Whether you are an experienced school safety practitioner or cast into the role recently, there are many things to evaluate when putting together a school security risk management program. The first idea to think about is a more holistic view. Move away from thinking of security as a reactive and siloed collection of activities and more like a collection of principles and activities aimed at understanding, managing, and reducing risk exposure over time and events. For those that have been used to physical security approaches and responsive solutions, this can seem a little daunting, but it is the only way to create a comprehensive program and track the success. There are many security risk management consultants out there to help you think through this but here is a list of considerations to help guide the approach and get you started.
- Think of the goals, people, things, and places you want to protect as assets subject to threat exposure. List them out. With respect to goals, create a risk management mission statement.
- Consider the main threats that face your organization every day, the threats that are high impact but happen rarely, and those worst case scenarios that would devastate the school, staff, children, parents, and district. Document this.
- Think through the KNOWN vulnerabilities your organization has. What failures or inefficiencies have occurred over the past 3 years. Document.
- Think through the potential threats and vulnerabilities that haven’t occurred but there may be signs on the horizon given certain events.
- Think through how your organization can best monitor, evaluate, analyze, and understand the different types of threats you have outlined.
- What processes and protocols are in place to deal with each threat as it occurs? Is there a functional task organization? How often is it reviewed?
- Which threats are already being effectively managed and which need to be removed or covered by insurance? Ie how much exposure are you willing to tolerate across threat type and possible impact?
- What is the organization for your current security and risk management staff? Estimate the value each role has with respect to the mission statement and to reducing or managing school risk. Is there a clear hierarchy and communication or reporting strategy?
- What sources of information, data, interfaces, technologies, and communication are being used and how? What do you need to know and do you have the info to know it? Where are the gaps? How can these gaps be filled?
- Where is there redundancy or waste? Where are there low value, high cost activities and should they be eliminated or improved? Where is there opportunity for consolidation and integration? Where should things be compartmented?
- Think through the security and risk management culture. Is the organization working seamlessly together across the whole spectrum of risk management? Is there an effective culture of communication, security mindedness, and collaboration? Where are there silos? Where is there resistance? Is the program connected with the community and first responders? To what extent? Where are there gaps?
- What is the budget? What is the process for evaluating priorities? How often does an audit happen? When are fresh perspectives and objective assessments obtained?
- Is training sufficient and focused on priorities? Is it accepted? Is it valuable? Is it routine?
- Is current staffing acceptable? If not, why and what can be done to overcome? Is current training and experience acceptable? Where are there gaps?
- Are the processes and protocols for safety, security, and crisis well communicated and functional? Are they reliable? Are they consistent? Have they been tested?
- Determine success metrics and KPIs for your security risk management program. How do you know you are doing well? Can you measure threat/risk exposure over time? Can you evaluate the value of your program in terms of losses, time, culture, reduced exposure, outcomes, cost, and readiness/resilience? Are you open to critique and improvement?
- How often do you evaluate your program and open up to your peers and other subject matter experts? How often is your strategy and operations plan updated? Is there a security risk management strategy that key stakeholders can review?
- Think every day on how we can improve monitoring, analysis, management, communication, and optimization of the threats and exposure. If you could have any analytics what would they be? Don’t think of what it is possible, think of what you would like to know and be able to do and document it.
This is only a primer and should help to get your program going in the right direction. We hope this helps. At Alpha Recon we are ready to help you do the tough parts of the job that technology can handle to enhance your program and security capabilities. Please contact us for an assessment, demo, join our education event list, or simply ask for our opinion.