Category Archives: Facilities Security

Why Everyone Needs Active Shooter Training – after Big Bear!

Posted on by
Reply

Active Shooter is not a technical term, it basically means anyone with a gun who is actively) shooting at you!

They can be shooting randomly, getting ready to shoot themselves, shooting from a freeway overpass, or shooting in a populated area – if they havea gun, AND they’re shooting – then they’re an Active Shooter!

The sad story of cop Christopher Dorner and his shooting frenzy affected me personally, because I lived in the high mountains of Forest Falls, one town east of Big Bear, for years, and one of my sons attended tiny Fallsvale elementary school, which was locked down at the height of the craziness.

This shooter targeted his victims in some cases, and others were shot randomly.  All the victims had no idea of what was coming at them.

The Department of Homeland Security has really stepped up its program to train people to deal with the Active Shooter scenario, and, after Dorner, and Newtown, and Aurora, and Fort Hood, that maybe everyone should have active shooter training. Just in the last year alone, there have been 15 prominent active shooter incidents.

You can start at DHS and get videos, powerpoints, active shooter reference cards – for carrying in wallets, purses and book bags, as well as posters and training manuals.  Here’s the link:  http://www.dhs.gov/active-shooter-preparedness.

Why not train our school children, like we used to train for bomb drills, by jumping under the desks and covering our heads?   Why not have mandatory training for all teachers?  What about mandatory training for all healthcare workers?  And all IRS agents?  And threater goers? 

If you’re reading this – you can get ready yourself, become situationally aware, and pass on the favor!

 

Assessing School Security Takes on New Dimensions after Sandy Hook Tragedy

Posted on by
3

After 30 years of security risk assessment experience and working with hundreds of schools, hospitals, facilities, I have to say that schools have not taken school security seriously.

Obviously there are the social pressures including mental health screening, proposed assault weapons bans, gun owner screening, etc., but these are the thing that won’t change overnight.  EVEN IF THEY ARE LEGISLATED, it takes time to implement, and
implementation may not be perfect.

TODAY IS THE DAY TO DO A SCHOOL VIOLENCE ASSESSMENT – not tomorrow, not after new gun laws, not after the holidays — TODAY.

There are indicators you can look for to see if your school is at risk of an active shooter incident.  And ways to be prepared if the unthinkable happens and an active shooter comes to your school.

Strong, simple access control is the most effective solution, and yes, this may mean that
a plain glass front door or window is not enough.  Glass is easily broken, and yes, it means that all staff must be a little more accountable, and it probably means a red phone or connection to the local police.

There is a simple school risk assessment program that will give guidance on what you need to do TODAY, what controls you need to implement, what threats are most likely to occur.  These can be accessed on the www.riskandsecurityllc.com website.

Some things are preventable, some aren’t.  But lockdown drills, alarm systems, and active monitoring of cameras are just a few of the 60 controls every school should have in place to protect our precious children.

And this comes from the grandmother who’s 3-year old twins turned 3 yesterday!

 

17-year old imposter does CPR on patient in Kissimee, FL

Posted on by
Reply

Security measures in place are being questioned in Kissimmee, Florida at Osceola Regional Medical Center after clerk passes as a physicians assistant!

Hospital security procedures, including staff screening practices at Osceola Regional Medical Center, are getting a second look after a 17-year-old passed himself off as a physician’s assistant and took part in several exams and procedures, including doing CPR on a patient. The Orlando Sentinel reported that hospital management is reviewing its practices to ensure a similar incident doesn’t occur. The youth was able to secure a hospital ID badge from the human resources department by claiming to need a new one because the surgical practice at which he worked had changed names. In fact, the youth was employed part time as a billing clerk at a doctor’s office. When confronted by staff, the youth said he was working undercover for the sheriff’s department, so they would be unable to check his employment records

Data-Driven Security – Using Metrics to Focus & Target Security Programs

Posted on by
Reply

Security programs can be dramatically improved by using a metrics-based assessment to focus them on the areas of greatest threat, and to use metrics as a management tool to keep the security program targeted on the areas that need the most attention.

Using a data-driven approach – that is, using real numbers to measure
and quantify security, always results in tangible improvements.

Management of a security program is no different than management of any other department, whether it’s human resources, cash flow, employee productiveness, profitability, or any other set of metrics that organizations use to measure how well something is being done, and how it could be improved.

Security officers may complain that management is not listening to their complaints, including not making enough money available to implement new technology, or to fix a loophole that has the potential to create havoc in the organization.

Most security conferences feature sessions with titles like “How to Sell Security to Management” and try to address this disconnect between senior management and their security programs. Peter Drucker, the world famous management consultant, said “If you can’t measure it, you can’t manage it.”

Fortunately, recent improvements in security technology and in development of wider reporting of threats and vulnerabilities, allow management metrics to be applied to the management of the security program to target the program to be maximally effective, to focus the available dollars in the areas which would provide the most protection for the least amount of money, and to prioritize the controls that need to be implemented,  based on their return on investment.

Risk assessments are the foundation of a data-driven security program. Through the process of risk assessment, managers can measure the effectiveness of the organization’s total security program, including analyzing the value of the organizational assets, the threat level (based on the mission of the organization), the existing vulnerabilities, and the effectiveness of existing controls.

Basing the risk assessment on the concept of data-driven security means that real numbers are used in the following areas:

1.  Determining the value of the assets of the organization, including the facilities, the personnel, the security systems and the current controls.

2.  Analyzing the Threat Level, based on either internal incident reports, or industry data, including the Uniform Crime reports. 

3. Identifying vulnerabilities in the organization, including surveying individuals at every level of the organization, from the local facility manager to the CEO to find out how they are implementing security in their workplace.

4. Identifying potential categories of loss, which help focus the security program on the problem areas.

5. Analyzing current Controls that are currently in place, or that could be added to protect an organization.

By gathering data in these 5 categories, it becomes possible to run scenarios that pair the threat and vulnerability, match it to organizational assets, analyze the loss potential, and evaluate the cost effectiveness of a variety of different controls and prioritize security controls by “bang for the buck”.

Using data-based security builds a bridge between executive management and the security professionals in the organization who now have an avenue for open communication and consideration of the role of security throughout the organization.

 

 

 

Another Look at OSHA & Workplace Violence

Posted on by
Reply

I just finished reading a new book called HALT THE VIOLENCE, written and edited by Patricia Biles and her Alliance Against Workplace Violence group.  Here are some of my thoughts on it, if your organization has been evaluating workplace violence issues:

Here’s my review and why I think you should get it (Amazon) and take a look – it’s a short read — less than 150 pages.

I like the insider perspective on how to prevent violence in the workplace. Patricia Biles was a former OSHA (U.S Occupational Safety and Health Administration) employee and their guru on violence issues.  Her work with industry groups and individuals has given her rare insight on the subject of stopping the epidemic of violence, and she gives practical solutions that employers and individuals can use to halt the violence.

The book covers the escalation of violence in the workplace and how OSHA reacted to the problem, which came to the forefront in 1989.  She identifies the groups most affected by violent events at work, including nurses, healthcare workers, taxi drivers, convenience stores, and late night retail establishments in particular.

As well as covering a complete history of the issue, she also weaves together input from other experts who specialize in aspects of the overall workplace violence problem, including the problem of violence in hospitals,  the increased incidents of bullying in the workplace, the importance of early intervention and practical strategies for diffusing angy, aggressive individuals.

The important of risk management procedures, such as performing regular threat assessments is identified as one of the few ways to identify individuals who may pose a threat, although the authors point out that both the Virginia Tech shooter and Jared Loughner, the diagnosed schizophrenic who shot Gabby Giffords, her staff, and innocent bystanders in Tucson, were both examined, and had psychological profiles which stated they were ‘unlikely’ to be a threat to others.

Specific violence-prone workplaces are also identified and specific recommendations given for hospitals, home health and social workers, and educational institutions such as schools, colleges and universities.

In some ways, this is an insider’s book because it gives you the behind-the-headlines details, not only of major workplace violence incidents, but also a look at what it takes to create new laws and encourage congress and federal agencies to recognize the problem and take concrete steps to ‘halt the violence’!

All in all, this is a very insightful and practical look at a problem that affects every workplace and every person who goes to work and counts on returning home in the same condition.  Employers will want to implement the suggestions in the book on how to reduce violence in individual organizations, and it also offers a valuable perspective on how to comply with new OSHA standards and they continue to evolve their approach to this critical issue.

 

Threat Modeling is the Exciting, Sexy Part of Risk Assessment

Posted on by
Reply

As a risk assessment professional, when I get into a risk discussion, most security people want to talk about THREAT!  Threat is the most sexy and exciting part of doing a risk assessment.

Threats are exciting all by themselves.  Think about all the threats you can name:

All the natural disasters like Earthquakes, Tornadoes, Storms, Hurricanes, Tsunamis, Lightning, Floods

Crimes like Homicide, Assault, Rape, Burglary, Theft, Kidnapping, Blackmail, Extortion

Terrorism like Sabotage, Explosions, Mail Bombs, Suicide Bombs

All the IT Threats like Malicous Code, Disclosure, Data Breaches, Theft of Data

And about 50 more including Chem/Bio incidents, Magnetic waves, High Energy Bursts, Microbursts, Contamination and Reputation Damage.

Each of these threats could theoretically occur at any time, but we try to establish a pattern of how often they have occurred in the past, in this location, in this county, in this country, in the company, etc.   So NASA, for example, gets thousands of hacker attacks, but another company, like the local Salvation Army, gets 1 every 10 years.

Same model for natural disasters, although you might have to factor in climate change, it’s easy to get the threat incidents for hurricanes in Florida, snow storms in Cleveland, earthquakes in northern California, etc.

We also like to examine industry specific data to see if some threats are higher in a certain industry, like the high incidence of workplace violence incidents in hospitals and high risk retail establishments (like Wawa or 7-11).

Another factor we use in calculating threat likelihood is how the threat could actually affect different types of assets…. for example, would an earthquake damage a car?  Probably not. Would it cause damage to an old historical building – probably (unless it had been retrofitted).  Could it cause loss of life, or injuries (think Haiti).

So I use a multidimensional model that takes the threats list (I have a standard list of 75 threats that I use), and map it to each potential loss, based on the ‘asset’ that might be affected.

The more data you get, the better your model will be, and the more value it will have as a decision support tool!

 

Starting a Hospital Security Risk Assessment

Posted on by
Reply

How to make sure your Security Department is Working for the Hospital.

Security Risk Assessment are not just Required by the Joint Commission – they are required in many states as a preventive measure to help prevent and reduce workplace violence.

The Risk Assessment also helps managers and administrators assess their security program, directly measure it’s effectiveness and helps determine
cost effective methods that can give you a great deal of protection for the lowest possible cost — something we call “bang for the buck”. 

The recent increase in violence comes as a surprise to doctors, nurses, managers and administrators, too.  Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

 1.  Doctors are no longer thought of as “Gods”.  This means they are
      are more easily blamed when a patient’s condition deteriorates.

 2.  Hospitals are now regarded as businesses.  This perception has been
       been aggravated by television in shows like a recent “60 Minutes”, as well as
       by the effects of the recession on jobs and the loss of health insurance.

3.  Lack of respect and resources (funding) for hospital security departments
   .  Rather than being seen as a crucial protection for the hospital staff and
      patients, many security departments are chronically underfunded and used
      for a variety of non- security functions, such as making bank deposits for
      the hospital gift shop, driving the education van, etc.

The federal government  issued a guidance document for dealing with violence issues in healthcare,  called OSHA 3148.01R, 2004, Guidelines for Preventing Workplace Violence for Health Care & Social Service Workers.  You can download a copy at www.osha.gov/Publications/osha3148.pdf

Playing Footsie with the Haqqani Crime Network

Posted on by
Reply

I am a risk analyst and risk assessment expert, certainly not a diplomat.  In fact,  my friends might say I am probably really un-diplomatic most of the time.  I like the direct approach.

But watching the U.S. State Department and the Obama administration playing footsie with the Haqqani network in Afghanistan and Pakistan is worse than enduring waterboarding.  What a waste of American dollars — paying off these criminals to finance construction projects that Americans are doing to build up Afghani infrastructure.  

I have watched for years as the U.S. State Department props up brutal dictators, only to see them toppled overnight.  Of course, Mubarak and Quaddfi come to mind right away.

But to try and win a WAR, while paying off criminals and murderers who are launching attacks on our embassy, letting them run our relationship with Pakistan, is just wrong.

What has this got to do with risk assessment?  PLENTY – because the problem here is large amounts of unaccountable cash.  Cash passed out by the State Department, USAID and the intelligence services, theoretically, to ‘grease’ the skids and get something done, but instead, these wholesale PAYOFFS just finance and empower our enemies, while ruining the U.S. reputation and maddening the citizens who provide this money in the first place.

I would vote for anyone who could put REAL ACCOUNTABILITY back into the U.S. spending abroad.  As the Arab spring proved — this kind of diplomacy never works!

Should Hospital Staff Brings Guns to Work with Them?

Posted on by
Reply

Should hospital staff bring guns to work with them?

At a time when many hospital security departments have unarmed security officers, and some departments don’t even allow the use of mace, changes in state laws allow hospital staff in some states to bring their guns to work with them.

This turn-around, where the nurses may have guns – and security officers do not, has created a big, contentious debate in the security community.

In a recent paper printed in the Journal of Healthcare Safety and Security, my co-author, Jim Sawyer and I discuss the different elements of this debate and whether this is a constitutional issue, or a real threat-risk issue.

Here’s an excerpt,

Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

or you can read the entire article (below). 

Critical Issues on Gun Violence in the Hospital Workplace

By James Sawyer and Caroline Ramsey-Hamilton

 Background

 Every reader knows that violence in hospitals is increasing at an increasing rate.  The Joint Commission has issued Sentinel Alerts, the Journal of the American Medical Association, the bastion of the American healthcare system, published an article in October, 2010, written by two doctors about the murder-suicide at Johns Hopkins Hospital in September of 20101.. 

This article started as a guest blog from a security professional at a west coast children’s hospital.  After the blog appeared, we received dozens of notes, letters and angry outbursts, as well as emails arguing for a more reasoned approach.  This article will explore those issues, and includes quotes from the emails themselves.

Why Violence in Hospitals is Increasing

Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

  1.  Doctors are no longer thought of as “Gods”.  This means they are
          are more easily blamed when a patient’s condition deteriorates.
     
  2. Hospitals are now regarded as businesses.  This perception has been
           been aggravated by television in shows like a recent “60 Minutes”, as well as
           by the effects of the recession on jobs and the loss of health insurance.
  3. Lack of respect and resources (funding) for hospital security departments
       .  Rather than being seen as a crucial protection for the hospital staff and
          patients, many security departments are chronically underfunded and used
          for a variety of non- security functions, such as making bank deposits for
          the hospital gift shop. 

A Dirty Little Secret about Reporting
The U.S. Department of Labor tasks OSHA with workplace violence information, but there is not one sanction against it, it says right on the OSHA web site that this is solely left up to the employer.  It makes it hard for hospitals to justify spending money on workplace violence prevention, if it is not a standard, and a major compliance issue (as it should be).  And here is a dirty little secret for looking at the statistics, OSHA does not count domestic incidents (like homicides) that take place in hospitals as officially “workplace violence incidents”, instead they are counted in another system.  Similarly, many hospitals don’t count staff to patient violence incidents, or patient to patient incidents.  These practices create a false impression of the actual number of violent incidents, by reporting only a fraction of the actual events.

 Gun Violence Represents a Significant Security Challenge

The prevention of gun violence in hospitals and the hospital as workplace may well be the most challenging issue for hospital security professionals in the foreseeable future.  What are some of the reasons for this growing concern?  There are many and they include:

 1.   The sheer numbers and easy availability of guns.  There are over 270 million guns in circulation in theUnited Statesand the numbers continue to grow.  After the 2008 election,  gun ownership surged and in some areas of the country, guns sold at such a pace that retailers literally ran out of ammunition. 

2.  Approximately a 100 people a day die from gunfire in the United States and an individual is shot approximately every twenty-two seconds.

3.  One in four Americans suffer from some form of mental illness, according to the Federal government. 

 4.  The U.S. is living in an era of economic instability, following the 2008 recession and the erosion of the middle class.  The Wall Street-triggered economic meltdown has propelled what was a slow steady decline into economic apocalypse for millions of Americans.  This has resulted in an environment of record home foreclosures, record personal debt, record banktupcy, record unemployment and record numbers of homeless individuals.

5.  The reluctance on the part of many hospitals to install magnetometers and limit entrances to hospitals so that the flow of guns into hospitals can be controlled.

The U.S. gun lobby has been very successful in pushing and supporting state legislation which permits guns in the workplace, and on college campuses.

It is a serious mistake for security professionals to deride,  make light of, or dismiss this surge of pro-gun-at-work-and-school legislation.  These laws are getting passed (see Texas, Indiana, and Tennessee), and the likely result is that we will see an ever greater numbers of guns at work, and if our work is in the hospital, then the guns will be coming to work here, too. 

Guns aren’t just increasing in numbers, but they are getting more lethal and currently 30- shot clips and armor piercing bullets are readily available for the civilian population.  Citizens can now buy weapons that rival what is found in military armories.   These lethal weapons again present a sentinel challenge to security professionals.

 Most security directors remember life when Space Invaders was the only video game around.  Now children are exposed to violent images from a very early age.  Children and teenagers sit entranced watching endless hours of violent programming where gun violence is choreographed in slow motion action scenes where the scripted hero’s miraculously avoid injury even while they are dispatching the prime time  villains while showcasing their amazing gun prowess.  

By the time they show up at your hospital, the average child over 18 years of age will have viewed over 45,000 murders and 200,000 acts of violence just on television! This grim tally does not account for the high octane bloodshed and slaughter that make up the majority of the most popular video games.  

All of these factors suggest that the prevention of gun violence in our hospitals will become our premier challenge.  Many hospitals are already hosting ‘active shooter’ seminars to teach hospital staff how to deal with  “shooters in the workplace”.  This subject promises to become a cottage industry for consultants and violence prevention professionals.

As hospital security professionals, there are some strong, prevention-based practices that we can implement and develop that drastically reduce the chances of gun violence in the workplace.  Some of these best practices include:

 1. Acknowledge the reality and the persuasiveness of the U.S. gun culture.

 2.  Develop a strong, multi-department workplace/domestic violence response team at your facility, and make sure that both Human Resources, and Security are part of this team.

 3.  Develop a written workplace violence plan that is reviewed annually.

 4.  Do an annual  baseline workplace violence assessment that you can build on.

 5.  Have your workplace/domestic violence response team respond and meet within 4 hours of any  reported incident.  Have a response plan/action plan in place within 24 hours.

 6.  Encourage reporting of all workplace/domestic violence incidents to the police – without exception.

 7.  Run background checks of individuals of concern.  Information is light and a background check may provide you with crucial information. Obtain orders of protection – anti-harassment orders against individuals of concern.  Security should take the lead here.

 8.  Flag problem patients – problem families – have a “red alert” or a “red flag” program that alerts – tips off – advises both the care team and security that a potential problem exists.  This is especially important if the patient/family member has a history of violence.

 9.  Build a workplace culture where verbal threats are reported.  Have Security immediately investigate all verbal threats.  Make sure that Human Resources is fully informed of any situation involving threats.

 10.  Post  large, prominent“No-Weapons” signs at your facility – especially in parking lots, perimeter areas and all main entrances.

 11.  Officially prohibit staff from bringing firearms to work.

 12.   Offer annual violence prevention and threat awareness training to all staff.

 13.   Require workplace violence training – either on line or via classroom training for all new staff and annual retraining.

 14.   Have security involved and part of the planning for all “problem” terminations.   Note – Advise Human Resources to never terminate a disgruntled staff without strong pre-planning.

 15.  Screen all hospital patients and visitors.  Develop a major entrance screening program for your institution.  Knowing who is inside your facility is a critical part of any good prevention program.

 These pro-active solutions  will support and enhance a hospital gun violence prevention program.  Let me state again, it is critically important to have a hospital gun violence prevention program in place.

 AND IN RESPONSE

 Here are some of the comments that were received by other hospital security professionals around the country, after the original blog post.

 “Please remove me from your mailing list immediately.  Apparently the letter below blames the firearm and not the person holding it and putting 5-7 lbs of pressure on the trigger with their index finger.  I find it difficult to separate the “Spirit of the Security Community and our commitment to safety and protection” from this attack on my Second Amendment rights.”               

                                                           – Hospital Security Director in the Northwest

“I believe we should focus our attention, and when I say attention I actually mean money, on mental health resources (or the lack there of) and domestic violence issues, which quite often lead to fatal shootings.  Our emergency rooms have become a revolving door for patients with drug abuse, depression and other psychological issues and there appears to be very little our legislators and community/government leaders are doing about it.  To me, that is the real injustice and crime related to the firearm issue!                                              
                                                                   – Hospital Security Director in the Midwest

 ”I would agree with the individual that I don’t believe there is a place in hospitals, government buildings and places of worship for guns; however if there had been guns on some of the college campuses, maybe there wouldn’t of been the blood baths they turned into.                                                       
                                                                -  Security Analyst – Washington DC

“As for firearms being banned from the workplace, I agree.  Policies and procedure should dictate along with a severe disciplinary, then handle accordingly.  Just that simple.”
Let’s clean it up, let’s clean up America!  Let’s lessen the need for firearms to be in the hands of thugs as well as those who just want to feel safe.    The FIRST STEP would be to BAN and make it ILLEGAL for businesses to sell paraphernalia, pornographic anything, strip clubs, places that promote alcohol and drug use, etc. 

Let’s Clean That Up!  …something that is tangible and promotes drug and alcohol use as well as many other criminal actions just to run these types of businesses.  Let’s make that illegal.  Let’s get Americans involved in the real issues of illegal firearms and drugs coming into this Country.    All law enforcement know that it takes big money to keep drugs coming into this Country.      Disarming America. RIDICULOUS.    Keeping firearms away from the workplace, understandable.

                                                    — Ex Army, Ex-Police, Hospital Security Officer

 

 Conclusion
While the issue of “gun control” is both a “hot button” and simultaneously,  a topic that is seemingly a forbidden or taboo matter for hospital security professionals.  It should not be this way.  Questioning the wisdom of allowing citizens to buy 30-round clips for semi-automatic handguns and keeping assault rifles at home is not a crazy liberal rant, it is a reasonable, non-political position.

Challenging the wisdom, if not the sanity, of the current flood of legislation that both allows and actually encourages guns in the workplace is neither “liberal” or “radical” – but pragmatic and grounded.   Hospital security professionals are the vanguard for progressive crime prevention education and development in the United States.  This is a mandate and responsibility that we all share.  How we respond and learn to protect our staff, our hospitals and our patients from this senseless violence may prove to be our greatest and most important challenge.

 www.riskwatch.com               www.caroline-hamilton.com

Risk Assessment: How about Giving Guns Back to Former Mental Patients

Posted on by
Reply

A recent New York Times article explained that a provision tucked in a bill to make it harder for people diagnosed with mental illness to possess firearms, actually restores the rights of mental health patients to get their firearms back. The legislation was passed after the massacre at Virginia Tech in 2007.

One of the main elements of risk assessment is a quantitative (meaning = real numbers) on what has happened in the past. Looking at 2 or 3 years of incident reports, for example, show how many times there has been an incident involving gun violence in a particular neighborhood, city or organization.

Another element is the history of a particular individual to see whether individuals with a diagnosed history of mental illness are MORE OR LESS likely to trigger (forgive the pun) – a violent incident.

If we run that scenario, we will find that individuals who previously had a violent incident with a firearm are MORE LIKELY than the standard population to have another incident.
And that especially holds true if other threat indicators are present, for example:

Termination from a Job
Romantic Difficulties
Foreclosure
Difficult Economy

There is a ‘risk multiplier’ effect that takes place that makes the risk higher. By combining different sets of threat categories with areas of weakness, we are create general predictions on the likelihood of repeated violent incidents.

Do the math – it doesn’t make sense for people with a history of mental illness to
get their guns back!