Critical Facilities Summit

4  FM quick reads on security

1. Test New, Existing Systems To Ensure Working Access Control

When installing new access control hardware and software, testing it with existing doors and hardware is crucial to ensuring all systems are working properly.

While facility managers would not knowingly choose access control hardware and software that don't work well together, this can be the result if they don't take the time to review the systems, and test them together.

For example, consider what happens if the mechanical hardware on a door doesn't align with the electronic access control system. Once the door is mechanically locked, even a properly functioning access control system won't be able to open it.

Sometimes facility managers retain a key cylinder on a door with an electronic card reader. This allows an individual to bypass the card reading system with a key, thus destroying the audit system.

Of course, a facility still needs a backup system in case the card system fails. One way to handle this, yet not make it easy for individuals to bypass the system, is by installing new key cylinders when a new card system is implemented.

Then, the new keys should be given only to the individuals that truly need them. This provides redundancy, without potentially undermining the electronic access system.

Another mistake is failing to include all the components required to create a solid access control system. For instance, installing card access technology alone on a door creates an electronic locking system, but won't let you know if the door has been forced or propped open. That requires a door monitoring sensor.

Another area to watch is the interface between the access control system and the corporate network. Many access control systems rely on a company's network to transmit data. Some access control systems may not work effectively with the corporate network, or may strain network capacity, making data transmission more difficult.

Assess Future Needs When Putting In New Access Control

Facility managers charged with implementing a new access control system will want to do all they can to avoid mistakes.

Of course, that's true of any implementation. However, mistakes can be particularly troubling with access control systems because they're so visible. The implemented system needs to secure the building, yet still allow occupants to move about as needed.

When replacing an older system with an updated one, it becomes tempting to simply remove the current system and replace it with newer devices, retaining the same general configuration. While that might suffice, it also means foregoing the opportunity to re-assess a facility's security needs, as well missing out on the features that might not have been possible even a few years ago, says Harold Gillens, president of Quintech Security Consultants.

He provides an example: Some of today's systems can link a facility's security cameras to the floor plan. That can be valuable if, for instance, emergency responders need to track a dangerous individual as he or she moves within a facility.

Another mistake is overlooking the benefits of technology that works with both the existing components of a system and new technology as it emerges, says Frank Pisciotta, president of Business Protection Specialists. That is, a new system that can read both existing and new access cards eliminates the need to "re-badge" all employees. "It's not that much different in costs, but it provides tremendous flexibility" when migrating to the newer credentials, he says.

Remember that access cards are evolving, from bar code and magnetic stripe technology to smart cards and, in some cases, near-field communication. So a facility manager considering an upgrade will want to install a reader that works with new technology as it emerges, Pisciotta says.

Develop Crisis Response Plan To Help Protect Campus

In the years since the killings at Virginia Tech, colleges and universities around the country have taken many steps to prevent mass shootings on campus. Those strategies represent an emerging set of best practices for emergency preparedness. Although those measures cover a broad range of emergencies, not just shootings, it is the risk of shootings that has made emergency preparedness a high priority in colleges and universities. And each time another incident occurs, campus facility and security managers have to look again for new ways to protect students, staff and visitors.

An important early step in preparing a crisis response plan is to develop a list of possible events that could hit the campus, such as natural disasters, burglaries and violent attacks, says Gary Margolis, managing partner with Margolis Healy & Associates. Of course, the total often can top several dozen. No school has the resources to prevent every potential threat, so it's important to focus on those that are most likely to occur or inflict significant harm.

Margolis advises looking at potential security and safety events from the perspectives of vulnerability, impact and probability. For instance, how vulnerable is the campus to a tornado? Can its vulnerability be reduced by fortifying the buildings on campus?

The next step is to look at the possible impact of each threat. Clearly, tornados or school shootings typically have a greater impact than, say, a stolen laptop. On the other hand, the probability that a laptop will be stolen during any school year exceeds the likelihood that a more serious incident will occur. The idea is to complete this analysis for the entire list of potential threats, ranking each and developing plans for events that hit certain thresholds.

Because facilities professionals typically spend time in all areas of a campus, they usually have a good idea of who typically comes and goes, and at what times. As a result, they often are among the first to notice situations that appear out of the ordinary. "They can be the eyes and ears of the institution, and that can be invaluable," Margolis says.

Involve All Relevant Departments When Planning Access Control

As access control and security systems become more complicated and technical, it becomes increasingly important to ensure that all parties who can contribute to the selection are included, says Harold Gillens, president of Quintech Security Consultants.

Often, that means including representatives from human resources, as they usually are the ones in charge of bringing new employees into the system. The IT department also needs to be involved, so they can assess the interface between the access control and IT systems.

Outside expertise may also be needed to provide input to the design and installation of the access control system. Bringing in an expert typically does carry a cost. However, trying to get by without such input can backfire, as potential stumbling blocks often aren't caught until later in the process. At that point, any flaws become more expensive to correct. Not only that, the mistakes and their correction — say, prohibiting occupants from using a particular entrance because it's not properly secured — often become more visible than a facility manager or owner might want.

In some organizations, even marketing may have a role to play. For instance, the marketing department may want to manage the design of the key cards to ensure the company's brand is appropriately used.

These individuals may also be able to help obtain funding for the investment required, Gillens notes. "If you share the costs across emergency management, human resources, and IT, there may be more dollars available."

In addition, considering input from a range of individuals increases the likelihood that the final access control system more closely matches the corporate culture. This is key, as trying to impose a highly restrictive system on a freewheeling corporate culture may mean that the system isn't used.


security , security planning , access control

Critical Facilities Summit