Physical Security: Prevent or Limit Disasters' Impact

The devastating impact of Hurricane Katrina on businessesí ability to function serves as a frightening reminder that the best disaster recovery plan may fail if organizations donít take steps to prevent or limit the impact of disasters.

Disaster recovery plans are more likely to succeed if businesses implement predisaster physical security programs before hurricanes, earthquakes, and other potentially life- and business-threatening events take place.

But with the concern over securing essential computer system infrastructure and mission-critical data, many organizations have shortchanged measures to guard against adverse environmental impacts such as flooding and windblown debris. According to Japan Inc. magazine, "businesses have gotten so caught up in technological security that they have forgotten the more basic, yet salient, notion of physical security.Ē

In many cases, funds once spent on physical security have been shifted to information technology (IT) security, causing many organizations to be vulnerable to both natural disasters and physical security breaches. A Pinkerton Consulting and Investigations survey found that only 2% of U.S. corporations grouped IT and building security in the same department, and only 36% supported formal communications between those responsible for building and IT security. Different departments may have their own security budget, priorities, and methods, and communication between each area may not take place, even among those responsible for security.

This isnít the best way to prevent or mitigate a disruptive event or, following an event, improve even the best-planned disaster recovery program.

Organizations must establish a balance between post- and predisaster planning. No matter how extensive the disaster recovery plan, those responsible for physical security must develop a comprehensive disaster prevention/mitigation plan to protect people and property, and to reduce company liability from business-threatening events. A comprehensive disaster prevention/mitigation plan addresses threats from both intentional and natural disasters.

In either case, disaster prevention and recovery plans must be mutually supportive and not establish conflicting policies and procedures. The end result must be an integrated security program that sets up a course of action to prevent and mitigate disruptive events, and outlines steps to take in case a disaster occurs.

Physical security plan components

Those responsible for security must address such issues as computer security, perimeter control, asset protection, business continuity, and risk management. Consider these suggestions when determining your credit unionís physical security plan:

  • Control access to all building entrances. In the rush to focus on IT security, many organizations have discounted controlling access to physical facilities in evaluating threat scenarios.
  • Enhance perimeter security by placing alarm systems in high-value storage areas and monitoring important pieces of equipment electronically.
  • Replace surveillance cameras relying on video tape with digital video. This allows for more efficient archival monitoring, as well as the integration of video input into broader digital security databases.
  • Hard-wire generators to building systems using automatic transfer switches so employees wonít need to operate equipment manually. As Hurricane Katrina disaster recovery demonstrated, electrical generators operating on diesel, propane, or natural gas are essential as electric power may be offline for extended periods during a major disruptive event. Gasoline-powered generators are less valuable due to limited storage capacity and gasolineís relatively short shelf life.
  • Store emergency medical supplies, food, water, and communications gear onsite to support an extended stay by staff during a major emergency. Keep on hand generic unisex clothing such as jumpsuit coveralls and sturdy footwear to guard against leaking water and injury-causing debris. Make available portable stoves, sealed drums of potable water, and sufficient numbers of chemical toilets. Train employees how to use this equipment before disaster strikes.
  • Review how to implement security/safety measures incrementally over the next five years during routine building renovations and redesigns. The ability to integrate security measures into facility upgrades reduces costs and shortens payback periods. In addition, taking such steps will reassure staff that management is doing everything necessary for their protection and well-being in case disaster strikes.

Built-in Safety and Security

There are many examples of how safety and security can be seamlessly built into an organizationís physical environment, resulting in significantly better protection for building occupants and the ability to recover from disruptive events. Consider the following:

  • Install security window film. Security window film can strengthen windows to withstand hurricane-driven debris that can cause glass shards to strike building occupants. Security window film helps windows withstand earthquake stress, accidental and intended impact, and explosive force. Tests verify that many security window films provide equivalent or superior performance compared to laminated glass.
  • Secure equipment and furniture to prevent injury. Those in earthquake-prone areas should secure large file cabinets, shelving, and equipment to the walls or floors to prevent injury when seismic events occur. This way, if hurricane- or tornado-force winds penetrate building interiors, secured objects wonít become projectiles.
  • Create safe rooms. Rooms securely shielded from the elements offer protection against hurricane- and tornado-force winds and can be constructed to secure key executives from attempted abductions. To reduce costs, retrofit an existing interior restroom as a safe room. Emergency supplies may be stored in this location. In larger facilities, it may be necessary to retrofit several restrooms or other spaces to provide adequate staff protection.
  • Use aesthetics to enhance security and safety. Security and safety features donít have to compromise a facilityís aesthetic character. Shielding computers from electronic eavesdropping conducted by vehicles in the street can be accomplished with ordinary-looking electronic signal-blocking window glass. Heavy flower containers, decorative fountains, and secure ornamental fencing can help defend building entrances from bomb-carrying vehicles.

For effective and aesthetically pleasing results, engage a security firm that employs experts in both security and building/landscape design.

A disaster prevention/mitigation plan should identify and prioritize which renovations and redesigns need to be made to the facility, and what equipment and supplies needs to be purchased. Most importantly, the disaster prevention/mitigation plan should assign implementation responsibility to specific individuals and departments.

Needless to say, itís essential to have full coordination and ongoing communication between those responsible for disaster prevention/mitigation and disaster recovery planning. Plus, endorsement and support by top management of such organization-wide efforts are necessary to overcome turf battles among departments responsible for carrying out security initiatives. Anything less than the leadershipís enthusiastic commitment will increase the likelihood of failure.

Marty Watts is president/CEO of V-Kool Inc., a Houston-based North American distributor of security and energy efficient applied window film. Contact him at 800-217-7046. This article was first published in Credit Union Magazine and can be found at Reprinted with permission.

Post this page to: Yahoo! MyWeb Digg reddit Furl Blinklist Spurl


Login to post comments
Powered by Comment Script
Home Recent News News Archive