Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Threat Assessment

New App does a Workplace Violence Baseline Assessment

New Workplace Violence Prevention App helps companies do an OSHA Violence Baseline Assessment

DATELINE:    Boca Raton, Florida,  March 12, 2013

Workplace Violence in US companies is a problem that is getting worse.  Workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases was reported annually during this time.

The latest figures show that high-risk organizations like hospitals, behavioral health treatment, home health workers and late night retail establishments are at a dramatically increased risk for experiencing a violent incident at work.

OSHA, and over thirty state government regs recommend that companies do an annual Workplace Violence Basement Assessment, but these are time-consuming and difficult to manage.

To solve the problem,  Risk & Security LLC has released a new web-based app, Workplace Violence Risk-Pro©, which makes security directors into Risk Professionals!

OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care &

Social Service Workers)and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!.  Workplace Violence Risk-Pro©  is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, and automated web-surveys  based on the exact OSHA Directives.

The new program gives human services and security professionals a quick and easy way to conduct a workplace violence baseline assessment that will pass an audit!

The Risk-Pro©  model has been used for easy software applications with the Department of Defense and over hundreds of organizations, hospitals, maritime organizatons, and local, state and federal government agencies.

About Risk & Security  LLC

Risk & Security  LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk.  It specializes in consulting on risk assessment projects and global application development of risk solutions.  Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective countermeasures.

The team of risk and security experts is led Caroline Ramsey-Hamilton, who has created more than 40 software programs, and conducted more than 200 specialized security risk assessments in a variety of environments, including companies in the United States and around the world, including in Abu Dhabi, Hong Kong, Japan, South Africa and Qatar.



Why Workplace Violence is Always a Catastrophe

Workplace violence incidents are one of the most damaging events that can happen to any organization.  The good news is that workplace violence is one of the few threats that companies can actually prevent before it happens.

Unlike earthquakes, hurricanes, floods, war, and explosions, workplace violent incidents can be prevented if the organization makes a commitment to educate their employees, and give them the knowledge they need to address a potential problem with a co-worker before it gets to an explosive level, for example, making the active shooter drills part of the security program.

In many ways, workplace violence is worse than other kinds of violent incidents because it always involves a major violation of trust, and it also has a malicious component, where the perpetrator is deliberating focusing on violence against a fellow human that they know personally and may have directly worked with, sometimes for year.

According to OSHA, workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases are reported every year.

As well as the violation of trust and the violence itself, the incidents usually terrorize both the victims and other employees, especially those who know violent individual and are left to wonder how they failed to recognize the danger signs.

Some organizations report that employees, even those who weren’t hurt in an incident, exhibit PTSD-type symptoms following an incident.  And the company’s reputation is often damaged, just from the publicity of the event.

One of the main controls that protect against a violent incident, is doing a Workplace Violence Assessment.  This specialized risk assessment involves interviewing employees at all levels of the organization, looking at the OSHA guidelines, such as those detailed in OSHA 3148, (www.osha.gov/Publications//osha3148.pdf).

The assessment also includes making sure that every violent, or threatening incident gets reported in a standardized way, that all the incidents are tracked, and that there is a de-escalation process that can be easily followed to prevent someone from getting to a violent stage.

There are new programs available that automate the Workplace Violence Assessment process and make it into a simple and standardized
project.  To review a standardized, data-based, Violence Assessment Report, go to:   www.riskandsecurityllc.com/.

 

 

 



How Chavez Ruined Venezuela, Up Close and Personal

My risk assessment company was contacted in 1995 to come to Caracas and work on a variety of security risk projects for
3 of the major Venezuelan companies — PDVSA (Petroleum de Venezuela, south America), and the two gas utilities, Maravan and Lagovan.

Never had been to south America, and I was worried about security so I remember buying special security devices to take with me and then one Sunday I flew down to Miami and caught the plane for Caracas!

The first thing I noticed was that I was out by the pool, and there were men with machine guns on the roof of the Caracas Intercontinental Hotel!   Later, room service delivered 7 large books, as big as encyclopedias – they were a History of Venezuela, a History of the Venezuelan Oil Industry and a few more.  I guess I was supposed to read them all by Monday.

That was the beginning of a long relationship with the people at PDVSA, many of whom became friends for life.  So I saw the downward spiral up close and personal.  First, the crime started to increase.  Places I had felt safe before, like the public square where the old men played chess at night.  Then one of the women I knew was pistol-whipped at her beach house.

Slowly, Chavez replaced the business people on the corporate Boards, and the staff, of these cash-cow companies with uneducated people with no business experience.   In a real world replay of Ayn Rand’s ATLAS SHRUGGED, these people didn’t care about maintenance, infrastructure, or security, they were the looters who wanted a total redistribution of wealth, without realizing the companies had to actually PRODUCE something to keep that cash flowing.

Within five years, as I continued to go down to Caracas, everyone I knew had left and many moved to other companies.  One married and moved to Spain, several went into other petroleum operations in the US.   An entire industry had been ruined by Chavez and his lack of understanding, or care, of the one income-producing business in Venezuela.

The currency was so devalued that I still have a six inch stack of Bolivars, the paper currency that was worth less than a few pennies apiece.

So it really is possible for one person to totally ruin a country’s economy and main industry, putting his ego and his desire for fame and power to ruin an entire country.

Fate has intervened to give Venezuela another chance – I hope they run with it.

 

 



The Active Shooter Threat and Why We Need to Stay Situationally Aware

2012 will be remembered as the Year of the Active Shooter, where terrible tragedies across our country refocused people on issues surrounding gun control.  In many ways, it’s that old argument about whether the needs of the many outweigh the needs of the few.

In many schools and hospital, it could be argued that the needs of the many to be safe, and NOT TO GET SHOT,  outweigh the needs of the few – to possess assault rifles and high capacity magazines, which allow them to kill a large number of people with almost no effort.

No matter what side of the debate you fall on,  the debate has certainly brought the debate back from and center.

And along the way, it took the Active Shooter threat from a phrase that only a few security people knew about, into a phrase that was trending on the web and Twitter.

The Department of Homeland Security made a variety of resources available to deal with the Active Shooter Threat (many can be found at  http://www.dhs.gov/active-shooter-preparedness) with tools includes a video, and booklet.

Whether you are an elementary school, like Newtown, a movie theatre, like Aurora, a regional mall, mountain resort or anything else, the number one way to counter the Active Shooter threat is to increase security awareness of the staff.

I have had teachers tell me  “my job is only to teach, I shouldn’t have to be responsible for security, too”.

Unfortunately, everyone has to be responsible for good security, or we are all at risk.  And again, there’s the trade-off (aka, the risk calculation):

Measure the inconvenience of having to keep your eyes open and be willing to report any suspicious behavior VS. being a casualty of a mass shooting, or having someone you know killed.

Looks like a pretty easy calculation to me:

Small Amount of Effort (no cost) = Big Increase in Security !!

Make sure you friends, family and staff are aware of the Active Shooter Threat!



Will the Risk of the Sequester Affect Security Budgets in 2013?

Every time the TV is on, every anchor is crying about the dreaded Sequester.

Will it have an impact on security budgets?  I have seen security budgets, especially for the facilities security departments, swing from almost unlimited budgets after 2001, to bare bones in 2009 and 2010, and thought they were trending back up for 2013.

Now, with the uncertainty about what a Sequester  actually is, (please note my use of the capital “S”), how will it affect our security departments?

Obviously, the most obvious casualty are the government contractors who’s contracts may be arbitrarily cut, and civilian managers of federal programs will see lost days and furloughs.

The trickle-down effect will probably extend to state, county and municipal governments, too.   So that means it’s even more important to start budgeting new security controls so that the most important get the funding!

One of the themes we go over in our webinar programs is how important it is to create a COST JUSTIFICATION and Return on Investment information so that you can create a business case for every control you need to improve security.

And one more thought on the Sequester – we often see an increase in crime, white collar crime and fraud when things are unsettled and people aren’t sure what’s going to happen next.

Maybe it’s a good time to do another risk assessment?  Maybe the Sequester is the next new Threat!

 

 



A New Threat Appears – Meteor Strikes

After the meteor showers over Siberia this week, Russia put together a

Financial analysis of the damage from the meteors:

1200 injured by flying glass

             $33,000,000 in damage

4,000 building damaged

50 Acres of windows shattered

In the last twenty-five years, as the rate of climate change has increase, we have occasionally added new threats like Tsunami and ash pollution.

Now meteor showers have actually come to cause damage to companies so they are another factor to be included in risk assessments.

In evaluating threats for a risk assessment, many in the northeast would always tell me, “take out earthquakes”, we don’t have earthquakes in Virginia, Maryland, and Ohio. That changed in 2011 when the Mineral, Virginia earthquake hit during a mid-week business day.

RICHMOND, VA (WWBT) – Aug. 24, 2011. 

There was an earthquake in Central Virginia that measured 5.8 on the Richter scale centered about 5 miles south of Mineral in Louisa, depth 3.7 miles at about 1:51 p.m. The quake was centered at 38°N, 78°W.

The U.S. Geological Survey said the earthquake was centered about 38 miles northwest of Richmond, Va., about 84 miles southwest of Washington, D.C., and was felt as far north as Rhode Island and New York City. See a map of the quake from Chuck Bailey, professor of geology at the College of William and Mary.

Hospitals, government offices, dams and power generating plants,  including nuclear plants, were forced to suddenly reevaluate the long held idea that earthquakes just didn’t happen in the NorthEast.

The threat from meteor damage is the same idea.  It never happened before, but now it has happened again, if you count Tunguska as the first time.

Damage from meteor showers will now add a new category into the Threat index, even though this was the first event in my lifetime, if analyst factor in the previously known instances, such as the Tunguska Meteor Event, which did not occur thousands of years ago, like the meteor event in the Yucatan peninsula that killed off the dinosaurs, but
Tunguska occurred in 1908!   Almost in this century.

Over the next month, we’ll be looking at each different threat every week.  Sign up for my blog or access by following me on twitter at www.twitter.com/riskalert.

 



Another School Shooting Means We Learned Nothing from Newtown

Almost one month and two days since the tragic school shootings at Sandy Hook Elementary, where 20 young first-graders were shot by a crazy person with an assault rifle.

That day was one of those moments that you never forget, it’s seared in your brain and you probably know EXACTLY where you were when you heard the news start to trickle out.  I was at Toys R Us with my son and we were buying presents for his young twins.  I was checking Twitter and I saw a brief mention of another shooting.  At first it said, 3 individuals and possibly children, then 5 individuals,  then 12 children and by the time our shopping trip was over, so were the lives of 26 people, mostly innocent little first-graders. And it was only a week before Christmas.

As a security person who’s done lots of security assessments, you can’t help thinking, “What went wrong?”  “What could have prevented this atrocity?”  And there are dozens of potential solutions and who knows what might have made a difference.

Then there’s the day that President Obama signed 23 Executive Orders to tighten up background checks on potential gun owners,  keep track of who purchases guns, requiring federal agencies to make more background-check data available, requiring federal law enforcement to trace guns recovered in criminal investigations, and providing more training for police, first responders and school officials.  During his announcement, he said, “Let’s do the right thing!”.

We all want to do the right thing, but what IS the right thing, the one thing that will make a difference and significantly reduce gun violence in America?

These Executive Orders are a great start, but we all know the push-back that will come from Congress and the gun lobby, who still want to sell guns, even after they see a photo of a little girl shot, not once, but eleven times.

This was also a big wake up call for schools.  The public schools, colleges and universities seem to wake up every ten years and worry about security, and then they quickly forget and back into worry about academics instead of security and gun violence. Teachers want to TEACH.  Teachers often say, “Security is not my job, my job is to teach and I shouldn’t have to do anything else”.

But SCHOOL SECURITY has to be a process, not just a quick fix.  All security has to be a process.  The process starts with a clear policy.  There has to be an approved policy, whether that policy is a federal guidelines, like FEMA 428, “Primer to Design Safe Schools”, or whether it’s a security policy that mets a schools specific needs.  Without a policy, you have no place to start.

There have to be procedures written up, announced, handed out in 3-ring binders, and accompanied with education and training including drills.

There has to be training and education so people know what to do in an emergency, where to do, who to call, and how to respond.

There have to be annual security risk assessments to gauge the current threats, and measure the effective controls, and make the security program a process of continual improvement.

Without the foundation of policy, procedures, training, education and security assessments, it’s not a security program, it becomes just a grab bag of solutions that may or may not work.

For example – here are just a few of the point solutions we heard about today, endorsed by their own lobby groups:

  • Arming teachers with more guns.
  • Banning all guns on campuses.
  • Securing the school perimeter with chain link fences.
  • Doing more and better background checks.
  • Adding cameras which are constantly monitored.
  • Have an armed School Resource Officer on every campus.
  • Security Awareness courses for teachers.
  • Security awareness training for parents.
  • Giving teachers panic alarms.
  • Improving mental health services.
  • An assault weapons ban.
  • Banning high capacity gun clips.

If it was your children’s school or college, which of these elements would you choose?

Schools are a great leveler of our culture.  Everyone has personal experience with schools.  Everyone went to school once, and many have children in schools, or friends in schools, or know staff and teachers who work in schools, so schools are like a touchstone.  But you could also say “Hospital”, or “Train Station”, or “County Offices” or “Movie Theatre” and to protect these things, there has to be a security program in place.

We, as the security community, are the guardians of society.  We protect things of value.  And nothing has more value than our children.  Security has many other names like safety and emergency planning, and disaster recovery and loss prevention and risk management and violence prevention and information protection, just to name a few.

As a global security community, we should make our voices heard in this great debate, because we have the experience to know what works and what doesn’t and your voices are needed now, more than ever.

This is also a time where the public discussion of security breaks through the chatter and focuses attention on something that is critically important to everyone.   Security professionals have always networked and learned from each other’s experience.

Let’s talk to each other more about what works and share this with the rest of the country.

They need us.

About the Author, “Caroline Ramsey-Hamilton is a leading expert in assessing risk facilities security, workplace violence and security for hospitals, cybersecurity, nuclear security,  and also measuring compliance with security standards like FEMA 426-428, Joint Commission, HIPAA and OSHA. She has developed security programs with the National Security Agency, the U.S. Department of Defense and the National Institute of Justice, the Department of Homeland Security and many other agencies, and has developed a school security risk program with Eastern Kentucky University.

Caroline is a member of the ASIS Physical Security Council,  the ASIS Information Security Security Council, and on the Board of the South Florida chapter of  IAHSS (International Association for Hospital Safety & Security) She received the Distinguished Service award from the Maritime Security Council, and the Anti-Terrorism Accreditation Board’s  Distinguished Service award in 2011. You can reach Caroline at caroline@riskandsecurity or thru her web site at www.riskandsecurityllc.com.  She posts breaking security & risk alerts at www.twitter.com/riskalert.



What do Benghazi and Newtown have in common? Flawed Security!

After the attack on the Benghazi mission and the tragic mass shooting at Sandy Hook Elementary, its apparent that what these two terrible incidents have in common is that security was not adequate.

In Benghazi, after the hearings and the pundits and speculation, the bottom line is that there was insufficient security.  In-place security controls were not sufficient to deter an attack, and the emergency controls were also not sufficient to recover and deal with the emergency attack.

In Newtown, at Sandy Hook Elementary, security was inadequate.  Security people often say that security is just as good as the weakest link, and despite adding new security controls, it was defeated because of the glass entry.  The shooter wasn’t allowed in so he simply broke the glass.  That slowed him up by 2 minutes, maybe. Also backup security controls were non-existent.  The shooter was observed and still there was no effective response.

There are three elements to security – DETER, DENY and RESPOND:

DETER – means to make the facility look too difficult to attack, and so the attacker thinks it’s too hard and goes away.

DENY – means that it is impossible for the attacker to get into the facility to launch an attack.

RESPOND/PROTECT means that after the attack is launched, the facility can defend itself, or to protect the individuals and/or property inside the facility.
Both Benghazi and Newtown did not deter, didn’t deny access, and didn’t have an adequate security response.

The Newtown shooting showed that this school, like many others across the country, had a false sense of security, because while some security elements were in place, the shooter easily entered the school, making the other elements irrelevant and  him to inflict mass casualties.

In both cases, the response was not adequate, it was ‘too little too late’.  And ‘too late’ means the attack can’t be stopped or contained.

The WHY is easy, because the security budget was inadequate.  These facilities did not have adequate risk assessments that could have demonstrated the critical assets contained within them.  What is more critical than classrooms of 6 year old children?  What is more critical than a State department facility with a U.S. ambassador inside?  Yet both didn’t have the protective security controls they deserved because their wasn’t enough budget for enough security.

Another element these incidents have in common is that they are both government facilities.  Yes, one was the Federal government and one was a local school district – but they both had the same problem of being short on budgets.  And when organizations are short on budgets, security is one of the first things to get their funding cut, or reduced.

Every facility needs a SECURITY risk assessment up front, how else can you allocate the funding and make sure that there is ENOUGH security in place to protect our most critical assets, our children?



Preventing Active Shooters – Schools Struggling to Find Solutions After Sandy Hook Shootings

We can control regular access to our facilities, schools and hospitals. We can have visitors sign into a visitors log.  We can take photos and ask for identification and lock the doors, but the Active Shooter doesn’t comply with any of these protocols and we have no control about when and where the Active Shooter may show up.

Here are some additional controls to consider if you need to improve your school or facility security.

1.  Put in Cameras that are actively MONITORED.  

For security experts, you already know this, but others might not know that cameras that just sit on the wall or ceiling only have 2 purposes:  (1)  To scare people into NOT doing something.  (2) To review after an incident happens and use to arrest someone.

Cameras can also be used to monitor what goes in – ACTIVE monitoring. This can be done in a facility, like a hospital, or company, and there are staff members looking at the camera visuals and watching for certain kinds of behavior.  This is also offered as a service.   Monitored cameras can alert police, check to see who’s entering the halls and actually respond and prevent Active Shooter incidents.

2.  Conduct regular training and drills for ALL STAFF and for all STUDENTS

People give lip service to training, but there’s nothing as effective as practicing for an active shooter.  It’s one thing to know where to go, or what to do, but it’s so much better to rehearse with a drill, have someone come in, unannounced and practice
moving to a safe area, practice locking down a school, hospital or facility.  This will expose all the weak areas, and make people more confident that they can deal with a bad situation and protect everyone.

3.   Have a clear NO WEAPONS – NO VIOLENCE Policy in place.

Policies are important because they say, “It’s a mandate, it’s a requirement” and that means most staff will comply with it.
No Weapons signs should be posted at all entrances.  Any violence should be reported and punished immediately.  This has a deterrent effect, as well as giving you the legal ground to stand on if an incident does occur.  It also makes staff and students feel safer.

4.   Know EXACTLY what the response time from the police department, in case an incident occurs.  

You can time your drills, you can have a conference with local law enforcement to trim down their response times.  You can pro-actively provide law enforcement and first responders with the building floor plans, or a digital map of the building.  These preparations shave crucial minutes off the actual response time in case an incident does occur.

Think about how many people a shooter can kill in ten minutes, more than 2 children a minute.  Every second counts so step up and add these four controls into your security control plans.

 

 

 

 



Assessing School Security Takes on New Dimensions after Sandy Hook Tragedy

After 30 years of security risk assessment experience and working with hundreds of schools, hospitals, facilities, I have to say that schools have not taken school security seriously.

Obviously there are the social pressures including mental health screening, proposed assault weapons bans, gun owner screening, etc., but these are the thing that won’t change overnight. EVEN IF THEY ARE LEGISLATED, it takes time to implement, and
implementation may not be perfect.

TODAY IS THE DAY TO DO A SCHOOL VIOLENCE ASSESSMENT – not tomorrow, not after new gun laws, not after the holidays — TODAY.

There are indicators you can look for to see if your school is at risk of an active shooter incident. And ways to be prepared if the unthinkable happens and an active shooter comes to your school.

Strong, simple access control is the most effective solution, and yes, this may mean that
a plain glass front door or window is not enough. Glass is easily broken, and yes, it means that all staff must be a little more accountable, and it probably means a red phone or connection to the local police.

There is a simple school risk assessment program that will give guidance on what you need to do TODAY, what controls you need to implement, what threats are most likely to occur. These can be accessed on the www.riskandsecurityllc.com website.

Some things are preventable, some aren’t. But lockdown drills, alarm systems, and active monitoring of cameras are just a few of the 60 controls every school should have in place to protect our precious children.

 

About Caroline Ramsey-Hamilton

Caroline Ramsey-Hamilton is a leading expert in assessing risk in different areas, including security risk assessments, workplace violence and security for hospitals, cybersecurity, nuclear security, and also measuring compliance with security standards like FEMA 426-428, Joint Commission, HIPAA and OSHA. She is currently working on a universal set of easy security tools that will make it easy to assess risk in a variety of companies, agencies and business. Her company, Risk & Security LLC, works with more than 500 clients around the world using a program that standardizes site surveys and assessments and makes it easier to compare facilities and measure their level of security. Caroline is a member of the ASIS Physical Security Council, the ASIS Information Technology Security Council, the Security Assessment Risk Management Association (SARMA), and a Board member of the IAHSS (International Assoc. for Hospital Safety & Security) in Florida. She received the Distinguished Service award from the Maritime Security Council, and the ATAB Distinguished Service award in 2011. You can reach Caroline at caroline-hamilton@att.net or thru her web site at www.riskandsecurityllc.com She posts breaking security & risk alerts at www.twitter.com/riskalert.

 




top