Security programs and plans
Security programs and plans The City has retained an external security consulting firm to document the Security Master Plan by conducting security threat/vulnerability/risk assessments (TRVA) for five (5) selected sites. The assessment will also result in various security related recommendations, including resource allocations. The consultant will also assist the City with documenting necessary corporate security policies and procedures, which are currently not in place. The amended implementation date of these policies and procedures is planned for the 2021 year.
Management should consider the recommendations made by the third party consultant as it pertains to a central/corporate security division or unit. However, in the interim, we recommend drafting a policy to provide clarity with respect to joint and individual responsibilities to staff and the commissionaire. Consideration to grouping the properties in the downtown core should be given, so they are managed with a more specific focus toward central ownership. This may be accomplished initially with a Downtown Security Plan using completed TRVA’s for five (5) selected sites. Within the downtown plan, we recommend developing a Security Video Surveillance Policy and Corporate Security Message Center (CSMC) usage procedures.
The City has retained a security service provider to provide professional and protective security services. Communication tools and approaches are established at select sites for escalating or reporting of incidents, and such protocols are documented in security guard post orders (relative to each security guard’s post). In addition, a daily communication channel between the City Supervisor and the security service provider’s guards exists. A CSMC is installed at the City Hall campus, which assists security guards, the Facility Site Manager and their staff in the event of major staffing issues that require attention. This function provides the above mentioned staff the opportunity to direct emails of concern to the relevant parties. In the event that a panic button is activated, the security guard arrives at the spot and records the actions on the incident record accordingly.
We noted a few control enhancement opportunities including:
- Adding a service hold over clause in the contract to address the time gap associated with going through the process from RFP and entering into a formal contractual agreement with a new vendor, or incumbent.
- Record of common recurring service disruptions should be maintained to document security needs and to handle ad hoc situations.
- A security services contingency plan should be documented as part of vendor risk analysis considering unforeseen situations.
- Security planning/change management and risk assessments should be coordinated across functions.
Incident management process is in place to detect, respond and report on physical security incidents.