Silva Consultant's Blog

Archive for category Security Design

Designing Lobbies for Good Security

Jun 10

Posted by masilva in Physical Security, Security Design | No Comments

The lobby is the primary point where visitors and other members of the public enter your facility. As such, it is one of the most critical areas to design properly from a security standpoint. Having a poorly designed lobby makes it difficult to properly control access into the building, requiring that additional security measures be provided at the interior of the building. A poorly designed lobby can also increase operational costs by requiring that additional staff be provided to overcome the security weaknesses created by the lobby.

Many lobbies are designed primarily with aesthetics and convenience in mind, with little or no thought given to security. Often times this is because the architect and owner lacked an understanding of basic security concepts, or failed to consider security at all during the architectural planning process.

It is our opinion that a lobby can be designed to look good while at the same time providing excellent security. Within this article, we will provide some guidelines that can help you to successfully plan your building lobby.

Basic Concepts

Before getting into specifics, let’s talk about some basic concepts when designing a lobby for good security.

At the exterior of the building, you typically have an unsecured, public area, such as a public street or parking lot. Usually, any member of the general public can freely enter this area without permission. We refer to this area as the “Public Zone”. On the interior of the building, you typically have a secured private area, which may contain offices, production facilities, and other spaces related to your business. Usually only employees and invited guests may enter this area. We refer to this area as the “Private Zone”.

The building lobby acts as a “portal” or “conduit” between the Public Zone and the Private Zone. The lobby also provides an area where members of the public can transact business with the company without entering the Private Zone. Because of this, we refer to the lobby area as the “Semi-Public Zone”. One security layer exists at the point between the Public Zone and the Semi-Public Zone, and a second security layer exists at the point between the Semi-Public Zone and the Private Zone. This concept is illustrated in the drawing below. (To learn more about security layers, see Concentric Circles of Protection.)

During normal working hours, the exterior doors of the lobby are typically left unlocked. This allows people to enter the lobby (Semi-Public Zone) to interact with the receptionist. In cases where the person has legitimate business with the company, he or she will be signed-in as a visitor, and allowed to proceed into the Private Zone. Depending on company policy, the visitor may or may not need to be escorted by an employee while in the Private Zone.

If a person arrives, but does not have legitimate business with the company, he or she will be turned away by the receptionist and denied access to the Private Zone.  Physical barriers should be provided should be provided that prevent people from passing between the Semi-Public Zone and Private Zone without permission. These barriers should be designed in such a way that they make it difficult for an unwanted guest to force his way past the receptionist or to sneak past the receptionist unnoticed.

In cases where the lobby is also used as an entrance by employees, a system needs to be provided that allows authorized employees to pass through the barrier into the Private Zone, while at the same time keeping unauthorized people out.

Problems in Lobby Design

While the basic concepts for lobby security are simple, many problems can occur that prevent these concepts from being successfully implemented in an actual building. The drawing below shows some common security weaknesses that often exist in commercial building lobbies.

 

1

 There is no physical barrier between the Semi-Public Zone and the Private Zone. There is complete reliance on the receptionist to control access into the building and to prevent an intruder from entering.

2

 The receptionist is facing perpendicular to the flow of traffic, making it difficult to observe who is entering the building. Because of its location, visitors are not intuitively drawn to the receptionist’s desk.

3

 An entrance to a 2nd Floor stairway is located ahead of the receptionist’s desk. Intruders can use the stairs to gain access to the Private Zone on the floor above without checking in with the receptionist. 

4

 The building elevators are located ahead of the receptionist’s desk. Intruders can enter the elevators to gain access to the Private Zones on upper floors without checking in with the receptionist. 

5

 A door to a private office is located ahead of the receptionist’s desk. Intruders can sneak through the office to gain access to the Private Zone without checking in with the receptionist. 

6

 Restrooms are located in the Private Zone. This requires that delivery drivers and waiting guests enter the Private Zone in order to use the restroom. 

7

 A frequently-used customer service counter is located in the Private Zone. Customers who wish to visit the service counter must be signed in as visitors, creating considerable additional work for the receptionist

 

Example of Well-Designed Lobby

The drawing below shows an example of a lobby that has been well-designed from a security standpoint.

 

1

 A barrier wall has been provided that provides physical separation between the Semi-Public Zone and the Private Zone. 

2

 A card reader controlled door has been provided to control access between the Semi-Public Zone and the Private Zone. (This could also be a card reader controlled gate, revolving door, or turnstile.) 

3

 The receptionist’s desk is facing towards the lobby allowing incoming traffic to be observed. Because of its location, visitors are intuitively drawn to the receptionist’s desk. 

4

 The building elevators are located behind the barrier wall in the Private Zone 

5

 The stairs to the 2nd Floor are located behind the barrier wall in the Private Zone.. 

6

 A small restroom has been provided for visitors in the Semi-Public Zone, eliminating the need for them to enter the Private Zone in order to use a restroom. 

7

 A small conference room has been provided in the Semi-Public Zone. This permits employees to come to the lobby to have short meetings with guests without requiring that the guest sign-in as a visitor or enter the Private Zone. 

8

 A customer service counter has been provided in the Semi-Public Zone. This permits customers to be served without requiring that they sign-in as visitors or enter the Private Zone.

 

Additional Suggestions for Lobby Security

  • When possible, the lobby should not be used as a primary employee entrance point. If practical, provide a separate entrance point for employees and discourage them from entering through the lobby. Reducing traffic through the lobby makes it easier for the receptionist to observe activity and reduces the chances of an intruder “tailgating” in behind an employee.
  • The receptionist’s primary duty should be to manage the lobby and to greet incoming guests. Don’t give the receptionist other duties that distract from this primary function or prevent continuous observation of the building lobby..
  • If at all possible, deliveries should be routed to the loading dock or mailroom and not be received at the receptionist’s desk.

If you have questions about any of the information presented in this article, or need help in designing a new lobby or fixing an existing one, please Contact Us .

Ten Dumb Things That Architects Do

May 3

Posted by masilva in Security Design | No Comments

We have been working with architects for over 25 years and love them. Most architects are creative, hardworking professionals that have the best interests of their clients at heart. But unfortunately, most architects have received little or no training on security, and often don’t give proper consideration to security issues when designing a new building. Sometimes, what is necessary for good security is in conflict with the artistic vision that the architect has for the building, and he or she chooses to ignore security considerations unless otherwise prodded by the building owner.

Here are ten dumb things (from a security perspective) that architects do: 

#1 – Architect Doesn’t Consider the “Big Picture” When Designing Security for the Building

When many architects think of security, they think of electronic security systems, such as access control or closed-circuit television systems, and often don’t consider the broader implications that the design and layout of the building can have on security.

Security is much more than just electronic security systems. Almost every aspect of the building design can have an impact on physical security. Site layout; the locations of entrances, stairways, and elevators; the design of the lobby; and the physical separation of functions within a building all have a direct and lasting effect on how well a building can be secured. Many elements of building construction, including doors, windows, lock hardware, landscaping, and lighting can either make security better or make security worse depending on how they are designed. 

Mistakes made during the design process are often difficult or impossible to correct once the building is constructed. Poorly designed buildings increase security risks, and can make operating the security program on an ongoing basis much more expensive than necessary.

  #2 – Architect Doesn’t Consider Security Early Enough in the Design Process

Often, the first time that the subject of security comes up is late in the design process, when the architect starts asking the owner, “OK, where do we put the cameras and card readers?” (related to #1 above).

Sometimes, a security consultant is brought in once the owner starts finally thinking about how the building will be operated, but this is often at the stage when construction documents are just being finalized. At this point, there is a strong reluctance to alter the design in any significant way, and it may be costly to make the changes necessary to provide good security.

#3 – Architect Relies on Electrical Engineer or Security Systems Vendor for Security Design Expertise

Because many architects think security is electronic security systems (related to #1 above), they often rely on security system vendors or the project electrical engineer for security design advice. While these individuals can do a good job of designing the security systems once the owner’s requirements are known, they generally lack the expertise necessary to conduct a risk assessment and develop a comprehensive security program for the facility, of which electronic security systems are only a small part.

#4 – Architect Relies Exclusively on Owner for Guidance

Many architects look to the owner to tell them exactly how the building should be designed from a security standpoint and what types of security systems should be used.

It is rare that an owner actually has the level of security expertise necessary to do this. Being a user of security systems doesn’t make someone qualified to design the physical security of a new building. Often, the owner will simply tell the architect to “do what we are doing at our present building”, regardless of whether or not this makes sense for the new building.

It is interesting that an architect wouldn’t dream of designing the structural, mechanical, or electrical systems in the building based solely on input from the owner, yet frequently designs the physical security of the building doing only what the owner has told him to do.

#5 – Architect Provides Inadequate Physical Separation Between Public and Non-Public Facilities

Private office buildings often contain facilities within them that are intended for use by the general public. This can include restaurants, public parking garages, observation decks, and meeting rooms made available for use by outside parties.

The separation of public and non-public areas is essential in providing good security, yet many architects fail to fully consider this during the design of the building. Common mistakes include:

  • Placing public facilities well within the secured building area, requiring that public users pass through secure areas in order to reach their destination. An example would be a public meeting room that was located within the Finance Department on an upper floor. This would require that public users pass through the Finance Department on their way to the meeting room.
  • Designs that require that public users have access to elevators or stairways that also provide access to non-public areas.
  • Placing amenities such as restrooms within secured areas and allowing public users to have access to these facilities.
  • Having parking garages where there is no physical separation between public parking areas and employee parking areas.
  • Having common shipping and receiving or trash disposal facilities that give non-employees access to critical areas. An example would be a trash compactor located within a shipping/receiving area that needed to be used by caterers providing food for an after-hours event in a public meeting room.
  • Failing to consider the different operating hours of public facilities. For example, a restaurant may open earlier or close later than the main building. This can cause complications when using shared lobbies, elevators, or parking garages. 

#6 – Architect Provides Inadequate Physical Separation Between Floors or Departments

Many buildings are designed using an “open-office” concept, where the floors are largely open, and there are few if any walls that subdivide the floors. In multi-story buildings, the architectural design often calls for open staircases that provide free access between some or all of the floors.

While there are many benefits to an “open” architectural design, it greatly complicates security. An intruder who gains access to one area has complete access to all areas. It is difficult or impossible to do a “lock-down” of the facility in order to minimize damage that can be caused by an armed or violent intruder. A dishonest employee who decides to steal property or information from the company now has access to not only the department in which he works, but to the entire company.

#7 – Architect Fails to Consider Conflicts Between Egress Requirements and Security Requirements

Building and life safety codes require a means of emergency egress out of every area of the building. Often, at least two points of emergency egress are required out of any given area. This can create conflicts when the path of egress requires passage through a secured area.

For example, a public meeting room may be located directly adjacent to the Information Technology (IT) Department. The emergency exit stair for the floor is located within the IT Department, requiring that public users pass through a door between the meeting room and the IT Department in order to gain access to the stair. This prevents the door from being locked, and requires the use of a “work-around” such as an exit alarm or delayed-egress device.

#8 – Architect Provides Too Many Building Entrance Points

Buildings are often designed with way too many points of entrance. Sometimes this is done for perceived employee convenience, or because a door is required for emergency exit and the architect decides to make this door a point of entrance as well. Sometimes, additional points of entrance are provided in an attempt to resolve a poorly designed internal circulation system.

Having too many entrance points increase security risks and makes it difficult to properly control access in and out of the building. Having out-of-the-way employee entrances can cause an increased number of security violations (tailgating, door propped open, etc.) and place employees at risk. Having unnecessary entrance points increases initial security system costs as well as the costs for ongoing maintenance. Each unneeded entrance door is an additional point of potential failure in the building’s security system

#9 – Architect Relies Exclusively on Elevators to Provide Security

Multi-story buildings are sometimes designed where the elevators provide direct access to an open floor area. Often, the point on the floor where the elevator lands is unattended, allowing anyone who steps off of the elevator to have free access to the entire floor.

To provide “security” for the floor, the architect specifies card readers for the elevator, requiring that employees use their access card in order to get to the floor. This arrangement fails to consider the ease in which an intruder can gain access by following an employee on or off the elevator; or by simply walking into the elevator and riding it until it reaches the desired floor.  

#10 – Architect Specifies Doors or Locks that Look Good But Work Poorly

Architects often want to give a distinctive look to their buildings and often choose to use specialized or customized doors and/or lock hardware to achieve this goal. Unfortunately, most doors and hardware that fall into this category provide poor security and cause long-term maintenance headaches for the owner.

Examples of problematic types of doors and hardware include:

  • “All-glass” doors.
  • Doors over eight-feet tall.
  • Automatic sliding doors (unless specifically designed for security use).
  • Accordion doors (such as used for fire separation or as movable partitions).
  • Pocket doors.
  • Doors or lock hardware that are custom-made for a specific project, or are principally used in a foreign country.
  • Electric bolts and electromagnetic shear locks.
  • Any type of floor-mounted electric locking device.

 

A good security consultant can keep architects from unintentionally doing things that compromise security. Smart architects include a security consultant on their design team, and smart owners insist that they do so.

Common Mistakes in Security System Design

May 3

Posted by masilva in Security Design, Security Systems | No Comments

Silva Consultants has designed hundreds of integrated electronic security systems. While we always strive for perfection, we would be less than honest if we said that mistakes have never been made. Here is a list of some common mistakes in security system design that we have seen during more than twenty years that we have been in business. Hopefully, you can avoid making these mistakes in the systems that you design:

#1 – Security System Designed In Response To Recent Crisis

A recent crisis (such as a major theft or a death threat made on a manager) causes the client to overreact and to install a much more elaborate security system than previously existed at the facility. The system designed is “overkill” in relation to the client’s long-term security requirements. Once senior management’s memory of the recent security incident begins to fade, it becomes apparent that the security measures in place are excessive. Shortly thereafter, the company decides that the newly-installed security systems are more trouble than they are worth, and the company discontinues use of the systems.

#2 – Security System Designed Without Supporting Human Resources In Place

This most commonly occurs on new construction projects. A sophisticated integrated security system is designed for a new facility. The security system requires 24 hour a day monitoring at the control room, one or more roving security officers to respond to alarms, and one or more administrative level employees to manage the system and to issue access cards. The problem? The company has not budgeted for the people who will be required to operate and manage the new security systems. Senior management is trying to reduce head count, not increase it. The company moves into the facility, and responsibility for the new security systems is assigned to someone who does not have the resources to properly operate them. The company soon becomes dissatisfied with the security systems and stops using them in the way that they were designed.

#3 – Security Systems Designed With Too Little Capacity

Security systems are designed with just enough capacity to handle current needs. The facility has 62 card readers, so an access control system with a 64 card reader capacity was selected. The initial requirements called for the installation of 30 cameras, therefore a matrix switcher with a capacity for 32 cameras was chosen. Shortly after the facility opens, there is a need to install ten additional cameras and six additional card readers. There is no money available to replace the head-end access control and CCTV equipment, so a make-shift arrangement of duplicate equipment is installed. Operation of the systems is complicated and confusing.

#4 – Security Systems Designed With Too Much Capacity

An access control system is designed for the headquarters of a major corporation. There is an immediate need for 28 card readers at the corporate headquarters building. The security manager thinks that “someday in the future” he may want the corporate headquarters system to also control card readers at the company’s 120 branch offices, although there are no current plans or funding to do so. Instead of using a medium-sized system that meets present needs and costs $7,000, the security manager specifies a top-of-the-line “enterprise” security management system with a capacity for 1024 card readers and 32 client workstations. The specified system costs over $90,000 to install, and is much more complicated than the present facility needs. Ongoing costs for software support and upgrades are also much higher than necessary. One year later, the manufacturer of the system announces that they are discontinuing support of this “legacy” product in favor of their new software platform. The system is never expanded beyond its initial capacity, and is eventually replaced with a smaller, much less expensive system.

#5 – Security Systems Too Complicated For User

A sophisticated electronic security system is designed and installed. The system integrates CCTV, intercom, access control, and alarm monitoring. The consultant has specified an elaborate sequence of events that will occur anytime that an alarm takes place. Unfortunately, the user of the system (a non-technical person), never fully grasps the consultant’s intentions. As a result, much of the security equipment that has been installed is underutilized, and the user often asks: “I wonder what the purpose of this equipment is?”.

#6 – Security System Designed Too Specifically Around One Person

In most cases, a security manager will have his or her own ideas about the way a security system should be designed. In some cases, a security system will be designed that is highly-customized according to the wishes of one individual. This system design may not meet the needs of the organization as a whole. When this person leaves, the people assuming responsibility for the security systems may not understand or appreciate the way that the security systems were designed. As a result, the systems often fall into disuse when the person who originally conceived them leaves the company.

The Conclusion

There is no substitute for a comprehensive evaluation of the company’s long-term security objectives before beginning the design of any security system. A clear statement of what the security systems are intended to accomplish should be written and approved by the management team before any design activity begins. System design should be based on the long-term needs of the company and not in response to any immediate crisis or the whims of any individual. Security systems have an initial cost as well as ongoing operating and maintenance costs. Senior management must fully understand all costs involved before approving the start of any security systems project.