For decades, security in facilities management was largely defined by the perimeter — locks, guards, cameras and compliance binders. Managers often treated it as a separate responsibility, adjacent to operations but rarely integrated into them. If systems were locked, doors were secured and incidents were infrequent, security was considered handled.
That model no longer reflects the reality of modern facilities. Today’s institutional and commercial buildings are digitally connected environments where HVAC, lighting, elevators, access control, video surveillance, life-safety systems and IoT devices all operate on shared networks. These systems improve efficiency, visibility and occupant experience, but they also introduce new operational risks. When one system is compromised or misconfigured, the impact often spreads across multiple building functions.
As a result, security is no longer a standalone concern. It has become an operational mandate, and maintenance and engineering managers are increasingly responsible for making it work. Managers now are expected to protect people, assets, data, uptime and organizational reputation, often while managing aging infrastructure, deferred maintenance, limited budgets and lean staffs.
Meeting these expectations does not require more technology. It requires embedding security into the way facilities are operated, funded and measured every day.
The manager’s role has expanded significantly over the past decade. In many organizations, facilities teams now manage or directly influence:
This expansion is not accidental. As facilities become more connected and more critical to business continuity, the risks associated with those systems move directly into the facilities management domain. Access control systems connect to IT networks. BAS platforms rely on cloud services. Contractors routinely require remote access to troubleshoot equipment.
Yet in many organizations, the responsibility for managing the resulting risks falls to facility teams without corresponding increases in staffing, budget or cybersecurity expertise. Security frequently is layered on top of operations instead of designed into them. The result is fragmented visibility, inconsistent controls, and increased exposure, which is often discovered only during audits, incidents or system failures.
Managers do not need another checklist or technology roadmap. What they need is an operating approach that aligns security with the realities of day-to-day facility management.
The security-operations integration model focuses on embedding security into core facilities management responsibilities rather than treating it as a parallel function. SOIM reframes security as a contributor to reliability and continuity — making it easier to manage, fund, and measure within existing FM structures. It addresses three pressures that managers face daily:
Technical integration: Reducing risk by reducing complexity. For most facilities, the technical challenge is no longer installing new systems. It is managing the systems already in place. Legacy BAS, access control, video, and life-safety platforms often operate independently, with limited interoperability and inconsistent cybersecurity controls. At the same time, cloud platforms, IoT devices and vendor remote access are expanding the facility’s digital footprint — often faster than policies or procedures can keep up.
Each new connection increases the attack surface. A poorly secured controller, outdated firmware, or unmanaged contractor laptop can quickly escalate into an operational disruption, compliance issue, or safety concern. Practical actions managers can take include:
When systems are integrated effectively, security supports uptime instead of interrupting it. Facilities management teams gain clearer visibility into system health, faster response to issues and fewer surprises during inspections or audits.
As for the leadership impact, managers become integrators of the built environment, bridging OT, IT and security in ways that simplify operations and reduce risk.
Budget alignment: The operational case for security. Security investments are often difficult to fund because their value is preventive. It is hard to budget for incidents that never happen — until one does.
At the same time, managers are competing for limited dollars against roofs, boilers, chillers, deferred maintenance, staffing shortages and energy costs. Security upgrades are frequently postponed because they are perceived as hard to justify or disconnected from daily operations.
The key in this case is reframing security as operational risk management, not discretionary spending. Financial pressure is driven by: rising equipment and service costs; aging infrastructure competing with modernization projects; limited capital availability; increased executive scrutiny around the return on investment; and supply-chain uncertainty affecting replacement timelines.
Effective budget strategies that managers can use include:
When security investments clearly support uptime, audit readiness and life-safety performance, their value becomes operationally visible, not theoretical, and facility managers shift from defending line items to stewarding operational risk, strengthening their role as trusted business partners.
Performance management: Measuring what matters. Executives increasingly expect security to be managed with the same discipline as maintenance, energy and asset performance. Success is no longer defined solely by the absence of incidents.
An organization’s leaders want to know whether systems are reliable, risks are being managed proactively and teams are prepared to respond. For facilities management teams, this means embedding security into performance management. Operational performance practices include:
These practices demonstrate that security is not just installed. It is maintained, measured and improved over time. Also, facility managers become resilience leaders, directly supporting continuity, recovery and occupant confidence.
The most significant shift underway is not technological. It is operational. Security is no longer a function that facility teams support from the sidelines. It is embedded in maintenance planning, capital decisions and performance metrics.
Maintenance and engineering managers are uniquely positioned to lead this integration. They understand the systems, the constraints and the realities of keeping buildings running safely and reliably every day.
Organizations that succeed will be those that recognize security as a core operational discipline and empower managers to lead it. Security is no longer a secondary responsibility. It is now part of the operational mandate of facilities management.
Darrell X. Rounds is director of facilities services and project management for Stellantis N.V. He leads facilities operations at its 5.8 million square foot Chrysler Technology Center. Darrell has over 27 years of industry experience, having led teams for facilities management, construction and engineering with portfolios totaling more than 53 million square feet and $7.2 billion in asset replacement costs.
