OFFICE BUILDING SECURITY
By
Ralph Witherspoon, CPP
Witherspoon
Security Consulting
22021
Tel. 440.779.3803
There are more than one million office
buildings in the
However, just like bank robbers who rob
banks because that is where the money is, many criminals go to office buildings
to steal, assault, rob, rape and spy because that is where their potential
victims - companies or individuals - are located.
This brief article will provide the reader
with guidance on some basic issues concerning securing office buildings in
How Likely a Target Is Your
Building?
Where you are located and how attractive a
target you are perceived to be by criminals and even terrorists will, in large
part, determine how likely you are to actually be targeted. And how potential
criminals and attackers perceive your building depends, in part, on their
assessment of their potential "gain" versus the visible security
measures you have. In other words, what is their likelihood of success versus
their risk of going to jail? Often a lucrative but well-protected building will
be by-passed in favor of the less well-secured building that may be viewed as
“easy”.
In a commercial building, security risks
come from both outsiders and building and tenant employees, and may include
murder, robbery, rape, assault, theft, fraud, commercial espionage, arson,
vandalism, bomb threats, workplace violence and (displaced) domestic violence,
plus sabotage against the building owner or a tenant, to name but a few. The
heavy concentration of people and property, coupled increasingly with
"open" floor plans, make modern office buildings susceptible to these
type threats. Plus, the always-present risks of fire, explosion, and natural
disasters have to be considered in building design, construction or rehab, and
security program development.
Architects, contractors and management
responsible for designing or implementing security in any commercial building
should first identify the assets (including people) to be protected, along with
the likely threats to the facility. For example, in a stand-alone fast food
facility, the threat of an armed robbery may be high; it would be less,
however, in a two-story office building housing doctors (and possibly drugs);
and even less in small office building housing mainly accountants and similar
“low-risk” tenants. A survey of all present or potential tenants should be made
to ascertain what type of business each is or will be conducting; what
significant business assets are present; and which businesses, if any, may
constitute an increased risk to both the building and specific tenants from
criminals, political activists, etc. A single high-end jewelry store can
significantly increase risks. If not yet built, the developer should have a
good idea of the type of tenants it hopes to attract.
The building threat assessment should
include a review of any known past crimes in the building (if it’s built and
operating), along with an evaluation of the type and rates of crime in nearby
office buildings, and in the immediate area. Local law enforcement will usually
provide area data. In a dense “downtown” area, several blocks in each direction
should be evaluated. In suburban or exurban areas, a 1,000-foot to one-mile
radius around the building may be appropriate.
There is, unfortunately, no
"cookie-cutter" plan that will secure each and every type of office
building. Some security measures can be designed into the building plans and
installed during construction or renovation; others will need to be developed
then implemented, or installed after tenants have been identified and
operations begun. Developers and management of each building will have to
identify their specific security needs, starting by conducting a risk
assessment.
Security Risk Assessment
A security risk assessment (an exhaustive
examination of the existing building and any surrounding property, including a
review of the building plans and any security processes, policies and
procedures) should be conducted. Local laws and codes pertaining to security
measures, fire life-safety codes, and building evacuation requirements should
also be reviewed. Observations of the building site should be made at various
hours of the day and night, and also on weekends to determine “customary”
activities and traffic patterns. Based on the identified threats, plus any
identified gaps or shortcomings in security (vulnerabilities), developer /
owner / management can start to develop an overall security plan, including
cost-effective counter-measures.
Where management does not have qualified
expertise on staff, or such staff is not readily available to conduct a
security survey due to other commitments, an independent, non-product
affiliated security consultant should be retained to assist.
Crime Prevention Through Environmental Design
Many security professionals advocate the use
of Crime Prevention Through Environmental Design (CEPTED)
principals to reduce crime risks. Multiple studies suggest that most criminals
select their targets using a rational decision-making process that is
influenced largely by the criminal’s perception of target availability and
vulnerability. Most criminals want an “easy” target, and don’t want to be
identified committing their crime. Accordingly, CEPTD principals are based in
part on:
|
|
Natural surveillance – reducing “blind spots” and other measures to increase the ability of occupants and casual observers (police on the outside and legitimate visitors inside) to see and monitor persons and activities. This includes sufficient numbers and size of windows for visibility in and out, along with low shrubs and high tree canopies so as not to obstruct visibility; |
|
|
|
|
|
Territorial Reinforcement – Establishing some sense of “psychological ownership” and responsibility among building tenants and employees so as to increase their vigilance, and the likelihood that they will defend “their” property against incursion by challenging intruders or reporting suspicious acts; |
|
|
|
|
|
Natural access control – using doors, walls, shrubbery and other natural or manmade obstacles to direct vehicle and pedestrian traffic to limited numbers of controlled access points. Isolated or "risk" areas such as loading or delivery docks should receive special attention, including increased lighting, locking, and observation (patrol, alarm, or when a building security staff is present, CCTV) - all to deter or prevent unauthorized access to the building while monitoring activities; and, |
|
|
|
|
|
Maintenance and management – owners / operators taking steps to ensure that the building looks well cared-for and crime-free in such areas as lighting, paint, signage and the prompt repair of broken or defaced items. This sends a message to criminals, and others, that someone cares and is “looking-out” for and responsible for the building. |
Parking and Adjacent Spaces
Special attention should be given to any
underground, adjacent, or attached parking spaces, surface lots or garages. These
are frequent targets of criminals committing theft from and of automobiles,
plus robbery, rape, and car-jacking (all sources of lawsuits against building
developers, owners and operators).
I recommend that interior garage lighting be
a minimum of 6 foot-candles (66 lumens) throughout the garage, 24-hours
per day. Sunlight seldom adequately enters garage interiors and cannot be
relied upon. Vehicle and pedestrian entry or control points, stairwells and
elevator lobbies require at least 10 foot-candles of illumination. Interior
walls and ceilings should be painted with a glossy or semi-glossy white paint
to increase light reflection. Pillars and ramp corners should be painted in
contrasting colors for driving safety.
For surface lots I recommend a minimum
of 3-foot candles of light (measured vertically and horizontally), preferably
controlled by timers or photoelectric cells.
Access Control
Because most security incidents occur inside
a building, special attention should be given to controlling building access.
While tenants and visitors require access, freedom of access to buildings and
particular offices in them is also very important to criminals. The nature and
level of access control (along with visible security measures such as
CCTV cameras in office building lobbies, hallways and garages) also establishes
the building’s security culture or "image", which is important in
deterring some criminals.
In cases of small office buildings,
management frequently leaves the doors open for tenants and visitors. If the
risks are relatively low, this may be acceptable during the office-day. Locks
on all exterior doors that are closed and locked at night should always be of
high-security commercial grade, with their exterior hinges "pinned"
or welded to prevent removal. Because the perimeter access points to the
building are not well-controlled, interior doors to individual offices should
also be of high security materials and locking devices. Don’t forget the frames
in which the doors are set as the doors are no stronger than their weakest
part.
As an alternative in buildings with only a
few tenant employees, general building access might be controlled with each employee
having a key, or a card-key operating a simple front and back door electronic
access system. Visitors and delivery persons would have to use a building
directory intercom to seek admittance. Depending on the system, tenants would
then remotely "buzz" visitors in (convenient, but not very secure),
or be required to physically go to the lobby or entry door to admit visitors.
Where stricter access control is necessary,
buildings might use a receptionist or security officer (proprietary or contract
guard company) to screen all visitors and employees. Where there are more than
75 employees, or there is high turnover in employees, then use of a building or
tenant issued photo ID card for visual screening is recommended. An
alternative, especially in larger buildings or those with higher risk, is use
of an electronic card access control system by all tenants. When card access
systems are used, employees/tenants can be processed automatically through one
or more access-lines, while visitors can be directed to a special line for
screening and bag search (if desired or required). Temporary (time expiring)
badges could be issued to visitors who have been "approved" by
tenants, or for access to "public" offices.
Note that most mid to large office buildings
(five or more stories) will require a combination of technology and manpower to
adequately address their security needs. Systems and hardware alone won’t
accomplish the entire task, and neither do guards. Integrating both into a
comprehensive security plan is usually required.
Special attention should be given in all
buildings to “common areas” such as lobbies and hallways. Because they are
often used to facilitate thefts or sexual assaults, both men and women’s
restrooms should have lockable doors requiring key access.
Attacking the Building
Malicious vandalism, and major damage by
disgruntled building or tenant employees might be directed against the building
itself, rather than directly against the tenants or their property. Management
should secure access to the building ventilation system and electrical and
telephone rooms, including any access points on the individual floors.
Accessible utilities (water, power and gas) on the property, but outside the
building, should also be secured. Openings permitting access to the building
from the roof should be secured against entry from the outside if the roof is
accessible from nearby (within 15 feet) buildings or trees.
Emergency Planning
Every office building should have an
emergency plan that mitigates the impact of any security breach or other
disaster. Special attention should be given to developing and practicing
building evacuation plans. While evacuation drills for fire and bomb threats
are inconvenient, they are critical to life-safety and should be performed at
least once each year. Building tenants and employees are constantly changing.
They are less likely to panic in an emergency if they have gained confidence by
practicing evacuations and know what to do. And lives will be saved!
Periodic Review
Finally, whatever security plan is developed
and implemented, it should be periodically reviewed to ensure that it is in
fact operating the way it was originally designed by the developer, architect
and operator, and that it continues to adequately address the changing threats
to the building and its tenants. If management does not have the in-house
capability to do so, a non-product affiliated security consultant should be
retained to assist with the security review or audit, and to provide an
independent, un-biased viewpoint.
Today it is not enough just to be prepared
for office building emergencies. In the wake of September 11th,
building tenants, employees and visitors are seeking a sense of order and
predictability in their workplace, and security against criminals and other
controllable threats. This requires a comprehensive and continuous approach to
security by building developers and management, from the design phase through
daily operation.