It is Sunday, 9 AM, and you’re on the way to your well-deserved family day when suddenly your phone rings. The sergeant from the security team tells you that the cameras are not working and the access control system is offline. You ask a few questions, including if they had already called the integrator, to which they respond yes, we did. Still, they won’t be there in less than 6 hours because they’re already attending to another emergency somewhere else. At the same time, you see another incoming call from the Vice President of operations on your cell phone screen. You don’t answer immediately, but based on what you just heard from your team, you already know the purpose of this call.
How prepared you and your team handle this scenario will determine your success or defeat. Physical security departments are generally very busy attending day-to-day activities. Most companies have emergency response plans. However, not all of them include one to respond to emergencies like the one described in the previous paragraph. Today, even an unattended UPS could lead your facility unsecured for several hours. It is crucial for physical security teams to work proactively to include their electronic systems in their already existing ERPs.
Some managers will argue that the security integrator should provide these emergency response plans. However, as your car dealer does with your brand-new car, integrators might recommend some generic scenarios or ERPs. Still, your responsibility is to optimize them to meet your company’s needs. It will also be a benefit if, instead of only relying on your security integrator, you involve key staff in the development of the ERP. After all, a plan is not good if the team does not understand it.
If you don’t have an ERP for your security systems, I’d suggest starting with a basic one. For example, what to do when the access control system goes offline. The plan should cover at least the following topics:
- How to perform a primary assessment.
- Who are the affected users?
- How many components are failing?
- Can we determine what is causing the problem?
- Is there any network or server maintenance going on?
- Is this the only system affected, or is there a significant outbreak?
- What are the critical doors and gates in the facility? (Which ones should remain open, and which ones should stay closed or locked).
- Do we need security officers at any of these doors?
- How do we switch gates, turnstiles, etc., to manual mode?
- What if the integrator can’t reach the facility on time? Do we know how to proceed?
The ERP can be extensively detailed. Once you have the first draft, it is good practice to review it with your team. Involve those working at the main gates and the monitoring rooms. When you feel comfortable with the plan, perform simulations to validate and improve it. During the simulations, your team should follow each step to determine if there’s a missing action or if one of the steps requires further details.
This article provided some ideas. I`ll cover additional information about ERPs in future posts. Come back soon for more.
