As we approach National Safe Schools Week (October 21-27), it is appropriate for a conversation to begin regarding establishing standards for K12 school security. Currently no standards exist for assisting schools navigate the complexity of understanding what they need, how much it will cost and how they will secure their learning environments.

Security Industry Experts

The Partner Alliance for Safer Schools (PASS) is one of the organizations at the forefront of establishing security standards for schools. In 2014, the Security Industry Association (SIA) and the National Systems Contractors Association (NSCA) formed PASS, which brought together a cross functional group of members including school officials, safe schools’ consultants, law enforcement and security industry experts to collaborate and develop a coordinated approach to protecting K-12 students and staff.

School administrators are often contacted repeatedly by organizations with multiple safety and security products

PASS has provided valuable insights regarding an ‘All Hazards’ approach to school safety and security. In fact, PASS suggests that school administrators are challenged with two decisions:

  • Determining what they need to do
  • How to prioritize

Safe School Environment

School administrators are experts in running schools and providing education. However, most are not security experts and do not understand the complexity of implementing a comprehensive physical security and safety program across their districts. Still, they are often contacted repeatedly by organizations with multiple safety and security products.

The Partner Alliance for Safer Schools (PASS) is one of the organizations at the forefront of
School administrators are experts in running schools and providing education, but most are not security experts 

Some of these organizations recognize their products are just pieces of a safe school environment puzzle and how they fit in, whereas others focus on specific applications and do not understand how their specific solutions may affect life safety codes and Americans with Disabilities Act law. (Note: Many ‘barricade devices’ fall into this latter category and actually introduce liability concerns with the unintended consequences of their use.)Schools incorporate evacuation drills as part of their emergency preparedness plans and practice on a regular basis

Even for experts, the plethora of options and disparate systems required to integrate a safety and security approach at schools is daunting. The ongoing challenge is integrating access control, video, mass notification, and/or visitor management products into a single, effective, and appropriate system the owner can understand, utilize, and afford and that meet local codes and ADA laws. In the absence of standards, schools are likely to amass a collection of devices that do not constitute a comprehensive solution.

Lack Of Consensus

In years past, the our industry and commercial buildings adhered to legacy codes – like Building Officials and Code Administrators International Inc. (BOCA), Uniform Building Code (UBC), Southern Building Code Congress International Inc. (SBBCI), and International Conference of Building Officials (ICBO) – which have traditionally been revised every three years, while local jurisdictions decided what versions to adopt and enforce.

Currently, however, there is a move toward the International Building Code (IBC), which is published by the International Code Council (ICC) and includes standards and guidance for commercial buildings on doors, windows, and other openings.

A risk assessment is the next step toward developing a comprehensive security plan, and begins with developing a trend analysis

Still, despite this migration of codes from a patchwork of local decisions to global guidelines, there remains a lack of consensus around school security. The current fragmented approach causes confusion regarding how new schools are designed and how to retrofit existing school buildings, whose average age is 45+ years.

Right Protection Equipment

One can point to the fact that there hasn’t been one student lost in a school fire in over 50 years as testament to standards like NFPA 80 and NFPA 101 being referenced in model building codes. Additionally, schools incorporate evacuation drills as part of their emergency preparedness plans and practice on a regular basis.

It’s not just having the right protection equipment in the building, it’s also having a procedural layer in place to make sure everyone knows their roles and responsibilities in the event of fire. The stress of the actual event can limit ones’ ability to think clearly. Practice makes perfect. Why would we approach school security any differently?

Still, despite this migration of codes from a patchwork of local decisions to global guidelines, there remains a lack of consensus around school security.
School security is a team effort, and it is important to understand all the areas security impacts and involves

School security is a team effort. It is important to understand all the areas security impacts and involves. PASS suggests starting with a basic team consisting of:

  • Security Director
  • Local Law Enforcement
  • School Administrator
  • Integrator
  • Door and Hardware Consultant
  • IT Director

Comprehensive Security Plan

Quantifying and mitigating risk are the jobs of security professionals and school administratorsA risk assessment is the next step toward developing a comprehensive security plan. This often begins with conducting a trend analysis requiring the collection of data from a variety of public and private sources. The challenge is to pull these pieces into a usable and easily understood format that provides a guide for current and future risk concerns.

Risk assessment and mitigation can never eliminate risk. Quantifying and mitigating risk are the jobs of security professionals and school administrators. Data from the following sources can help measure risk:

  • Campus: Review incident report trends for at least the past 36 months.
  • Area and city: Review crime data from local law enforcement for the surrounding neighborhood and city.
  • Screening procedures: How is hiring conducted?
  • Anonymous tip reporting systems: Enabling students, staff members, parents and the community to anonymously alert administrators to perceived and actual threats.
  • Social media monitoring: such monitoring can provide important information that can be used to identify risks.
●	Social media monitoring: such monitoring can provide important information that can be used to identify risks.
Monitoring social media could help measure risk for school safety

Delay Adversarial Behaviors

These assessments can then be incorporated into the best practice approach of Layered Security. Layered security combines best practice components within each layer that effectively deter, detect and delay adversarial behaviors. Layered security works from the outside in. As one layer is bypassed, another layer provides an additional level of protection. The asset being protected is at the center of the layers – students, staff and authorized visitors. PASS defines five layers of Security:As one layer is bypassed, another layer provides an additional level of protection

  • District Wide
  • Property Perimeter
  • Parking Lot Perimeter
  • Building Perimeter
  • Classroom/Interior Perimeter

Appropriate Tier Target

Each layer can be broken down into Tier levels with Tier 1 being basic and Tier 4 being the highest level of security. It is important to understand that the demographics of individual school buildings varies, even within the same district. Security experts will quickly point out that ‘if you’ve seen one school, you’ve seen one school’. The assessments will determine the appropriate Tier target.

Layered security combines best practice components within each layer that effectively deter, detect and delay adversarial behaviors
Figure 1

Each layer includes essential protective elements, or components, of security. Every layer does not necessarily include all seven of these common components, and a layer may include additional components unique to that particular layer.

Safety And Security Components

  1. Policies & Procedures
  2. People (roles & training)
  3. Architectural
  4. Communication
  5. Access Control
  6. Video Surveillance
  7. Detection and Alarms

Layered Security

While components are not listed in a priority order, three components included in all layers are policies and procedures, the roles and training of people, and communication. These components often perform a function in every layer and every tier in each layer.

Three tools come together in the PASS approach as outlined in the new 4th Edition of the PASS Guidelines (Figure 2) - the Layers are established and defined, a Checklist/Assessment breaks down each layer into tiered best practices which then tie into the guidelines where a narrative explains each best practice in more detail.

Schools need not reinvent the wheel when it comes to school security planning
Figure 2 

Schools need not reinvent the wheel when it comes to school security planning. Following the best practices of Risk Assessments and Layered Security will ensure that every school building in a district will have a unique and comprehensive plan that is tailored to their individual needs.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Mark Williams Sr. Architectural Consultant, Allegion plc

In case you missed it

Sanitization, Safety And Getting Back To Business
Sanitization, Safety And Getting Back To Business

You are not alone: operators everywhere are asking themselves what are they going to do? How are they going to get back to business, and fast? How are they going to cost-effectively operate with all the new safety requirements that have arisen as a result of COVID? How are they going to ensure it all gets done for the safety of customers and staff? How are they going to protect their brand from the negative exposure of being identified as a property with a reputation for COVID? The economic impact of COVID is expected to hit brick and mortar businesses the worst, as their businesses are dependent on people being physically present. According to a recent report by RBC, it is estimated that 70% of Americans expect to avoid public spaces, 57% of Canadians will be unwilling to attend conferences without a vaccine and 63% of people will prefer to drive vs fly.  This means, that for those of you in the business of travel, conferences, co-working spaces, retail stores, museums, art galleries, restaurants, sports arenas, hotels, cruises, airlines, resorts, theme parks, long-term care, education, etc. in the blink of an eye your approach to on-site safety just changed. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitisation To get back to business and operating at full capacity after COVID, operations must find a way to eliminate the fear, uncertainty and doubt in the minds of their customers and employees. The affect of COVID-19 on safety and security To safely get back to business, the Centers of Disease Control and Prevention (CDC) emphasis that all operations need a pandemic response planJust like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budget. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitization, the lines between the security and maintenance just blurred. From customers, to employees, to government regulators, to management, the focus is now on operations and the sanitization policies, procedures and actions of the team. To put this change of priority into perspective, six months ago, sanitisation was not top of mind for people. Why, because it was not a life or death issue, we had other first world problems to garner our attention. From an operations perspective if we enabled a sanitization issue to become significant enough to impact the safety of customers and staff and therefore the brand, then that was an operational choice versus a mistake. Standards for sanitisation  Just like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budgetThe issue is, today while the operating priority of sanitization has significantly increased, it is not measured and managed to the same standard as the other safety and security concerns across a business. Also, important to consider, while people may not hold an operation liable during this first wave, we can guarantee they are not going to be as understanding during the second wave or a future pandemic. To safely get back to business, the Centers of Disease Control and Prevention (CDC) and the Occupational Health and Safety regulators emphasis that all operations need a pandemic response plan and should follow these simple guidelines: Develop your plan Implement your plan Maintain and revise your plan While this sounds simple enough, keep in mind that requirements are constantly evolving and will continue to do so for the foreseeable future, or at least until all the research is in. To create an emergency response plan for a pandemic, properties must first determine what needs to be sanitized. The current requirements dictate that most surfaces and objects will just need a normal routine cleaning, it is only the frequently touched surfaces and objects like light switches and COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-havedoorknobs that will need to be cleaned and then disinfected to further reduce the risk of germs on surfaces and objects. The challenge is when you step back and consider what people touch in a day; the list quickly grows. After only 30 minutes, I easily came up with a list of over 60 items that one could call ‘high touch’! If you think about it, the list is extensive; telephones, doorknobs, drawer handles, counters, pens, keypads, computers, etc. and the list is only going to get longer as the research comes in.   The challenge is when you step back and consider what people touch in a day; the list quickly grows Operating efficiency  If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper and filing cabinetsTo scope the impact on operations as part of the plan, we must then find and identify all of those high touch things across the property. If we then combine that with the fact that CDC requires that all high touch locations must not only be cleaned more often, but that they also require that each location is first cleaned with soap and water, and then disinfected for one minute before finally being wiped down. This means a one-minute task just turned into a 4-minute task, that must now be completed multiple times a day. From a resourcing perspective this adds up quickly, and operating efficiency must be a priority. Not to mention it is going to get very complicated to measure and manage especially. Post COVID rules Getting back to business is going to be complicated; lots to do, lots of moving parts and no technology to help. The fundamental challenge to keep in mind is not that the sanitization requirements have evolved, the real issue is that for most businesses this area has been left unchanged for generations. Still today most rely on checklists, logbooks and inspections to manage the responsibilities of our front-line workers, which might have been fine before COVID. Post-COVID the rules have changed and so should the approach to managing physical operating compliance on the front lines. COVID like most physical operating requirements is tactical, detailed and specific; broad strokes, the honor system and inspections are not going to cut it. The digital transformation  COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-have. If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper, filing cabinets filled with checklists, never to be seen again. Only with the right data can we significantly improve the operational decisions necessary to accelerate our return to full operating capacity. At the end of the day, to fully recover, operations must eliminate the fear, uncertainty and doubt in the minds of customers and employees, only then can we really get back to business.

Which Security Technology Is Most Misunderstood, And Why?
Which Security Technology Is Most Misunderstood, And Why?

The general public gets much of its understanding of security industry technology from watching movies and TV. However, there is a gap between reality and the fantasy world. Understanding of security technologies may also be shaped by news coverage, including expression of extreme or even exaggerated concerns about privacy. The first step in addressing any challenge is greater awareness, so we asked this week’s Expert Panel Roundtable: Which security industry technology is most misunderstood by the general public and why?

Lessons Learned With Vanderbilt: How Have You Adapted To The COVID-19 Pandemic?
Lessons Learned With Vanderbilt: How Have You Adapted To The COVID-19 Pandemic?

With the postponement of tradeshows and events due to the effects of COVID-19, Vanderbilt and ComNet have taken their high quality, innovative solutions online, directly to their customer base. Through an Online Events and Training resource, you can stay connected with the brands’ top resources and products, as well as join upcoming product webinars hosted by their in-house experts. With a majority of the world currently working from home, businesses must respond to this changing landscape. As such, Vanderbilt and ComNet have turned to online resources to share new product demonstrations and other company news. One cornerstone of the ACRE brands approach was the launch of their Online Events and Training resource page. Ross Wilks, Head of Marketing Communications at Vanderbilt, credits this online resource as the anchor to their communicative success with customers at present. “Through weekly webinars delivered by our in-house experts, Vanderbilt and ComNet have embraced more virtual opportunities to continuously communicate to our customers regarding our latest and most relevant products,” he says. “To date, our webinars have covered a wide range of industry topics such as Why Physical Security and Cloud go together, and The most recent developments in card cloning and reader hacking. Attendance to these online events has proved popular and effective in keeping communication with our customer base open and engaging.” Each webinar ends with a Q&A section, as well as follow-up articles on the most asked questions, plus recordings of the webinars being made available to attendees. As such, the webinar approach has proven a receptive approach for Vanderbilt and ComNet. The Online Events and Training resource acts as a one-stop-shop for all virtual information. Overall, the page outlines the brands’ value-added resources for customers, including the ability to request a remote product demonstration, the availability of free online training, 24/7 access to the Vanderbilt webshop, plus the aforementioned weekly webinars. Vanderbilt and ComNet’s business mantra is built on a foundation of customer-focused core values such as empowerment, collaboration, and high performance and Wilks credits this mentality with their ability to keep information flowing to their base during the present pandemic. “The ACRE brands moved early to kick-start online webinars and ramp up awareness of their already existing online training and shopping options. Now more than ever, it is important to keep customers up to date on the latest offerings,” Wilks explains. “Our commitment has always been to make their customer’s security journey the best possible experience, and that is what this Online Events and Learning page primarily focuses on,” he concludes.