in that it is relatively easy to tell someone that they have a role or responsibility, but getting them to accept and act on that information is a separate matter. It is crucial that as part of security awareness consideration is given to the skills and resources that may be required to discharge the assigned responsibilities. Like effective marking campaigns, a robust security awareness strategy will not only communicate the message to the target audience but also facilitate the outcomes and actions required.

21. You don’t Know what you don’t Know

It is vital to security management planning and security awareness in general that you develop strategies to consult with and seek input from staff, students, parents, and other stakeholders regarding their perceptions and experiences in relation to school security issues. Similarly, members of the same stakeholder group may need to be informed about things that might seem routine and trivial to those skilled in school security matters, but which may be outside the normal sphere of consideration for others.

22. Terminology is Important

Certain terms have special meaning in a security context, and a particular term may not be interpreted with the intended meaning by someone not routinely exposed to security risk management. It is important to use consistent terminology across the school and ideally between schools in the same region. Technical terms should be avoided and plain language adopted with concise simple explanations of meaning within the contexts in which the term might be expected to be used (see Figure 27.4).

23. Training goes Hand in Hand with Implementing Policies and Awareness

Whenever we ask someone to perform a task related to the management of security-related risks, we need to be confident that they are competent to do so. It is vitally important that schools provide the skills, knowledge, and resources to all those who need them to implement security-related policies. While the content will obviously be different, this is as applicable to students as it is to staff. When someone receives training, as opposed to static information, they are engaged with the subject matter and have the opportunity to better understand what is required of them in a given context.

24. Training Requirements for Administration, Teaching, and Maintenance Staff will Vary

Depending upon their roles in different scenarios, it will be necessary to provide specific training to different groups of staff. However, consideration should be given to ensure that all staff and selected volunteers are trained in key areas such as:

• Basic first aid and CPR/AED

• General school security issues and responses

• Fire drills and building evacuations

• Handling bomb threats

• Shelter-in-place (including active shooter and toxic spill initiations)

• Discipline and code of conduct processes

• Counter aggression and violence de-escalation techniques

25. Incident Reporting, Recording and Analysis are Different Things

Irrespective of regulatory requirements to do so, it is important that schools have simple and accessible means of receiving reports about security-related matters, as well as recording and analyzing information associated with the subject of the report. The initial reporting process should provide sufficient information to support any immediate action or response that may be required. These reports should then be recorded in a manner that allows the information to be recalled, reviewed, updated, and analyzed in the future. Any action taken, procedural changes or other matters arising from the report should also be recorded.

26. Reporting and Recording of Even Minor Matters of Note can be Important

Often, schools will receive reports about what appear to be minor matters and then don’t record them. Similarly, reporting of minor issues may not been seen as necessary by staff, students, or contractors because they feel that no action is required or would be taken. However, minor matters of note can be symptomatic of more serious issues and having historic and trend data can support more proactive risk management decisions. The process of reporting minor matters does not need to be as expansive as more serious incidents or observations, and should be as simple as possible to encourage reporting.

27. Providing Feedback to those Who Report Incidents and Observations Lets them Know that What they did was Worthwhile

It can be a difficult task to get people to report security-related incidents and observations, so when someone takes the trouble to make a report it is important to reinforce the value of their contribution. It doesn’t take much effort to provide follow-up feedback, which in many cases can be automated (e.g., incident is entered into a database and automatically sends an acknowledgment email). A phone call, even if it is to advise that nothing came of the report but to again express appreciation, can be a powerful motivator and even prompt the person to discuss security reporting with others.

28. Schools have Legal and Regulatory Reporting Obligations

As part of security and safety management planning, all schools should have a clear understanding of all legal and regulatory obligations. Maintain a list of the legislation, regulations, and agencies responsible and develop checklists to ensure that compliance requirements are being met.

29. Rewarding Individual Contributions to Security and Safety not Only Acknowledges that Person, but also Reinforces Security Awareness Across the School Community

Students, staff and members of the community like to be acknowledged and it is so easy to do. In some circumstances it might even seem a little trite, but imagine the broader value to a student receiving a certificate of recognition for a contribution to security or safety. Would they include it on their resume? Would a prospective employer take notice of such a certificate? Of course the answer is yes on both counts. Experience has shown that security and safety contributions can be made “cool” in even the most difficult of environments.

30. It is as Important to Document Awareness Communications, Training, and Drills, as it is to do so for Security-Related Incidents

It is a sad reality that serious and tragic incidents can and do happen in schools. Following such incidents it is not unusual for a school to face litigation, and the foundation of any defense will be documentation. Apart from the human resource management benefits of doing so, all security awareness communications and training provided to any stakeholder should be documented in a simple and consistent manner. This does not need to be complex, but should provide sufficient detail to interpret at a later date, who was responsible, what was done, who participated, and what (if any) follow-up action was taken.

31. Providing Staff and Bus Drivers with Specific Training on Handling and Defusing Aggressive Behavior can have Follow-up Benefits for the School

It should never be assumed that common sense is all you need to defuse bad behavior. There is a science to handling aggressive behavior and potentially volatile situations. Those likely to encounter aggression directed to themselves or those in their care need to be given the training and resources to deal with those situations. Not only does the school benefit directly from the mitigation of related risks, but there can be many follow-up benefits for the reputation of the school.

32. As Difficult as it is, Schools must be Conscious of and Effectively Manage Issues Relating to Child Custody, Domestic Violence, and Court Orders

Issues such as whether a parent can make decisions about their children’s school activities have access to records, collect the child from school, or have access to the child during school hours are not always as straightforward as they might initially seem. They can be made even more complex if a parent impacted by a court order is also a teacher or member of staff. It is important to develop very clear strategies for receiving, storing, and communicating to those that need to know information about child custody, domestic violence, and court orders. Such information is highly sensitive and subject to rapid change, making management even more challenging. Equally important are the policies and procedures to be followed in the event of incident.

33. Zero is an Easy Number to Remember as Far as Tolerance is Concerned

In retail security it is not uncommon to have a budget for losses through theft, and as one retail security manager put it, “if you set a budget of 3% you will achieve it every time.” Zero tolerance is a simple and realistic approach to many school security issues, but this does not mean that responses to incidents are not graduated, or that there are never any excuses or exigent circumstances that should be taken into account when managing events. Per the ASIS School Safety and Security Council, the term Zero Tolerance has been replaced by “Guidelines for Criminal Behavior” (see Chapter 26).

34. Emergency Services Personnel will Likely Appreciate the Opportunity to Train at Your School

Ideally, the first time that emergency services personnel set foot on your campus will not be during a serious incident. With due consideration to avoid creating concern for students or disruption to normal activities, engaging with emergency services agencies to use the campus for training has many benefits. Evidently the most obvious is that if emergency services personnel are familiar with the campus, this knowledge can save valuable time when time is a precious commodity. One school has taken to supporting the canine unit of their local police and erected signs stating that police dogs train on the campus after hours; this clearly has a deterrent value for anyone considering breaking into the school.

35. Emergency Services Access should be Arranged in Advance

In the event of an emergency out-of-school hours, emergency services personnel need to be able to access affected areas of the school in a timely manner. Ultimately if they need to, first responders will force entry, but it is a much better strategy for everyone concerned to have provided keys or access cards in advance of any incident. Special consideration should be given to perimeter access and areas where hazardous substances may be stored.

36. Emergency Contact Lists for School Personnel Need to be Maintained

In the event of an emergency after hours, getting in touch with the right people is not always as simple as it should be; staff go on vacation, roles change, and distribution of details to all that need to know is not always done in the most timely manner. Apart from ensuring that there is well-documented policy and procedures relating to maintaining the school’s emergency contacts, consideration may be given to using technology that simplifies the process of contacting the right staff. Some services offer the ability for contact details to be conveniently managed and simultaneous email and/or SMS text messages to be sent to on-call school personnel (see Figure 27.5).

37. Schools should Actively Look for Opportunities to Involve Students in Safety and Security Management

Security and safety risks must always be considered in the range of contexts within which they may arise, and it is therefore vital that student input be sought in planning for at least some of these risk events. Some schools have even introduced crime prevention into the curriculum and leveraged the power of experiential learning to benefit both the students and their learning environments (see Figure 27.6).

38. Fingerprints and Photographs can be Fun

While offenders don’t necessarily appreciate the process or the outcomes, it can be a lot of fun and have very real benefits as an exercise for elementary school children. Consider having law enforcement personnel come to the school to speak to the children about protective behaviors, and then work with the children to create a take-home artwork that incorporates the child’s fingerprints and photo. By using digital photos and scanned prints (and subject to privacy considerations in individual jurisdictions) the school could also retain a copy, should it ever be needed.

39. There are Important Roles for Law Enforcement Personnel in Schools

While the options and availability will vary across jurisdictions, there are many benefits to engaging sworn members of local law enforcement as part of the school. Creating positions such as a police school precinct officer or SRO supports direct involvement by law-enforcement personnel.

40. Defense-in-Depth is not Limited to Physical Layers of Protection

Defense-in-depth or security-in-depth is a concept familiar to most security professionals, where security strategies are organized in layers and protection of any asset is not reliant on any one strategy. Typically this will be discussed in terms of physical strategies, such as fencing, fabric of the building, doors, interior spaces, and so on. However, it is important to remember that the security-in-depth concept can, and should, be applied more broadly. In considering staff, bus drivers, and contractors as possible sources of threat, a security-in-depth approach might include pre-employment screening, policies and procedures, codes of conduct, supervision, and screening reviews.

41. Pre-employment Screening doesn’t Last Forever

While there are differences among jurisdictions, it is not uncommon for all staff, contractors, and even volunteers to be subject to criminal history screening before employment. However, it is equally as important to maintain routine updates of the standing of those who have been screened (see Figure 27.7).

42. There is always a Need for Induction Training and Ongoing Professional Development

Just because someone is qualified in a specific discipline doesn’t mean that they understand how to apply their knowledge and skills in the context of your school. Whether it is an SRO, external security contractor, or newly appointed emergency management coordinator, they all need to be supported in developing localized understanding and improving their capabilities to support their skills. When it comes to safety and security management, the return on the investment in professional development may never actually be seen, because it is a “great day at the office” when nothing happens.

43. Knowing your Neighbors and Actively Engaging with them Helps Reduce Possible Points of Friction and Potentially Builds Ownership and Care for the School

Those who live close to schools or on pedestrian routes taken by students can have varying perceptions about the school and its population. It is important to engage with the wider community and look for opportunities to work cooperatively for mutually beneficial outcomes, and in particular to develop a sense of engagement in the life of the school.

44. The Media can be a Valuable Resource as Well as a Potentially Dangerous Source of Threat

In emergencies and following major security incidents, there may be media interest in your school. The media can be of assistance in gaining public assistance, but they can also do significant damage to the reputation of the school if handled poorly. It is important for every school to develop media policies and procedures, and wherever possible limit contact through only one person. Media release templates for a variety of situations can be prepared in advance without the pressures present during incidents and then simply updated with relevant content prior to release.

45. Learn from the Experiences of others with the Media

In preparing media policies and procedures, identify the media outlets likely to cover stories related to security and safety at your school. Review media reports about security-related incidents in your area and try to understand what came across well and what was potentially an issue for the subject of the story. Talk to media advisors and other schools about their experiences and consider any lessons to be learned.

46. An Emergency Box can be Highly Valuable as a Classroom Project

There is enormous value in having a box with emergency resources in classrooms. By actively involving the classes and their teachers in preparing or updating these boxes, there is not only the direct benefit of ensuring the resources are available should they be needed, but there is an opportunity as well for students to understand their own roles and responsibilities in an emergency situation. Students might, for example, have direct input into the types of games and activity resources to be included.

47. In Preparing Emergency Plans and Resources, it is Important to Consider Staff, Students, and Visitors with Special Needs

Schools routinely serving students with special needs are obviously conscious of issues related to access and communication. However, there are people who may be within the school at any given time who may have special needs should an incident occur. Schools should take care to note, and be prepared to assist, students, visitors, and staff who may have special needs at any given time. One approach is to incorporate applicable questions as part of issuing visitor and contractor passes, and this can also operate as part of the security awareness strategy.

48. Having a Dedicated Phone for Emergency Services Communication can Save Time and Frustration During an Incident

In any emergency at a school, concerned parents will be seeking information and it is important that at least one phone line be available for outbound and inbound communication with emergency services agencies. Consideration should also be given to a dedicated cell phone that may be issued to an applicable staff member during an emergency.

49. There are International Standards that can be Followed for Advice on Crisis Management Teams and Incident Command Systems

In the USA the FEMA Incident Command System (ICS) is a standardized, on-scene, all-hazards incident management approach that:

• Allows for the integration of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure.

• Enables a coordinated response among various jurisdictions and functional agencies, both public and private.

• Establishes common processes for planning and managing resources. (see Figure 27.8)

50. More than One Family Reunification Site may be Needed

Emergencies, by their very nature, include factors that are unpredictable but foreseeable and it is for this reason that alternatives need to be built into crisis and security planning. Schools should consider working with other schools and community groups to support each other with establishing reunification sites. It will be important in an emergency to be able to quickly and clearly communicate details of the location (or locations) to parents and other stakeholders, so the use of codes to describe these locations should be avoided.

51. Information Events at Evacuation and Reunification Centers can be Valuable Opportunities to Engage with the School Community

Consideration should be given to showing stakeholders the locations that will be used for major evacuations and reunification. Incorporating these locations into related awareness and training programs can provide another layer of interest, as well as have practical value to orient families, staff, and even the media with specific areas that they may need to know in an emergency.

52. There are Ten Stages to Acute Traumatic Stress Management²

The goal is to stimulate adaptive coping mechanisms and stabilize more severe reactions among students. The ATSM stages are:

1. Assess for danger/safety for self and others

2. Consider the mechanism for injury

3. Evaluate the level of responsiveness

4. Address medical needs

5. Observe and identify

6. Connect with the individual

7. Ground the individual

8. Provide support

9. Normalize the response

10. Prepare for the future

53. No Two Schools are Identical, so Local Planning is Critical to Successfully Mitigating Risks

The second edition of the Guide for Preventing and Responding to School Violence³ presents different strategies and approaches for members of school communities to consider when creating safer learning environments. No two schools are exactly alike, so it is impossible to establish one plan that will work well in all schools (see Figure 27.9).

54. It is Vital to have Considered a Range of Internal Communication Options for Use During Emergencies, and that Everyone who Needs to Know Understands how and why Certain Options will be Used

There are no guarantees that public infrastructure-based communications will be available (or suitable) to use in emergencies; the term emergency covers such a wide range of situations. Cell phones are prolific and may be a good first choice for instant SMS text messaging in some circumstances. However, schools should consider alternative strategies, such as Wi-Fi-based instant messaging to smart phones using the school’s own infrastructure. Coded public address announcements and alert tones, radios, in-class intercoms and telephones, indicator lights, and other visual cues all have their place in emergency communications.

55. School Communities Comprise Talented Individuals with a Host of Skills and Expertise

Staff, parents, and neighbors all have lives and activities outside their standard interactions with the school. They can be an exceptionally rich resource to draw upon in the development of plans and implementation of risk management strategies. It is unlikely that they will know what is needed or even that they have something they can contribute. Consider building a resource list through simple surveys, but be careful not to scare them away.

56. Social Media can Seriously Impair or Facilitate Outcomes during an Incident

With so many of the school community now connected through social media, this means of communication must be actively considered by schools in the development of security policies and procedures. It is important for schools to actively monitor social media and respond to misinformation that can, in some situations, cause intense fear and potentially lead to accident or injury. Similarly, fears can be allayed early in incidents by using social media as part of a wider communication strategy. However, it is important that all communication is consistent and that those posting information through social media are aware of the accessibility and openness of this form of communication (see Figure 27.10).

57. Compromised Social Media Accounts can Cause Major Disruption

Schools should be aware that social media accounts can be hacked, resulting in anything from mischievous “Tweets” to dissemination of potentially harmful or disruptive misinformation. For example, the Associated Press Twitter account was hacked in April 2013, with the offender sending out a Tweet that there had been an “attack on the White House.” Schools should take steps to prepare for a social-media-related security incident; understand how they will identify and confirm an incident; what they will do to contain and eradicate the threat; and importantly, what steps will be necessary to recover and restore normal use of social media.

58. Privacy Markings and Caveats on Documents Facilitate Compliance with Information Security Requirements

Schools handle a variety of information that has different levels of sensitivity; however, the use of standard privacy markings and caveats to guide handling of that information is less common. In order to facilitate compliance and avoid accidental compromise of information, schools should adopt the practice of always assigning privacy markings to documents, and having clearly defined procedures for storing and transporting documents of differing classifications.

59. Following CPTED Guidelines can Contribute to the Prevention of Criminal Activity on School Campuses

Crime prevention through environmental design (CPTED) is a term that was coined in the early 1970s by Professor C. Ray Jeffrey, a criminologist from Florida State University. CPTED is a multidisciplinary approach to reducing crime through the effective design and use of space. In a school setting, the priority for CPTED is to support behavioral objectives within a given context, while at the same time limiting support for undesired behaviors, including crime.

Some CPTED-related considerations may include:

• Effective use of signage and natural access control to manage the flow of pedestrians

• Maintaining grounds to improve natural surveillance and perceptions of ownership/territorial reinforcement

• Managing the use of spaces to ensure that time or distance is used to separate potentially conflicting user groups (see Figure 27.11).

60. Loose Bricks, Rocks, and Construction Waste can cause Harm to People and Property

A loose brick might seem like a basic maintenance issue and not really a high-priority issue to repair, but apart from the aesthetics these items can be used as convenient weapons in spontaneous violence. Similarly, waste from construction is often not secured because the perception is that there is nothing of value (it is waste), but it frequently contains materials that can be used to facilitate vandalism, break into the school, or be used as a weapon.

61. Using Rocks can Serve Practical Purposes in Landscaping, but Care Needs to be Taken that they don’t become Weapons or Tools of Theft and Vandalism

Apart from providing an aesthetic element, rocks are frequently used in landscaping as ground-covers to support drainage and inhibit erosion; subject to size and positioning, they may also be used as a textural element to support natural access control on a campus, or simply as an attractive visual feature in landscape design. However, it is easy to see that having loose hand-sized rocks near the parking lot potentially increases the opportunity for them to be used as tools to gain entry to the vehicles or as weapons. Similarly, smaller stones can cause damage or serious injury, and need to be carefully considered. It is possible to use rocks and stones in landscaping with due consideration to these issues. For example, size selection, orientation, and companion strategies such as gabion (wire) cages and anchoring can be used to excellent effect to mitigate the risks that might otherwise arise from using rocks and stones in landscaping (see Figure 27.12).

62. Location Identification can Save Valuable Time and Improve Incident Analysis

The designs of school campuses vary significantly around the world, to a large extent influenced by weather conditions and cultural factors. For example, schools in Queensland, Australia comprise large open campuses with many separate buildings in what might appear to be a haphazard layout, whereas schools in Massachusetts tend to be compact “alphabet” configurations in “U-, O-, or H-shaped” buildings. Whatever the design, it is important to be able to describe areas and specific locations using consistent identifiers. The installation of prominent door numbers, corridor, and area signage, which is reflected on site plans and drawings, can be extremely valuable to emergency services personnel responding to an incident, and in more accurately recording the location of incidents such as theft.

63. Numbering and Labeling Car Parking Bays can Reduce Confusion and Improve Reporting

Having designated parking bays for specific purposes or identifiable zones, along with labeling each bay with a unique identifier, serves the purpose of reducing anonymity and making it far easier to accurately report observations, issues, and incidents. For example, if reports of theft of personal property from cars in a parking lot can be identified as being more prevalent in a specific bay, this information enables a more precise analysis of the factors that might be contributing to that location being targeted.

64. Lights don’t Prevent Crime, but they May Reduce the Opportunity for Some Types of Crime

In order for lighting to be an effective deterrent, the offender needs to perceive that illumination will increase the risk of being identified, caught, and punished for the crime being considered. Lighting is obviously a key factor in the operation of the CPTED principle of natural surveillance, but if there are no opportunities for natural surveillance and the area of the school is not used for night activity, it is important to consider whether or not the lighting itself may actually support criminal or undesired activity. Some alternatives to continuous after-hours illumination might include motion-activated lighting and infrared lighting to support CCTV.

65. The Type of Light Chosen for an Application can have Unintended Consequences

There is a wide variety of lamps used in school lighting, with energy efficiency, lamp replacement cost, and luminous efficacy being major considerations. One of the most cost-effective lighting sources in terms of running cost is low-pressure sodium (LPS). However, its monochromic yellow light has such poor color rendering that unless there are other sources of light in the space, complexions, clothing and vehicle colors are impossible to determine, enhancing anonymity for offenders. The hazardous nature of sodium also means that extreme care needs to be taken when it is time for disposal (see Figure 27.13).

66. Scheduled Maintenance on Lights Saves Money and Reduces Risks

All types of lamps have performance characteristics that include a standard life cycle. Many lights have a point in that life cycle where their performance starts to degrade, before eventually failing. Understanding these life cycles and scheduling routine replacement of lamps at the optimum time before the light actually fails is the most cost-effective approach. If the objective of lighting is to illuminate a given space, it makes no sense at all to wait until all the lamps in a given area have failed before bringing in the electrician to replace them, or wasting money by replacing them one at a time as they fail. (NB: Lumen output does not degrade with age for incandescent, LPS, or LED lights, but they all have standard life expectancy.)

67. Horticultural Maintenance is Important for Natural Surveillance, as Well as Perceptions of Safety

Inherent within the CPTED concept of natural surveillance is visual permeability through landscaping and planting. There can be a considerable difference between winter and summer foliage and it is important to maintain vegetation with a general rule that shrubs should be spaced or trimmed to no higher than 3′ (900 mm) to prevent them from being used for concealment. Similarly, tree branches should generally be no lower than 8′ (2400 mm), so that visual access is not impeded.

68. Challenging Unknown Persons on Campus Requires an Ability to Know who Belongs

It is all well and good to require visitors and contractors to wear temporary ID passes, but it is a flawed strategy if all anyone has to do to blend in is remove the badge. It is important to develop a comprehensive approach to identification and challenging unknown persons, including safety and reporting protocols.

69. Signage Helps Reduce Confusion and Spot Potential Intruders

Schools should ensure that signage is located at transition and decision points around campus, with clear directions to the administration offices and spaces used for after-hours activities. Whenever there is scope for confusion, this can be exploited by offenders to create crime opportunities and also to develop excuses for being in unauthorized locations.

70. Signage can be Reinforced with Trail Markers

It is important that from their point of arrival visitors are oriented as to where to go and what is expected of them. An extremely simple and effective strategy is to use colored lines of footprints on the pavement leading from arrival zones to the visitor entrance. This not only helps the visitor, but also makes it easier to spot potential intruders who stray off the trail.

71. Electronic Access Control doesn’t Always Equal Improved Security

On the surface it may seem that adding electronic access control to a door will increase security. However, care needs to be taken in the selection of electric locking hardware and routing of cables or the addition of the technology may actually introduce vulnerabilities. Seek expert independent advice and ask questions about how the new access control solution could be defeated.

72. There is a Difference between Access Control and Access Prohibition

Fences can range from little more than a symbolic definition of a border through to hardened structures designed to physically prevent access under most foreseeable circumstances. When you are defining requirements for access at any point around the perimeter of the school, the question needs to be asked as to whether it is access “control” or “prohibition” that is required, and under what circumstances. Apart from cost, there will be philosophical and operational considerations to take into account. As with most aspects of security risk management, defining and understanding objectives are key to informing sound decision making.

73. The LED (indicator light) on a Movement Detector can be Used by an Offender to Establish Vulnerabilities

The “walk test” indicator on intruder alarm detectors should be disabled after the optimum detection pattern has been established and checked. Some schools have seen lines actually drawn on the floor, indicating where it is safe to walk without triggering the detector.

74. Testing Intruder Alarm Systems should Include Verification that the Correct Zones are Being Displayed

Regular intruder alarm maintenance is important and this should include testing all the detectors, but not just that the LED goes on and off as you walk across the classroom. The alarms should be set and the alarm tested all the way back to the monitoring room, ensuring that the location reported by the alarm system matches the actual location on site. It is not uncommon for a detector to appear to be working, but the alarm signal not even reaching the panel due to a wiring change or fault. Similarly, changes in room designation and expansion of alarm systems can lead to alarm lists getting out of date, which can potentially lead to the alarm response being sent to the wrong location.

75. There are Three Broad Objectives for CCTV Cameras, and it is Important to Know what it is you Want

International standards for CCTV define the objectives for cameras, in increasing order of detail, as:

1. Detection (of a person or activity)

2. Recognition (of a person or activity)

3. Identification (of a person).

While ultra-high-resolution CCTV cameras can satisfy multiple objectives, the majority cannot deliver what you see on television crime shows. Understand what you need the camera to do and then get reliable professional advice on camera, lens, housing, and recording selection.

76. Video from School CCTV Cameras May be able to Be Accessed or Even Compromised by Offenders

Networked CCTV systems and Internet protocol (IP) cameras provide the possibility that staff can view areas of the school remotely to check on any number of security and operational matters. In an attempt to instill confidence and openness, some schools even promote use of remote viewing of cameras by parents. However, the security around IP cameras is often very poorly managed, with default usernames and passwords often left in place. When using networked CCTV systems, it is important for schools to consider the security of the system itself and ensure that policies, procedures, and technical strategies are developed and implemented to address potential vulnerabilities.

77. The Time and Date on CCTV Systems should be Checked

An often-missed element of CCTV maintenance is checking and adjusting the time and date on systems. While it might seem like a minor issue, it can be misleading for an investigation and can make a big difference if the footage needs to be used in evidence. A good practice to adopt when exporting or saving video is to check the current time and date against a known good source and note any anomalies, just in case an offset needs to be applied. A better practice is to regularly check, and adjust if necessary, the time and date for the system to accurately reflect the correct time. It is also important to consider daylight savings adjustments, where applicable, and to log for later reference any changes made to system time and date.

78. Documented Specifications, or At Least Well-Defined Briefs, should be Prepared for any Works Involving Security-Related Systems

All too frequently schools describe works to be done and are left disappointed when the outcomes are not as they expected. The costs of developing comprehensive documentation to support works related to security are routinely offset by the savings in management of the contractors and prospects of having to apply change-orders/contract variations.

79. Any Work on Security-Related Systems should be Commissioned by a Member of Staff or Suitably Qualified Consultant

Like almost any trade, unfortunately some security integrators and contractors fail to deliver on what may have been contractually required of them. It is important that someone with knowledge of the works check to ensure that they have been completed to the standard required, and document and communicate any defects that may be found. While consultants add cost, their specialist knowledge and familiarity with systems often mean that traps and pitfalls are avoided, and that the school gets the optimal return on its investment.

80. All Routine and Breakdown Maintenance on Security-Related Systems should be Logged

Apart from warranty and contract management requirements, logging maintenance can be invaluable in defending litigation that may arise from the failure of a security-related system. The historic logs and records provide a defensible basis for decisions and support analysis against metrics from other systems.

81. It is Necessary to Clearly Define Requirements for Security Patrols and Alarm Response

It might be assumed that security contractors know what they are doing and don’t need the school telling them what they should do in any given circumstances. However, the actions of security officers undertaking patrols or responding to alarms should be totally in line with the school’s philosophical position and operational requirements. The actions or inactions of security personal can lead to a range of consequential risks for the school and, as such, it is vital that the school clearly define the requirements to be incorporated into procedures and standing orders for security staff.

82. Core Factors Relating to Contract Compliance are not Key Performance Indicators

In monitoring contractual obligations for security, all too often schools confuse key performance indicators (KPI) with what are really basic contract compliance factors. The number of times officers have staffed a particular post that forms part of the contract is not a KPI, but the level of absenteeism and staff turnover could be used as KPIs.

83. Having Clearly Defined Objectives for Security-Related Systems can Save Money and Avoid Disappointment

Richard P. Grassie, CPP, noted that all security-related systems deliver on one or more of the following broad objectives⁴:

• Prevent something from happening.

• Control something that is happening, or is about to happen.

• Detect something that is happening.

• Intervene in something that is happening or has happened.

These strategic objectives for security-related systems can then be overlaid with more specific objectives. For example, is the objective for a given CCTV camera to detect someone in an area, or identify an intruder? The latter requires a great deal of image detail with the focus being to gain a clear image of the person’s face, whereas the use of a camera to detect movement in an area requires a suitable field of view to generate situational awareness. Two very different objectives that may require separate cameras if both objectives are to be delivered, or a high-end megapixel camera may be able to deliver on both requirements.

84. Exit Interviews should be Conducted with Staff and Longer-Term Contractors Leaving the School

A structured exit interview process is important to ensure that staff and contractors have an opportunity to provide relevant feedback and also for the school to reinforce confidentiality policies. A basic checklist can ensure that all applicable topics are covered, and keys, identification cards, access cards, and other security-related items are recovered. The last element of the checklist should nominate disabling any system access credentials previously used by the person, as well as changing safe combinations or common codes that the person may have used during their time at the school.

85. Property Marking and Asset Management is a Good Investment, if you Choose the Right Strategies

There is a range of options when it comes to directly protecting school property from loss or theft. Probably the most common is simple property marking, where the school’s name is engraved on the asset. The research about the deterrent value of indelible property marking is very clear, in that if an offender wants to sell the item, having to obscure the details of the rightful owner and the potential of being caught with identifiable property makes these assets far less attractive to steal. Schools have to balance the time and cost of property marking with the likelihood of loss and costs should it occur. With valuable assets being much more portable, indelible property marking techniques can also serve as an important lost property recovery tool, as well as being transferrable if the asset is sold (see Figure 27.14).

86. Radio-Frequency Identification can Enhance Asset Management

Electronic article surveillance systems are most commonly used in school libraries as a security strategy, with it being a logical step to move to individual radio-frequency identification (RFID) tags to further leverage what is effectively the same technology. RFID for asset management effectively comes in three categories:

• Passive tags with mobile readers

• Passive tags with fixed readers

• Active tags with fixed readers

The major advantage of RFID over conventional barcode asset management systems is the speed of reading the tag. The characteristics of the material on which the tag is applied, difficulty in marking small items, and potential confusion created by reading assets on the other side of a wall are all considerations. Notwithstanding these issues, RFID can provide significant benefits for schools in managing their assets, provided that it is understood that one size does not fit all and a combination of technologies may be required.

87. Covert Asset Identification has a Place, but does have Limitations

Covert asset identification strategies are to some extent similar to CCTV recording in that they provide evidence after the fact to support investigations and prosecutions. If an offender perceives that the advertised presence of the technology increases the likelihood of being caught and adversely impacted by punishment they may act as a deterrent, but this is highly context sensitive and nowhere nearly as effective as overt and indelible property marking. However, the size and characteristics of some assets are not suited for property marking techniques, making these covert strategies an important consideration. However, it needs to be recognized that a range of property marked with the same batch of these materials will be permanently identifiable as belonging to the same registered owner, which may be a consideration should they need to be sold or repurposed in the future.

88. The Most Commonly Exploited Vulnerability in Schools is Poor Key Control

Locks and keys are a central element in any physical security program, but all too often poor key control leads to unauthorized access. There are many technological solutions available to assist with managing key issue and return, but the most important strategy is effective policy and procedures around the issue and timely recovery of keys.

89. Electromagnetic Locks Need to be Maintained

While electromagnetic locks have no internal moving parts, the security they provide is directly related to the bonding force between the armature (the metal plate on the door) and the electromagnet (the larger component on the door frame). Because the materials involved are ferrous, oxidation on the surface reduces holding force and needs to be removed. The surfaces of the electromagnet and armature also need to be checked for the presence of tape and the like, which can be placed there to deliberately reduce the strength of the magnetic force and facilitate unauthorized entry. The armature should also be ‘floating’ to allow it to align with the face of the electromagnet; if it is rigidly mounted on the door, it is likely that misalignment will also reduce the holding force.

90. Rapid Removal of Graffiti Reduces the Likelihood of Being Retargeted

Research shows that while it can initially be costly and require perseverance, in the long term the removal of graffiti within 24 hours is the key to lowering the frequency of a space being retargeted. The science behind the concept can be attributed to a mix of crime prevention theories, including situational crime prevention, CPTED territorial reinforcement, and to a lesser extent an extrapolation of the broken windows theory.

91. Orienting Administration Work Positions can Enhance Natural Surveillance

It is somewhat self-evident that people seated at desks facing walls are limited in what they may observe. Orienting work spaces to provide opportunities to see people moving or loitering in key areas of the school can greatly enhance responsiveness to potentially problematic situations, as well as delivering improved operational outcomes.

92. Convex Mirrors in Hallways and Stairwells have Multiple Benefits

Convex mirrors installed in hallways or stairwells provide a number of safety and security benefits, provided that they are installed correctly and lighting conditions are taken into account. The primary purpose of the convex mirror is to provide a way of seeing around corners, which can assist those approaching the corner to detect and avoid potential conflict with others moving in the opposite direction. They can also provide the opportunity to enhance general surveillance and the increase the perception of natural surveillance, impacting on a potential offender’s perception of the risk of detection and opportunity for concealment.

93. Managing Bus Loading and Unloading Enhances Safety and Reduces Provocations

Having teaching staff assigned to the bus loading and unloading zone pay particular attention to maintaining order not only enhances safety around large vehicles but also reduces frustration and potential provocations that can lead to violence. Dispersing groups of students after arrival before allowing a new group to unload reduces the opportunity for conflict.

94. Having Designated Bus Queuing Areas in General Proximity of the Loading/Unloading Zone Enhances Efficiency and Safety

It may be necessary to consider changing the allocation of roadways and parking areas to achieve optimum efficiency and safety. It is worth taking advice from transport planners to see what options you may have available at your school.

95. Teachers Supervising Student Collection Zones Need to Be Aware of Special Needs Students and Students with Adverse Family Situations

Schools need to ensure that staff allocated to supervising the collection of students by parents are fully informed and aware of any issues likely to increase the risk of harm to students or the staff themselves. While privacy is a clear consideration, staff must be aware of the potential for conflict arising from custody disputes and domestic violence.

96. Courts have Held that Schools have a Responsibility to Act on Off-Campus Threats

Just because a threat is not made on school property or as part of an off-campus supervised activity does not mean that schools are powerless to act. One case in the State of Nevada held that threatening instant messages sent by a student represented a “real risk of significant disruption to school activities and interfered with the rights of other students,” and the school was right to act in disciplining the student, without needing to wait for an actual event to take place⁵ (see Figure 27.15).

97. Third-Party Use of School Facilities can Reduce Crime Opportunities

There is a wide range of activities that can be supported within school facilities, which in and of themselves, reduce crime opportunity. Martial arts clubs, police youth programs, and community groups all need spaces to meet and can deliver a win-win outcome by using school facilities.

98. Scheduling Third-Party Activities in Different Areas of the School can Increase Crime Opportunities

Dependent upon the layout and design of the school, the scheduling of third-party activities can create conflict between user groups or increase the range of excuses for people being in unauthorized/unintended locations within the school. Care should be taken to separate potentially conflicting groups by time or distance and to schedule spaces that have easier and more direct access for those attending.

99. Security Strategies Need to be Reviewed Whenever there is a Higher Concentration of Attractive Assets

Schools frequently take delivery of assets during term break in order to prepare them for use. It is important to recognize that security strategies that may have been adequate to manage the risk/effort/reward ratios for prospective offenders with the previous asset mix may no longer be effective. Situational Crime Prevention theory and Rational Choice Perspective teach us that for a greater reward, offenders are prepared to go to more effort and accept higher levels of risk of being caught. Prior to taking delivery of new assets, consider where they will be stored, how knowledge of the presence of the assets will be minimized (e.g., don’t put all the new boxes out the front of the school for recycling), and what additional security may be needed until individual security strategies such as indelible property marking are applied.

100. There can be Opportunities to Integrate Risk Management Strategies into the Curriculum

The traditional responses to security-related risks will always have a role to play, but schools should consider innovative approaches that link with the curriculum. For example, a school in Australia that was having trouble with people from an adjacent residential area trespassing through the school grounds and causing vandalism sought to block their path by upgrading the fencing. This approach failed, even after several attempts and the costs of both the vandalism and repairs to fencing were escalating.

Looking at the topography and factors that supported the path of travel, the school developed a plan that incorporated students in a number of different areas of the curriculum to build a wetland area inside the fence boundary at the primary point of entry. The school recognized that just building a wet area to disrupt the path would not be enough, and they needed to support the required behavior of walking around the school perimeter.

The adjacent parkland provided an opportunity to build a pathway to connect the road with the existing informal track used by the trespassers, so the first stage of the plan involved making a better way to get from Point A to Point B. Once this was in place, the construction of the key elements of the wetland area to make it unsuitable for pedestrian access was done in 1 day. The result was an outstanding success and an excellent example of CPTED and situational crime prevention principles working together to support desired behaviors, while inhibiting undesired behaviors (see Figure 27.16).