Comprehensive security programming within an organization requires a continuous cycle of assessment, planning and improvement to address emerging risk and sustain a proactive security posture. This statement may seem obvious to most security professionals, however, the practice of annually assessing security programs within many higher education environments remains sporadic, and assessments are often only triggered after an alarming event has occurred.

To establish and operate a successful security program, security leaders should use a comprehensive approach in reviewing the previous academic year’s high-profile incidents and crime statistics; update departmental policies, procedures and training; maintain existing or deploy new physical security assets; and realign individual and organizational responsibilities to various personnel and departments.

Yes, organizational audits and assessments are tedious, time-consuming and require energy often exhausted from the previous academic or fiscal year’s activities. However, they are free (if conducted internally) and there is no better time than the end of the term or fiscal year to reflect on the challenges and related opportunities that have bubbled their way to the surface.

In order to help streamline the process, security professionals can follow three simple steps and areas of focus to better plan and inform improvements to security programming over the summer, ensuring a more proactive security posture when the fall term begins.

Step 1: Simple assessment methodology

The assessment process should include a wide range of organizational stakeholders and sources of information. Form a small security assessment task force or utilize the existing safety committee to divide and conquer the following tasks:

• Conduct a physical survey of key areas across all campus buildings and property. Use a crime prevention through environmental design (CPTED) lens.
• Interview or survey administrators, faculty, staff and students. Solicit feedback any and every way possible to better understand the community’s experience and perceptions of the existing security program.
• Dust off emergency operation plans, procedure guides and training exercises from the past year. Where are the gaps? What challenges did the exercise debrief identify?
• Dig into incident reports and conduct cases. Did the security program learn anything new? What trends did the team identify last term? Don’t wait for September to start the stat review. There is no better time than now!

Step 2: Create an organized list of findings

The findings section is the result of the tasks referenced in the methodology section. Compile all the assessment information and review it with the team.

Security programming within an academic setting is a delicate balance of preparation and response to environment-specific risks. Security planning efforts are more successful when they are focused and consistent with the organizational culture and mission.

Once the annual assessment is complete, work to determine the organization’s current level of preparedness based on the premise that effective programming requires organizations to understand and identify their risks. When identifying risks related to security programming, one approach is to organize program assessment findings under the consideration of the following critical elements:

• Professional management and staffing of the security functions that serve the organization should be supported and trained appropriately.
• Organizational policies, procedures and practices that address specific needs should be well-written, adhered to and routinely audited.
• Physical security technology and equipment should be designed and deployed based on an assessment of need and be properly utilized, monitored, updated and maintained.
• Community training and participation in security programming efforts should be interactive and conducted on a regular basis.
• Accurate reporting and compliance requirements should be met, published if required, and reviewed methodically.
• Emergency operations planning and procedures should be routinely tested, updated and disseminated to organizational stakeholders.

Step 3: Mitigate the findings with prioritized recommendations

Naturally, the final step is to mitigate the findings with a set of prioritized recommendations. There is no need to create a finely calibrated heat map or design a fancy algorithm. Recommendations just need to be reasonable and achievable action items aimed to mitigate the risks identified in the assessment process. The objective of the recommendations section is to begin the process of prioritizing resources needed and to identify an estimated timeframe in which the implementation of these resources should be considered. The application and integration of these elements varies at every organization based on risks identified, the risk tolerance of the administration and members of the community to various threats (real or perceived) and finally available resources and capabilities.

The recommendations section allows security professionals to have a focused conversation with their department and community stakeholders regarding the status of the organization’s security program and the action items needed to improve. Recommendations simply assist the organization in determining the security needs of the community.

 Evolve the campus security program

To summarize, safety, security, emergency management and crime prevention programming within organizations requires dynamic methods. As organizational functions and activities change and facility conditions are modified or expanded, so must an organization’s security posture. Therefore, security process management, physical security technology, equipment, policies, procedures and training should be routinely reviewed and updated to reflect changes in the environment and the expectations of community members. Establishing an annual assessment and planning process over the summer is an effective exercise in maintaining a proactive comprehensive security program.