Practices for Smooth Security Operations

July 30, 2020

Several people were killed or wounded, including the suspect, during a shooting at the MillerCoors brewery building in Milwaukee on the afternoon of February 26, 2020. This underscores the fact that the top risk to industrial manufacturing is workplace violence (WPV). Thirty years of risk assessment experience in the industrial manufacturing industry revealed two common shortcomings in the sector: 1) A failure to implement a proper workplace violence prevention and intervention program; and 2) A failure to implement effective physical security measures, especially access control, which is the foundation for any successful security program.

Understanding the nature of workplace violence offenders allows us to look more specifically at the industrial manufacturing setting and apply minimum security mitigations for effective risk management. There are five types of workplace violence offenders shown below.

• Type 1 – The offender has no legitimate relationship to the organization or its employee (s). Rather, the violence is incidental to another crime such as robbery, trespassing or seeking social media fame.
• Type 2 – The violent person has a legitimate relationship with the organization – for example, the person is a truck driver, or in the case of healthcare, a patient and becomes violent while being served by an employee.
• Type 3– The offender of this type of violence could be a current or past employee (or contractor) who attacks or threatens other employees in the workplace.
• Type 4 – The offender may or may not have a relationship with the organization but has a personal (or perceived personal) relationship with the victim.
• Type 5 – Ideological workplace violence is directed at the organization, its people and/or property for ideological, religious or political reasons. The violence is perpetrated by extremists and value-driven groups justified by their beliefs.

The risk assessment is going to reveal which offender categories are most applicable, but let’s deal with the three most common– the current or former employee (Type 3); the truck driver (Type 2) and domestic issues (Type 4) that may impact the workplace.

Dealing with potential violence associated with current employees requires effective training, reporting protocols and a capability to evaluate reports of persons of concern. The key to training is going beyond the one dimensional “red flag” behaviors which have been taught over and over for years but have proven to be insufficient to reliably identify potential offenders. Hundreds of workplace violence deaths each year indicate training needs to improve. We believe training needs to include a three-dimensional approach starting with the recognition of employee baseline behaviors which may include some of these traditional “red flag” behaviors. Since humans are good at detecting changes to baseline behavior, the alarms should sound when employees recognize a change in a coworker’s behavior who also exhibits some of the typical “red flag” indicators. Detecting that change is the time to make a report confidentially or directly to a supervisor of human resources. A report must be made when you combine the “red flag” behaviors with a change in baseline behavior and then add in a life changing event such as a divorce, arrest, legal difficulties, financial problems or the loss of a job.  In the instance of terminating an employee, supervisors should be flagging the convergence of these three conditions so that appropriate planning can be put into effect for the day of the termination and for the weeks and potentially months after. While the details may never be widely known about an employee in Aurora, IL, he suspected he was going to be fired and brought a handgun to his termination meeting. Immediately after he was fired, he shot and killed five coworkers and wounded others. (What We Can Learn from the Workplace Shooting in Aurora, Illinois). Could better planning result in a more controlled set of circumstances in a termination meeting preventing injury and death? We strongly believe so.  Provided that meeting is managed without incident, what comes next?

Industrial security strategies that might be considered after a hostile termination or where threats are made by the departing employee might include:

• Ensure access credentials are disabled during or immediately after the termination meeting. Confirm that a separated employee has not been issued multiple active credentials (not recommended) and if so, ensure they are all disabled.
• Communicate the separation to all employees (in a tasteful way) to reduce the risk that the terminated employee will be allowed back into the workplace by an unknowing coworker.
• While periodic testing should already be in place, perimeter doors and security measures should be tested for effectiveness. We recently witnessed a case where an employee was terminated, was escorted from the building, and immediately returned to the workplace to confront a supervisor reentering the building through a defective door that was not closing properly. This occurred in one of the twenty-two states where guns in the parking lot cannot be prohibited, so while it did not end up as an active shooter situation, it was a serious “near hit.”
• Have the ability to quickly deploy an armed capability in situations like this that can emerge without warning. If you do not have a capability under contract, and particularly with a pandemic such as COVID-19, you are not going to be able to get those resources quickly when you need them most.

Another common weakness in industrial sites and a potential source of workplace violence is the shipping/receiving function. There are a few things to consider here:  1) For facilities with fences and gates, if there is inadequate screening of vehicles entering the secure area, or the person opening the gate does not know if a truck is authorized to enter, anyone arriving at the gate may get admitted, potentially giving them unrestricted access to a facility. 2) Truck drivers may get angry for a variety of reasons associated with delays in pick up or when dropping off materials. Companies cannot know for sure if there are weapons in a driver’s vehicle, therefore, if gate access and the physical space in which the interaction between the truck driver and employee are not managed correctly, the risk for someone getting hurt goes up.. Consider the following measures to manage the risk associated with truck drivers:

• Proper screening which includes ensuring the person doing the screening is aware of the name of the transportation company (and potentially the driver) and the product pickup and delivery transactions expected that day.
• Establish a secure building perimeter to ensure that a driver cannot enter a facility through an opening not designated for entry.
• Set up a containment area to prevent unrestricted access of the driver to staff and the facility.
• Consider providing training to staff who interface with drivers on how to manage and de-escalate anger in various scenarios.

The final workplace violence issue for industrial facilities is domestic violence. Train staff to understand the effect that domestic violence may have on employees. Encourage them to report any changes in family status and any real or perceived threats to a supervisor and create a culture that removes the barriers to reporting workplace violence concerns. There is no case that better illustrates this point than the domestic violence case that cost three lives including one child and another child injured (San Bernardino school had no knowledge of teacher’s troubled relationship with shooter.).

The second area of weakness is common physical security and access control. Except for current employees, all other workplace violence offenders would likely originate from outside the facility, making access control essential. The first line of access control is at a site’s perimeter, a building’s perimeter or inside a publicly accessible reception lobby. In whatever manner access control is achieved, it needs to be flexible and adaptable to rapidly changing conditions. For instance, in the case of the facility that has it’s first line of defense on the interior of a reception lobby, the outer entrance should be equipped with electric locking and a means to screen visitors with audio and video if there is no direct line of sight.  This capability should be set up as a proactive action, not reactive once a threat emerges. For smooth industrial security operations, it is important to embrace the concept of dynamic threat response planning and ensure that your physical security and security systems are implemented with the ability to adjust the security posture for common threats which may arise. For years now, many of the more sophisticated access control systems allow for pre-programmed threat levels which, with the click of a button, allow for certain card populations to be automatically deactivated and new reader and access group behavior patterns to be implemented at a moment’s notice.

Regular inspections and testing should be conducted on access control mitigations which should include at a minimum:

• Fence and gate inspection
• Door testing for mechanical integrity — meaning doors close and latch without human intervention
• Key control audits
• Alarm testing and review of alarm activity. Excessive door held open and door forced open reports need to be investigated and the root causes identified.
  • Door held open alarms are typically abuses by insiders that create a vulnerability which might be exploited by an adversary to access a restricted area and commit an act of workplace violence or compromise an asset.
  • Door forced alarms are even more serious and could be the result of people entering electronically access controlled areas with keys (which destroys that audit trail), door hardware being deliberately manipulated to allow for entry without a credential (such as taping down a latch) or improperly specified door hardware such as an ADA lever with a thumb turn lock which can be used to leave the door hardware unlocked even though the access control system commands the lock to be secure.

Guard force management is another area requiring a focused effort. With all the mergers and consolidation which has consumed a lot of the effort and energy of security officer services providers, industrial facilities need to carefully manage the contracts which can easily go into the hundreds of thousands to millions of dollars per year. Organizations that enter into these agreements thinking that the guard company is going to come in and manage their security challenges will be greatly disappointed. In a recent audit on a national level contract, one of the major security services providers was over six months into their contract with the client and had not even deployed updated post orders at any of the sites. Security officers were using forms and reports with the wrong company’s information and nobody from the services provider was regularly visiting the posts. When challenged about the shortfall, after a lengthy wait, the security services provider produced some boilerplate document that had duties not relevant to the sites in question and had another company’s name in the document.

In order to combat this problem, we recommend that industrial facilities recognize that they need to be prepared to take a leadership role in defining the services required and how work is to be performed. Do not rely upon the security services provider to do this for you. Some other tips that might help achieve better results include:

• Establishing key performance indicators (KPI) in the contract which might include:
  • Turnover
  • Missed tours or tour data points
  • No-shows
  • Correct and Timely Submission of Billing
  • Adherence to standards
  • Training, & Qualifications
  • Adequate performance on monthly spot checks
• Conducting monthly random post inspections and documenting those results to discuss in quarterly KPI meetings. For sample monthly audit inspection and quarterly KPI forms, Contact BPS.
• Ensure you have regular meetings with your security officer service provider, quarterly at a minimum. If you want to really drive performance, consider setting up a system inside the contract where the security services provider can be rewarded with additional profit for exemplary service or in the case of poor performance, have some of their profitability and fee at risk.

In summary, to stay out of the national news, industrial sites need to recognize that workplace violence is the most significant risk, and security leaders should focus on the following security mitigation:

• Implement a workplace violence prevention and intervention program consistent with industry’s best known standards – ASIS Standards & Guidelines. This standard was recently released with some new information such as an active shooter guidance appendix.
• Consider the most common sources of workplace violence such as truck drivers, current or former employees and domestic violence which may spill over into the workplace.
• Provide more advanced training to employees and supervisors on workplace violence prevention training which goes beyond the simple “red flags” methodology and recognizes that when several specific conditions occur together, it substantially increases the likelihood of violence.
• Establish a pre-planned set of measures to quickly modify a site’s security posture in the event of a dynamic threat.
• Establish effective access control measures and test them regularly, particularly excessive door alarms which can be indicators of larger problems.
• Properly invest in appropriate oversight of contracted security officer services to realize the substantial investment that you have made and to reduce the risk of incidents.

There is much more that could be said here, but these are some fundamental areas of weakness we see time and again when assessing industrial and manufacturing sites. If sites embrace this guidance, the likelihood of a serious incident may be significantly reduced.