• Perimeter fences, walls, and lighting.
• Lighting for rear areas and entrances.
• Controlled gates, vehicle access, and parking areas.
• Public Access Control. Entry doors electronically controlled by a guard or receptionist.
The “Sally Port” concept: an airlock entry system where the visitor is held between two locked doors until a guard or receptionist electronically releases one of the doors. Ideally, the guard or receptionist is behind bulletproof or shatter resistant glass.
Install closed circuit television in all entry areas with digital recorder capability to tape persons passing through any public access area.
If possible, place a walk through metal detector and explosive detector at the entrance.
If possible, install a silent alarm system for the guard or receptionist to alert other security staff and the general manager's office in case of an emergency. It could be hooked up to trigger a flashing light at designated points.
The manager's office door should be constructed of reinforced material with a drop bar or strong bolt to "harden" the office and to enable the office to be used as a safe haven in case of an emergency. This can (and should) be done unobtrusively. Install a peephole in the door. Almost all terrorist attacks directed against individuals in an office environment have been against those perceived to be important. Office workers are generally not considered to be a special target.
Consider shatter resistant protective window film or "Mylar" for increased protection against flying glass in the event of a bombing or violent demonstration.
Call 911 to verify any unexpected police arrivals requesting entry.
Install iron grillwork for ground floor windows.
In some cases, large ground floor windows should be made smaller and the walls rein¬forced to reduce potential bomb damage effects and risk to employees.
If the security survey indicates a number of weak points, or the office is located in a multiple occupancy building with few, if any, access controls, then serious consideration should be given to relocating the office. Controlling access is one of the most important elements of a good security program.
Check with others in your industry for reliable security products and services such as iron grilles, security doors, lighting, CCTV, and alarm installations.
The Security Survey should also include:
The Security Survey should contain the names and contact information for key managers. Included in this list might include the General Manager, Logistics Manager and Security Manager etc. The following elements should be considered in developing the Security Survey:
• Names, Work Numbers, Home Numbers, Fax Numbers, E-Mail.
• Brief description of firm's operation in city or country including office locations etc.
• Overview of professional and support staff and their respective nationalities.
• Exact location of all offices, plants, and other facilities.
• Brief description of office floor plan and configuration including all floors.
• Schedule of company office and shift work hours.
• Mark locations of all facilities on an area map.
• Identify guard locations and capabilities.
• Identify and describe public access areas.
• Identify previous security problems and incidents of any type.
• List security procedures and equipment now in place including alarms, CCTV, special lighting, bulletproof glass, shatter resistant window film, metal and explosive detectors.
• Describe all controlled parking, garage, and vehicle access areas.
• Develop a list of all security concerns and questions.
• Confirm the company is registered with the Alarm Company and Law Enforcement.
• Identify any security material or guidance received from the Security Manager.
• Identify key personnel and other points of contact in the event of an emergency.
• Confirm if responsible company personnel have attended Security Managers Briefings.
• If a company Security Profile is transmitted, assure it is only done through a secure lines.
“Operations Security” is a term generally associated with the military. It is also a functional concept that can be utilized to enhance the security of any business or institution. Operations Security can best be defined as “A process to deny potential adversaries information about corporate execu¬tives, procedures, capabilities and intentions by identifying, controlling, and protecting corporate vulnerabilities that are susceptible to hostile exploitation”.
Employees Surveillance Reporting
All employees should be alert to all unusual inquiries such as, non bona fide inquiries, callers who refuse to give their number, unidentified callers, under identified callers, and information -seeking calls with no apparent justification. Visitors or callers who show more interest in the nationality of the general manager than in conducting business are cause for concern. An attempt to determine the presence of an executive or confirm their name by an individual who cannot be identified should be reported to the corporate security manager.
At the onset of the Gulf War, two young women visited an international shipping busi¬ness in Istanbul. They looked curiously about the office and asked if there was a "foreign" manager. They did this in the course of trying to "ship" a package. The company, how¬ever, dealt in ocean going ships, not parcels. The next day an armed terrorist “bomb team” arrived, forced the workers to a back room and set an explosive charge that detonated after their escape. The two teenage girls had been the “site advance team”. We can expect this type of activity in the United States at any venue where large numbers of the public will be in attendance or where a VIP presence can be expected.
Surveillance detection in its most basic form is simply watching for persons who are observing corporate personnel and facilities, presumably for hostile reasons. One of the primary reasons that terrorists do surveillance is to determine target suitability. Sus-pects should never be challenged, confronted, or acknowledged except by security personnel. When surveillance is observed or suspected, the corporate security manager must be notified immediately. The report should be made in strict confidence and in accordance with an established report¬ing procedure. This incident should not be discussed in any manner with other company employees.
Employees should pay attention to observers loitering in the area especially when arriv¬ing at and departing from the office. Particular caution is also important when going to and from lunch at nearby restaurants known to be frequented by corporate employees.
What does a suspect look like? A suspect can be anyone, including teenage boys and girls. They may be used as advance reconnaissance teams for a follow-on attack or as in recent events; they may be the actual suicide bombers targeting innocent civilians in public places.
In a number of cases, groups have used young men and women of student age and appearance. The groups attempt to use individuals without police records or known affiliations to leftist organiza¬tions for some collection assignments. These individuals can stand light scrutiny if stopped and questioned by the police. They will usually have a "cover story" ready to explain their presence. Often their assignments are compartmentalized and they may actually be unaware of the specific nature of the mission that they are supporting as in the case of the 11 September attacks.
In one case young suspects were told to acquire the license plate num¬bers and departure times of all foreigners on a particular street. Sometimes key personnel can be identified by distinctive license plates. They were never told which individuals were targets, or in fact, if any were targets. If interrogated by the police the collectors had almost no operational knowledge certainly none that could lead back up the group's chain of command because cutouts had been used.
The profile of an armed "operator" who takes part in robberies and assassinations is somewhat different. They are most likely to be men in their mid 20s to early 30s. Many have police records and known connections to radical groups. They are hard core mem¬bers of the group. Between assignments these individuals are likely to be in hiding and living under assumed identities. Typically, they will only surface when given an opera¬tional order to carry out an action and then return to the underground.
Employees can be briefed to spot things that are not normal, thereby expanding the company's "early warning network." They can be trained to, in effect, perform a type of counter-surveillance. The scope and level of this training should be tailored to an individual's willingness and capability to assist in this effort. The instruction should be presented in a matter of fact, non-threatening manner.
Drivers of executives should be given more detailed instructions because of their direct responsibility for the safety of a principal. They should also be told the importance of paying attention for possible suspects when their principal is with them and when the executive is not in their vehicle. They must be observant whenever approaching or departing the company area and the area of the general manager's residence. Any sightings of people taking notes or using hand signals, cameras, binoculars, telephoto lenses, camcorders, car telephones, or short-wave radios near the office or executive residence should be reported, particularly if any of these actions coincide with the movements of the general manager. Also take note of any "art students" making sketches of the office building or general manager's residence.
Suspicious vehicle repairs of extended duration, and utility crew work near the principal's residence or at various choke-point locations en route, should be noted. Privacy fence screening should be considered for the executive parking area at the office in order to obscure the view of vehicles, passengers, and license plates.
Observant employees, when noticed by suspects, signal a firm with a strong security posture that is a potential hard target. Early detection or the perceived threat of detection, by suspects can and has deterred attacks. The analysis of notes found in various safe-houses confirms that terrorists make careful observations about the nature and level of security, both physical and procedural, at targeted companies.
Procedural Security Techniques
There are a number of procedures that can be implemented in order to increase secu¬rity immediately, such as employee photo identification cards, card access to con¬trolled areas, visitor controls and log books, computer security procedures, and deliv-ery/tradesmen controls and logs for individuals and vehicles. Records should also be maintained for maintenance and cleaning crews, some of whom have after-hours access to offices and executive areas. Personally owned computers and computer media should be severely restricted, if not prohibited, at company offices including unauthorized internet access. Strict control of executive schedules, home addresses, telephone numbers, and personal vehicle identi¬fication data is imperative. Addresses in many countries can be determined from tele¬phone numbers.
Trash Disposal Security Techniques
Trash cover is a means of obtaining information by examining and analyzing corporate or personal refuse for exploitable information—both at the office and the executive residence. This is an effective procedure that has been used successfully by competitors, intelligence services, police, computer hackers, stalkers, and terrorists. Use cross cut paper shred¬ders to destroy all sensitive and potentially useful information regarding company activities. There are many economical cross cut shredders like the Royal CIA 12x for small but key office areas and of course large capacity commercial shredders for large volumes.
Consider the use of a small one or two drawer security container or safe and mini per¬sonal shredder at executive residences for protection from browsing by domestic help or others who may have gained building access. The use of a personal shredder and safe can greatly reduce the potential for this type of exploitation.
Understand the exploitation potential of advertising, press releases, and the corporate posture.
Consider and evaluate the potential risk posed by the overt collection of open source information about company executives and business activities. Analyze the risk versus the benefits to be gained by the dissemination of information which, if necessary, can be controlled, timed, and managed.
Delay promotional activities during times when it is best to be as low key as possible.
Consider the advantages and disadvantages of publicizing the business' affiliation to certain activities. Be aware that society page photographs from special functions and social and sporting events are sometimes collected by terrorist groups to aid in target selection and identification. This applies to family members as well.
Terrorist, criminals, stalkers and others read the newspapers, magazines and they can easily obtain key information about key personnel and their families including social activities, schools, and photographs.
Monitor Local Threat Indicators
Be familiar with dates of significance to terrorist groups, such as anniversary "trigger" dates, and know how to recognize the impact of a potential "trigger" event such as the onset of the Gulf War or death of a special group leader, etc. Be aware of incidents that have caused a reaction in the past. Remember that actions in other countries can result in local attacks and reprisals by transitional or other sympathetic groups as in the case of conflicts in the Middle East. Be aware of local incidents such as a pending trial or execution of a local gang member or political figure. Large cities including New York, Los Angeles, Washington, D.C., Miami, Chicago are prime areas for a full range of local disturbances that could compromise the security of a local business and its employees.
Establish a Threat Read File
Identify and list the principal groups of concern. Then obtain basic background information on these groups. Develop a list of key anniversary trigger dates for poten¬tial hostile actions—times when some type of action may be reasonably predictable. Designate a staff member responsible for monitoring the local press for significant actions that could pose a threat to your facility. Clip and save relevant news items.
Major demonstrations, safe-house raids, terrorist robberies, and police actions should be part of a watch list or target list of stories and reports for the collection effort. Take particular note of assassinations, kidnappings, and actions or threats directed against the business community. Robberies of payroll offices, banks, and other businesses can be an early indicator of pre operational fund raising for future activities.
The local press must be used as a valuable source of potential threats. The CIA and other intelligence agencies use this valuable “open source” media for a full range of activities. If you just stop and think how much open source information is available, you will be surprised. Articles should be clipped, dated, and filed. Some newspapers publish year end summaries just after New Year's Day that list in chronological order all significant events from the past year—including terrorist actions. Articles such as these should be collected. Additionally, a local newspaper sponsored almanac can be an excellent historical reference. All of this information can be extremely useful in follow¬ing and documenting the local security situation, briefing visiting corporate security officials, and supporting requests for additional security measures.
Several general managers who have successfully implemented these suggestions have reported that visiting corporate security officials were "amazed" to see the extent local papers contained many vivid photos of bombings and assassinations of what was really going on in the city where their business was located. These general managers have found their terrorism read files to be extremely useful and persuasive.
Suspicious Activity Reporting Checklist
• Suspect Height:
• Weight:
• Sex: ¬
• Race/Nationality:
• Hair (color and length):
• Clothing (hat, jacket, pants, shirt, footwear, etc.):¬
• Distinguishing features (glasses, mustache, or beard):
• Walks with limp: Scars: Birthmarks:
• Activity Time of sighting:
• Location:
• What was the suspect doing?
• Any use of a camera, binoculars, telephoto lens, camcorder, short-wave radio, tape recorder or other devices, note taking, drawing/sketching, or hand signals?
• Vehicles Make and Year:
• License Plate Number:
• Type (two door, four door, other):
• Number of occupants:
• If departed, direction of travel:
• Vehicle Color:
• Did anyone else see the above suspect, activity, or vehicle? Yes No If yes, who:
• Full name of person making this report (please print and sign name):
Security Guard Selection Criteria
Security Guard protection typically comes from full time corporate employees or private security guard companies. It is preferable that the security guard function be performed by a corporate employee as opposed to contracting through a private guard company. It may be useful to utilize these companies on a limited basis for special events due to the make of the local community but critical information as in all situations should only be on a “need to know” basis.
Experience has shown that the initial selection process is extremely important. Every effort must be made to find good candidates who have the potential to perform effectively. The following recommended profile outlines some of the experience and qualities recommended:
Clean personal background including, medical (physical and mental), criminal and financial.
• Military background, preferably Security, Military Police or Special Forces.
• Law Enforcement background, preferably SWAT.
• Intelligence or Counter-Terrorism, military or civilian.
• Weapons and or explosives background.
• Athletic with Martial Arts background.
• Excellent physical condition.
• The best candidates will ideally have an interest in a martial art such as Karate, Judo, or Tai Kwan Do. The discipline, fitness, and mind set associated with these types of activity enhance performance. At a minimum, the candidate should be involved in some form of athletics. Martial Arts schools are one potential source for this type of individual since the instructors typically are very familiar with their students and their background.
• In job announcements, stress the importance of physical fitness and that preference will be given to applicants with military or law enforcement experience. This experience is highly desirable because these individuals have already demonstrated their ability to follow orders, work hard, and achieve high standards.
• In determining salary, check the local market and see what a police officer earns. Design an incentive for performance and include a strict probationary period. If guards do not perform well during probation, it is best to let them go.
Protective Window Film
Shards of flying glass can be lethal. Because of the potential danger of thrown objects or explosive blasts, all exterior, non-ballistic resistant windows in office buildings should be treated with protective window film. While heavy wooden or metal shutters are an effective means of protecting windows and containing flying glass, the protection depends on the occupant keeping the shutters closed. That is not likely except in times of explicit danger. The best overall protection against the danger of flying glass is the application of protective window film to the inside of the glass. It will not prevent the glass from breaking, but will hold it in place if it is broken. More importantly, protective window film is in place and "working at all times”.
Bomb curtains have been touted as effective against flying glass. As a general statement, however, they are heavy, expensive, and not particularly effective. They present the same weakness as shutters, in that an occupant may not keep them closed because they restrict light and ventilation. As a result, they are not recommended.
The U.S. Government generally recommends protective film that is a minimum of 4 mils thick (.004 inch, 1 mil is .001 inch). Reflective film is not recommended for this purpose, although some firms are experimenting with a new shatter resistant, partially reflective coating.
Mylar is a well known trade name for one of the first protective window films made, but there are now a number of products available such as Armorcoat, Profilon, Protekt, Trugard, Scotchshield, and many others. Be sure to specify scratch resistant film. Coatings thicker than 4 mils are available and are sometimes used in special applications such as jewelry store showcases, etc. Ten mil films have proven effective in stopping smash and grab robberies and offer a higher degree of protection against thrown objects such as Molotov cocktails. For best results, your company should try to find an experienced contractor to obtain the latest material and to do the installation.
For special, high security situations, consider the use of ballistic resistant transparencies or "glass" that can be obtained in various thickness’ depending upon the level of protection required. Ballistic resistant glass is considerably more expensive than shatter resistant window film.
Many of the companies that make protective coatings also produce specialty window films that are not shatter resistant for energy control and increased privacy. These coatings can be used in vehicles as well as residences. Lightly tinted vehicle windows can make it difficult for passers by or would be suspects to identify passengers. Because these coatings are extremely thin, they must be professionally installed.
OFFICE SURVEY CHECKLIST
The Office Survey should include the names of key managers including but not limited to the General Manager, Security Manager, and Human Resource Manager along with their points of contact including addresses, telephones etc. Following are some suggested topics for inclusion in the Office Survey:
• Review of theft reports prepared by this site for a designated period of time.
• What corrective action has been taken as a result of previous incidents?
• Do theft reports reflect patterns, trends, or particular problems at this location?
• What does site management regard as the most prevalent or serious security problem?
• What is the Area Covered/Office Size?
• Does the site maintain items of value, such as works of art, paintings, wall hangings, etc.?
• What are the site's most valuable physical assets?
• Does the location have an employees' handbook or manual covering rules of conduct?
• Are employees aware of consequences of violating rules including possible discharge?
• Do these rules of conduct include theft of any type of company asset including information?
• Identify all off site locations that should be included in survey, including warehouses.
• Are these locations protected against vandalism and theft?
• What is the police agency having jurisdiction over the site?
• Does the plant have a dedicated telephone line to this agency?
• Have they been called for assistance in the recent past?
• What has been their response?
• Do they normally include any of our perimeters in their patrols?
• If requested, would they?
• Are police emergency numbers readily available to all personnel?
• Is “incident specific” information available on what corporate office should be contacted?
• Is there a policy for reporting incidents to the police including theft, drugs, threats etc.?
• Some police agencies have a Crime Prevention Unit that responds to invitations to speak on various topics (drugs, rape, etc.) or that may conduct limited security surveys.
PERIMETER SECURITY
Lighting Evaluation
• Is the perimeter adequately lighted?
• Does lighting aid or inhibit guards in the performance of their duties?
• Is lighting compatible with closed circuit television (CCTV)?
• Does it cause monitor to "bloom" or distort?
• Is power supply adequately protected?
• Is lighting properly maintained and cleaned?
• Are sensitive areas including parking lots, entry areas, and stores etc. adequately lighted?
• If an emergency occurred, is the site adequately lighted?
• Is the fence line adequately lighted?
• In appropriate areas, is glare projection lighting used?
Security Force
• Proprietary? If proprietary, what is method and source of selection of personnel?
• Contract? If contract, name of agency and telephone number.
• Are perimeter patrols conducted? How often?
• Is an incident log, including alarms/responses maintained? Reviewed daily? By whom?
• Are security personnel used for non-security related duties? Yes, what duties?
• Does site use photo ID cards? System? Who administers it?
• Are all employees required to show photo ID card upon entry?
• Is duplicate copy kept on file?
• Are parking decals or other methods of registering employee vehicles used?
• Are privately owned vehicles permitted to park on site?
• If so, can an individual reach a vehicle without passing a guard?
• Does the site have a receptionist in place at all times?
• Are visitors required to register?
• Are they provided with an identifying badge?
• Are non company employees escorted while on the site?
• Is visitor identification verified (e.g., vending company ID, etc.)?
Perimeter Protection
• If outside building walls form part of the perimeter, are all doors and windows secured?
• Can entry be achieved via the roof?
• Can hinge pins be removed from doors?
• Are all entry/egress points controlled when opened?
INTERNAL SECURITY
Lock / Key Control
• With whom does physical and administrative key control rest?
• Is a master key system in use?
• How many grandmasters/master keys have been issued?
• Is adequate control exercised over these keys?
• Is a cross control system (name versus key number) in use?
• What type of numbering system is in use?
• Is the entire system, including blanks, inventoried on a regular basis?
• Are they stamped "Do Not Duplicate"?
• What level of written management authorization is required for issuance of keys?
• Identify personnel who are permitted to have keys to perimeter fence, doors.
• Are office/facility keys, particularly masters, permitted to be taken home?
• Are keys signed in/out in a daily log?
• Are locks rotated?
• How long has the present lock/key system been in use?
• Have keys been reported lost?
• What level key?
• What is policy when this happens?
• Is a record of locations of safes and their combinations maintained?
• Are combinations routinely changed annually?
• Are combinations changed when an individual no longer has a need to know it?
• Are safe combinations, if written, maintained in a secure place?
Alarms and Electronics
• What type, if any, electronic security system terminates at the site or at an outside central station?
• Has service/response been satisfactory?
• List alarms such as burglar, doors, windows, motion, duress, card access, CCTV, etc.
Theft Control Procedures
• Does the site have a policy of marking “all” property items susceptible to theft?
• Describe the extent of the program.
• Does it include die stamping or etching and painting?
• Are serial numbers of all items bearing them recorded?
• In the event of theft, is this information related to the police for inclusion in stolen property indexes, and for identification and return in case of subsequent recovery?
• Are trash receptacles periodically inspected to determine whether items of value may be removed from the site via them?
• Are all stores/office supplies, etc., attended when open?
• Is there a procedure for drawing supplies when no attendant is present?
• Are telephone records properly safeguarded to prevent unauthorized destruction?
• Is access to telephone switching equipment (the "frame room") restricted?
• Who performs custodial services proprietary or contract janitorial people?
• Is access limited to the office area only?
• Are they bonded?
• Are they required to wear ID badges?
• Are they checked during the performance of their duties?
• Are they inspected by guards as they leave?
• Are the janitors' vehicles inspected on the way off the property?
• How is trash removed from the site?
• Are the vehicles used to remove trash inspected on the way off the property?
• Do the janitors have access to restricted or sensitive areas?
• Are they given office keys (masters)?
• Are they permitted to take these keys off the site with them?
• How much cash is kept on site?
• Is it handled at more than one location?
• How is cash supply replenished?
• Where is it kept during working hours?
• Where is it kept after hours?
• Where are blank payroll checks kept?
• Where are blank disbursement checks kept?
• Considering the neighborhood the site is located in, and the amount of cash on site, how do you assess your vulnerability to armed robbery or burglary? (Low) (Medium) (High)
Security of Proprietary Information
• Is there Proprietary and/or Limited data on site?
• If so, in what form?
• Is it properly marked?
• Is it stored in a secure location?
• Are the following locked at the end of the day: Offices, Filing Cabinets, and Desks?
• What is the office “destroy procedure” and file purging for Proprietary data?
• Does the site have a clean desk policy?
Personnel Security
• Are any background checks conducted prior to employment?
• Are personnel’s previous employment dates verified?
• Are medical records properly safeguarded?
• Is security included in the new hire orientation?
• Is company property (credit cards, ID keys) retrieved during exit interviews?
Violent Personality Profiles
The following profile is typical of someone who may be a perpetrator of violence. It is only a guide and does not necessarily mean that an individual will become violent.
Understanding a persons background in addition to any current stressors can be a valuable tool in identifying and addressing potential problems at an early stage rather than wait until an incident has developed.
Consider the following traits:
• Male, Middle Age, Any Race
• Loner with little involvement with others
• History of violent behavior
• Fascination with accounts of other violence
• Direct or veiled threats of harm
• Fascination with weapons and their killing power
• Carrying a concealed weapon
• Obsessive involvement with the job and no outside interest
• Intimidation of others
• Holding a grudge
• Extreme desperation over family, financial, personal problems
• Moral righteousness
• Paranoid behavior
• Propensity to push limit of normal conduct
• Employment stress events such as termination or layoff
• Irrational beliefs and ideas
• Expression of a plan to hurt himself or others
• Externalizing blame
• Un-reciprocated romantic obsession
• Fear reaction among co-workers/clients
• Drastic change in belief systems
• Display of unwarranted anger
• Inability to take criticism
• Feelings of being victimized
• History of alcohol or other substance abuse
• Expressions of hopelessness or heightened anxiety
• Productivity and or attendance problems
• Violence towards inanimate objects
• Sabotages projects
• Lack of concern for the safety of others
Emergency Procedures
• Do you have a current bomb threat procedure?
• Who implements it?
• Does the procedure include a checklist for the switchboard operator?
• Is there a contingency plan for acts of violence?
• Is there a disaster plan?
• If personnel are required to work alone, are they periodically checked by someone to ascertain their well being?
• What means do they have of calling for help in an emergency?
Office Computer Security
• Are terminated employees immediately separated from any computer?
• Is access to the data center controlled physically, electronically?
• Locked when not in use?
• Is output distributed via user controlled lock boxes?
• Is library maintained physically separate from machine room? ¬
Threat Information
• Has liaison been established by your office with local law enforcement?
• Is local law enforcement able to notify you of security threats concerning known terrorist groups active in the area?
• Is local law enforcement able to notify you of any groups that harbor hatred for corporations in your industry, your company, its managers, and employees?
• Are you aware of key Anniversary dates that local population or terrorist groups celebrate?
• What tactics and activities are practiced or adopted by local terrorist groups that might affect your company, its managers and employees?
• Do you have sources that will inform you of any political controversy or labor disputes that might impact your operations?
FACILITY THREAT QUESTIONNAIRE
• Are there any known groups that harbor hatred for businesses, managers and employees?
• What terrorist groups are known to be active in the area?
• What tactics have these groups been known to use?
• What is the possibility of them changing tactics?
• Are there known groups that vocally oppose foreign capitalism or imperialism in the area?
• Are there any known groups that vocally or actively oppose the local government that the United States supports?
• Is there any current political controversy or labor dispute that we should be aware of?
• Are there any upcoming anniversary dates that the local population or terrorist groups celebrate?
• Have there been any previous hostage taking or kidnapping incidents, bombings, assassinations, strikes against businesses or the government, demonstrations, assaults, sabotage against corporate facilities or products, or occupation of corporate facilities in the area?
• Have there been previous hostage taking or kidnapping incidents?
• How were the victims seized?
• What was the fate of the hostages?
• How much ransom was demanded?
• Was it paid?
• How were the negotiations handled?
• Does the host country prohibit negotiating with hostage takers or prohibit the payment of ransom?
• Do you consider the local police services effective?
• What are the aims of the local criminals or terrorist groups?
• What tactics or type of activity by these groups would best further those aims?
• What is the identified groups' capability of carrying out planned activities such as ambush, hostage taking, kidnapping, execution, bombing, etc.?
• In the event of terrorist activity, what organizations, businesses, groups, or individuals would be the most likely targets?
New Office Building Considerations
SITE SELECTION
From a security point of view, proper site selection is the most important initial step in providing adequate protection. One objective of this report is to bring to your attention the wide range of security matters that should be addressed and integrated into the site selection process for new or existing office buildings.
Because of the renewed threat of individual suicide bombings in addition to the more traditional car bombing, there is a new awareness given to site selection on a worldwide basis regardless of the geographic location. Therefore, more preparation is needed for what might happen during the life of the building or its occupancy. We have all seen how quickly a benign security situation can evolve into a significant threat to facilities. It is only prudent to incorporate adequate security measures based on an evaluation of the existing threat to protect your employees and visitors for the long term. It will be evident from the factors highlighted that security considerations will impact on operational matters. The implications of this fact may be greater in some geographic regions than in others and will certainly affect some more seriously than others. Where this is the case, it is incumbent on all interested parties to evaluate potential damage while engaged in the site selection process and balance it against security requirements. If, in high threat areas, many of the suggested key criteria cannot be met, the firm should consider choosing another, more secure location.
Everyone involved in the site selection process should be aware of the following criteria.
Topography
Your site ideally should be situated at the high point, if any, of a land tract, which makes it less vulnerable to weapons fire, makes egress/ingress more difficult and easier to detect or observe any intrusions.
Site Location
• Site should be located away from main thoroughfares and provide for the following:
• 100 ft. minimum setback between perimeter and building exterior whenever possible.
• Sufficient parking space for personnel outside the compound in a secure area within sight of the building, preferably, immediately adjacent to the compound.
• Sufficient parking space for visitors near the site but not on the site itself.
• Sufficient space to allow for the construction of a vehicular security control checkpoint (lock type system), which would allow vehicles to be searched, if deemed necessary, and cleared without providing direct access to the site.
• Sufficient space to allow for the construction of a pedestrian security control checkpoint (guardhouse) to check identification, conduct a package check or parcel inspection or carry out visitor processing before the pedestrian is allowed further access to the site.
• Sufficient space for construction of a 9 ft. outer perimeter barrier or wall.
Environmental Considerations
Site should be located in a semi-residential, semi-commercial area where local vehicular traffic flow patterns do not impede access to or from the site.
Existing Office Building Considerations
The following security considerations for high rise buildings are listed in order of preference as the availability of local facilities dictate:
• A detached (free standing) building and site entirely occupied and controlled by you.
• A semidetached office building that is entirely occupied by you.
• A non-detached office building that is entirely occupied and controlled by you.
• A detached (free standing) office building in which the uppermost floors are entirely occupied and controlled by you.
• A semidetached office building in which the uppermost floors are entirely occupied and controlled by you.
• A non-detached office building in which uppermost floors are entirely occupied and controlled by you.
• A detached (free standing) office building in which the central floors are entirely occupied and controlled by you.
• A semidetached office building in which the central floors are entirely occupied and controlled by you.
• A non-detached office building central floors are entirely controlled and occupied by you.
• A detached (free standing) office building in which some floors are occupied and controlled by you.
• A semidetached office building in which some floors are occupied and controlled by you.
• A non-detached office building in which some floors are occupied and controlled by you.
Common Office Site Requirements
Both new and existing office buildings should be capable of accommodating these security items:
• Floor load capacity must be able to maintain the additional weight of public access control equipment (ballistic doors, walls, windows), security containers, and disintegrates and shredders, if needed.
• Exterior walls must be smooth shell, sturdy, and protected to a height of 16 ft. to prevent forced entry.
• Building must be conducive to grilling or eliminating all windows below 16 ft. level.
• The previously listed criteria should be adopted to provide satisfactory protection for employees and visitors. If the site is found to be deficient in some areas, attempt to resolve those deficiencies by instituting security measures that will negate the deficiencies. Professional security and/or engineering assistance should be considered to address unique situations.
• At a minimum, the following general security measures should be incorporated into planning designs:
• perimeter controls
• grillwork
• shatter resistant film for windows
• public access controls
• package search and check
• secured area
• provisions for emergency egress
• emergency alarms and emergency power
Design Standards for Site and Building Security
This section establishes the minimum physical security standards to be incorporated in the design of facilities.
The objective is to provide protection for assets, personnel, property, and customers; ensure that consistent security measures are used at various locations; and ensure design integrity and compatibility of all elements of security with the architecture of the site.
For manufacturing plant and laboratory facilities, security equipment such as closed circuit television (CCTV) cameras and monitors, intercoms, card readers, and special glass protection, should be considered. Special care should be taken to verify the vendor's references, especially as they pertain to the quality of installation and service of security equipment. If the vendor maintains a central station for monitoring of alarms, a visit should be made to the central station to observe the professionalism of the operation. Design, purchase, and installation should be coordinated through your architect. Bear in mind, and make provisions for, the cost of maintenance on your security equipment. In some locations overseas, security equipment may be less expensive and more reliable than guards who receive relatively low pay and little training.
Security Design Objectives
In designing business or activity sites, roadways, buildings, and interior space, the following functional security objectives should be achieved:
Physical and psychological boundaries (signs, closed doors, etc.) should establish four areas with increasing security controls beginning at the property boundaries. The areas are defined as: (1) perimeter property boundaries; (2) exterior lobbies/docks; (3) interior ¬employee space; and (4) restricted ¬laboratories, computer rooms, etc.
Vehicular traffic signs should clearly designate the separate entrances for trucks/deliveries and visitors and employee vehicles. Control points should be provided near the site boundaries where feasible. Sidewalks should channel pedestrians toward controlled lobbies and entrances.
Avoid having unsecured areas where there is no one nearby with responsibility for the function of the areas.
EXTERIOR PROTECTION
Perimeter Barrier
Perimeter security barriers are necessary to prevent unauthorized access. While it is clear that any barrier may be compromised with external aids, barriers will delay easy access and make it more possible to stop the trespasser.
If the threat is considered to be high at free standing facilities, there should be a smooth faced perimeter wall or combination wall/fence, a minimum of 9 ft. tall and extending 3 ft. below grade. The wall or fence may be constructed of stone, masonry, concrete, chain link, or steel grillwork. However, if space limitations and local conditions dictate the need, any newly constructed wall should be designed to prevent vehicle penetration, and should use a reinforced concrete foundation wall, 18 in. thick with an additional 1 1/2 in. concrete covering on each side of the steel reinforcement, and extend 36 in. above the grade. This type of wall is designed to support three wall toppings: masonry, concrete, or steel picket fencing. The toppings should be securely anchored into the foundation wall. If a picket fence is used instead of a wall, the upright supports should be spaced at least 9 ft. apart so that the fence, if knocked down, can't be used as a ladder. In addition, intrusion alert systems can be used to enhance perimeter security.
In cases where the above standards of construction are neither feasible, fiscally prudent, nor required by the threat, alternative methods offering comparable protection can be used. These alternatives should maximize the use of locally available materials and conditions to take advantage of existing terrain features or by the creative use of earth beams and landscaping techniques such as concrete planters.
Inside the perimeter barrier, the building should be set back on the property to provide maximum distance from that portion of the perimeter barrier which is accessible by vehicle. The desirable distance of the setback is at least 100 feet depending on the bomb resistance provided by the barrier.
At facilities with less than optimum barriers, or at locations where the terrorist threat or building location increases the vulnerability to vehicular attack, bollards, or cement planters can be used to strengthen the perimeter boundary. At walled or fenced facilities with insufficient setback, bollards or planters can be installed outside the perimeter to increase the setback of the buildings. In either case, design and placement of bollards or other anti-vehicular devices should be considered in the early planning stages. It doesn't make sense to have impenetrable gates connected by easily penetrated walls.
Vehicle Entrances
Vehicular entry exit points should be kept to a minimum. Ideally, to maximize traffic flow and security, only two regularly used vehicular entry exit points are necessary. Both should be similarly constructed and monitored. The use of one would be limited to employees' cars, while the other would be used by visitors and delivery vehicles. Depending on the size and nature of the facility, a gate for emergency vehicular and pedestrian egress should be installed at a location that is easily and safely accessible by employees. Emergency gates should be securely locked and periodically checked. All entry exit points should be secured with a heavy duty sliding steel, iron, or heavily braced chain link gate equipped with a heavy locking device.
A device constructed to protect against a ramming vehicle attack. They are deployed in lines around a perimeter for anti ram protection, or to provide supplemental control of vehicle traffic through permanent checkpoints when other means are not practical or effective.
The primary gate should be electrically operated (with a manual back up by a security officer situated in an adjacent booth). The gate at the vehicle entrance should be positioned to avoid a long straight approach to force approaching vehicles to slow down before reaching the gate. The general technique employed is to require a sharp turn immediately in front of the gate.
In addition to the gate, and whenever justifiable, a vehicular arrest system can be installed. An appropriate vehicle arrest system, whether active, a piece of equipment designed to stop vehicles in their tracks, or passive, a dense mass, will be able to effectively arrest a vehicle with a gross weight of 15,000 pounds traveling at 50 MPH at a 90 degree angle.
Vehicle Control
• The following guidelines provide a basis for checking vehicles for explosive devices, or what is known as an improvised explosive device. These guidelines include some, but not all, of the techniques used by professional explosive ordinance disposal personnel.
• Before touching the vehicle, conduct an external search as follows:
• Check the area around the vehicle. Look for bits of tape, wire, string, or time fuse that may have been left during the installation of an improvised explosive device.
• Look for marks on the ground, such as footprints, car jack or jack stand impressions. Depending on the slope of the parking surface, these marks may indicate unusual activity around the vehicle.
• Look for signs of forced entry around the doors, windows, trunk, and hood of the car. Fingerprints and smudges on the trunk, hood, door, or wheel covers may indicate a recent attempt to enter the vehicle.
• Look inside the vehicle, through the windows, for any obvious devices, packages or other items that do not belong.
• Look under the dashboard for protruding wires.
• Look on the floor for packages partially hidden under the front seat.
• The most likely place to find a bomb, if the vehicle has been locked, is under the vehicle. Check for the following:
• Chunks of dirt on the ground that may have been dislodged from the undercarriage of the car during an attempt to place an explosive device.
• Loose wires or strands of wire that are clean (probably 22 24 gauge in thickness, similar to those used in a blasting cap).
• Check the top and both sides of all four tires.
• Look into the exhaust pipe for any inserted objects.
• All vehicles should be equipped with locking gas caps to prevent foreign objects from being dropped into the gas tank.
• To check the inside of a vehicle that has been left unlocked:
• Look through the windows (see above) and then open a door other than the driver's side.
• Check the interior of the car in a logical sequence, generally starting on the floor and working up.
• Check under the floor mats for pressure sensitive switches or any other items that should not be there.
• Look under the front seats and lift and inspect under the rear seats.
• Check the door panels for signs of tampering.
• At a minimum, always look under an unattended vehicle before entering for signs of an improvised explosive device that may have been left on the pavement or become detached from its mounting place. If, at any time during the inspection, a suspicious object is discovered, do not touch it. Immediately move away from the vehicle. Notify the police
• The search techniques mentioned above are rather comprehensive and presented to inform and assist those individuals and businesses that are interested in understanding how to con¬duct a thorough vehicle bomb search
Primary Entrance Security Booth
Primary entrances to a facility should have a booth for security personnel during peak traffic periods and automated systems for remote operations during other periods
Capabilities:
• Electrically operated gates to be activated by security personnel at either the booth or security control center or by a badge reader located in a convenient location for a driver.
• CCTV with the capability of displaying full facial features of a driver and vehicle characteristics on the monitor at security control center.
• An intercom system located in convenient location for a driver communicate with the gate-house security control center.
• Bollards or other elements to protect the security booth and gates against car crash.
• Sensors to activate the gate, detect vehicles approaching and departing the gate, activate a CCTV monitor displaying the gate, sound an audio alert in the security control center.
• Lighting to illuminate the gate area and approaches to a higher level than surrounding areas.
• Signs to instruct visitors and to post property as required.
• Road surfaces to enable queuing, turnaround, and parking.
• Vehicles bypass control (i.e., gate extensions), low and dense shrubbery, fences, and walls.
Gate Requirements
Gates (when gatehouse is not manned) are controlled by card key or Central Security (reached via intercom).
At the vehicular entry exit, a security officer booth should be constructed to control access. At facilities not having perimeter walls, the security officer booth should be installed immediately inside the facility foyer.
If justified by the threat the security officer booth should be completely protected with reinforced concrete, walls, ballistic doors, and windows. The booth should be equipped with a security officer duress alarm and intercom system, both enunciating at the facility receptionist and security officer's office. This security officer would also be responsible for complete operation of the vehicle gate. If necessary, package inspection and visitor screening may be conducted just outside of the perimeter security officer booth by an unarmed security officer equipped with walk through and hand held metal detectors. Provisions for environmental comfort should be considered when designing the booth.
Parking
Given the changing nature of security threats, parking should be restricted to the areas which provide the least security exposure. All parking within the perimeter walls should be restricted to employees, with spaces limited to an area as far from the building as possible. Parking for patrons and visitors, except for pre-designated VIP visitors, should be restricted to outside of the perimeter wall. If possible, parking on streets directly adjacent to the building should be forbidden. Wherever justifiable given the threat profile of your company, there should be no underground parking areas in the building basement or ground level parking under building overhangs.
Lighting
Exterior lighting should illuminate all facility entrances and exits in addition to parking areas, perimeter walls, gates, courtyards, garden areas, and shrubbery rows.
Although sodium vapor lights are considered optimum for security purposes, the use of incandescent and florescent light fixtures is adequate. Exterior fixtures should be protected with grillwork when theft or vandalism has been identified as a problem.
Non-walled Facilities
In locations without perimeter wall protection, buildings should be protected with bollards, cement planters, or any other perimeter protection device. Such devices should be placed in a manner as to allow the maximum distance between the building and the roadway and/or vehicle access area. There may be local ordinances that make placement of these devices illegal or ineffective.
A positive and concerted effort should be made to contact local host country law enforcement or governmental authorities and request that they prohibit, restrict, or impede motor vehicles from parking, stopping, or loading in front of the facility. In high threat locations, if local conditions or government officials prohibit anti-vehicular perimeter security measures and your business is either the sole occupant of the building or located on the first or second floor, you should consider relocating to more secure facilities.
Facade
The building exterior should be a sheer/smooth shell, devoid of footholds, decorative lattice work, ledges, or balconies. The building facade should be protected to a height of 16 ft. to prevent access by intruders using basic hand tools. The use of glass on the building facade should be kept to an absolute minimum, only being used for standard size or smaller windows and, possibly, main entrance doors. All glass should be protected by plastic film. Consider the use of Lexan or other polycarbonate as alternatives to glass where practical.
External Doors
Local fire codes may impact on the guidance presented here. As decisions are made on these issues, local fire codes will have to be considered.
Main entrance doors may be either transparent or opaque and constructed of wood, metal, or glass. The main entrance door should be equipped with a double cylinder dead bolt and additionally secured with crossbar or sliding dead bolts attached vertically to the top and bottom of each leaf. All doors, including interior doors, should be installed to take advantage of the door frame strength by having the doors open toward the attack side.
All other external doors should be opaque hollow metal fire doors with no external hardware. These external doors should be single doors unless used for delivery and loading purposes.
Should double doors be required, they should be equipped with two sliding dead bolts on the active leaf and two sliding dead bolts on the inactive leaf vertically installed on the top and bottom of the doors. A local alarmed panic bar and a 180 deg. viewing device should be installed on the active leaf.
All external doors leading to crawl spaces or basements must be securely padlocked and regularly inspected for tampering.
Windows
The interior side of all glass surfaces should be covered with a protective plastic film that meets or exceeds the manufacturer's specifications for shatter resistant protective film. A good standard is 4 mil thickness for all protective film applications. This film will keep glass shards to a minimum in the event of an explosion or if objects are thrown through the window.
Grillwork should be installed on all exterior windows and air conditioning units that are within 16 ft. of grade or are accessible from roofs, balconies, etc. The rule of thumb here is to cover all openings in excess of 100 in. square if the smallest dimension is 6 inches or larger.
Grillwork should be constructed of ½ inch diameter or greater steel rebar, anchored or imbedded (not bolted) into the window frame or surrounding masonry to a depth of 3 inches. Grillwork should be installed horizontally and vertically on center at no more than 8 inch intervals. However, grillwork installed in exterior window frames within the secure area should be spaced 5 in. on center, horizontally and vertically, and anchored in the manner described previously. Decorative grillwork patterns can be used for aesthetic purposes.
Grillwork that is covering windows designated as necessary for emergency escape should be hinged for easy egress. All hinged grillwork should be secured with a key operated security padlock. The key should be maintained on a cup hook in close proximity of the hinged grille, but out of reach of an intruder. These emergency escape windows should not be used in planning for fire evacuations.
Roof
The roof should be constructed of fire resistant material. All hatches and doors leading to the roof should be securely locked with dead bolt locks. Security measures such as barbed, concertina or tape security wire, broken glass, and walls or fences may be used to prevent access from nearby trees and/or adjoining roofs.
The overall design for perimeter security should consider using natural barriers, fencing, landscaping, or other physical or psychological boundaries to demonstrate a security presence to all site visitors.
All facilities should have some method of vehicle access control. Primary road entrances to all major plant, laboratory, and office locations should have a vehicle control facility operated by security personnel with automated systems for remote operation.
At smaller facilities, vehicle access control may be provided by badge activated gates, manual swing gates, etc.
Site security should be able to close all secondary road entrances thereby limiting access to the primary entrance. Lighting and turn space should be provided as appropriate.
Parking
Security should be considered in the location and arrangement of parking lots. Pedestrians leaving parking lots should be channeled toward a limited number of building entrances.
Remote parking lots should be avoided.
All parking facilities should have an emergency communication system (intercom, telephones, etc.) installed at strategic locations to provide emergency communications directly to Security.
Parking lots should be provided with CCTV cameras capable of displaying and videotaping lot activity on a monitor in the security control center. Lighting must be of adequate level and direction to support cameras while, at the same time, giving consideration to energy efficiency and local environmental concerns.
Garages
For those buildings having an integral parking garage or structure, a complete system for vehicle control should be provided. CCTV surveillance should be provided for employee safety and building security. If the threat of car bombing is extant, consideration must be given to prohibiting parking in the building.
Access from the garage or parking structure into the building should be limited, secure, well lighted, and have no places of concealment. Elevators, stairs, and connecting bridges serving the garage or parking structure should discharge into a staffed or fully monitored area. Convex mirrors should be mounted outside the garage elevators to reflect the area adjacent to the door openings.
Physical Barriers
Bollards, landscape techniques, or other aesthetically designed barriers should be installed to impede vehicular access to lobbies and other glassed areas that could be penetrated by a vehicle (i.e., low or no curb, glass wall or door structure between lobby and driveway). Driveways should be designed and constructed to minimize or preclude high speed vehicular approaches to lobbies and glassed areas.
Construction Activities
Landscaping and other outside architectural and/or aesthetic features should minimize creating any area that could conceal a person in close proximity to walkways, connecting links, buildings, and recreational spaces.
Landscaping design should include CCTV surveillance of building approaches and parking areas.
Landscape plantings around building perimeters need to be located at a minimum of 4 ft. from the building wall to prevent concealing people or objects.
Exterior Lighting
Facilities should have the capability of producing illumination on 100% of the building perimeter to a height of at least 6 ft.
For leased buildings, landlord approval of exterior lighting design requirements should be included in lease agreements.
Lighting of building exterior and walkways should be provided where required for employee safety and security.
Building Access
Building Entrances
The number of building entrances should be minimized, relative to the site, building layout, and functional requirements. A single off hour’s entrance near the security control center is desirable. At large sites, additional secured entrances should be considered with provisions for monitoring and control.
Doors
All employee entrance doors should permit installation of controlled access system hardware. The doors, jambs, hinges and locks must be designed to resist forced entry (e.g., spreading of door frames, accessing panic hardware, shimming bolts and/or latches, fixed hinge pins). Don't forget handicap requirements when applicable.
Minimum requirement for lock cylinders are "6 pin" pin tumbler type. Locks with removable core cylinders to permit periodic changing of the locking mechanism should be used.
All exterior doors accessing the security area should have alarm sensors to detect unauthorized openings.
Doors designed specifically for emergency exits need to have an alarm that is audible at the door with an additional annunciation at the security control center. These doors should have no exterior hardware on them.
Windows
For protection, large showroom type plate glass and small operable windows on the ground floor should be avoided. If, however, these types of windows are used and the building is located in a high risk area, special consideration should be given to the use of locking and alarm devices, laminated glass, wire glass, film, or polycarbonate glazing.
For personnel protection, all windows should have shatter resistant film.
Lobby
Main entrance to buildings should have space for a receptionist during the day and a security officer at night. The security control center should be located adjacent to the main entrance lobby and should be surrounded by professionally designed protective materials.
Rest rooms to meet the needs of the public should be provided in this area without requiring entry into interior space. Rest rooms should be kept locked in high threat environments and the lobby reception area should be a single, self sufficient building entrance.
Telephones and Access controlled by the receptionist.
Consistent with existing risk level, the receptionist should not be allowed to accept small parcel or courier deliveries routinely unless they are expected by addressee.
Other Building Access Points
Other less obvious points of building entry, such as grilles, grating, manhole covers, areaways, utility tunnels, mechanical wall, and roof penetrations should be protected to impede and/or prevent entry into the building.
Permanent exterior stairs or ladders from the ground floor to the roof should not be used, nor should the building facade allow a person to climb up unaided. Exterior fire escapes should be retractable and secured in the up position.
INTERIOR PROTECTION
Building space can be divided into three categories: public areas, interior areas, and security or restricted areas requiring special security measures. These areas should be separated from one another within the building with a limited number of controlled passage points between the areas. "Controlled" in this context can allow or deny passage by any means deemed necessary (i.e., locks, security officers, etc.).
Corridors, stairwells, and other accessible areas should be arranged to avoid places for concealment.
Generally, restricted space should be located above the ground floor level, away from exterior walls, and away from hazardous operations. Access to restricted space should be allowed only from interior space and not from exterior or public areas. Exit routes for normal or emergency egress should not transit restricted or security space.
Walls and Partitions
Public space should be separated from interior space and restricted space by slab to slab partitions. When the area above a hung ceiling is used as a common air return, provide appropriate modifications to walls or install alarm sensors. In shared occupancy buildings, space should be separated by slab to slab construction or as described previously.
Doors
Normally, interior doors should be of sufficient strength to prevent easy intrusion and equipped with good quality locking hardware. Keys to all doors should be carefully controlled and retrieval of keys should be noted by security personnel.
In shared occupancy buildings, every door leading to interior space should be considered an exterior door and designed with an appropriate degree of security.
Stairway doors located in multi-tenant buildings must be secured from the stairwell side (local fire regulations permitting) and always operable from the office side. In the event that code prevents these doors from being secured, the floor plan should be altered to provide security to your space.
Emergency exit doors that are designed specifically for that purpose should be equipped with a local audible alarm at the door and a signal at the monitoring location.
Doors to restricted access areas should be designed to resist intrusion and accommodate controlled access hardware and alarms.
Doors on building equipment and utility rooms, electric closets, and telephone rooms should be provided with locks having a removable core, as is provided on exterior doors. As a minimum requirement, provide 6 pin tumbler locks.
For safety reasons, door hardware on secured interior doors should permit exit by means of a single knob or panic bar.
Other Public Areas
The design of public areas should prevent concealment of unauthorized Personnel and/or objects.
Ceilings in lobbies, rest rooms, and similar public areas should be made inaccessible, securely fastened or locked access panels installed where necessary to service equipment.
Public rest rooms and elevator lobbies in shared occupancy buildings should have ceilings that satisfy your security requirements.
Storage Requirements
Building vaults or metal safes may be required to protect cash or negotiable documents, precious metals, classified materials, etc. Vault construction should be made of reinforced concrete or masonry and be resistant to fire damage. Steel vault doors are available with various fire related and security penetration classifications.
Elevators
All elevators should have emergency communications and emergency lighting. In shared occupancy buildings, elevators traveling to your interior space should be equipped with badge readers or other controls to prohibit unauthorized persons from direct entry into your interior space. If this is not feasible a guard, receptionist or other means of access control may be necessary at each entry point.
Cable Runs
All cable termination points, terminal blocks, and/or junction boxes should be within your facility.
Where practical, enclose cable runs in steel conduit.
Cables passing through space that you don't control should be continuous and installed in a conduit. You might even want to install an alarm in the conduit. Junction boxes should be minimized and fittings spot welded when warranted.
Security Control Center
If you have a security control center, it should have adequate space for security personnel and their equipment. Additional office space for technicians and managers should be available adjacent to the control center.
Your security control center should provide a fully integrated console designed to optimize the operator's ability to receive and evaluate security information and initiate appropriate response actions for (1) access control, (2) CCTV, (3) life safety, (4) intrusion and panic alarm, (5) communications, and (6) fully zoned public address system control.
The control center should have emergency power and convenient toilet facilities. Lighting should avoid glare on TV monitors and computer terminals. Sound absorbing materials should be used on floors, walls, and ceilings. All security power should be backed up by an emergency electrical system.
Access Systems
The control center should be protected to the same degree as the most secure area it monitors. This type of system, if used, should include the computer hardware, monitoring station terminals, sensors, badge readers, door control devices, and the necessary communication links (leased line, digital dialer, or radio transmission) to the computer.
Alarm Systems
In addition to the normal designated access control system's doors and/or gates, remote access control points should interface to the following systems: (1) CCTV, (2) intercom, (3) door and/or gate release, and (4) power operated vehicle barriers.
Sensors should be resistant to surreptitious bypass. Door contact monitor switches should be recessed wherever possible. Surface mounted contact switches should have protective covers.
Intrusion and fire alarms for restricted areas should incorporate a backup battery power supply and be on circuits energized by normal and emergency generator power.
Control boxes, external bells, and junction boxes for all alarm systems should be secured with high quality locks and electrically wired to cause an alarm if opened.
Alarm systems should be fully multiplexed in large installations. Alarm systems should interface with the computer based security system and CCTV system.
Security sensors should individually register an audio visual alarm (enunciator or computer, if provided) if located at the security central monitoring location and alert the security officer. A single CRT display should have a printer or indicator light. An audible alarm that meets common fire code standards should be activated with distinguishing characteristics for fire, intrusion, emergency exit, etc. All alarms ought to be locked in until reset manually.
Closed-Circuit TV (CCTV)
CCTV systems should permit the observation of multiple camera transmission images from one or more remote locations. Switching equipment should be installed to permit the display of any camera on any designated monitor.
To ensure total system reliability, only security hardware of high quality should be integrated into the security system.
Stairwell Door Reentry System
In multi-tenant high rise facilities, stairwell doors present a potential security problem. These doors must be continuously operable from the office side into the stairwells. Reentry should be controlled to permit only authorized access and prevent entrapment in the stairwell.
Re-entry problems can be fixed if you provide locks on all stairwell doors except the doors leading to the first floor (lobby level) and approximately every fourth or fifth floor, or as required by local fire code requirements. Doors without these locks should be fitted with sensors to transmit alarms to the central security monitoring location and provide an audible alarm at the door location. Appropriate signs should be placed within the stairwells. Doors leading to roofs should be secured to the extent permitted by local fire code.
Special Functional Requirements
Facilities with unique functions may have special security requirements in addition to those stated in this book. These special requirements should be discussed with Corporate Security personnel or a security consultant. Typical areas with special requirements are product centers, parts distribution centers, sensitive parts storage facilities, customer centers, service exchange centers, etc.
PUBLIC ACCESS CONTROLS
Security Officers and Watchmen
All facilities of any size in threatened locations should have manned 24 hr. internal protection. Security Officers should be uniformed personnel and, if possible, placed under contract. They should be thoroughly trained, bilingual and have complete instructions in their native language clearly outlining their duties and responsibilities. If permitted by local law/customs, investigations or checks into the backgrounds of security officers should be conducted.
At facilities with a perimeter wall, there should be one 24 hr. perimeter security officer post. If the facility maintains a separate vehicular entrance security officer post, such a post should be manned from 1 hr. before to 1 hr. after normal business hours and during special events. Security officers should be responsible for conducting package inspections, package check in, and, if used, should operate the walk through and hand held metal detectors. Security officers should also be responsible for inspecting local and international mail delivered to the facility, both visually and with a hand held metal detector and explosive detector if possible before it is distributed. X ray equipment for package inspection should be employed if the level of risk dictates.
At facilities with a perimeter guardhouse, the walk through metal detector could be maintained and operated in an unsecured pass through portion of the guardhouse. A walk through metal detector is particularly recommended for a company with a high threat profile, especially if a security officer is spending a large percentage of time manually searching with hand held metal detectors. In addition, this security officer could also be responsible for conducting package inspections. Any package storage, however, should be in shelves in the foyer and be under the direction of the foyer security officer or receptionist. Generally, all security screening and package storage will be carried out in the foyer.
Security Hard-line
Office areas should be equipped with a "hard-line" to provide physical protection from unregulated public access. Protection should be provided by a forced entry resistant hard-line that meets ballistic protection standards. These standards can be obtained from your corporate security personnel or a security consultant. When a security hard-line for public access control is constructed, the following criteria should apply:
Walls
For public access control purposes, exterior perimeter walls should be constructed of no less than 6 in. of reinforced concrete from slab to slab. The reinforcement should be of at least No. 5 rebar spaced 5 in. on center, horizontally and vertically, and anchored in both slabs. In existing buildings, the following are acceptable substitutions for 5 in. reinforced concrete hard-lines:
• Solid masonry, 6 in. thick or greater, with reinforcing bars horizontally and vertically installed.
• Solid un-reinforced masonry or brick, 8 in. thick or greater.
• Hollow masonry block, 4 to 8 in. thick with 1/4 in. steel backing.
• Solid masonry, at least 6 in. thick, with 1/4 in. steel backing.
Security Doors
• Fabricated ballistic steel wall, using two 1/4 in. layers of sheet steel separated by tubular steel studs.
• Reinforced concrete, less than 6 in. thick with 1/8 in. steel backing.
• Either opaque or transparent security doors can be used for public access control purposes. All doors should provide a 15 mint forced entry penetration delay. In addition, doors should be ballistic resistant.
• The public access control door should be a local access control door, meaning a receptionist or security officer can remotely open the door.
Security Windows
Whenever a security window or teller window is installed in the hard-line, it should meet the 15 mint forced entry and standard ballistic resistance requirements.
Public Access Entry Requirements
No visitor should be allowed to enter through the hard-line without being visually identified by a security officer, receptionist, or other employee stationed behind the hard-line. If the identity of the visitor cannot be established, the visitor must be escorted at all times while in the facility.
Alarms and Intercoms
A telephone intercom between the secure office area, the foyer security officer, and guardhouse should be installed. In facilities where deemed necessary, a central alarm and public address system should be installed to alert staff and patrons of an emergency situation. Where such a system is required, the primary control console should be located in the security control center. Keep in mind that alarms without emergency response plans may be wasted alarms. Design, implement, and practice emergency plans.
Designated Secure Area
Every facility should be equipped with a secure area for immediate use in an emergency situation. This area is not intended to be used for prolonged periods of time. In the event of emergency, employees will vacate the premises as soon as possible. The secure area, therefore, is provided for the immediate congregation of employees at which time emergency exit plans would be implemented.
The secure area should be contained within the staff office area, behind the established hard-line segregating offices from public access. An individual office will usually be designated as the secure area. Entrance into the secure area should be protected by a solid core wood or hollow metal door equipped with two sliding dead bolts.
Emergency egress from the secure area will be through an opaque 15 mint forced entry resistant door equipped with an alarmed panic bar or through a grilled window, hinged for emergency egress. The exit preferably will not be visible from the facility's front entrance.
Emergency Exits
All facilities should have a means of emergency escape aside from the secure area exit. Positioned appropriately throughout the building should be sufficient emergency exit points to accommodate normal facility occupancy.
All emergency doors should be hollow metal doors (fire doors where appropriate) equipped with alarmed emergency exit panic bars.
Executive Offices
Any employee, but especially the executive, can be a target of terrorist or criminal tactics including forced entry, building occupation, kidnapping, sabotage, and even assassination. Executive offices can be protected against attacks.
The executive office should have a physical barrier such as electromagnetically operated doors, a silent trouble alarm button, with a signal terminating in the Plant Protection Department or at the secretary's desk, and close screening of visitors at the reception and security officer desks in the lobbies and again at the executive's office itself. The exact response to a trouble alarm should be examined by the Plant Protection/Security Department in consultation with the executive. Consideration should be given to whether employees should respond to the alarm or whether local police should be summoned. In some cases, it may be preferable to have the secretary place an intercom call to the executive to verify an alarm situation before an extraordinary response is initiated.
Secretaries should not admit visitors unless positively screened in advance or known from previous visits. If the visitor is not known and/or not expected, he or she should not be admitted until satisfactory identification and a valid reason to be on site is established. In such instances, Security should be called and an officer asked to come to the scene until the visitor establishes a legitimate reason for being in the office. If the visitor cannot do so, the officer should be asked to escort the visitor out of the building.
Unusual telephone calls, particularly those in which the caller does not identify himself/herself or those in which it appears that the caller may be misrepresenting himself/herself, should not be put through to the executive. Note should be made of the circumstances involved (i.e., incoming line number, date and time, nature of call, name of caller). This information should then be provided to the Security Department for follow up investigation.
Under no circumstances should an executive's secretary reveal to unknown callers the whereabouts of the executive, his/her home address, or telephone number.
The executive, when working alone in the evening, on weekends, or holidays, should advise Security how long he/she will be in the office and check out with Security when leaving.
General Office Security
• Money, valuables, and important papers such as passports should not be kept in your desk. Thefts will occur in all offices, even during working hours. Some will be solved, most could have been prevented. The following suggestions will decrease the chance of further thefts:
• Don't tempt thieves by leaving valuables or money unsecured.
• If sharing an office or suite of offices, stagger lunch hours and coffee breaks so that the office is occupied at all times.
• If the office must be left vacant, lock the door.
• Locate desks in a way that persons entering the office or suite can be observed.
• Follow a clean desk policy before leaving at night. Keep valuables and company documents in locked containers.
• Confirm work to be done or property to be removed by Maintenance, outside service personnel, or vendors.
• Do not "hide" keys to office furniture under flower pots, calendars, etc. Thieves know all the hiding places. Do not label keys except by code.
Develop and Improve Employee Security Procedures
Make employees aware of how important it is to control information. Sensitize employ¬ees to handle inquiries, both in person and by telephone, with concern for the identity of the requester and the legitimacy of their "need to know."
Employees should be briefed on how to handle suspicious, probing calls and to whom to report such calls.
Office Security Countermeasures
• Business enterprises, have been and will continue to be the subject of controversial political and economic issues that can turn their executives and offices into targets for terrorists and criminal actions. Countermeasures against these acts can and should be implemented in the office environment. The following list describes some of the measures that may be useful in improving personal security and safety at the office.
• Avoid working alone late at night and on days when the remainder of the staff is absent.
• The office door should be locked when you vacate your office for any lengthy period, at night and on weekends.
• Do not permit the secretary to leave keys to the office or desk.
• There should be limited access to the executive office area.
• Arrange office interiors so that strange or foreign objects left in the room will be immediately recognized.
• Unescorted visitors should not be allowed admittance nor should workmen without proper identification and authorization.
• Implement a clean desk policy. Do not leave papers nor travel plans on desk tops unattended.
• Control publicity in high risk areas. Avoid identification by photographs for news release. Maintain a low profile.
• Janitorial or maintenance activity in key offices and factory areas should be supervised by competent company employees.
• A fire extinguisher, first aid kit, and oxygen bottle should be stored in the office area.
• The most effective physical security configuration is to have doors locked (from within) with one visitor access door to the office area.
• Where large numbers of employees are involved, use the identification badge system containing a photograph.
• Upon the conclusion of meetings, staff personnel should inspect all guest rooms and function rooms to ensure that no documents, personal effects, or equipment have been left behind by participants.
Advice for Secretaries
A secretary has close knowledge of company business. He/she should maximize security, and the following measures should be reviewed with him/her:
• Be alert to strangers visiting the executive without an appointment and who are unknown to him/her.
• Be alert to strangers who loiter near the office.
• Do not reveal the executive's whereabouts to callers. Even if the caller is known, information should be on a need to know. As a standard policy, take a number where caller can be contacted. Do not give out telephone numbers or addresses.
• When receiving a threatening call, including a bomb threat, extortion threat, or from a mentally disturbed individual, remain calm and listen carefully. Each secretary and/or receptionist should have a threatening telephone call checklist which should be completed as soon as possible.
• Keep executive travel and managers' travel itineraries confidential. Strictly limit distribution to those with a need to know.
