• The complexity of a company’s security plan hinges on the nature of the operations conducted by that business.

Whether the business is a small operation with limited resources or a large, multi-state company, it needs to examine the security of its buildings, facilities, and vehicles. Companies should develop a written security plan to control access points and secure the perimeter of the facility.

The complexity of the plan depends on the nature of the company’s operations. It may require hiring more personnel, installing new locks and surveillance equipment, implementing new security procedures for visitors, or even making changes to the facility’s physical layout.

Evaluate the facility

A security plan starts with an evaluation of the physical facility, its operations, its level of risk, and its current state of security. Ask some basic questions about the operation to determine the level of security necessary. Don’t consider the cost until deciding what is needed. Questions to ask include:

• Are there areas that need to be secured? These might include where product, supplies, equipment, or confidential information is stored. Are these high-traffic or highly visible areas? Are controls in place to limit access?
• Are there materials at the facility or in the possession of employees that could be useful to terrorists? Vehicles as well as biological, chemical, nuclear, or other hazardous materials all could be used in or as weapons, as could many common household items such as fertilizer. Consult with law enforcement to quantify the risk.
• Does the company know who and what is coming and going from various areas of the facility? Is a printed record or log kept?
• Are visitors logged in and out, and escorted throughout the visit?
• Is there adequate staff to sufficiently monitor access points leading to secure or sensitive areas?
• Is a key control system in place to prevent unauthorized use of keys or access to restricted areas?
• Is a system in place to periodically inspect, maintain, and replace physical barriers (doors, windows, fences, concrete barriers, etc.)?

Security systems

The security system that’s right for a given business will be unique to that specific operation. Consider hiring a professional to conduct the evaluation-and-needs assessment, then get proposals from several sources.

Security systems come in all shapes and sizes. If proposals are obtained from outside sources, the proposals may differ significantly in options and costs. For example, a security system for access points might:

• Be primarily automated, based on electronically encoded ID cards that automatically unlock doors;
• Use a more labor-intensive system with security guards posted at access points to match photo IDs with faces;
• Involve the issuance of keys to authorized personnel (this is the least-secure method); or
• Combine elements from these methods.

Ideally, if the budget allows, a security presence should be in place 24 hours a day, seven days a week. Guards should monitor facility operations, control exits and entrances (including ID checks), check shipment documentation, and conduct periodic inspections of outbound and inbound vehicles.

Roaming, irregular, staggered security patrols should monitor the entire facility, especially when closed (nights, weekends, and holidays). Make sure local law enforcement personnel are familiar with the facility and include it in patrolling. Develop a close relationship with local law enforcement as these officers likely will be the first to respond in an emergency.

Every security system has vulnerabilities, but steps can be taken and procedures can be developed to prevent those vulnerabilities from leading to losses or disasters.

Access to critical records and files

From drug and alcohol policy documents to financial records, every company has valuable or confidential files that need to be kept secure. Companies should:

• Begin with an evaluation of all files and current security measures. Where are the files stored now? Are the files in one secure location or spread out around the company? Are those areas accessible to people who shouldn’t see the files? Who has access? How is the area monitored?
• Keep all critical files in a secure location that is inaccessible to unauthorized people, including employees and visitors. A locked file cabinet, by itself, is generally not enough.
• Make sure that all doors leading to the file storage area are locked after hours. Janitorial staff should be closely supervised in these areas.
• If using a locked filing cabinet or a safe, evaluate its level of security. Would it survive a crowbar? A fire or flood?
• Consider storing important but seldom-used documents off-site, such as in a safe deposit box.
• Establish a policy for disposal of unwanted, sensitive documents. These may be extra copies that otherwise might be thrown in the trash next to the copier, or old files that have been discarded. The trash bin has proven to be a dangerous method for disposing of ultra-sensitive files. At a minimum, sensitive documents should be shredded.