What is a facility manager to do in these days of stagnant or, worse yet, shrinking budgets? With the cost of everything from electricity and gas to salaries and insurance skyrocketing, there is little left over for security and life safety-related expenses. Is there a way for facility managers to increase the level of protection without it costing significant dollars?
First and foremost, a manager must identify and prioritize assets to implement corresponding protection strategies. This is a must whether it is multiple properties or multiple assets within a single property involved. The easiest way to prioritize assets is to assign consistent recognizable values to them. This may sound obvious, but often protection strategies bypass this basic step.
Since all properties are not created equal, practicality necessitates managers assign their limited security and life safety dollars to those properties that are the likeliest targets. Take, for example, a company with two properties. One is located in Omaha, while the other is in New York City. In this case, common sense dictates the company invests a higher amount of money in the New York facility.
Unfortunately, it’s not always that easy to determine which properties should be a priority for those limited funds. So what methodology can a facility manager use to determine risk profiles for multiple properties? Quite frankly, the manager can use any criteria he or she wants, as long as they are practical, realistic and, most important, consistent. Without consistency, attempts to apply security and life safety measures are wasteful.
Many companies today must ensure the security and safety of commercial, office and industrial space spread throughout North America or worldwide. With facilities in large cities and/or high profile locations as well as small to medium cities, prioritizing protection is critical. That’s why an assessment tool such as a comprehensive threat and risk matrix model can assist in prioritizing protection strategies, and make the most of security budgets.
The Risk Profile
Figure 1
The first step is to do a risk profile of every building or facility. Figure 1 is a simplified version of a spreadsheet used to complete a risk profile, here ranking three different buildings we’ll call A, B and C.
In Figure 1, the three properties obtained final rankings of 5, 15 and 25, respective. Hence, building C, with the highest threat profile, should be the focus of the bulk of security and life safety efforts. Building B also requires funds, but obviously not as many as C. Finally, building A gets a corresponding smaller amount, because all three properties do require financial attention. There are always security and life safety issues present in every property, and the facility manager is responsible for providing a certain level of protection.
The Gap Analysis
Once you complete the risk profile, you then perform a gap analysis of existing asset protection programs to see if you need to consider any additional measures. A gap analysis is vital, as it will help determine the current status of existing programs. It’s unlikely any building will have no security in place at all, and one facility may even have considerable security and life safety features already in place.
Then, itemize all the existing safety and security features in each building. For example, one building might already have a 24/7/365 security department, an access control system, bollards surrounding the property and turnstiles in the lobbies. Get someone familiar with the various properties and security and life safety features involved in creating the itemized list – and don’t be surprised if the list ends up with far more items than you thought.
The Threat and Risk Matrix
The next step is to create a threat and risk matrix where you place all potential threats accor ding to criticality and probability. See Figure 2 for an example.
But don’t be intimidated if you don’t have the exact knowledge of the various incident types and their possible impacts when it comes time to insert the threats. In this case, often a ‘best guess’ is acceptable. Some incidents occur so rarely that it may be impossible to place them based on historical data.
There is a standard list of potential threats you can plot onto the matrix, using six simple categories. While there is some overlap, these six are quite comprehensive and yet still easy to plot. The six categories are natural, manmade, accidental, deliberate, internal and external.
Once you insert all the threats into the matrix, including the probability and criticality, the next step is to determine if any of the existing security measures can mitigate the individual threats to an acceptable level or not. This is where the list of specific security and life safety measures created in the gap analysis comes in handy. You can now list each and every type of threat the company may face along with the corresponding countermeasure(s).
The remaining question is whether or not the threat is mitigated to an acceptable level. If it is mitigated, move onto the next threat. If not, you need to determine what it will take to mitigate a particular threat to an acceptable level. All the outstanding issues requiring actionable items, whether they are one-time capital projects (hardware), the development of policies, procedures and training (documentation), an increase, decrease or change in human resources (personnel), or a combination of all three give the facility manager a blueprint for moving ahead.
Remember that along the continuum of risk, there are the high criticality/low probability events at one end while at the other there are the high probability/ low criticality events or ‘quality of life’ issues we are all familiar with. While terrorism is certainly an issue all facility people must be aware of and plan for, there are many other issues occurring on a regular basis that have considerable impact on tenants. Wallets, purses, bicycles, laptops and other property are stolen on a regular basis. Fires, extreme weather events such as flooding, tornados, and hurricanes continue to occur. Autos are broken into and people are assaulted. Hence, security and life safety programs must be based both on ‘stuff’ which may occur sometimes, even if highly unlikely, and ‘stuff’ that is actually occurring.
While this exercise may appear somewhat intimidating to a facility manager who has not completed such work in the past, it is not overwhelming. While it does take some thought and research, most importantly, it takes time. Set aside a certain amount of time each day, until complete. Good luck.
This article was published in the Disaster Resource GUIDE for Facilities (Fall 2006).
Recommend0 recommendationsPublished in Physical Infrastructure
Leave A Comment
You must be logged in to post a comment.