NW Systems’ resident security manager advisor and senior consultant Nigel Peers talks us through the top 10 considerations for securing visitor attractions:
Identify & Prioritise Assets
Assess and prioritise all assets to be protected and then the security risks across four key asset types: People (staff, visitors, contractors, etc), Physical assets – infrastructure, buildings, etc., Information /data assets and Policy and procedures.
Identify Threats & Prioritise Mitigation
Identify, and rank risks based on a detailed assessment of the likelihood of a recognised threat happening and the possible impact on the organisation should it occur. All threats need to be placed in order of importance and any remedial action needed to improve mitigation measures needs to be proportionate to the level of threat and the assets identified for protection.
Satisfy Needs of Key Stakeholders
Security is moving further up directors’ agendas with the increase of terrorism-related threats to visitor attractions. Increased financial penalties for data misuse or breach being imposed by GDPR from May 2018 has forced cybersecurity further up the agenda simultaneously. But there are other key stakeholders that need to be considered too, including Head of Site Operations and Health & Safety managers. Assess their priorities and define what reducing risks ‘as low as reasonably practicable’ means for each of them.
Build Strategic Security Plan
Consider the following areas when drawing up your plan: Policies, Operational Change, Physical Site Changes, Staff Training, Partnering to share best practice (with local Counter Terrorism Security Advisor for example), and External Communications. Remember to validate your procedures and consider a review and monitoring regime to check the plan periodically.
Combat Hostile Reconnaissance
Build a plan to spot a hostile reconnaissance team early. Indicate you’ve ‘spotted them’, and provide identification-worthy CCTV evidence to the authorities. Add to proactive profiling of possible hostiles by communicating the effectiveness of your security systems.
Link new Security Equipment to Operational Requirements (OR)
One valuable way to prioritise new physical security equipment installation is to attach an OR statement to each piece of security equipment going in. This must state what security or other operational need this piece of equipment addresses. Each new camera will have a specific purpose – one might be for perimeter security, another for Health & Safety monitoring on a pedestrian thoroughfare etc.
Stiffen Access Control Procedures
Processes and procedures for issuing visitor and contractor passes are worthy of close attention. Multi-layered security systems may well be needed. Hostile Vehicle Mitigation strategies are detailed in the National Counter Terrorism Security Office’s (NaCTSO) Crowded Places Guidance and should be read carefully as this type of threat is currently being encouraged by terrorist groups via the internet, as we know all too well from recent Vehicle as a Weapon attacks.
Should an incident happen, you need to be thoroughly drilled on the procedure to keep staff, visitors and other assets safe. All people on site must know where to go and what to do in the event of a security incident. This could mean full or partial evacuation or ‘invacuation’ to a secure place.
Keep up to speed with NaCTSO Guidance
Use the latest Crowded Places Guidance published by NaCTSO last June as your go-to reference for change, training specification, as well as procedures and processes reinforcement.
Centralise Video Surveillance Monitoring
CCTV is only valuable if coverage is comprehensive and it can provide evidential recordings that can be used to positively identify people. Build a centralised/networked video surveillance infrastructure with professional video management capability in a CCTV control room manned by fully-trained security officers.