Have a comprehensive facility security plan? Download our free security checklist

The tragedy at the YouTube headquarters in San Bruno highlights a new danger posed by the reach and pervasiveness of online relationships.

While I don’t have any special information and don’t want to offer “the last word” on this person’s motives, it seems that she was prompted by her anger toward YouTube and that anger was based on the way YouTube had handled her videos and cut off her stream of revenue.

Workplace violence is nothing new, but until now companies personally knew the individuals who inflicted the violence. For example, coworkers would recognize former employees or enraged customers when they walked through the doors.

The violence inflicted at YouTube is in some ways similar to workplace violence – it is motivated by anger toward the company, its management, or specific employees – but it is different because no one at YouTube knew the shooter personally. No one could recognize the face of the shooter when she entered the facility.

Sadly, we know that social media platforms have been involved in all kinds of violence. Murders and torture have been broadcast online. Videos of heinous events have been posted and “liked.” And now the violence itself has been visited on the offices of a major social media platform.

I suppose we should have seen it coming.

We have talked a lot about security over the last few years, but it has always been online security or preparing for a natural disaster. The YouTube tragedy highlights the need to talk about physical plant security.

I’m sure this has been a concern for many of you over the years and with the various terrorist attacks we have suffered over the last decade and more, I know that some businesses have redoubled facility security efforts.

I sometimes pass a night club where patrons line up outside the doors for hours waiting to get in. The club recently put huge, heavy, cement planters at the outer edge of the sidewalk, which will protect patrons from cars veering off the road, either accidently or intentially.

Managers of government buildings have long been concerned about security. (How long have we all been walking through metal detectors to enter courthouses? It seems like forever.) Perhaps we can take some cues from what government agencies are doing.

With this thought in mind, I tracked down some government publications on building security, including a PDF entitled Facility Security Plan: An Interagency Security Committee Guide. I’ve modified some of its content to create a checklist of items business owners should consider or implement to bring facility security up to its appropriate level.

Below is a text version of the Facility Security Checklist. Click here for the PDF version of the Facility Security Checklist.

  1. Roles and Responsibilities
    1. List key positions with responsibility to execute this plan to include facility occupants and public affairs personnel. Also, include contact information for each key individual.
    2. Security Organizations: Who are the private and public agencies responsible for the security of your facility? Do you have your own security department? Do you have a security contractor? Who is your contact at the police or sheriff’s departments?
  2. Risk Management Strategy
    1. Have you conducted a risk management assessment that outlines and prioritizes threats to your facility?
    2. Have you implemented strategies to mitigate these risks?
    3. Explain any risks that have been accepted as part of the risk management process and any potential consequences.
  3. Security Countermeasures
    1. Describe in detail all current and planned countermeasures (both physical and procedural) to address all identified threats. Consider scalable actions to allow for increases and decreases in security posture as the threat level changes.
  4. Security of Facility Exterior Areas (public areas outside the building):
    1. Security at all pedestrian entrances:
      1. Consideration should be given to reducing the number of public entrances if there are too many to ensure security. This may require approval from the building manager.
      2. Consider the use of metal detectors and X-ray machines at pedestrian/public entrances.
      3. Security screening may be done at employee entrances; however, because not all facilities have restricted entrances for employees, the merits of this precaution need to be evaluated for each facility.
    2. Security at vehicle entrances:
      1. Describe the security available for employee vehicles parked inside and outside the building.
      2. Numbers, not names or agency identification, should be used to indicate reserved parking spaces.
      3. Security officers and/or security devices that may be used at vehicle entrances.
    3. The overall physical security of the building should be considered, especially windows, doors, utility grates, and air intakes at or near ground level.
    4. Appropriate security responses to disturbances in this area should be developed.
  5. Security of Facility Interior Areas – Public areas inside the building (excluding Critical Areas):
    1. Location, level, and adequacy of security provided in this area;
    2. Access control procedures; and
    3. Mail handling procedures.
  6. Security of Critical/Restricted Areas (Limited Access or Exclusionary Zones):
    1. Location, level, and adequacy of security provided in this area; and
    2. Access control procedures.
  7. Countermeasure and Equipment Maintenance, Repair, and Testing
    1. Describe in detail requirements for operator and manufacturer maintenance, testing, and repair of security countermeasures and equipment.
  8. Incident Response Management
    1. Reporting: How do employees report incidents? Do they call an internal operations center or 911?
    2. Notification: How are first responders and the facility occupants notified an incident has occurred or is in progress?
    3. Response: Who should respond and how should they respond? What is the Chain of Command?
      1. Law Enforcement/Security Organizations • Fire Department
      2. Medical
      3. Alarm Response
    4. Recovery: Once an incident response is terminated, what is the process to resume normal operations? Consider employee, facility, and process recovery procedures.
    5. Documentation: How is an incident documented, where is the information maintained, and who has authorized access to it?
  9. Facility-Specific Policies
    1. Specify any unique requirements to address issues such as landlord/tenant agreements or special missions (i.e., classified areas, operations centers, and data centers).
  10. Special Events
    1. Additional protocols should be included to address requirements for special events such as temporary increases in population, traffic/parking control, and the media.
  11. Training
    1. Describe plans and procedures for training employees and managers and coordination with first responders for execution of this plan.
  12. Exercises
    1. Describe the participants, type, frequency, and how exercises will be executed and documented. Exercises can be coordinated and conducted in conjunction with OEP requirements.
  13. Plan Review
    1. Outline program review and approval guidelines.