Don't Drop the Ball When It Comes to Event Security

Athletic events, commencement exercises and homecoming celebrations are major events at educational institutions that require a cost-effective, systematic approach to mitigating undesirable incidents. The best approach is to develop a security plan based upon a comprehensive risk assessment.
Published: October 31, 2007

An appropriate assessment will identify potential threats, vulnerabilities, the impact of an undesirable incident, and it will outline mitigation strategies. Event security planning should involve a step-by-step process of conducting a risk assessment, formulating a risk assessment matrix and, finally, the development of an overall security plan.

Risk assessments have universal applications for the protection of various classifications of assets. It is a tool that can help guard against providing too much protection for an event or assets, and eliminates situations where inadequate protection is provided. When too much or too little protection occurs in major event planning, it is usually the case where too many officers are scheduled or not enough officers and equipment are available for the event. It should be noted that overprotection equates to a waste of resources, and inadequate protection will increase vulnerabilities.

A comprehensive risk assessment for a major event involves the following process:

  • Identification of assets to be protected (i.e., people, physical plant, equipment, activities, image)
  • Identification of known and potential threats that can cause an undesirable event to occur
  • Determination of the amount of exposure (vulnerability) the assets have to the threats to establish the probability of an undesirable event occurring
  • Rating the impact a loss event will have on assets and operations
  • Determination of mitigation strategies to be implemented based upon a cost-benefit analysis

For a major occasion, the assets that generally are focused on are the people attending, the physical plant and equipment. However, an important asset that is often overlooked is image. This is a critical asset that, if damaged, can impact overall enrollment, as well as alumni and community support for an educational institution.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

An after-game riot broadcast on the evening news will conjure a perception of lawlessness on campus or the surrounding community. The physical property damage may be great, but damage to the institution’s image may be immeasurable.

Learn From Past Incidents and Events

The identification of threats is accomplished by reviewing current and historical incident data, interviewing key individuals, and assessing the intent, capability and motivation of known adversaries. One of the best methods for compiling historical information for future use is to have a debriefing after each major event to determine “lessons learned.” Also, good internal recordkeeping and working relations with local law enforcement agencies will provide solid historical data to draw from for threat identification.

Nonadversarial threats should not be overlooked. A threat does not always relate to an adversarial situation but rather it can involve something as simple as a medical emergency, lost child or traffic gridlock. These threats have to be considered in the assessment process.

Vulnerability is assessed by reviewing current countermeasures in place and their effectiveness against known threats. A security survey will need to be conducted to identify the current countermeasures in place, which may include:

  • Lighting
  • Access controls
  • Security cameras
  • Perimeter barriers

Determining probability, which is part of the vulnerability assessment, is accomplished by assessing the exposure assets have to specific threats.

The impact a loss event will have on assets and operations is a somewhat subjective rating. A thorough knowledge of the institution and its operations is needed for the rating to be valid.

The development of mitigation strategies is the last step in the risk assessment process. This takes into account known or anticipated threats, vulnerabilities to include countermeasures currently in place, and the impact an undesirable event will have on the institution.

Consideration must be given to how much money should be spent for mitigation purposes. Since no amount of countermeasures will totally eliminate risks at educational institutions, the goal should be to reduce risks to an acceptable level at an acceptable cost.

Developing a Plan? Use a Risk Assessment Matrix

A risk assessment matrix provides a capsulation of most of the components of a risk assessment in graph form for inclusion in the security plan. It briefly details the assets needing protection, possible loss events, an assessment of probability and impact ratings, and a brief overview of mitigation strategies to be implemented.

Not only does a risk assessment matrix serve as a quick reference guide, but it is also useful for justifying personnel deployment and related expenditures.

Most of the loss events will be based upon recorded historical incidents. For example, altercations in the registrar’s office may be based upon parents learning just before graduation that their student is ineligible to graduate due to missing credits. Unauthorized individuals on the platform may be a potential problem based upon a mentally unstable person having done this in the past. Assaults on school dignitaries may be a potential loss event based upon anonymous or identified parties who have made threats against these individuals. It may have to do with students being ineligible to graduate due to outstanding bills.

It should be noted that possible altercations in the registrar’s office, property destruction on campus, and traffic gridlock underscores the need for the risk assessment to be inclusive of incidents that may occur prior to, during and after the major event.

The charts also illustrate that the probability of a loss event occurring may be high, but the impact may be low and vice versa. These ratings must be taken into account when conducting a cost-benefit analysis for the implementation of mitigation strategies.

Athletic events by their nature pose a special set of challenges in that there is usually a certain measure of rowdiness, inevitable team rivalry, a major influx of nonstudents, and concerns about funds security.

Incorporate Matrix Into Your Security Plan

Once a risk assessment matrix has been developed, it should be incorporated into a comprehensive security plan. The plan should have the following components:

  • Event overview: A general overview as it relates to the name of the event, location, time and dates
  • Event details: Information pertaining to the event sponsor, estimated attendance, attendee make-up and specifics of the event
  • Threat identification and assessment: A reference to an attached risk assessment matrix
  • Specific mitigation strategies: Provides a more detailed overview of some of the significant countermeasures outlined in the risk assessment matrix that will be implemented. Specific details on manpower numbers, traffic control and medical services should be outlined in this section
  • Key personnel: Identification and contact information for primary and secondary security coordinators, event planners, medical professionals, maintenance personnel and other auxiliary support individuals

A written security plan will function as a comprehensive roadmap for preparing for and responding to incidents. It will also serve as a reference document for key administrators.

Campus police and security directors often complain that they are micromanaged when it comes to planning security for major events. This is viewed as a loss of confidence in their ability to effectively plan for unforeseen incidents. Could the lack of confidence come from the absence of a written plan of action? Administrators want to feel assured that campus police and security directors have done their homework and are in control of situations. They expect them to anticipate what could happen and have contingency plans in place.

Campus police and security directors must have a grasp on how an incident will
negatively impact the institution and be able to predict the probability of a loss event occurring based upon empirical and quantitative data to justify expenditures for mitigation strategies.

Personnel who play a significant role in the security of a major event should have an opportunity to review the security plan. However, since a security plan will outline vulnerabilities, it should have limited distribution on a need-to-know basis only.

Risk Assessments Apply to Hospitals, K-12 Schools, Too

Institutions of higher learning do not have exclusivity when it comes to risk assessments. This tool can be used effectively in hospital environments for health fairs and other community outreach programs that are advertised and open to the general public. Furthermore, high school commencement services and athletic games mirror universities and colleges and present the same security challenges.

A risk assessment should be the cog in the wheel of every security plan that is developed to ensure plan viability.

Lewis A. Eakins, CPP, is board certified in security management. He is the director of public safety and transportation at Oakwood College in Huntsville, Ala., and is a state licensed security consultant. For questions or further information, please contact him at or

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series