Security planning, regardless of business sector, is a company’s best effort to provide a proactive system to protect property and lives. Despite robust planning, a security director’s worst nightmare is a serious injury or death occurring on company property due to a violent criminal act. Whether managing a single location or thousands across the country, violent crimes against a customer, employee, visitor or vendor will test any company’s risk avoidance planning. The very likely result of the crime is the filing of a lawsuit.

Litigation is foreign to most security practitioners. Depending on the type of industry, the probability or foreseeability of serious crime may be remote or may be a constant threat but regardless, companies in general are not prepared to defend themselves in a lawsuit.


What “Standard” is Being Used to Judge our Planning?

First, the plaintiff’s expert must establish that the crime was foreseeable. That can be accomplished through incident reports and crime statistics. You can expect the research to extend back three years. Crime analysis of your surrounding area (in most jurisdictions) is not limited in distance, but you can generally expect a three-year review within one mile. The expert’s job is to educate the court and jury about the foreseeability of the violent crime and the significance of how a company managed the security function based upon that foreseeability.  If a crime is not reasonably foreseeable, the case becomes more defensible. Ignorance of crime will not stand inspection by the jury.

The standard of “reasonable care” refers to the level of action, including hiring, training and supervision, that a company took place based on foreseeability. In layman’s terms, it would generally ask: Did the defendant act in a manner that was consistent with what a common person would have done given the same circumstances?

Wait. What about the standards published by ASIS through the Protection of Assets Manual? What about the standards published by the IESNA (Illuminating Engineering Society of North America)? What about Crime Prevention Through Environmental Design (CPTED)? What about our industry best practices? While these, and many more bodies of work, help practitioners to develop plans, they are not standards – they are guidelines or recommendations. The “standards” used by your company in the development of policy and procedures, hiring, training and overall management came from knowledge, training, education and experience, both historical and personal. In short, your company’s operating practices – related to security – are “your standards.” The greater question examines the adequacy of your own standards to protect people and assets of your company: “Did your company act in a reasonable manner that could have resulted in a higher probability that the particular injury or death could have been prevented or mitigated in some manner?”  There are no guarantees for safety, therefore no standard exists that requires your efforts would have resulted in deterrence.

If the crime was reasonably foreseeable and the efforts to address the threat of crime were not reasonable, then the company failed to meet a reasonable standard of care. This failure, which may mean many connected issues, would therefore be cited as a proximate cause of the injuries or death of the plaintiff.


What Did You Know and When Did You Know It?

There are a lot of moving parts to litigation, but in the end, every pertinent piece of documentation your company has created regarding security will be examined. What becomes a hurdle for a defendant is that the first notice of the lawsuit came two years after the incident, and the plaintiff’s attorneys now want documents that predate the incident by three to five years.

The plaintiff’s Requests for Production will include “everything:” manuals, video training, incident reporting, incident summaries, security meetings, liaison with local law enforcement and personnel files. The list can be exhausting, but that is what I call the “low-hanging fruit” of an inadequate security case. From the plaintiff’s perspective, there are some areas that will be under the microscope as your case moves forward, but first, there are three ground rules:

  1. If you have no documentation (whatever it is related to) it never happened.
  2. There exists no body of work that dictates how a security or loss prevention program is modeled. There is no “standard” that dictates the content or tasks that “all” security departments must have or do. This excludes duties assigned by a governmental or regulatory agency to a particular sector.
  3. The legal standard by which you are judged is what is known as “reasonable care.” In general, it means reasonable actions were taken to address threats that were known or should have been known by your company.


Plaintiff’s Discovery – Tell Me Everything We Can Use Against You in Court

The plaintiff will request your company to produce certain documents and answer certain questions posed by their attorney. Requests for Production and questions from Interrogatories are designed to provide the plaintiff insight into security management and how the particular incident could have been prevented or minimized.


Broad Areas of Examination (The Low-Hanging Fruit)

1. Do you have a written security plan? Your plan is generally formed through written policy and procedure. Is it current? How is it disseminated (training)? Does the plan contain adaptations for specific location types or buildings?

2. If you do have a plan, was it being managed and executed as written? Is there evidence through documentation that there was adequate follow up?

3. What are your hiring practices? This can include company employees, security/loss prevention staff and security vendors. While you don’t actually hire a vendor’s employees, you did make a decision to use them for a specific purpose.  You will be asked for personnel files, job descriptions, evidence of background checks (which, by the way, also have no defined standard), candidate qualifications and the like.

4. What training was provided for contract security officers specific to your location? There will be a contract and a set of Post Orders for daily duties that drive responsibilities. Your company shares the responsibility of managing a contract guard force, and you should know whether the terms of the contract are being met.

5. You will be required to produce every piece of training material ever provided to your employees since their date of hire. This includes security staff, line employees and management. Do you have a training program? Do you have a method to ensure that training given is training understood? That training can certainly be through Computer-Based Learning, but it can also be demonstrated through goals and objectives, annual evaluations and specific acts. This can involve Human Resources, but regardless, there must be evidence of training. Whatever your company expects to be known, understood and executed by employees will need to be documented.

On-the-job training (OJT) is quite common in the security world. However, the core questions are: How did you ensure the trainee is provided consistent training? How was the trainer qualified? Is there a written list of required topics to be covered during OJT? What efforts are made to ensure that your four-week training period was not signed off as completed in two days? (I’ve actually seen that.) In short, you will be asked to prove all relevant training through documentation.

6.  How are security efforts and personnel supervised? Supervision takes many forms but when a violent crime occurs, the primary questions will be: Was there adequate supervision of the people and processes that could have reduced the risk of occurrence? If the guard at the gate is supposed to log all vehicles entering, who reviews those logs to ensure it is being done? In other words, the final allegation will be you knew or should have known if the (fill in the blank) was being conducted properly.

7. Staffing is a crucial element of an inadequate security case. The adequacy of staffing goes beyond security personnel to include, in some cases, the number of employees on site. An example would be a 24-hour convenience store, staffed by a lone female at 2 a.m.

Security officer staffing is a tricky prospect for both the corporation and the vendor. There is no standard that guides adequate coverage, such as the urban legend of one officer per 50 people. There is a huge difference between 300 MMA fans at a sports bar versus 300 guests at a charitable dinner. It is location-, size- and environment-specific. The lack of budgeted funds for adequate security is never a reasonable argument. Create a plan. Put it in writing.

8. Use of Force Policies come to bear in both negligence and inadequate security cases. These policies must be clearly written, and all personnel must be trained to the policy. That said, the use of force covers a very wide gamut. If you have a purse/briefcase/backpack inspection policy, what course of action is taken if an inspection is refused? If you are a retailer, what is your written policy regarding reasonable force to detain and regarding foot pursuit of a fleeing shoplifter? If anyone within your company carries a weapon, what certifications must be maintained? What instruction or training is provided? How was the person interviewed before the hiring decision? If you manage a nightclub, your bouncers, aka “ushers/doormen/courtesy officers,” are your security staff. They should receive training on policy and procedure. The actual use of force in nightclubs often results in serious injury to patrons. The manner in which the ushers are allowed to address issues becomes the standard for the club itself.


In Conclusion

A plaintiff’s attorney wants to anger the jury about things that could have/should have been in place prior to the incident in question. The jury does not care if you were using cutting edge security video technology. They do care that the DVR was not working. They don’t care that you are using security personnel with only a high school education.  They do care that they were never trained and were poorly supervised. One thing a jury clearly cares about and will punish the defendant for is having knowledge before the fact and failing to make any attempt to make changes. These are areas a common juror can identify with.

In short, if your company has a security plan, all of the components are expected to be overseen, audited and corrected as needs dictate. Additionally, a security department cannot supervise all potential aspects of that plan.  Maintenance is a good example.  The manager then becomes an educator to those not directly involved in the department itself to stress the importance their role with overall life safety.  The function of security management is always greater than the direct responsibility of the security department.  


The above was provided as educational material and should not be construed as legal advice.


About the Author: Patrick Murphy is the founder and president of LPT Security Consulting.  He has more than 35 years of experience in law enforcement, security management and security consulting. He has been a security expert witness for more than 12 years and has been retained in jurisdictions across the U.S., including Puerto Rico and the Virgin Islands. He is an author and frequent contributor to news and media outlets. LPT Security Consulting is based in Houston, Texas.