Security Considerations for Today's Facilities
August 24, 2005
Appeared in Real Estate Journal
While security has always been a concern for building owners and facilities managers, today’s operating environment demands that security issues be elevated to greater levels. Security planning has evolved into a business necessity, an essential requirement of any commercial real estate development. Prospective tenants are entering into lease negotiations with security at the forefront of their decision making process. Corporate tenants are not only concerned with the standard security issues – safety for their offices and people -- they must now worry about creating highly secure environments for their IT operations, data centers and critical facilities. Owners who can demonstrate enhanced security practices stand a better chance of gaining and retaining tenants, resulting in greater profitability in the long term.
Security thinking and programming must be broadly conceived with security programs clearly defined, carefully implemented, routinely evaluated and updated for changing conditions. The first step in securing a facility is assessing its security risks. Global best practice standards advocate the use of a Security Risk Assessment Model that considers assets, threats and vulnerabilities.
The following steps should be taken:
- Identify and Characterize Possible Threats -- potential threats can affect the host facility and possibly other facilities associated with the host might include intentional acts such as terrorism, unintentional acts where security measures are circumvented for convenience or accidentally by simple human error. A facility owner must understand potential threats when determining an appropriate security program.
- Identify and Assess Vulnerabilities -- determine a baseline security profile by identifying the facility’s vulnerabilities including physical structure, information security, security operational practices including internal personnel (outsourced or temporary employees), and access controls. After obtaining an in-depth understanding of the risks, the current security measures and controls should be tested for effectiveness in minimizing or eliminating those risks. Knowledge of industry standards and practices at comparable organizations is essential to this activity.
- Identify Countermeasures, Costs and Acceptable Risks -- after recognizing the identified or inherent shortcomings, the last step in the Security Risk Assessment Model is to develop plans to further mitigate the risk of security breaches, unplanned downtime and disruption of service.
Once a thorough Security Risk Assessment has been completed and the consequences of potential security breaches are understood, the determined risks can be incorporated into subsequent planning, capital and operating budgets. An over-riding concept for security planning is employing a zoned security approach, utilizing various security technologies and processes uniquely deployed in concentric zones.
Each concentric zone has its own security elements, bolsters the overall level of security and reinforces the adjoining zones. The zones might employ technology such as access cards, CCTV’s, or biometric devices, etc.; people, including screening, training, communications, emergency preparedness, etc.; and operations such as perimeter, building or utility site access control, maintenance and delivery vehicle screening, etc. A security plan for a particular facility must be built around a combination of these elements, with the configuration based on the findings of the security assessment.
A comprehensive approach to security leaves nothing to chance, allowing organizations to achieve set security target levels, avoid unbalanced capital expenditures, and ultimately mitigate vulnerabilities. Successful site planning for a facility integrates physical security, security of information and operational security measures into the overall configuration and concept for the site. Facility owners can reduce their risk of breaches to manageable levels, and increase their overall information availability with an understanding of general security concepts, a security risk assessment, and effective security planning and implementation.