Integrating Security into Facility Planning, Design and Construction A. K.

Moorthy, CPP, FSyI, FISM Introduction Many developers and owners invest vast sums of money in the construction of new facilities. It is indeed, paradoxical, that they often fail to incorporate security into the planning, design and construction of their facilities. It is only after a major crime or other serious loss event occurring after the occupation of the new facility, that they realise their oversight. Any remedial measure taken thereafter is usually a quick fix retrofit solution with the bottom line in mind to minimise costs and disruption to the operation of the new facility. This article underscores the importance of incorporating security into all phases in the planning, design and construction of new facilities in the context of asset protection and loss prevention. For reasons of professional ethics, I cannot name the facilities, their owners and other parties involved in the case histories being cited. In the context of this article, the term facility shall refer to any building and its supporting infrastructure. Case No. 1 In this case, an organisation spent nearly 5 years on planning and feasibility studies for the design of a new facility. Unfortunately they failed to carry out a threat and risk assessment to incorporate security requirements that were critical to its operation. This resulted in the following problems: The commencement of construction work being postponed so as to engage a security consultant to carry out a threat and risk assessment, security planning, security system design, specifications, cost estimates and provide

-1-

other inputs required to implement security measures for the facility many of which had to be in-built. Planned security measures being less than optimal, because further revisions of the buildings design to incorporate the required security measures fully would have necessitated a re-submission of the buildings plans to the statutory authorities for approval of all the design changes. The commencement of the projects implementation being delayed by nearly three months because the project management had to seek the approval of higher authority for additional funds to incorporate the required security measures. The end result was a six months delay in completing the project and its handing over to the owners and end users. Case No. 2 About a year after this ultra-modern health care facility was built and commissioned, a robbery occurred in its premises. As it did not have any inhouse security staff, the healthcare facilitys management invited bids from external security agencies to conduct a security audit to identify security weaknesses and propose remedies. During the pre-bid briefing and show around, the author noted that; Prior to its construction, no threat and risk assessment were carried out to identify critical assets, facilities and processes and personnel requiring protection. The facility did not have any written security plans to document the concept of protection, the design intent and philosophy of the security measures and systems such as CCTV cameras, access control systems and intruder detection devices and alarms that were installed. There were also no documents available to define the technical design and specifications for the

-2-

security systems. Security equipment was installed as proposed by the vendor. Despite having commenced operations nearly a year earlier, the facilitys electronic access control system had still not been activated because the procedures and guidelines for the operation, control and management of the system were not available. Contract security personnel deployed in the Security Control Room were totally ignorant of the configuration and operation of security equipment installed in this health-care facility. Case No. 3 A security audit carried out about a year and a half after the construction of this educational institution, revealed that;

The facility did not have a detailed written security plan or written technical specifications for the security systems. The end product was an enormous configuration of security equipment based largely on the vendors proposal. Physical security measures, CCTV coverage and electronic access control systems were omitted at some critical areas, facilities and entrances. On the other hand there was an excess of equipment and redundancies elsewhere in the facility. There was no in-house professional expertise to manage and supervise the vendor who was contracted to carry out the installation, testing and commissioning of the planned security systems. The operational and technical manuals for the security system installed were incomplete.

-3-

 Contract security personnel engaged to provide security were ignorant of and unfamiliar with the operation of security equipment inside the Security Control Room. Case No. 4 In this project, the owners of this new facility assembled a multidisciplinary project design and management team that included architects, mechanical & electrical engineers, civil & structural engineers, interior designers, a security consultant and others from the onset of the planning and design process right through the construction and handover of the project to its owners. This resulted in: Security measures being designed, developed, co-ordinated and incorporated into the architectural, structural, mechanical and electrical engineering, landscape and interior design of the building from the onset of the project. . Security solutions being tailored, interfaced and integrated with the architectural design, mechanical and electrical engineering systems and other services. Security measures that were planned and designed being fully implemented in the facilitys construction within the time and budget allocated. The lessons drawn from the projects cited above suggest that it is desirable to incorporate security into the design and construction stages of a facility through the following: Identifying and assessing assets and their criticality Assessing potential threats, their likelihood of occurrence and effects Assessing security vulnerabilities that are inherent in the buildings design

-4-

Assessing risks which the assets are exposed to and their mitigating strategies Planning and designing security countermeasures which exploit personnel, procedural and technological elements in the most cost-effective and balanced proportions

The drawing below shows how the security planning, design and implementation processes can fit into the overall planning, design and construction of the facility. Project Master Programme Functional Characterisation Preliminary Design Detailed Design & Specifications Security Planning & Design Security Concept Plan Security Operations Plan Technical Specifications Design &

Tender Invitation & Award

Construction/Installation Completion Handover to Owner

Project Management Testing & Commissioning Of Security System

A multidisciplinary approach, which integrates security with architectural, structural, mechanical and electrical engineering and landscaping design etc from the very onset of a project, will ensure that security measures are specifically tailored and customised for the facility. This will help strike a

-5-

meaningful balance between architectural form and function and achieve cost effectiveness. Security considerations must go beyond the basic protection needs. For example, the access control system may require multiple layers for entry and also to control exit. Depending on the threats, risks and vulnerabilities, egress may be just as important as ingress because of the need for rapid evacuation in case of emergency. Besides protecting people and assets, it would also be necessary to protect physical security measures for information systems hardware and network infrastructure against intrusion, theft, loss or physical damage. Security cannot be planned, designed or operated in isolation. It must be integrated with the facilitys integrated building management system (IBMS), which would monitor, supervise and control the buildings critical systems such as, mechanical and electrical engineering services, fire protection systems, utilities, and ventilation, air-conditioning, power and telecommunications systems. In some facilities, the security access control system might have to be interfaced with the Human Resource Departments personnel data bases, time and attendance systems and payroll systems etc. The potential of security technology is being exploited beyond traditional security functions. For example, besides being used for surveillance, monitoring, detection and recording, the CCTV and access control systems are increasingly being used as tools for investigations and collating evidence for litigation or prosecution. CCTV systems are also being integrated with local area networks (LAN) under the office automation programme. Similarly access control systems are doubling up as a means of time and attendance clocking for employees. Software based security management systems are being used to enable remote access and monitoring. There is also increased fusion between security and IT systems.

-6-

Effective security design for a new facility must also address other factors such as: Prioritising the assets to be protected, their criticality to the operation of the facility or business and their vulnerabilities in relation to the threats and risks identified. Exploiting natural and man-made barriers, landscaping, fences, gates, walls, doors and windows etc as part of crime prevention through environmental design (CPTED) strategies to complement physical security measures to channel and ensure access control and even exit control. Deployment of security personnel and trained animals such as dogs. Physical and technological measures (electronic security devices of various sorts such as CCTV, electronic access control systems, intruder detection systems, alarms, sensors, under vehicle inspection systems, walls, fences and barriers etc) Operational procedures and processes (which must be supported by the facilitys design). For example, if staff and visitors need to be screened for arms/explosives, the building design must provide for people to be channelled to the search stations. Rapid evacuation in a fire or other emergency is crucial to the safety of occupants and visitors in a high-rise building. This requirement often conflicts with security. Adequate provisions need to be made for handicapped persons with specific disabilities. For example, an intercom system at a lobby must not only be suitable for the visually handicapped but also for those with hearing difficulties.

-7-

Security must not be obtrusive, cumbersome, or curtail legitimate freedom of access and privacy. It must project a visible deterrence that is warm and yet friendly. This is particularly important to facilities in the service or hospitality business. The integration of security with the architectural, structural and mechanical & electrical engineering and landscaping design programme from the very onset is important because some security measures need to be built-in. For example the landscape design could incorporate hardened street furniture to protect the facilitys faade against forced penetration by vehicles. Proper design to include structural hardening and security glazing for glass facades, glass walls, windows and vision panels will enable mitigation against attacks with explosives. The buildings air-conditioning and ventilation systems can also be designed for protection against contamination or intrusion with harmful substances. The integrated design approach can also help avoid an over provision or retrofitting of security measures and thus reduce costs significantly. Providing space in risers to add new trunking, conduits and cabling for future expansion and upgrading will future-proof the security systems. The same holds true for structured cabling technology which enables security cabling to ride on a common backbone that serves other functions in the entire building such as information and integrated building management systems. It will also enable a seamless integration of security with other systems in the integrated building management system (IBMS) bandwagon. All these will translate into cost savings for the owner/developer in the short and long terms and future-proof the building. Ultimately the security system design must strike a careful balance between all the factors mentioned above. The feasibility of incorporating physical barriers or other physical measures into the landscape may not be a feasible or viable option because of the scarcity of land and its high cost in city and sub-urban areas. Security planning and design must also address the operation and of the buildings security systems and equipment. The maintenance

sophistication and complexity of technology based and driven security systems must take into account the need for highly skilled, trained qualified and motivated

-8-

security personnel for system operation and maintenance functions. This must be clearly identified and factored into the facilitys construction programme. A comprehensive annual maintenance programme system and minimise its downtime. In conclusion, I would reiterate that security must be integrated into all stages of a new facilitys planning, design, construction and project management. This will ensure that all the security measures needed to protect the organisations assets such as people, information, property and other assets will blend unobtrusively with the buildings architectural excellence, form, function and aesthetic design. The integrated approach will also enable implementation of security measures in the most cost effective way in terms of initial capital outlay as well as long term operating and maintenance costs. About the Author A K Moorthy, CPP, FSyI, FISM is presently the Executive Director and Principal Security Consultant of S M Security Solutions Pte Ltd, a security consulting firm in Singapore. He is a BSc (Security) and a Master of Security Management graduate from Edith Cowan University, Western Australia. He is Board Certified in Security Management (Certified Protection Professional) by ASIS International. He is a Fellow of The Security Institute, United Kingdom of Great Britain and the International Institute of Security & Safety Management. Moorthy is also a volunteer leader of ASIS International, and is presently its Senior Regional Vice President for Group 18 which covers India and South East Asia. He has contributed articles to local and regional security publications and also presented papers at local, regional and international security conferences. (The views expressed in this article are entirely the authors own and do not necessarily reflect that of ASIS International). must be planned and implemented to ensure the continuous operation and reliability of the security

-9-