Webinar presenter Chris Jones answered a number of your questions after his presentation, School Resource Officers: COnducting Formal Security and Vulnerability Assessments. Here are just a few of his responses.
Audience Question: We have our school label the building with reflective markings in accordance with NIM so as far as the sides of the buildings so side A door 1 from the left to right is labeled door A1. Labels for windows by room number in the top left corner in the first window to the room as you’re going left to right, laminated maps and floor plans behind each of the fire extinguishers, etc. Are these the types of things that you’re talking about including in your plans?
Chris Jones: Absolutely. And that brings up a great point is labeling the exterior of the facility especially when we’re talking about hostage situations. Where do we need to set up and I tell people when law enforcement officers respond to an active shooter threat at a school, there will probably be more law enforcement officers there than students at some point. Most won’t be familiar with the area or the facility so having an effective numbering system that will indicate where exactly the threat is and better direct them to get to that location and faster is paramount so those are all great concepts.
Audience Question: I know you talked mostly today about schools. Could these same ideas and concepts be applied to our own facilities like law enforcement buildings or prosecutor’s offices, etc.?
Chris Jones: Absolutely and I’ll say with very little variation. What I’ve done in the past is I’ve always applied those four concepts to my security and vulnerability assessments, risk assessments, what have you. So, the physical, the electrical, the procedural and the environmental. So those four concepts are applied to every single assessment that I do. The policies and procedures and suggestions are going to be different. For instance, in a school, the FBI really puts emphasis on that run-hide-fight model and it’s something that we teach for business but it’s not something that we teach for schools specifically because of the lockdown procedures. So that wouldn’t necessarily align however the majority of it comprehensively is going to be the same with very little variation.
Audience Question: What’s the biggest mistake people make when doing these assessments for schools and organizations? What are the things that you think people most often forget or overlook?
Chris Jones: The biggest issue that I see is accountability. Most people when they do this, I’ve been approached by others and said “hey we had this and it’s basically someone local saying this is an area of interest let’s fix this without documentation or whatsoever. So that’s a big one it is, documenting it. But most of the things that we discussed – security and safety can be enhanced with little to no cost by procedure. I’ll always tell people when I give these presentations. We can spend ten thousand dollars on one of the most durable doors ever in the history of the world, right? Bombproof, bulletproof, zombie apocalypse-proof, but if we leave that door open, that door is of no use to us in a critical incident. A lot of this stuff can be fixed simply by accountability in policy and procedure measures. Holding those teachers accountable or those staff members accountable that are leaving doors propped open to go smoke outside, those that aren’t locking the door behind them in school. Anonymity is key when we’re talking about lockdown procedures so are they following those procedures to a tee? Are they keeping the door locked at all times? Again that’s going to be based on your fire code and things but accountability is a big one so not following policies and procedures that are already out there.
Audience Question: There are a lot of templates for this type of test but do you offer any suggestions or samples or are there certain templates that you recommend?
Chris Jones: There are a lot of good ones. There are a lot of good apps in the couple of pictures that I gave you are actually from apps that I’ve tried out on the past. The only issue that I had with templates is that it has to be site-specific. There’s not one template out there I’ve found that’s going to cover every single aspect of every facility. So if you want to create a checklist, you can definitely use those templates but it needs to be specific to the facility and to the environment that the facility is in. This vulnerability assessment, security and vulnerability assessments, I always preface them that this is not a checklist. This is a documented report of security and vulnerability that identified during my side of assessment and creating a checklist of that report is definitely possible but it would need combining several different templates and again I’ve not found one that covers everything and if there is one that covers a lot of things or most things it’s also got a lot of stuff that’s not applicable in there so you got to lot of N/A’s in the report as well. The best practice would be to make it site-specific but yes there are a lot of good templates. Secret Service has a good one and there’s a lot of good ones online that you could use.
Audience Question: You talked about our security plans and documentation and how they are living documents. How often should we be revisiting that document? Sort of check-up just to double-check and make sure that it’s all still current and all still relevant and there aren’t any things that we should be adding. How often should we be revisiting that document?
Chris Jones: I would say at the very least, and this is the underachiever answer, is annually. However, according to data, most people that answered have not conducted a security assessment before. If this is the first time or if you are new to this process, you want to revisit that more frequently. Again there’s a lot of things, a lot of risks that have been identified that can be mitigated with the implementation of policy and procedure so once those things get changed and when you’re first starting out, you’re going find a lot of things that you can fix right of the bat. So there are going to be more changes early on than later on when you’ve already changed things and mitigated risks. Landscaping, security films, tight stuff(?), windows, policies, procedures, I would almost say bi-monthly if you’re going to start doing these and you haven’t before, quarterly is a good one. Just to kind of revisit the assessment process and that’s good for early on as well. At least annually I would prefer bi-annually. Maybe one before school starts and in the summer so July or August, and then before it starts in the winter session. At the very minimum, I would say two.
Audience Question: What do we do if we’ve talked to our school or organization about all-hazards planning and they just don’t seem to see the point, especially some school or groups, seem to think we don’t have bad people who come to our church, or we don’t have bad people come into our school or we know all the people in our community. How do you help them understand that they may not know as much as they think they do?
Chris Jones: Unfortunately, that happens more often than not. If you remember that pre-inspection briefing slide that I’ve had creating that buy-in and not terrifying people and making them paranoid but showing them the severity of an incident should it occur in your facility. And it’s a game-changer not only for the people in the facility and relative but for the community as a whole. I’ve always said documentation is a really good way to create buy-in because of that big L world. You’re taking a lot of liability if something would happen especially if it’s documented from you and putting it on to people that make decisions or at least making them aware of it. Including your city managers, and I would hate to say the media but sometimes that’s important. Media personnel, putting them all in a mass email and say this is what I want to do. In Tennessee, it is not part of the SRO’s job so it’s not even a question. But this is what I want to do, this is why we want to do it. This is what we hope to gain from it and moreover, this is what we hope to avoid and bring statistics and bring numbers because these events, we don’t just react to them, right? By taking a proactive approach we are going to plan one so that it doesn’t ever happen but if it did happen, this trauma is going to continue on for days, months, years even so we have to prepare for that, right? Making them aware of the magnitude should an event occur because I guarantee you every person or every entity that has experienced one of these thought the same thing at one time and it’ll never happen here.
Audience Question: Do you know if the Department of Education or maybe it’s another government entity has established a set threat matrix or maybe a set-process for risk assessments. Do you know if states develop that?
Chris Jones: Most are leaning on the Secret Service threat assessment model and when we’re talking about threat assessments, we are again assembling a team, a threat assessment team. For students or outsiders that pose a significant harm. We want to intervene before anything is actually ever carried out. So, identifying those that have ill-intent indicating at what level do we want to respond whether it’s a counselor, whether it is law-enforcement and then how do we carry out that response to best mitigate that. The short answer is that the secret service has really good threat assessment model and they also have a school survey template that you can use. Department of Homeland Security has got some really good information and I would also encourage all of you to look into the American Society for Industrial Security just because they have a wealth of information from security experts across the country so there’s a lot of good stuff out there.
Click Here to Watch a Recording of School Resource Officers: Conducting FOrmal Security and Vulnerability Assessments.