September 19, 2011
Campuses demand and contract security firms promise to provide detailed post orders and operating procedures throughout the bidding and contract negotiation process. This is an important task given that the formal contract between the security provider and a campus is operationally defined through the use of post orders and standard operating procedures. Written procedures are the template for how security staff will respond in day-to-day operations and during critical events.
Campuses who place too much of the burden for writing procedures on their contract security firm and security firms that do not adequately engage their clients in the process will find not only that their security program suffers as a result, but that the relationship itself between the campus and the contractor may become unnecessarily strained. The joint development of effective client centered operating procedures and post orders should be the goal of both the client and the security firm.
Campuses Must Define Their Security Management Programs
In a well-integrated program, the campus client and the contract service have overlapping and distinct responsibilities in developing and maintaining post orders. The campus security decision makers are responsible for defining the security management program for their organization. They can do this by conducting in-house security surveys and risk assessments or engaging a security consultant to do a review and basing their security priorities on their institution’s mission. The campus client’s security management program establishes the framework in which the post orders and operating procedures will be built.
For example, post orders for security officers to check company employee IDs will be ineffective if the campus does not have a policy that requires employees to carry and display IDs at all times while on company property.
A contract security firm cannot unilaterally create a security program for its campus client. The contractor can offer observations and suggestions, but the security firm is ultimately tasked with carrying out the staffing portion of an organization’s program. The contractor is responsible for screening, hiring, training, scheduling and evaluating security staff. The challenge for the contractor is to integrate the client’s policies and procedures with the contractor’s policies and procedures. Initially, it is the responsibility of the contractor to interpret a client’s security policies and detail how security staff will carry them out. Once the post orders and procedures are developed by the contract security firm, it is the responsibility of the campus client to review and approve them.
Security Management Program Must Outline Policies
The campus client’s security management program should establish legal policies as well as policies for physical security, personnel security and emergency response. These should be provided by the campus to the contract security provider for its use to develop appropriate post orders and standard operating procedures to carry out the client’s policies.
For example, the campus establishes access control policies by identifying building hours of operation and who can be admitted after hours. The contract service creates post orders for the times to lock and unlock buildings and the procedure to follow when verifying the identity of an employee asking for after-hours access.
Personnel policies will regulate how the security staff interacts with the client’s employees and includes the confidential use of information. The campus client’s policies will establish whether security staff are identified as official representatives of the organization who are able to request identification and to order people from areas when necessary. The post orders and procedures should refer to that policy and establish the steps the officers are to take to enforce organizational policies and to whom to report violations. In regard to the confidential use of information, HIPAA regulations and the non-disclosure of personal and proprietary information should be addressed in the operating procedures.
Risk Assessments Help Identify High-Impact Incidents
When developing emergency procedures, the campus should conduct a risk assessment to identify those incidents that would have a critical impact on the organization and provide that information to the security provider.