b) Management should consider formalizing periodic security audits to assess effectiveness of procedures/policies and consider spot audits for risks such as: handling of security incidents, vendor performance, camera systems functionality, duress system functionality, etc. Assign a central role (security technician) who may be responsible for monitoring security specific trends and to inform long-term security master planning. The central role could be responsible for one or more of the following activities:

• spot inspections and walkthroughs of facilities, hardware/equipment and real property;
• perform check-ins with key stakeholders to inquire about security incidents;
• aggregate information per facility such as: drills, site inspections, incidents, duress logs, job hazard summaries and number of occupants;
• review records from the inspections of other functions from a security point of view; and
• perform threat/vulnerability/risk assessments (TRVA) to determine if inspection routines should be adjusted based on incidents/findings.

Management action plan

a) Resources and funding do not currently exist for Facilities to maintain security infrastructure beyond its operating budget. Pending a report to council that will deal with a security master plan, corporate responsibility for security will be determined. A Security Video Surveillance Policy will be developed via the security assessment and master planning project.	Responsible party:	Senior Manager, Facilities
	Due date:	December 31, 2020
b) A report to the council dealing with security is forthcoming. Administration will be seeking council direction, including the option to establish a centralized corporate security division.Although management agrees with the principle of therecommendation, the responsible party for corporate security is still to be determined.Subsequent to the Council direction the remaining action plans or risk acceptance will be determined.	Responsible party:	Senior Manager, Facilities
	Due date:	December 31, 2021