ONLINE SECURITY SCORECARD

Apr 1, 2005 12:00 PM, By CORRINA STELLITANO

At the Frank Erwin Center, an 85,000-seat arena at the University of Texas at Austin, all the traditional security measures are in place — CCTV, security guards, metal detectors, and pre-event bomb sweeps conducted by campus police dogs. “There are obvious things we think we are doing well, but there is always room for improvement,” says Jimmy Earl, associate director of the center.

The Frank Erwin Center recently became one of the first college facilities to use a new online vulnerability assessment tool to improve its security efforts. Intended to help stadium managers and security directors assess the risk level for their facilities, the tool provides a systematic way to assess each facet of a facility's security plan. It also allows facility managers to submit their assessment results through a direct link to security experts at the U.S. Department of Homeland Security. A new version of the tool will be launched shortly for managers and security directors of arenas, concert halls and convention centers.

TEAMWORK: A BETTER PRACTICE

Although Department of Homeland Security officials often conduct risk assessments of potential soft targets nationwide, the request for a self-assessment tool catered to stadiums first came from the International Association for Assembly Managers (IAAM).

Following the creation of IAAM's “Best Practices for Safety and Security,” Turner D. Madden, general counsel and lobbyist for IAAM, had shared the document with officials in the White House. When the new Department of Homeland Security was formed, IAAM's Best Practices were part of the reams of documents the White House sent as a welcoming package.

When Madden learned about online assessment tools for the Transportation Security Administration and the marine industry, he asked DHS to consider a version for the stadium industry, and offered the use of IAAM's Best Practices as a resource.

“We were out doing these assessments when the idea came from IAAM to craft a tool,” says Bill Flynn, acting director of the Protective Security Division of the Department of Homeland Security. “We typically attempt to marry our security specialists with the security professionals working in the industry and try to come up with a joint product. Working with them using their best practices as a baseline is always the best way to work.” Flynn's division is responsible for protecting the nation's infrastructure from terrorist attacks and has identified and analyzed tens of thousands of potential targets in the United States. The partnership with IAAM gave DHS access to 3,500 public assembly facility managers. “It's almost like a one-stop shop,” Madden says.

For IAAM leadership, the new tool served an essential need as well: “(We knew) a critical step in establishing a solid infrastructure protection program for the public assembly facility industry is to have a consistently high level of security practices in facilities across the country regardless of the size or type of building or the type of event,” Madden says.

The Vulnerability Self-Assessment Tool evaluates stadium security plans through seven broad categories:

• security plans, policies, and procedures;
• security force and security awareness training;
• cargo, personnel, and vehicle access control;
• physical security assets;
• security technology equipment;
• communication security (local, state, federal); and
• information security.

After delivering a series of questions about the facility, the tool presents an array of threat scenarios. Managers are requested to list the facility's baseline security countermeasures that apply for each of the scenarios and then rate their effectiveness in detecting and preventing the terrorist's actions.

They are also required to rate their facility in terms of target attractiveness (from a terrorist's perspective).

After the tool is applied across each of the provided threat scenarios, managers are requested to apply the tool two more times to assess the impact of adding new countermeasures or enhancing existing countermeasures. The first additional assessment assumes a general increase in the national threat level. The second assessment assumes that the entity is known to be a specific terrorist target. The additional or enhanced security countermeasures are then included in the entity's security plan along with estimated resource requirements and a timeframe for implementation.

After the online Self-Assessment Tool is completed by the facility, facility managers can choose to send their results to DHS. Information that managers input into the tool becomes part of a vulnerability assessment, which constitutes Sensitive Security Information (SSI) under TSA regulations and remains entirely confidential.

“This will allow us to do some comparative analysis,” Flynn says. “It gives security directors the same capability — to see where they stack up in their own industry. The goal is to give them a self-evaluation tool; but, by submitting the results to DHS, we can give them feedback and a scorecard as to how they compare. That's what security directors are telling us they really need. When they make business decisions, they need this feedback to get results.”

Log on, tune in

Since its introduction on January 7, 2005, 200 facility managers have registered and begun the online process; 13 have already completed it. On occasion, DHS has visited interested facilities, conducted risk assessments and given instructions on using the online tool.

Jimmy Earl, associate director of the Frank Erwin Center and president of IAAM, says the benefits were immediately evident. “It's a very detailed tool that helps assess vulnerabilities,” he says. “Some of the things are very simple and easy-to-do. And, once you improve on those aspects and you can go back in and update it, so it's a continuous improvement.”

Most users and tool creators do describe the self-assessment tool as user-friendly — though it is a lengthy process. DHS and IAAM officials suggest that facility managers and security directors work together to complete the process over days or weeks, involving staff and community first responders in related sections.

Users can control what they get out of the process, Madden says. “It's like TurboTax — it's really easy to use. But, you have to know your facility and get the right feedback to answer the questions. You get out of it what you put into it,” he says. “That's what's great about the tool — a small university can go online and get the same level of service as someone who spends a lot of money (to outsource to expensive consultants).

”DHS and IAAM suggest the facility managers and security directors complete the process at least once a year, and each time they complete security upgrades at the facility.

“Updating once a year would be fantastic,” Madden says. “It's pretty lengthy, (but) once you go through it once, you have a security plan. All you have to do is update it, and check to make sure the online tool hasn't been changed or upgraded.”

New information will be included in the online tool as necessary, Flynn says. “If we see a new threat that is not part of the tool, we would certainly include that and notify them it has changed,” he says.

Sharing the tool

Classes about the online tool are being offered at annual events, including the IAAM Annual Conference, the Academy for Venue Security and Safety, and the Crowd Management Conference.

IAAM directors expect stadium managers to find the tool useful in other ways as well: “When the tool is completed, it may even be used as objective criteria in negotiations to reduce insurance premiums,” Madden says. “In addition, if you choose to apply for state grant funding through your state's Department of Homeland Security office to augment your security program, sections of the report may be used for justification.”

An eye for accuracy

IAAM's Best Practices document helped to transform the online tool from a government issue one-size-fits-all service to a tailored tool for stadium managers, IAAM officials say. The involvement of IAAM included providing the Best Practices and review throughout the process.

Harold Hansen, an industry consultant who recently worked as director of the 10,000-seat UIC Pavilion in metropolitan Chicago, was selected to lead the feedback and review stage in the creation of the online tool. Hansen shared the tool with a team of 20 stadium managers, other venue managers, league officials and consultants. Through the fall of 2004, the team compiled a six-page feedback list, including everything “from typos to suggestions for additions.” Hansen also worked with DHS and IAAM on the arena and performing arts center version. This work is “a labor of passion,” he says.

“The industry we work in encompasses lots of different people, and we all share a common goal: we want people to come assemble in a safe place,” he says. “Here's a chance to access the resources of DHS and have our members think about safety and security in a preparedness kind of mode; whereas pre-9/11, our thought process was ‘How do we react?’”

While Hansen's role in completing the tool was as a reviewer of content, he couldn't help donning his facility manager hat, he says. “When you look at these several 100 questions, you can't help thinking what your answers would be and that's what enlightened me (to the value of the tool).

“Prior to using the tool, I would have said ‘we're prepared. But, then you start detailing your counter-measures, and the reality is, we didn't train enough and didn't instill enough ownership in employees for our safety plan. It became clear to me — that we need to do a better job,” he says.

The online tool combats another misconception Hansen often witnesses. “For many of our buildings, especially when you leave a major market, (the thought is) ‘it's not going to happen here.’ And I still run into that viewpoint,” Hansen says. “The tool is geared at the highest level, but an orange or yellow-level event doesn't have to be at the national level, it could happen in your community.”

Soon, DHS officials hope to expand the online tool to apply to schools, colleges, religious institutions and other soft targets. The process will again involve experts culled from the respective industries.

And for all those with test-anxiety, the pressure is off. The online self-assessment tool is meant to help facility managers, not judge them. “It lets you measure and develop a security snapshot, a security baseline for your facility. No one is going to score this and say ‘you failed,’” Hansen says.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue