4
Safety and Security Program Administration
Abstract
This chapter briefly looks at employer obligations to meet Occupational Safety and Health Administration workplace safety requirements. There is also a discussion on considerations for staffing an internal company guard force. Finally, there is a discussion on security measurements and metrics.
Keywords
Benchmarks; Employee safety; Internal security personnel; OSHA requirements; Privatized guards; Security administration; Security guard force; Security guards; Security measurements; Security metrics; Workplace conditions; Workplace hazardsIn this chapter, we will look at various administrative areas that are necessary in order to implement an organizational safety and security program. These areas include regulatory requirements for employee safety, considerations and issues in using an internal guard force, staffing your own security guard force section, and some security metrics and measurements to evaluate your program.
4.1. OSHA Employer Safety Requirements
There are many responsibilities that employers must fulfill to meet the Occupational Safety and Health Administration (OSHA) standards and the various safety and health requirements that are in place. We will not attempt to cover each and every item (as this would require a separate book!); however, the following list provides a short summary of many of the key employer responsibilities that your organization must ensure are accomplished to meet the primary concerns within the regulations.
• Provide a workplace free of serious recognized hazards that complies with issued standards, rules, and regulations.
• Conduct examinations of workplace conditions to ensure compliance with applicable OSHA standards.
• Provide for or ensure that employees have and use safe tools and equipment. Employers must also ensure that this equipment is properly maintained.
• Warn employees of potential hazards through the use of color codes, posters, labels, or signs.
• Establish, maintain, and communicate appropriate operating procedures so that employees are aware and can follow safety and health requirements.
• Provide safety training for employees.
• Provide medical examinations and training when required by OSHA standards.
• Inform employees of their rights and responsibilities by posting the OSHA poster (or state equivalent) in a prominent location within the workplace.
• Report to OSHA any fatal accidents, or accidents involving hospitalization of three or more employees, within the required time frame.
• Keep records of work-related injuries and illnesses and provide access to this log by employees and their representatives.
• Correct violations by the OSHA deadline set in citations and submit the required abatement verification documentation. In addition, post OSHA citations at or near the applicable work area until the violation has been corrected, or for three working days, whichever is longer.
Again, this list is not comprehensive but provides a sense of the employer’s responsibilities with regard to OSHA regulations and guidance. It is advisable that any safety and security procedures are reviewed against specific OSHA requirements on a frequent basis to ensure that your organization’s processes meet appropriate guidelines.
4.2. Considerations and Staffing for Security Guard Forces
A major decision for any organization as it expands and grows is whether to employ internal security guards or continue to rely solely on the protection offered by local law enforcement. In order to determine your company’s potential need to hire its own guards, you should consider the following factors:
• Size of the company
• Location that your company operates
• Requirements of the organization and facility
Normally, small companies need not worry about hiring an internal security guard force. This is due to the significant increase in payroll and overhead costs that will accompany an internal security guard force, especially when compared to a smaller current work force. An exception could occur, whereby a small organization may need to consider hiring their own guards; this situation may exist if your organization must protect extremely high-value resources that technology and procedures alone cannot adequately protect. If there is an exorbitant cost due to any loss or damage to these critical resources, a comparison may be useful to determine whether it is advisable to hire some security guards to provide the necessary degree of added protection. If you are unsure as to whether your organization should hire an internal security guard force, it is best to accomplish a detailed cost–benefit analysis to assist you in the decision.
Location also matters in determining the type of security force that needs to be employed. If your organization operates in a high-crime area or region that experiences relatively high threats, it may be advisable to consider security guards to provide either mobile patrols or fixed positions that are permanently located within your company’s premises. The presence of these personnel not only reduces various risks against your facility and critical resources but can also provide a level of comfort to your employees in relation to a safe and secure working environment.
The last factor in helping to decide whether to staff your own internal security guards considers the specific requirements of your company, employees, and the facility in which you operate. What type of business you conduct (e.g., corporate, retail, manufacturing, storage, etc.) can affect your decision as to whether or not to use an internal security guard force. This is based on the value and criticality of the resources that you wish to protect, the willingness and ability of your employees to accomplish some additional safety and security tasks over and above their normal duties, and the amount of risk that your organization can assume based on any potential incident. We have already covered the need for some organizations, based on the critical nature of their resources, to use internal security guards. Again, this would be necessary if the value or sensitivity of an organization’s resources is so great that no loss or damage could occur without significant repercussions to the overall business operations. If your organization has been able to promote security awareness among your employees, this can also have an effect on whether or not you may require an internal security guard force. In the case of an organization that has been able to promote an exceptional level of security awareness and all employees actively detect safety and security incidents, it is likely that these efforts either augment an internal security guard force so that you can lessen the number of security personnel or offset the need for internal guards entirely. The last area to consider when looking at hiring your own internal security guard force is the amount of risk that your organization can assume in the event of an incident. Some businesses cannot allow any type of safety or security incident to occur, no matter how insignificant, without some negative impact on their operations. Schools are a prime example of this, since even a minor incident such as an unauthorized visitor that poses no danger can create a newsworthy event and cast doubt on the school’s ability to protect its staff and students. If your organization cannot allow any type of incident to occur, it is advisable to look at having your own internal guard force. By considering your own organization’s needs based on the nature of your critical resources, the level of your own employees’ security awareness, and the acceptability of some risk that could result in the occurrence of some minor safety and security incidents, you can better determine your own need to hire security guards.
There are also several advantages and disadvantages to consider, should your organization look at having your own security force. The major advantage of having internal security guards is the ability of these personnel to make decisions and immediately act to mitigate any potential emergency before the occur. A security guard can see things that cameras cannot detect, and, as such, they can immediately investigate concerns and secure an area if there is a questionable issue. Another advantage of security guards is the visual deterrent that they provide; it is difficult for any modern technology to match the impact to potential attackers and even your own employees of an on-duty security guard. Even with these advantages, the disadvantages to a security guard force are significant. A significant disadvantage is that they are costly; either by hiring the personnel yourself or by contracting the guards out to a security provider, you will incur additional costs, which can include specific equipment (such as uniforms, radios, hand-cuffs, and weapons), security guard training, maintaining the proper qualifications, and insurance. Another disadvantage is the increase in workload for other sections within your organization. In many cases; maintaining the necessary certifications, ensuring that all qualifications are met, and providing required training for a security guard force are normally going to be more detailed than that of the average employee. There are many requirements that security personnel must meet, and these items must be continually maintained and tracked—a task that can become overwhelming for smaller organizations. The last, and possibly the most significant, disadvantage of having your own internal guard force is the potential liability issues associated with these types of employees. In the course of their duties, it is likely that security guards will conduct searches of personnel, checks and searches of areas, or apprehension of individuals. In the event that these personnel are armed, they have the added potential to become involved in situations involving their firearms. All of these incidents can create significant liability concerns for your organization; as a result, it is imperative, should you decide to use internal security guards, that your organization insure itself against this liability, which will further result in additional costs along with possible legal concerns.
Now that we have looked at the various considerations, along with the advantages and disadvantages of having your own internal guard force, we will look at security guard force requirements, both for individuals who fulfill these specific duties and also for your organization as an employer of these personnel.
4.2.1. Individual Security Guard Requirements
Requirements for security guards differ from state to state; however, there are some standard items that must be accomplished within most states. An individual working as a security guard must do the following:
• Accomplish the proper security guard registration for that state or region
• Complete a minimum amount of training, which normally includes proper apprehension and arrest procedures, use-of-force training, and search and seizures
• Accomplish and pass a background check, including fingerprinting and a criminal record check
4.2.2. Requirements for Employers Who Hire Security Guards
As is the case with individual personnel working as security guards, the requirements for employers who hire and utilize security guards differs from state to state. Again, there are similarities across many of the states in that the following issues must be accomplished prior to a business being allowed to hire and use security guards:
• Accomplish the necessary application process; many states require renewals of this application every one to three years
• Develop and accomplish a training program that includes submission of a detailed training syllabus to the approving state agency (this training program should include initial and ongoing training for all individual security guards [specific number of hours differs from state to state]; in addition, the training program should provide to personnel certificates of successful completion)
In the event that your organization is considering the use of security guards who will use firearms, there are even more requirements that must be accomplished to meet your state’s requirements.
• Develop a firearms qualification program and ensure that employees are properly trained in accordance with the program (this training should include periodic firearms qualification, use-of-force training, and firearms retention methods)
• Ensure that employees who pass the firearms qualification program are issued a qualification card (this card must be carried by the employee at all times while on duty)
• Possess liability insurance to protect the company in the event of injury, death, or damage to property
4.2.3. Determining Appropriate Security Guard Staffing
The last area that we will cover in regard to using an internal security guard force is the methodology used to determine how large the force should be for your organization. In order to determine the size of a security guard force, the mission and personnel duties must first be determined. The primary duty of typical security guard forces is to provide either static posts or mobile patrols (or a combination of these) within your company’s facility and property. These posts and patrols are meant to prevent loss, enable response to emergencies, provide assistance to your visitors and employees, and enforce regulations. Static posts will normally be positioned at locations to enforce access control requirements, whereas mobile patrols may be conducted by numerous methods to include foot patrols and the use of vehicles. These vehicles can include automobiles, all-wheel drive vehicles, and bicycles, depending on the size of your facility, along with the terrain and weather within your region.
Once you have looked at the factors that affect the size of a security guard force, the next step is to determine the number of posts that should be manned, along with the hours that a security guard should be on duty. A security guard post is one location or area of responsibility that is occupied by one security guard individual. These posts can be manned for a few hours (in the case of an entry control position that may only be open during high-traffic periods such as morning and afternoon rush hours), or they can be manned on a continuous 24-h, 7-day-a-week basis. To ensure that you have adequate numbers of personnel needed to fill the necessary number of posts for the designated number of hours per day, you will need to ensure that you have a sufficient number of personnel to account for the hours in a work week, vacations, sick days, and other factors that may preclude an individual from working. Table 4.1 shows the standard number of employees required to properly man a variety of different hours for a given security post while taking into account standard absences.
Now that we have provided the basic information on manning considerations for a security guard force, we will illustrate this using an example. We want to determine the necessary number of security guards for our hypothetical organization, XYZ Corporation, at its corporate headquarters location. XYZ Corporation’s main headquarters facility is a large office building located in the suburb of a major metropolitan area. The facility itself is approximately 100,000 square feet with exterior dimensions of 250by 200 ft. The building has four major entrances and is located on 40 acres of property. After a look at the main areas with which security personnel would be concerned, it has been determined that there are two primary duties for the internal security guard force. The first duty is to provide access control into the facility on a continual basis. As stated earlier, the building has four entrances, with each one located on one side of the building. Only one entrance is continually open, whereas the other three entry points are locked and secured during certain times. The second duty of the internal security guards is to conduct mobile patrols along the exterior of the facility. One mobile patrol will provide continuous patrolling on a 24-hour-a-day, 7-day-a-week basis. During normal working hours, this patrol not only helps to detect any attempts to access the grounds but also conducts checks of the employee parking lots. The second mobile patrol is only on duty during nighttime hours to augment the primary mobile patrol in detecting any unauthorized access attempts. Based on these duties, XYZ Corporation has determined that it will need the following number of security posts, along with the corresponding duty hours for each post:
Table 4.1
Number of Security Guards Required for Corresponding Security Post Hours
| Security Post Hours | Required Number of Security Guards |
| 24 h per day, 7 days per week | 4.5 |
| 16 h per day, 7 days per week | 3.0 |
| 8 h per day, 7 days per week | 1.5 |
| 8 h per day, 5 days per week | 1.1 |
| 4 h per day, 5 days per week | 0.5 |
Muuss JP, Rabern D. The Complete Guide for CPP Examination Preparation. 2006.
| Security Post Designation | Duty Hours |
| Main building entry control point | 24 h per day 7 days per week |
| Secondary building entry control point | 6 am–10 pm Monday–Friday |
| Alternate building entry control point | 7 am–5 pm Monday–Friday |
| Rush hour building entry control point | 7:30–8:30 am/3:30–4:30 pm Monday–Friday |
| Primary exterior patrol | 24 h per day 7 days per week |
| Secondary exterior patrol | 10 pm–6 am 7 days per week |
By using the hours and days, along with the manning values contained in Table 4.1, it can be determined that 15.25 security personnel are necessary. Normally, this number is rounded up to the next whole number, so it can be determined that XYZ Corporation would require a total of 16 security guard personnel to properly man the posts listed above while taking into account illness, vacation, and other absences.
4.3. Security Measurements and Metrics
As with any area in business, safety and security should be measured and tracked—not only to assess the relevance and success of the current program, but also to identify areas for improvement. In order to accomplish this, it is important that any metric measured within your organization is able to meet the following characteristics of good metrics [1]:
• quantitative
• objective
• based on a formal model
• Has a time dimension
• universally acceptable
• Has ground truth
• inexpensive
• obtainable
• repeatable
It should be noted that one should exercise caution when collecting many safety and security metrics. This caution is that many measurements and metrics necessitate that you have an accurate method to correctly measure the metric and that the information obtained provides a valid assessment. In other words, if there are no methods to ensure that you can adequately measure the area that you are trying to evaluate, the metric may appear to be a good measurement, but the information will fail to accurately assess the safety and security effectiveness of that particular procedure or item of equipment. An example of this would be a metric that measures the number of unauthorized entries into a company’s facility. Although the metric initially sounds good, the organization may have no method to accurately track this number (e.g., all entry ways are continuously unlocked; no access control is present at any entrance; and there is no method to identify an unauthorized individual, such as by use of employee identification badges). Thus, there is a danger in tracking such a metric, since it would likely result in very small numbers of unauthorized entries and provide a false sense of security that there is no issue within this area. Ultimately, this inability to accurately assess this security metric would likely result in taking no action to mitigate a significant risk until it is too late.
As we discussed in Chapter 3 in the section on quantifying safety and security initiatives, measuring an organization’s program can be difficult, since security measures that are working well result in no successful incidents or attacks. This can make developing and generating safety and security metrics more difficult than in other business areas—particularly since many security experts will agree that the number of attacks, either unsuccessful or successful, experienced by a company is not necessarily an indication of how secure that organization is. Instead, an organization that is the victim of an attack can be based more upon the motivation and expertise of a potential attacker, their profile or politics, the organization being in a location that is convenient for the attacker, and so forth; or sometimes a successful attack can simply be a matter of luck. Obviously, you cannot measure luck when looking at your safety and security program; however, there are some methods that can assist in developing valid measurements when trying to evaluate your organization’s program. The following steps can help to guide the process of establishing your organization’s security metrics [2]:
1. Define the goal and objectives of the metrics program
2. Develop specific metrics to generate and measure
3. Establish benchmarks and targets for these metrics
4. Determine how the metrics will be reported
5. Create an action plan and ensure that it is acted upon
6. Establish a formal review process for the security metrics program
We will cover each of these steps over the next several sections.
4.3.1. Define the Goal of the Security Metrics
Since the development and maintenance of a security metrics program can take time and effort from other security activities, it is useful to define and agree upon the goals and objectives up front. This may sound overwhelming, but developing a single goal statement that clearly states the end toward which all measurements and metrics are directed can make the task easier. An example goal statement might look like this:
Provide metrics that clearly and simply measure how efficiently and effectively our organization is balancing security risks and preventive measures.
Once an overarching goal statement has been developed, objectives within each area of your organization’s safety and security program—physical, information, and personnel security areas—can be more easily developed.
4.3.2. Development of Specific Metrics
With formal goals and objectives formally established, a top-down approach to develop specific metrics can be used. This top-down approach should start with the objectives of each area within your organization’s safety and security program, and work backward to identify specific metrics to determine whether the objectives are being met and what measurements are needed to track those metrics. For example, an information security objective might be “to reduce the number of virus infections by 30%.” This would result in determining a specific metric that measures the number of virus alerts within the organization each month and comparing this metric against the previous year’s baseline number. Once the measurements and metrics are understood, a process to collect the necessary data will need to be developed.
4.3.3. Establish Benchmarks
This step identifies the appropriate benchmarks and sets realistic and achievable improvement targets. Benchmarking is the process of comparing an established performance measurement (either within your own organization, from peers within your industry, or from “best practice” organizations outside the industry). This process not only provides new ideas within your safety and security program but can also provide data to make your own metrics more meaningful. A key factor behind benchmarks is that they help to establish the achievable improvement targets for your specific safety and security metrics.
4.3.4. Determine Reporting
Obviously, no metrics are worthwhile if the results are not effectively communicated. The determination that you will need to make within your organization is who should receive this information and how widely the data should be disseminated. Some metrics may be meaningful only to the security manager or the responsible executive within that functional area, whereas other metrics may be beneficial to distribute across the entire organization. Each specific metric should be evaluated to determine who can benefit from the information and decide upon remedial actions as necessary. As the security metric program is developed; it is necessary to define the context, format, distribution, and responsibility for reporting each safety and security metric to ensure that the information is seen and acted upon by the appropriate decision makers.
4.3.5. Create an Action Plan
Once the preparation has occurred, it is necessary to create an action plan that includes all necessary tasks to be accomplished in order to start collecting your organization’s security metrics. The action plan should include expected completion dates and assignments, along with the desired end date to report all of the security metrics.
4.3.6. Establish a Formal Review Process
The final step in the process is to ensure that there is a formal and periodic review process for the entire security metrics program. It is useful to look at several issues when conducting this review:
• Is there reason to doubt the accuracy of any metrics?
• Are the metrics useful, and do they meet the overall program goal?
• Is there too much effort required to measure any of the metrics, and is value derived from the effort?
• How do your organization’s metrics compare with other standards and best practices?
These and other questions are important to answer during the review process in order to maintain the usefulness of collecting the information.
Table 4.2
Sample Safety and Security Metrics
4.3.7. Sample Safety and Security Metrics
We will next look at some examples of good safety and security metrics to provide you with some ideas of what can be measured. The list of sample metrics provided in Table 4.2 combined with the process for developing your own metrics, should give you a starting point with which to measure and track the effectiveness of your organization’s safety and security program and assist in identifying some areas that may need change.
4.4. Summary of Safety and Security Program Administration Areas
Within this chapter, we first covered several of the OSHA employer safety requirements that must be met to ensure compliance with the safety and health regulations imposed by the federal government. Next, we covered the considerations, advantages and disadvantages, requirements, and methods to determine the staffing size of an internal security guard force, should your organization consider hiring your own security personnel. The last area that we covered was safety and security measurements and metrics. After reviewing this chapter, you should have a good background on the many issues concerning administration and tracking of your organization’s safety and security program.
4.5. Safety and Security Program Administration Checklist
Note: All items are listed in priority order, so you should ensure that each answer is “Yes” prior to expending funds or effort on addressing the next question. This ensures that an executive with minimal security expertise can easily move down the list in order to implement an adequate security program.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.