Silva Consultant's Blog

Introduction to Security Intercom Systems

May 14

Posted by masilva in Security Systems | No Comments

Purpose

Security intercom systems are used to provide voice communications between two or more locations for security purposes. Security intercom systems are frequently used between a locked building entrance door and a constantly attended location in the building, such as a manned security control room. In this application, the security intercom system gives visitors a means to contact someone in the building when they arrive at the entrance door. Other common locations where security intercom systems are used in commercial buildings includes loading dock doors and at vehicle gates that provide entrance to the property. In residential applications, security intercom systems are commonly used between the main entrance door and a location within the interior of the home.

Simple Intercom System with One Sub-Station

 

A simple intercom system consists of one “Master Station” and one “Sub-Station”. The Master Station is typically located at the point inside the building where communications is to be received. The Sub-Station is typically located at the point where the communication is to be originated. For example, in an office building, it may be desirable to keep the front entrance door locked, and to provide a security intercom system to allow communications between the outside of the entrance door and the receptionist’s desk in the lobby. In this situation, the intercom Master Station would be installed at the receptionist’s desk, and the Sub-Station would be installed on the wall outside of the entrance door.

The Master Station provides control of the intercom system and typically includes a station selector switch, talk button, speaker, amplifier and volume control. The Sub-Station typically includes just a speaker and call button. When the visitor arrives, he or she presses the call button on the Sub-Station. This causes the Master Station to ring. To accept the call, the receptionist presses the station selector switch. When this button is pressed, the receptionist can instanlly to listen to sounds at the Sub-Station. To talk to the visitor, the receptionist presses the talk button. When finished speaking, the receptionist releases the talk button to listen to the reply from the visitor. This goes back and forth for as long as the conversation continues, with the receptionist pressing the talk button when she wishes to speak, and releasing the talk button when she wishes to listen. At the conclusion of the conversation, the receptionist presses the station selector switch again to terminate the connection.

Simple Intercom System with Multiple Sub-Stations

 

In many facilities, there may be a need to communicate with more than location. For example, in the office building described above, there may be a need for the receptionist to communicate with the employee entrance door and the loading dock door in addition to the front entrance door. To meet this need, Master Stations are available that can accommodate multiple Sub-Stations. Models that have a capacity of three, five, or ten Sub-Stations are common.

Master Stations that work with multiple Sub-Stations have a station selector switch for each station. Above each switch is an indicator light as well as a label that identifies the Sub-Station (“Front Door”, “Back Door”, etc.) When a visitor presses the call button on a Sub-Station, it causes the Master Station to ring, and for the indicator light above the appropriate station selector switch to illuminate. The receptionist can then press the station selector switch for the station that is calling and begin the conversation using the talk button as described above.

Simple Intercom System with Multiple Master Stations

Sometimes, there is a need to receive intercom calls at more than one location in a building. For example, you may wish for the receptionist to receive calls during normal business hours, but after-hours, you may wish for calls to be received at the security control room. To meet this need, it is possible to provide multiple Master Stations, each capable of communicating with one or more Sub-Stations. Communications between each of the Master Stations can also occur if this is needed (for example, receptionist could use intercom to talk with security control room and vice versa).

In most cases, the system is designed so that calls from Sub-Stations are received at all Master Stations. The first Master Station that answers the call handles it and all other Master Stations ignore it. Typically, when one Master Station is in use, other Master Stations cannot be used. The system provides a “busy” indicator light at each Master Station to indicate when the system is in use by others.

Simplex or Duplex Communications

The simple intercom system described above uses what is known as “simplex” communications. “Simplex” communications means that communications can occur in only one direction at a time. In the examples above, the receptionist uses the talk button on the master station to control the flow of communications. The receptionist can either talk or listen, but not do both at the same time.

More sophisticated intercom systems are available that use what is known as “duplex” communications. “Duplex” communications means that communications can occur in both directions at the same time. When using an intercom system that has duplex communications, there is no need for a talk button; once a connection is established between a Master Station and a Sub-Station, a two-way conversation can occur without either party having to operate any type of control. This is a much more natural way to communicate and avoids the gaps in a conversation that can occur when the talk button is pressed too soon or too late.

As a general rule, most simple, inexpensive intercom systems use simplex communications, while more expensive intercom systems use duplex communications.

Handset or Hands-Free Intercoms

Intercom stations are typically available in two versions, a “handset” version, and a “hands-free” version.

Handset intercom stations use a corded handset similar to that found on a telephone. The advantage of handset intercom stations is that they work well in noisy environments and that they provide some degree of privacy. The disadvantage of corded intercom stations is that they are less convenient to use and that they are more prone to vandalism and routine wear and tear.

Hands-free intercom stations use a speaker/microphone that is built into the unit. Hand-free intercom stations are more convenient use and less prone to damage, but sometimes can be difficult to use in noisy environments. Hands-free intercoms stations also offer little privacy.

Some intercom stations come with a handset but are also capable of being used hands-free. These stations have a speaker/microphone in addition to a handset and usually work as a hands-free unit unless the handset is picked up.

Wired or Wireless Intercoms

Most intercom systems have traditionally been the “wired” type that require low-voltage wiring be installed between each of the Master Stations and Sub-Stations. On larger or more complicated systems, this wiring can become quite extensive and may be costly to install. However, once installed, wired intercom systems tend to be very reliable and require very little maintenance. Because of this, wired intercom systems have long been the preferred choice of most commercial and industrial users.

Intercom systems are also available that allow “wireless” communications between Master Stations and Sub-Stations. These systems typically use radio signals to provide the communications path between stations and don’t require any type of wiring. The advantage of these systems is that they are quick and convenient to install. The disadvantage of these systems is that they don’t work well in all settings, and may not work at all in buildings that contain large quantities of concrete and steel or when there are long distances between the stations. Most wireless intercom systems also lack the features needed for the larger commercial user and are considered to be less reliable over time than a wired system. Because of this, wireless intercom systems are usually best suited for use in private homes and at smaller commercial businesses.

IP Network Connected Intercoms

A recent development in intercom systems is IP network connected intercom stations. These stations are capable of being connected directly to an organization’s existing data network. This usually means that the intercom station can be plugged into a nearby network outlet or unused port on a nearby network switch. This can greatly reduce the costs of installing wiring and offers great flexibility in the way that intercom systems can be installed and modified. IP connected intercom stations are well-suited for use in large campus environments, particularly when the campus includes buildings that are off-site.

Door Release Buttons

When an intercom system is used to communicate with a door, it is often desirable to have the ability to remotely unlock that door. For example, if an intercom system is used between a receptionist’s desk and a locked entrance door, it is common to provide the ability to remotely unlock the door for authorized visitors. Many simple intercom systems incorporate a door release button into the intercom Master Station specifically for this purpose. This button is wired to electrified locking hardware (such as an electric strike) on the door, and when the button is pressed, the door unlocks.

When multiple doors and multiple Sub-Stations are used, remotely unlocking doors becomes a little trickier. Some Master Stations can use accessory relays that allow the door release button to work in unison with the station selector switch. This allows the door release button to release the door that the station is currently in communication with.

Video Intercom Systems

Intercom systems are available that incorporate video surveillance features. Video intercom Sub-Stations are similar to regular Sub-Stations except that they also include a small built-in video camera that provides a direct view of the person operating the station. Most cameras offer a fixed viewing angle; some cameras can be moved up and down and right and left by the person receiving the call. Video intercom Master Stations are similar to regular Master Stations except that they also contain a small video monitor. This monitor is used to view the image produced by the camera in the video intercom Sub-Station.

The advantage of video intercom systems is that they allow the person receiving a call to verify the identity of the person calling. This can be particularly useful in door control applications where it is desirable to confirm which person is at the door before pressing the door release button.

While most video intercom systems provide a good view of a person standing directly in front of the intercom Sub-Station, they generally don’t provide a wide-angle view of the overall doorway itself. In addition, cameras in video intercom systems tend to be only of moderate quality and generally not suitable for use with video recording systems. For these reasons, most organizations who are serious about security don’t consider the cameras built into video intercom systems to be a substitute for regular surveillance cameras and generally install both at entrance doors.

Exchange Intercom Systems

It is possible to mix and match simple intercom Master Stations and Sub-Stations to create a relative large system. However, when a facility becomes very large and has  many Sub-Stations and Master Stations, the system can become complex and unwieldy. This can occur in campus settings where there are many buildings and many doors.

To meet the needs of larger systems, “exchange” intercom systems were developed. These systems get their name because a central controller, called an “exchange”, is used to manage intercom system traffic. Rather than being connected directly together, Master Stations and Sub-Stations are connected to the exchange. Most exchanges allow the use of both wired intercom stations and IP network connected stations. When a call is placed, it first goes to the exchange, where it is them routed to the appropriate station.

Master Stations used with exchange intercom systems often are microprocessor based and operate using a menu driven system. This also a powerful set of features to be packed into a relatively compact station. The benefits of using an exchange intercom system are many and include:

  • Can be expanded to a practically unlimited number of intercom stations
  • Can carry out multiple conversations between stations at the same time.
  • Can route calls to specific stations based on time of day.
  • Can forward calls if station is busy or if call goes unanswered.
  • Can operate auxilary relays to unlock doors, turn on lights, etc.
  • Can use plain text to identify stations within operating menus.
  • Can interface with telephone and two-way radio systems.
  • Can interface with security management systems.
  • Have ability to be programmed and controlled using a computer.

As might be expected, exchange intercom systems are considerably more expensive than simple intercom systems and are most cost effective when used at larger facilities. The cost of an exchange intercom systen cannot generally be justified at a smaller facility.

“Exchange-Less” Intercom Systems

A new breed of system, called an “exchange-less” intercom system has recently been introduced. These systems use IP connected stations that have built-in processors and memory that allow them to provide many of the features and benefits of a exchange system, without requiring the use of an exchange itself. These systems can offer the smaller user a very capable system at a fraction of the cost of an exchange system. While still more expensive today than simple intercom systems, we see exchange-less IP network connected systems as the wave of the future.

Using Security Intercom Systems to Enhance Your Security Program

In addition to being used for basic communications purposes, security intercom systems can be used to enhance your facility’s overall security program. Security intercom systems can be particularly powerful when integrated with other systems such as security management systems and video surveillance systems.

For example, with a fully integrated system, when a “door-forced-open” or “door propped” alarm occurs at at access controlled door, the Sub-Station at that door can automatically  be connected to an intercom Master Station at the security control room. In addition, the camera at that door can automatically be displayed on a video monitor. This allows the security officer to both listen to and see what is going on at the door and possibly give a verbal warning to those who may be violating a security procedure (“Hey, you, please don’t prop the door open…”).

Security intercom systems, when combined with appropriate signage, can also be used for customer service functions such as providing directions to visitors, allowing employees to request a security escort to their cars, and notifying security of safety violations.

 

If you have questions regarding security intercom systems, or need help in designing a security intercom system for your facility, please Contact Us.

Point of Diminishing Returns in Security Investments

Feb 8

Posted by masilva in Basic Concepts, Security Management | No Comments

Good security management practices require balancing the amount of money spent on security improvements with the level of security risk. While almost any security problem can be solved by spending enough money, it often does not make sense to do so. As in many other areas of business, there comes a point of “diminishing returns” in investments in security improvements. This is shown graphically in the chart below.

When you begin to improve to security at a facility, there are many simple and inexpensive things that can be done. During the first stage of security improvement, you can do things such as create good security policies and procedures, conduct security awareness training for employees, and make simple improvements in physical security that can greatly enhance security with very little investment. Because of the ease in which security can improved at minimal cost at this stage, it is often called the “low-hanging fruit” stage.

The second stage of security improvement often requires major capital investments or making commitments for significant ongoing security operating costs. This can involve things such as hiring an on-site security staff, installing card access control or video surveillance systems, or remodelling the lobby to better control the flow of visitors. These things can increase security significantly, but cost substantial money to install and maintain.

The final stage of security improvement is the most expensive. This stage usually involves making investments in things that increase security incrementally, but at a very great cost. This can involve installing biometric access devices, weapon screening equipment, biological agent detection systems, or blast resistant rooms. Often, only those facilities with the highest level of security risk can justify making these investments.

The key decision is deciding when there is “enough” security and when you are about to pass the point of diminishing returns. Any investments made beyond this point won’t reduce your risk by any appreciable amount and are probably a waste of money.

A common mistake is for a facility owner to jump right to the second stage of security improvement without harvesting the “low-hanging fruit” available during the first stage. An example of this would a facility manager who installs a video surveillance system before he has developed good security policies or provided adequate security training for his employees.

The critical factor in deciding what security investments to make is a good understanding of your specific security risks. Every security improvement made should be in direct response to one or more of your specific risks, starting with your highest priority risks, and working your way down to your lowest priority risks.

For example, if your risk assessment shows that the theft of trade secrets is your greatest risk, the greatest emphasis of your security program should be in protecting trade secrets. This could involve installing better filing cabinets, more effective shredders, or enforcing a clean-desk policies for employees. Installing cameras in the parking lots would not be a effective measure to offset this type of risk and should only be considered after your trade secrets risks have been mitigated.

Many facility owners make bad security investment decisions because they really don’t know what their security risks are or how to prioritize them. As a result, they spend a lot of money solving problems that are unimportant, and completely ignore problems that are critical. Formal Security Assessments are one way to properly identify and prioritize your security risks. Having a Security Assessment conducted is often the best first step in improving security at a facility and should be considered before making any substantial investments in security improvements.

To learn more about managing your security risks in the most cost-effective manner, or if you have any questions, please Contact Us.

 

How to be a World-Class Security Systems Integrator

Feb 5

Posted by masilva in Buying Security | No Comments

I have been an independent security consultant for over 27 years. I have worked with literally hundreds of different security system integrators, ranging from one-man shops to the largest security systems integration companies in the world.

Every once in a while, I come across a security integrator that really stands-out. These integrators seem to exceed customer expectations in every way and set the standard for professional, high-quality security and surveillance installation and service work. I call these integrators “world-class”, and enthusiastically recommend them to my clients.

Here are some of the characteristics possessed by a “world-class” security systems integrator:

During the sales process

  1. Really listens to the customer’s needs before trying to sell them anything.
  2. Talks to the customer on his level and uses a minimum of technical jargon.
  3. Honestly explains the strengths and weaknesses of the product he is selling.
  4. Gives the customer an itemized quotation so that he fully understands what he is buying.
  5. Truthfully explains the ongoing maintenance and upgrade costs of the system he is proposing.
  6. Gives the customer a realistic idea of how long the system is really going to last and how quickly it may become obsolete.
  7. Has the courage to tell the customer that what he is asking for really won’t solve his security problem.
  8. Is quick to refer the customer to other service providers when they may be better able to meet the customer’s needs.
  9. Doesn’t try to sell the customer something he doesn’t need just to make a sale.

During the installation process

  1. Fully complies with the agreed upon specifications or contract.
  2. Sends only well-qualified technicians to the jobsite to perform the installation work.
  3. Is respectful of the customer’s workspace; causes minimum disruption, cleans up messes as they are made.
  4. Regularly keeps customer informed as to the status of the installation so that there are no surprises.
  5. Keeps schedule commitments and finishes the installation on time.
  6. Provides an adequate level of user training until the customer is fully comfortable in using the system.

After the sale

  1. Is as quick to return calls and emails to the customer as they were before the sale.
  2. Has a service organization in place so that service calls can be handled promptly and professionally. Has more than one person in their company who can work on the customer’s system.
  3. Takes full responsibility for the problems the client is experiencing – doesn’t try to blame problems on the manufacturer or other parties. Stands behind their product even if it ends up costing them money.
  4. Honors warranty commitments even if customer may be unaware of them.
  5. Lets customer know of expected costs of repairs before they are performed.
  6. Keeps customer informed as to the status of their service request. Tells customer what they are working on, when problem is solved, and what they found.
  7. Calls the customer back periodically to check-in to see how things are going.
  8. Keeps customer informed of system upgrades and enhancements. Doesn’t wait until last minute to tell the customer that their system is at “end-of-life”.

The difference between top-performers and mediocre performers is often only in the way that they handle the small details. Simple things done repeatedly can place a company in the top 5% and allow it to become a “world-class” security systems integrator.

Effective Key Management Procedures

Jan 22

Posted by masilva in Lock Hardware, Security Management | No Comments

Introduction

Despite the widespread use of electronic card access control systems, most facilities still make extensive use of traditional locks and keys at their facilities. It is still much less expensive to equip a door with a standard lock than it is with any type of electronic access control device. For these reasons, most organizations equip only a small percentage of their doors with electronic access devices, and install traditional locks on the majority of their other doors.

Because traditional locks and keys continue to be widely used, it is important that effective security management procedures be put into place to effectively control them.

Lock System Selection

The first step in effective key management begins with the initial selection of the lock system. The first decision is what type of lock system should be used, a “standard security lock system”, or “high-security lock system”. A standard security lock system is less expensive, widely available,  and offers more flexibility in the way that keys can be duplicated. High-security lock systems offer much greater security but are more expensive, available through fewer channels, and generally require that duplicate keys be obtained only through authorized distributors. (See related article High-Security Locks for more information).

Once the type of lock system has been decided upon, the next decision is to choose a lock manufacturer. In many cases, selecting a lock manufacturer also chooses the type of lock cylinders and key that will be used. For example, a series of locks manufactured by the “XYZ Lock Company” probably comes with XYZ lock cylinders and XYZ keys. Cylinders and keys are generally not interchangeable between brands, so once an organization picks one brand of lock and key, they usually need to stick with it.

(High-security lock systems can be the exception to this rule – high-security lock cylinders can often be installed in locks produced by other manufacturers. This allows locks to be upgraded to use high-security keys without requiring that the lock itself be replaced.)

Lock System Design and Keying

Once a type and brand of lock system has been chosen, the next step is to design the system and to determine how it will be “keyed”. This process is normally facilitated by the architectural hardware consultant who is specifying the lock system. The process generally involves creating a matrix that shows all doors in the building, identifying all of the categories of employees that require access through these doors, and establishing which categories of employees need access through each of the doors.

Once this process is completed, the hardware  consultant will design the keying system and create keying chart. This chart may be simple or complicated depending on the type of facility and total number of doors to be controlled. An example of a simple keying chart is shown below.

Simple Keying Chart

The chart shows three levels of keying. The keys at the lowest level are known as “Change Keys”. These keys typically allow access to only a single area or department. For example, in the chart above, the Accounting change key would only allow access into the Accounting Department, and the Human Resources change key would only allow access to the Human Resources department.

The keys at the next level are known as “Master Keys”. These keys allow access to all of the areas or departments shown below them on the keying chart. For example, in the chart above, the Administration Master Key would allow access to both the Accounting Department and Human Resources Department.

The key at the top of the chart is known as the “Grand Master Key”. This key would typically allow access to all areas and all departments in the facility.

The design of a keying system can be a very complex subject and this article just touches on some of the basics. However, when designing a keying system, the following should be considered:

  • There is always a trade-off between security and convenience. While it is very convenient for a manager to have a grand master key that opens every door on the premises, consider the damage that would be caused if this key fell into the wrong hands. Also, having such a key lost or stolen would require rekeying the entire facility – a very costly proposition.
  • When using standard security lock cylinders, master keying makes the lock more susceptible to both “picking” and “bumping”.
  • High-security areas in the facility sometimes should be keyed so that they are not part of the master key system. This is sometimes called keying “off-master”. In some cases, this may be mandated by regulatory requirements. For example, in hospitals, only registered pharmacists are allowed access to pharmacy areas; even the top executives of the hospital are not allowed to enter the pharmacy unless a pharmacist is present. However, keying locks off-master should be done sparingly, otherwise you may end up with a complicated and unwieldy key system.
  • The keying system should be designed to accommodate future growth. For example, if you are constructing one building in a campus that is expected to eventually have three buildings, the keying system should be designed with this in mind.

Using Keys in Conjunction With Electronic Access Control Systems

Doors that are equipped with card readers or other access control devices often have lock cylinders on them to allow them to also be opened with a key.

It is our recommendation that these lock cylinders not be keyed to any key that is routinely carried by employees, including master keys. Having the ability to open an access-controlled door with a key causes false door-forced-open alarms and defeats the accountability feature provided by the access control system.  (See related article Solving the False “Door-Forced-Open” Alarm Problem  )

We recommend that lock cylinders on access-controlled doors be keyed to a special “emergency key” that is used only in the event of system failure. These keys should be kept in a secure location and only issued in the event of an extended access control system failure.

Determining Who Gets Which Keys

Determining who has access to which areas in the facility is an important decision. Some security or facility managers feel pressure to give keys out to anyone who requests them, regardless of need. This is particularly true when the request is being made by a senior executive or manager.

We recommend the following:

  • Written policies and procedures for key issuance and management should be developed and approved by the company’s senior leadership. Once these policies and procedures have been approved, they should be consistently applied.
  • Keys should be issued strictly based on job responsibilities and not seen as a symbol of rank within the organization. Not every manager, director or vice president needs to have a grand master key.
  • Access privileges should be based on normal needs and not exceptions. For example, an employee may be assigned to the Accounting Department and work a majority of his time there, but once or twice per year, he may be called in to work in the Payroll Department. This employee should be assigned a key that works only in the Accounting Department. A key that works in the Payroll Department should be temporarily assigned to the employee only while he is working there and returned when he goes back to his regular job.
  • Many employees request keys that provide access beyond what they need on a daily basis just so that they can respond “in an emergency”. For example, a nighttime supervisor in the Manufacturing Department may claim he needs a master key for the Administrative Offices so that he can get in case of a fire or a water leak. Again, the rule should be to issue access privileges based only on routine needs, and have a procedure in place to allow special access in an emergency.

Key Authorization and Issuance Procedures

Good key authorization and issuance procedures are an essential part of any effective key management system. The following is recommended:

  • All requests for keys should be made on a written Key Authorization Form. Electronic forms may be used as an alternative provided that a reliable method is used to authenticate signatures. An example Key Authorization Form is shown below.
  • Key requests should always be submitted and approved by a second party. In most cases, this will be the employee’s supervisor or manager. An employee should never be able to request and approve a key for himself.
  • Keys that provide access to high-security or hazardous areas should have the approval of the manager that “owns” that area in addition to the employee’s supervisor. For example, a request for a maintenance employee to have access to a Lab area might require the approval of both the Maintenance Manager and the Lab Director.
  • Keys are always issued to individual people, not to departments or companies. For example, if all employees of the IT Department need access to a specific room, each employee should be individually assigned a key. It should never be acceptable for a department head to say “send me up five keys for my people” or to maintain a local stock of unassigned keys that he can hand out at his discretion.
  • All keys should be stamped with a unique key identifier and serial number. The serial number of each key issued to an employee should be recorded on the Key Authorization Form.
  • All employees should be required to personally sign for keys when they are issued.

 

Key Authorization Fom

Getting Keys Back from Employees When They Leave

The biggest key management problems that many organizations face involves getting keys back from employees when they leave the organization. Some typical problems include:

  • Employee quits or is terminated and fails to return keys at the time of their departure.
  • Employee fails to return to work and is terminated but keys are never retrieved.
  • Employee leaves company and turns keys in to departmental supervisor or manager. Keys are kept in department and never returned to person responsible for managing the key system.
  • Employee is promoted or transferred to another department or site and is issued keys for new job but fails to return keys from previous job.

Solving these problems requires close cooperation with your Human Resources (HR) Department. HR is normally involved in every employee resignation, termination or transfer and usually conducts an exit interview with employees on their last day of work. HR should have access to key records so that they know which keys have been issued to each employee. Retrieving the employees keys (as well as access card and other company-owned property) should be an integral part of the exit interview process. When HR receives returned keys, they should be forwarded to the person or department that manage the key system for the organization.

Reporting Lost or Stolen Keys

Employees should be encouraged to report lost or stolen keys immediately. Sometimes, an employee may misplace his or her key and not report it missing right away, thinking that the key may have been left at home or in another place. This can allow several days to transpire between the time a key is first missed and when it is reported lost.

Some organizations charge employees for replacement keys or even make employees pay for all or part of the expense of rekeying locks when a key is lost. In our opinion, this is a poor practice as it often discourages employees from reporting lost or stolen keys. We think it is better for an organization to know that a key has been compromised and bear the expense of rekeying rather than not to know about it at all.

Dealing With Exceptions

Procedures need to be in place to get keys to those who need them under special circumstances. Examples can include employees who temporarily need a key to an area other than their normal workplace, and contractors or service technicians who need keys to work on a specific project.

It is recommended that some type of secure key storage system be used. These can include wall-mounted key cabinets, file cabinets with hanging key files, and drawers used to store keys that have been sealed in small envelopes.

The key storage system should provide the ability to identify and locate each of the keys quickly, and to identify keys which are missing or have not been returned. A written key issuance log should be kept that tracks who each key has been issued to, who approved it, when the key was issued, when it is expected to be returned, and when it was actually returned.

Key Issuance Log

The key issuance log should be periodically audited to identify keys that are missing or which have not been returned at the agreed upon time. Audits should be conducted by the person managing the key system on at least a weekly basis. In addition, independent audits should be conducted by an outside party (such as the security manager) on at least a monthly basis.

To more effectively manage the key storage and issuance process, there are automated key cabinets available. These cabinets store and dispense keys and maintain an electronic record of which key has been issued to who and when. The cabinets also allow alerts to automatically be sent by email when a key isn’t returned as expected. Automated cabinets typically require the use of a numeric PIN code in order to remove or return a key. Some cabinets are also capable of using the employee’s proximity access card to operate the cabinet and remove a key.

Automatic key cabinets are fairly expensive and not right for everyone, but can be a good choice for larger organizations who sign in and out a large number of keys on a daily basis

Automated Key Cabinet

Emergency Access

Many fire departments now require that that keys to the building be kept in a fire department key boxes (often called “Knox Boxes”) located outside of the building. These key boxes are exclusively for the use of emergency responders and cannot be used by company employees. (See related article Security Vulnerabilities Created by Fire Department Key Boxes )

There are cases where employees may need emergency access into areas where they are not ordinarily allowed. If the facility has security officers on duty 24/7, emergency access to locked areas usually can be provided by the on-duty officer.

For facilities without 24/7 security, the best choice is to use an emergency key box. These key boxes are locked but have a breakable glass front. When emergency access to a key is needed, the glass is broken and the key inside removed. The emergency key box should be kept is an area that is secure but accessible to employees who may need to use it. A tamper switch connected to the building’s intrusion alarm or security management system should be provided so that an alarm signal is received anytime a key is removed from the emergency key box.

A written security report  should be required anytime that a security officer unlocks a door to provide emergency access or whenever an emergency key box is used.

Emergency Key Box

 

If you have questions about anything in this article, or need help in planning effective key management procedures for your organization, please Contact Us.

Bad Shear Locks

Jan 22

Posted by masilva in Access Control, Lock Hardware | No Comments

Electromagnetic “shear locks” are a popular choice of architects because the lock mechanism can be completely concealed with the door frame. Unfortunately, our experience with these types of locks has been almost entirely negative. First of all, the door must align perfectly in order for these locks to work. If the door doesn’t fully close and seat properly in the opening, the lock will not bond properly. It’s tough to get a door to align perfectly when its new, and nearly impossible to keep it aligned properly as the door ages.

Second, many of our clients have reported that electromagnetic shear locks are very noisy. When the door closes, the electromagnet in the door frame pulls the armature mounted at the top of the door against the lock. This metal on metal contact can make a loud “clunking” sound that many users find annoying. This noise can be particularly pronounced in places that have hard acoustical surfaces such as building lobbies.

We strongly urge our clients not to use electromagnetic shear locks. In several cases, these locks were installed during new construction but proved to be so unreliable that the building owner decided to replace them with frame mounted electromagnetic locks.  The shear locks were left in the door frame so that there wouldn’t be a need to install a filler plate. This creates a condition where there appears to be two locks on the door, even though the shear locks are no longer operational.

Here are a couple of actual examples of where frame mounted locks were used to replace shear locks:

Example #1:

Example #2:

 

Please Contact Us if you have any questions or need help in solving any type of security door hardware problem.

 

Use of LED Lighting for Security Purposes

Nov 19

Posted by masilva in Security Lighting | No Comments

Having good outdoor lighting is a critical element in providing effective security at your facility. Having good lighting can discourage crime, make it easier to identify criminals, and make your employees and guests feel safer and more secure.

History of Outdoor Lighting

Since the late 1800′s, a variety of different types of technology have been used to provide outdoor lighting. Initially, open arc lamps were used to provide outdoor lighting, but these were soon displaced by the incandescent lamp, which quickly became the standard for both indoor and outdoor lighting.

In the late 1940′s, mercury vapor light fixtures were introduced, and offered the advantages of increased brightness, energy efficiency, and relatively long lamp life. One downside of mercury vapor lamps was the bluish-green color of the light that they produced, which many people found unpleasant. Despite this disadvantage, mercury vapor lights became a popular choice for outdoor lighting and street lighting in the 1950′s and 1960′s.

In about 1970, high-pressure sodium light fixtures came into use. High-pressure sodium lamps are very energy-efficient and quickly replaced the mercury vapor lamp as the preferred choice for outdoor and street lighting. Initially, people were turned off by the orange-yellow glow produced by the high-pressure sodium lamp, but they gradually became accustomed to this type of light. Today, high-pressure sodium lamps are the most popular type of lamp used in outdoor lighting applications.

Despite their popularity, high-pressure sodium lamps are not the best choice for all outdoor applications. In particular, the orange-yellow glow produced by the high-pressure sodium lamp makes it unsuitable when there is a need to accurately identify or display colors. Objects viewed under high-pressure sodium lamps may appear to be different than their actual color; for example an object that is blue may appear to be purple. This is undesirable in some applications, such as at auto dealerships, where it is desirable to display vehicles in their actual colors, or in security applications, where it may be necessary to accurately identify the colors of clothing and vehicles.

To meet the need for an outdoor light source that properly displays colors, metal halide lamps started to be used in some exterior lighting applications starting in the early 1980′s. Metal halide lamps produce a true white light that allows colors to be properly displayed, overcoming this limitation of the high-pressure sodium lamp. Unfortunately, metal halide lamps cost more than high-pressure sodium lamps, are less energy efficient, and don’t have as long of an operating life. Because of these reasons, metal halide lamps have not widely displaced high-pressure sodium lamps and are generally only used where their benefits outweigh the increased costs.

Other types of light sources have been used in outdoor lighting over the years, including compact fluorescent, low pressure sodium, and several others, but none of these have become widely-used alternatives to the high-pressure sodium lamp.

A New Concept in Outdoor Lighting

Recently a new type of lighting known as “LED lighting” has been introduced. “LED” stands for light-emitting-diode, a semiconductor-based light source that creates light through a process known as “electroluminescence”. While most people think that LEDS are a new development, they have actually been around for more than fifty years. However, for most of these years, LEDs were only capable of producing a relatively small amount of light and their use was confined to things such as digital displays and indicator lights. Recent developments have created LEDS that are capable of producing much higher levels of light, allowing them to be used in general lighting applications in place of incandescent or other types of lamps.

The benefits of LED lighting are many and include:

  • Energy savings: LED lights allow a 60% to 90% reduction in the amount of energy used.
  • Long-life: LED lights can last up to 10 years or more.
  • Better color rendition: LED lights are available that produce near white light, allowing colors to be displayed accurately.
  • More directional: LED lights can be directed to the specific area where light is needed, avoiding “light pollution” in unwanted areas.
  • Instant-on capability: LED lights can be turned on and off instantly, making them suitable for use with motion detectors and in other security applications.
  • Ruggedness: LED lights are made of solid-state components and have no filament or glass envelope to break.
  • Friendly to the Environment: LED lights contain no toxic materials.
  • Controllable: LED lights can be dimmed and controlled for color.
  • Flexibility: LED lights are available in a variety of form factors, including wall mounted fixtures, pole mounted fixtures, bollard fixtures and strip lighting fixtures. LED lamps that are direct replacements for incandescent and other types of lamps are also available.

Almost all of the major lighting manufacturers see LED lighting as the wave of the future and are rushing to bring LED products to the market. GE, Phillips, and Osram Sylvania all have LED products available on the market today and plan to introduce many more in coming years. It is reported that some manufacturers have abandoned research on other types of lighting technology because they can’t see it competing with LED technology in the future.

Costs of LED Lighting

At the present time, the cost of LED lamps and fixtures can be four to ten times the cost of traditional lamps and fixtures. Despite the significant savings in energy and maintenance that can be achieved using LED lighting, it can take three to five years worth of savings to pay for the initial purchase price. This length of time often exceeds the “return-on-investment” (ROI) criteria used by many commercial businesses when deciding on whether or not to make a capital investment.

However, many local power companies want to encourage the use of energy-saving technologies such as LED lighting and may offer one-time rebates and/or a reduced rate per kilowatt hour if LED lighting is installed. Some organizations may also be eligible to receive grants from government agencies to fully or partially fund an upgrade to LED lighting. This can alter the economics of the investment decision and may help justify the purchase of LED lighting.

Should You Upgrade Your Security Lighting to LED?

It is the opinion of Silva Consultants that LED lighting will eventually become the preferred choice for all outdoor security lighting. However, we are hesitant to recommend that all facilities immediately upgrade to LED lighting at this time. It is our opinion that this emerging technology will only get better and cheaper over the next several years, and that those who can postpone making an upgrade at this time probably should. Often those who are “early adopters” of any technology come to regret it just a year or two later when the same or better products are available at half the cost.

We suggest the following:

  • If your facility has an immediate need to upgrade its lighting, go ahead and consider the use of LED light fixtures as an alternative to traditional high-pressure sodium or metal halide fixtures.
  • If you don’t have a need to immediately upgrade your lighting, take some time to research LED lighting but consider postponing your upgrade plans for a year or two.
  • If you want to take some “baby steps”, experiment by using LED lighting fixtures on a limited basis now. For example, try replacing some of your existing wall pack light fixtures with an equivalent LED wall-pack fixture, or buy some LED lamps as replacements for some of your incandescent lamps.

Have questions about the use of LED lighting for security purposes? If so, please Contact Us.

Also see related article: Evaluating Your Parking Lot Lighting

Understanding the Risks of Local Crime

Oct 10

Posted by masilva in Security Management | No Comments

The Need to Understand Local Crime Conditions

To properly manage security risks at your facility, you need to know what they are. Yet it is amazing just how many managers responsible for security are totally ignorant of the types of crimes occurring in their community or even within their own facilities.

Property owners who are sued by an employee, tenant or guest for “negligent security” often find out too late just how important having knowledge of local crime conditions is. Often the first thing the plaintiff’s attorney does is to obtain local crime data for the site where the alleged incident occurred in order to determine if the crime was “foreseeable”, and if so, was “reasonable care” taken on the part of the property owner to prevent the crime from occurring.

It looks very bad to the jury when the property owner’s representative on the witness stand is asked: “How many crimes of a similar type were committed in your neighborhood over the last three years?” or “What did you do to determine the degree of potential crime at your property?” and the witness cannot properly answer. If you don’t know the type and degree of crime at your site, how could you have possibly designed an effective security program to prevent it?

Aside from legal liability considerations, there are many practical reasons for accurately knowing local crime conditions. Most security budgets are tight and it makes sense to direct the money being spent to areas where it matters most. For example, if the threat of armed robbery is high at your site, money should probably be spent on preventing robberies before making security investments elsewhere.

Determining the Risks of Local Crime

There are many sources of data that can help the property owner to determine the risks of local crime. Most of these data sources are publically available at little or no charge; a few require the payment of a fee. Because no source of data is perfect, it is generally necessary to gather information from multiple sources in order to gather a complete picture of the crime risks at your location.

There are six primary sources of local crime data: internal incident reports, crime data provided by neighboring facilities, police crime statistic reports, police calls-for-service reports, commercial crime forecast reports, and custom crime analyses prepared by security consultants.

Internal Incident Reports

Many organizations have an internal security incident reporting system that gathers data about crimes and other security incidents occurring at their facilities. Employees report crimes and security incidents to a central source such as the security department, and this data is compiled on a periodic basis to produce reports that summarize the rate of reported crime at the facility. If well managed, an internal incident reporting system can produce a highly accurate picture of the rate of crime at any given facility.

If your organization does not have a good security incident reporting system in place, it should establish one immediately. (See related article: Security Incident Reporting System )

Crime Data Provided by Neighboring Facilities

The type and frequency of crimes occurring at neighboring facilities are very significant when attempting to determine the risk of crime at your facility. While some of this type of information may be obtainable through public sources such as police reports, it is best to get it directly from your neighbors when possible. This can be a delicate situation, as people often don’t want to share information about security problems with outsiders. These objections can usually be overcome when a mutually beneficial relationship with the neighbor has been established in advance.

We recommend that people who are responsible for security reach out to their counterparts at neighboring facilities. For example, if you operate a factory in an industrial park, you should contact the security and/or facility managers at each major business within a one-mile area surrounding your facility. Introduce yourself and explain that you want to establish an informal network for sharing information about security problems occurring within the neighborhood. Some businesses actually form a “crime watch” group and have regular meetings; others just get together for coffee occasionally to discuss areas of mutual concern.

Once your information sharing “network” has been established, you should proactively reach out to neighbors to get periodic updates on what types of security problems that they have been experiencing. You should consider this information to be an important indicator of the types of crimes that could occur at your facility, and make corresponding adjustments to your security program as needed.

Police Crime Statistics Reports

Police departments and other local law enforcement agencies maintain some type of crime reporting system and typically provide crime statistics reports on at least an annual basis. Although agencies are encouraged to use the Uniform Crime Reporting (UCR) Program and National Incident-Based Reporting System (NIBRS) established by the FBI, participation is voluntary. As a result, there is vast inconsistency in the type and quality of police crime statistics available as you go from city to city throughout the United States.

In general, each city or county will be divided up into multiple geographical areas, which may be called “zones”, “sectors”, or “precincts”. Each of these areas may be further sub-divided into “beats” or “districts”. These areas sometimes correspond with US Census Bureau Census Tracts.

Crimes are usually categorized by type and whether they are “violent” or “non-violent”. Some police agencies provide detailed breakdowns of each type of crime, others summarize crimes in a more general way.

Periodically, the police agency may produce an updated Crime Statistics Report. This is usually done at least annually, but some better agencies also produce reports on a quarterly or even monthly basis. An example of a typical Crime Statistics Report is shown below.

Police crime statistics can be a useful tool in determining the level of security risk at your site, but are not perfect. Often, the geographical areas used in police crime statistics reports may be too large to accurately indicate crime conditions at your specific site. For a example, if the “beat” in which your facility is located is five square miles in size, it is unlikely that crime is evenly distributed throughout this geographic area. There may be one or more “hotspots” within this area that are responsible for generating a large percentage of the reported crime.

Police crime statistics are best used to provide a general awareness about crime occurring in your city and neighborhood and to establish whether crime has increased or decreased within recent years. By obtaining several years worth of reports, and comparing them year to year, it may be possible to establish a trend as to which types of crimes are on their way up and which types are on their way down.

Police Calls-for-Service Reports

Almost every local law enforcement agency today uses some form of computerized dispatch system. These systems keep track of every call made to 911, and log the time the call was received, the location, the nature of the incident, the officers who were sent to call, and the final disposition. Using the computerized dispatch system, it is possible to create a report of every call made to the police concerning any given address in the city. These reports are known as “Calls-for-Service” reports.

Calls-for-Service reports often can be obtained from the law enforcement agency for free or for a small charge. In some jurisdictions, a report can simply be requested by telephone or email, in other jurisdictions, a formal request must be filed using Freedom of Information Act procedures.

Reports are requested by providing the address of the facility and the time period for which the information is needed. For example, one might request all calls-for-service information for the address 101 Main Street for the years 2010, 2011 and 2012. In some cases, requests can be made for a range of street addresses (100 block of Main Street through 1200 block of Main Street) rather than just for a single address.

Once obtained, the Calls-for-Service report will provide a listing of incidents at the location by date, including type of incident (theft, vandalism, etc.) and disposition (arrest made, report taken, false alarm, etc.) An example of a Calls-for Service report is shown below.

It is important to note that most Calls-for-Service reports are not written to be used by the average consumer. They are cryptic in nature and provide raw data that may include numerous codes and abbreviations. You will need to get explanations of each type of code in order for the data to be meaningful, and will need patience in attempting to make sense of the report. Also, there are generally no summaries or recaps provided in the report, you will need to do this yourself to get statistics that can be properly analyzed.

While Calls-for-Service reports can be difficult to obtain and hard to use, they are one of the best sources of crime data available as they provide actual information about reported crime at any given location.

Commercial Crime Forecast Reports

There are commercial service providers who sell Crime Forecast Reports that specifically rate the risk of crime at any given address. These reports are created using a computer model that evaluates police crime statistics as well as many other factors including population data, economic data, housing data, and other socioeconomic conditions. One popular provider of Crime Forecast Reports is CAP Index.

Commercial Crime Forecast reports can be purchased online. To obtain a report, you simply type in the address of the facility and within minutes a customized report is available for download. This report provides numeric scores for each type of crime including homicide, rape, robbery, assault, burglary, larceny, and car theft. Separate scores are provided that compare crimes on a county, state and national level. Scores for previous years as well as projected scores for future years are provided that allow you to establish whether crime is on the upswing or downswing. A map is typically provided with the report that shows crime scores at the site as well as in the surrounding neighborhoods.

The advantage of Commercial Crime Forecast reports is that they are quick and easy to obtain, and that they allow rapid apple-to-apples comparison of crime rates between sites. For example, if you own a chain of 30 fast-food restaurants in different cities, you can obtain Commercial Crime Forecast reports for each one, allowing you to quickly identify locations that have higher than average crime scores. Trying to do this through other means (such as by using police crime statistics reports ) is nearly impossible because of the inconsistency in the ways in which different police departments provide crime data. Because of this, Commercial Crime Forecast reports are widely used by many large corporations who operate facilities in multiple locations throughout the county.

Despite the popularity of Commercial Crime Forecast reports, some security professionals are skeptical of their accuracy. These professionals claim that the computer algorithms and methodology used to create the crime forecast scores are proprietary and have not been subject to any type of peer review. Further, many security professionals are opposed to the use of any type of socioeconomic data in crime forecasting as they feel that it is inaccurate and possibly discriminatory.

Custom Crime Analyses

Because of the complexities of determining the risks of local crime, some property owners choose to hire a security professional to conduct a custom crime analysis for their facility. This can be done as a part of a complete Security Assessment for the facility by a physical security consultant, or can be done as a separate engagement by a consultant who specializes in crime analysis.

The consultant will typically gather data from sources such as incident reports, crime statistics, and calls-for-service reports and compile it into a usable format. The data can then be analyzed and presented to the property owner in a meaningful way. Most consultants who specialize in this work have spreadsheets or computer programs that simplify the data gathering and analysis process.

While probably the most expensive method of obtaining crime data, custom crime analyses are generally the most accurate. They should be used when contemplating major investments in security improvements or when legal litigation is a possibility.

Other Sources of Crime Data

There are several other sources of crime data that may be available at your location:

  • Many police departments now provide online crime maps that provide real-time information on reported crimes occurring within their jurisdiction. Be careful; there are some commercial providers that offer crime maps that are inaccurate or provide incomplete information.
  • Some jurisdictions provide a mapping service that includes the locations of the homes of registered sex offenders. While not applicable to all situations, this information can be useful to know when planning security for some types of facilities.
  • Some police departments now offer real-time Twitter feeds that provide notification when certain types of crimes are reported in the community. If your police department doesn’t offer this service, consider using Google Alerts to create your own notifications when local crimes occur in your community.

If you have questions about how to determine the risks of local crime, or need help in assessing your security risks and in planning your security program, please Contact Us.

 

Top 15 Problems Found During a Security Assessment

Sep 4

Posted by masilva in Security Management | No Comments

Over the past 25 years, Silva Consultants has conducted more than 350 physical security assessments for a wide variety of different types of clients. While each project is unique, certain problems seem to come up time and time again. The following is a list of the top fifteen problems that we have found when conducting physical security assessments for our corporate clients. Check this list to see of any of these problems may exist at your company:

  • There is no real support for the company’s security program from senior management. Members of the leadership team fail to follow security procedures themselves, setting a bad example for the rest of the company’s employees.
  • Employees don’t receive formal security awareness training and lack knowledge of the company’s security policies and procedures. Employees have not been properly trained on how to deal with events such as workplace violence.
  • Employees fail to take basic precautions to protect company-owned and personally-owned assets. Offices, desks and workstations are frequently left unlocked; high-value items such as laptop computers, purses and backpacks are left unsecured.
  • There is poor supervision of the contract security guard service used at the company. Too much reliance is placed on the contract security agency to properly supervise its own security guards, with little of no oversight provided by the client who hired them.
  • There are poor visitor control procedures: visitors aren’t required to verify their identity, some types of visitors come through back entrances and don’t sign in, visitors are not properly escorted in and out by employees, many visitors fail to sign out when they leave.
  • There is poor compliance with the company’s identification badge wearing policy; many employees and vendors don’t wear their badges, badges are worn in the wrong location or hidden, pictures on badges are outdated and unrecognizable.
  • There are gaps in security background check procedures; while procedures for regular employees may be good, there is improper reliance on vendors and contractors to background check their own employees; some types of contract employees may go unscreened.
  • There is poor control of keys issued to employees: no justification for who gets issued which keys, no good record of who has been issued keys or when, no procedures for dealing with lost or missing keys, no assurance that keys are turned in when an employee leaves the company.
  • There is no good system in place to track thefts, losses and other security incidents: many incidents go unreported, there is no follow-up on incidents, and a quarterly or annual report that summarizes incidents is not prepared or analyzed.
  • There are poor procedures for handling confidential information: sensitive documents are found left lying in unsecured areas, confidential file cabinets have inadequate locks, confidential information is placed in regular trash or recycle containers rather than shredded.
  • Doors at building entrances and at secured interior areas don’t close properly or are left unlocked or propped open by employees.
  • There is poor control of shipping/receiving/loading dock areas: doors are left open while unattended, valuable merchandise is left unsecured on the dock, and delivery drivers allowed to wander into secured areas.
  • Employees managing and monitoring the company’s electronic security systems don’t really know how to use them. Only a small fraction of the security systems capabilities are being used.
  • Electronic security systems are not thoroughly tested on a regularly scheduled basis.
  • There is inadequate lighting in the company’s exterior parking areas and along the exterior pathways to the building.

If you need Security Assessments conducted for any of your facilities, or need help in solving any of the problems listed above, please Contact Us.

The Receptionist’s Role in Security

Jul 27

Posted by masilva in Security Procedures | No Comments

Most companies and organizations have a receptionist at their front desk or main building lobby. Duties of the receptionist typically include greeting visitors, answering the telephones, and the handling of incoming mail. At some companies, the receptionist may perform other duties such as filing, the scheduling of conference rooms, managing employee schedules and other clerical functions.

In addition to their other duties, receptionists also play a critical role in the building’s overall security program. Receptionists are often given the task of signing in visitors, issuing visitor badges, controlling access in and out of the building, and observing suspicious activity. This is particularly true at buildings where no security officers are provided and the receptionist serves as the first (and sometimes only) line of defense against unwanted guests and intruders.

Because of the crucial role that they play in security, it is important that tools be given to receptionists to allow them to effectively perform their security duties. Here are some suggestions:

  • The receptionist’s security responsibilities should be formally defined and included in the receptionist’s job description. When both a receptionist and a security officer are assigned to work in the lobby, the specific roles and responsibilities of each should be clearly defined.
  • People who are assigned to be a receptionist should have the personality and aptitude necessary to perform this job. Receptionists should have a cheerful and outgoing personality, enjoy working with people, and have the ability to deal with conflict when necessary. Many people who are excellent at doing other types of clerical work may be unqualified to work as a receptionist or be uncomfortable when performing this role.
  • Receptionists should receive formal security training that includes guidelines for spotting suspicious behavior and techniques to verbally de-escalate potentially dangerous situations.
  • The building lobby should be designed in such a way that the receptionist is not the only thing that stands in the way of an intruder entering the building. A well-designed lobby can greatly increase the effectiveness of the receptionist and greatly improve building security. (See Designing Lobbies for Good Security).
  • The receptionist’s primary job should be to greet visitors. If the volume of visitor traffic is relatively low, the receptionist can be assigned other duties, but these duties should be of a type that can be stopped immediately when a visitor arrives. Duties assigned to the receptionist should not require the receptionist to leave the lobby area.
  • It is common practice for the receptionist to also serve as a telephone operator and to answer the organization’s main telephone line. We discourage this practice because the telephone operator role can be a time consuming job during certain periods of the day, and because the receptionist cannot immediately stop talking on the phone when a visitor arrives. We also think that it is unwise to give everyone sitting in the lobby the opportunity to overhear incoming telephone calls.
  • Good visitor control procedures should be established and communicated to all employees. To automate the visitor sign-in process, consider the use of an electronic visitor management system. (See Introduction to Electronic Visitor Management Systems).
  • We highly recommend that all incoming deliveries and packages be received at the mailroom or shipping/receiving department, not at the receptionist’s desk. If this is not possible, receptionists should receive training on the spotting and handling of suspicious packages, and a separate storage area for packages should be provided near the receptionist’s desk.
  • The receptionist’s desk should include a panic alarm system that allows help to be summoned quickly in the event of an emergency. (See Introduction to Panic Alarms).

 

If you have questions, or need more information about the role of the receptionist in security, please Contact Us

Designing Lobbies for Good Security

Jun 10

Posted by masilva in Physical Security, Security Design | No Comments

The lobby is the primary point where visitors and other members of the public enter your facility. As such, it is one of the most critical areas to design properly from a security standpoint. Having a poorly designed lobby makes it difficult to properly control access into the building, requiring that additional security measures be provided at the interior of the building. A poorly designed lobby can also increase operational costs by requiring that additional staff be provided to overcome the security weaknesses created by the lobby.

Many lobbies are designed primarily with aesthetics and convenience in mind, with little or no thought given to security. Often times this is because the architect and owner lacked an understanding of basic security concepts, or failed to consider security at all during the architectural planning process.

It is our opinion that a lobby can be designed to look good while at the same time providing excellent security. Within this article, we will provide some guidelines that can help you to successfully plan your building lobby.

Basic Concepts

Before getting into specifics, let’s talk about some basic concepts when designing a lobby for good security.

At the exterior of the building, you typically have an unsecured, public area, such as a public street or parking lot. Usually, any member of the general public can freely enter this area without permission. We refer to this area as the “Public Zone”. On the interior of the building, you typically have a secured private area, which may contain offices, production facilities, and other spaces related to your business. Usually only employees and invited guests may enter this area. We refer to this area as the “Private Zone”.

The building lobby acts as a “portal” or “conduit” between the Public Zone and the Private Zone. The lobby also provides an area where members of the public can transact business with the company without entering the Private Zone. Because of this, we refer to the lobby area as the “Semi-Public Zone”. One security layer exists at the point between the Public Zone and the Semi-Public Zone, and a second security layer exists at the point between the Semi-Public Zone and the Private Zone. This concept is illustrated in the drawing below. (To learn more about security layers, see Concentric Circles of Protection.)

During normal working hours, the exterior doors of the lobby are typically left unlocked. This allows people to enter the lobby (Semi-Public Zone) to interact with the receptionist. In cases where the person has legitimate business with the company, he or she will be signed-in as a visitor, and allowed to proceed into the Private Zone. Depending on company policy, the visitor may or may not need to be escorted by an employee while in the Private Zone.

If a person arrives, but does not have legitimate business with the company, he or she will be turned away by the receptionist and denied access to the Private Zone.  Physical barriers should be provided should be provided that prevent people from passing between the Semi-Public Zone and Private Zone without permission. These barriers should be designed in such a way that they make it difficult for an unwanted guest to force his way past the receptionist or to sneak past the receptionist unnoticed.

In cases where the lobby is also used as an entrance by employees, a system needs to be provided that allows authorized employees to pass through the barrier into the Private Zone, while at the same time keeping unauthorized people out.

Problems in Lobby Design

While the basic concepts for lobby security are simple, many problems can occur that prevent these concepts from being successfully implemented in an actual building. The drawing below shows some common security weaknesses that often exist in commercial building lobbies.

 

1

 There is no physical barrier between the Semi-Public Zone and the Private Zone. There is complete reliance on the receptionist to control access into the building and to prevent an intruder from entering.

2

 The receptionist is facing perpendicular to the flow of traffic, making it difficult to observe who is entering the building. Because of its location, visitors are not intuitively drawn to the receptionist’s desk.

3

 An entrance to a 2nd Floor stairway is located ahead of the receptionist’s desk. Intruders can use the stairs to gain access to the Private Zone on the floor above without checking in with the receptionist. 

4

 The building elevators are located ahead of the receptionist’s desk. Intruders can enter the elevators to gain access to the Private Zones on upper floors without checking in with the receptionist. 

5

 A door to a private office is located ahead of the receptionist’s desk. Intruders can sneak through the office to gain access to the Private Zone without checking in with the receptionist. 

6

 Restrooms are located in the Private Zone. This requires that delivery drivers and waiting guests enter the Private Zone in order to use the restroom. 

7

 A frequently-used customer service counter is located in the Private Zone. Customers who wish to visit the service counter must be signed in as visitors, creating considerable additional work for the receptionist

 

Example of Well-Designed Lobby

The drawing below shows an example of a lobby that has been well-designed from a security standpoint.

 

1

 A barrier wall has been provided that provides physical separation between the Semi-Public Zone and the Private Zone. 

2

 A card reader controlled door has been provided to control access between the Semi-Public Zone and the Private Zone. (This could also be a card reader controlled gate, revolving door, or turnstile.) 

3

 The receptionist’s desk is facing towards the lobby allowing incoming traffic to be observed. Because of its location, visitors are intuitively drawn to the receptionist’s desk. 

4

 The building elevators are located behind the barrier wall in the Private Zone 

5

 The stairs to the 2nd Floor are located behind the barrier wall in the Private Zone.. 

6

 A small restroom has been provided for visitors in the Semi-Public Zone, eliminating the need for them to enter the Private Zone in order to use a restroom. 

7

 A small conference room has been provided in the Semi-Public Zone. This permits employees to come to the lobby to have short meetings with guests without requiring that the guest sign-in as a visitor or enter the Private Zone. 

8

 A customer service counter has been provided in the Semi-Public Zone. This permits customers to be served without requiring that they sign-in as visitors or enter the Private Zone.

 

Additional Suggestions for Lobby Security

  • When possible, the lobby should not be used as a primary employee entrance point. If practical, provide a separate entrance point for employees and discourage them from entering through the lobby. Reducing traffic through the lobby makes it easier for the receptionist to observe activity and reduces the chances of an intruder “tailgating” in behind an employee.
  • The receptionist’s primary duty should be to manage the lobby and to greet incoming guests. Don’t give the receptionist other duties that distract from this primary function or prevent continuous observation of the building lobby..
  • If at all possible, deliveries should be routed to the loading dock or mailroom and not be received at the receptionist’s desk.

If you have questions about any of the information presented in this article, or need help in designing a new lobby or fixing an existing one, please Contact Us .