David Polensky is the senior security manager of Gage-Babcock & Associates, Inc.'s Chicago, Illinois office (www.gagebabcock.com). He can be reached at dpolensky@gagebabcock.com. This is his first article for Facilities Manager.

When defining security programs on college, university, and school campuses, many aspects of an effective security program must be blended into a service-oriented law enforcement function. Campus security programs are incorporated into a comprehensive safety program that addresses both the protection of students, faculty, and staff and the safeguarding of campus property and facilities from damage or loss. This article describes the various components of an effective campus security program.

Master Plan/Needs Assessment
A proven method for creating and maintaining security and safety within a campus environment is to develop a master plan or perform an assessment that addresses the law enforcement, security technology, and emergency planning needs of the campus community.

A campus protection master plan or needs assessment outlines strategic direction and vision, addresses operational, administrative programs, and quality performance issues, and focuses on short- and long-term protection management objectives. The planning process should include plans involving the campus police operations and effectiveness, security technology upgrades, and the development and maintenance of emergency plans and procedures.

To be effective, the protection plan should first examine existing campus security and safety conditions and analyze future needs based on a review of potential threats, vulnerabilities, and other risk variables. Second, the overall campus infrastructure should be evaluated as to its impact on security and safety policies, procedures, operations, systems, resources, and budgets. Third, the nature of any constraints or limitations should be identified. This may be related to unavailable data, code requirements, impact on day-to-day operations, building architectural design features, etc. Fourth, findings and recommendations should be presented in a priority format to include follow-up options; action plans, and related cost estimates for administration consideration. This portion of the plan content can be presented in a phased format over a three- to five-year period and can serve as a blueprint to support short- or long-term program management goals and objectives.

Law Enforcement Staffing
In most instances, campus protection programs fall under the jurisdiction of a police function that is responsible for providing full law enforcement services within the institution they serve. Oftentimes these personnel undergo the same training as local city and county police personnel and carry firearms. Campus police are sometimes supplemented with unarmed security officers or student patrol persons who are responsible for a school building or residence hall.

Campus police are charged with the responsibility of enforcing laws and campus regulations as they apply to all persons within the institution's jurisdiction. These enforcement duties include responding to criminal, fire, disaster, or civil incident. Detailed crime statistics must also be maintained in order to be in compliance with the Student Right-to-Know and Campus Security Act of 1990 and the Higher Education Technical Amendments of 1991 and 1998. This act and the supporting amendments provide for accessibility to accurate criminal statistics as they relate to a particular campus. (More information on these acts and other campus safety information can be found at www.campussafety.org.)

In addition to law enforcement duties, campus police functions provide a variety of service and support programs. These programs include crime prevention awareness, drug and alcohol abuse awareness, sexual health programs, and sexual assault services. Also included are information publications and websites on crime deterrence and personal protection, victim witness services, escort services, call box response, and fire and emergency evacuation drills. These "campus police departments" function as full-service protection programs and must be geared toward the sensitive needs of an academic community.

Security Technology
With the service and law enforcement functions provided by the campus police department, security technology, alarm systems, access control systems, closed circuit television systems, locks, and key control generally are provided and maintained by campus facilities personnel. The basic building block of the campus security system is the campus key control function. Key control inventories should be maintained on key control software that allows for fast and easy tracking of all keys. Removable key blanks should be used on interior doors with high security locks having restricted key blanks used to control exterior doors. Campus police/security patrols should check building exterior door closers and locks to ensure proper operation.

Intrusion alarm systems should be provided to monitor all campus buildings. These alarm systems can be part of a larger campuswide access control/alarm monitoring system or by standard alarm panels with digital dialers that can call out to a central station alarm monitoring company or be monitored directly via central station software at the police station radio room. Buildings that are to be secured during non-use periods should have magnetic contact door position switches provided on all exterior doors and any doors leading to rooms that protect high value items such as computer rooms, laboratories, television/radio studios, etc. These systems should be supplemented with strategically placed interior motion sensors to detect persons who enter the building via windows or are stay-behinds after the building is secured.

Access Control
An electronic access control system provides many benefits over the older approach of physical locks and keys. Key-based systems generally rely on less organized tracking systems for determining who actually has possession of the key. Once keys become compromised, the physical cylinders on the locks must be changed. Electronic card access systems overcome these drawbacks. Current technology card access systems rely on a simple number encoded on the card. This number is tracked back to a central computer database to determine whether the user is authorized entry through the door at the day/time. This means that merely adjusting the computer file can change the card's access privileges. No changes need to be made to the lock.

The central database contains many different files, each with its own purpose in the system. The primary file is the cardholder file, containing information on the people who have possession of the cards. Other files define the doors that are to be controlled and the various day/time periods during which access is to be granted. Properly maintaining these files requires the operator to be well trained in the relationships between the various files and in how to properly update the files. Improperly programmed files can have a serious effect on operation of the system.

The central computer does not directly unlock doors. It communicates with electrical panels located near the controlled door(s). These panels in turn communicate with the card reader, monitor the status of the door (open or closed), and control the electric locking device. The central computer communicates with these panels using a variety of communication protocols. Today the most common protocol used is RS-485, a standard computer communications format used in educational applications.

The central computer communicates with intelligent panels that are located within the building and/or at remote building locations. The intelligent panels contain a computer processing chip and memory. In this arrangement, the central computer identifies all cardholders having access to the doors controlled by a given local panel and downloads all of the information necessary to the local panel where it is stored. When a cardholder passes a card through the reader, the request goes to the local panel where the final decision to grant or deny access is made. When access is granted the transaction is processed, the door unlocked, and then the local panel sends an activity message to the central processor for reporting and long-term storage. This approach is called "distributed processing" and today is the most common form of architecture for access control systems.

File maintenance is critical to the proper operation of any access control system. Access control systems are generally viewed as a whole, and the public's perception of how good the system is depends upon how reliably the doors unlock when a card is presented. Systems are frequently blamed for failing to operate properly, when the real reason is an incorrect setting in one of the controlling files. For this reason, only well-trained individuals should be allowed to update the system.

How specific the access permissions are will determine how difficult the system will be to maintain. Most campus buildings are unlocked during normal daytime hours. Therefore, access cards are not needed for most class sessions. Access control is typically used only after hours at classroom facilities. Laboratories, residential halls, and other restricted buildings may employ controls all of the time.

The method of communication between the host processor and the local panels is an important consideration. Many systems must download the entire file of cardholders and all of the other control information when only a single cardholder record is changed at a given door. This means that instead of the process of updating a single cardholder at a door taking milliseconds, the download may involve thousands of records and require a significant amount of time.

Typical systems today use four wire copper circuits branching out from the central computer. The generally employed RS-485 protocol can be used on circuits up to 4,000 feet over this medium. Longer distances can be achieved using modems. Since it is dedicated to the single application, the lines are relatively secure from tampering and are not subject to data overloads and communication delays due to heavy use by other systems.

The second communications network associated with access control systems connects the host processor with additional control and monitoring terminals and with other computer systems to receive data used to automatically update the files. Current technology systems typically utilize common local area network (LAN) protocols such as Ethernet TCP/IP or Token Ring for this purpose.

A few access control system manufacturers today are unveiling local control panels which have built-in Ethernet boards to allow direct connection to LANs. Some of these systems encrypt the data being sent between the host and the local panels to prevent unauthorized users from viewing the data. The security industry has a bias against using this approach since it relies on only password protection to prevent unauthorized access and control of the local panel.

Most educational institutions issue faculty, staff, and student photograph identification cards that are also used in the processing of food service access or in stand-alone access control systems located at residence halls. In many cases this card is a smartcard technology card that is used for campus financial transactions. The cards are integrated into a network debit system or can be manually loaded with monetary amounts for use in purchasing items at vending machines or stores. These cards can be easily integrated into access control systems via the use of smartcard readers linked to local intelligent panels.

Most all access control systems provide alarm-monitoring capabilities and run on a Windows NT platform and can provide multiple tasking operations. These systems work well on a network platform and can easily provide multiple workstation sites for system administration and alarm monitoring functions. The key to alarm monitoring is the reliability of the networks or communications lines to the host processor. If these communication paths are reliable on the 24-hour, seven days a week basis, then alarm monitoring via the access control system can be accomplished and will allow for flexibility in administration of this system.

Closed Circuit Television Systems
Closed circuit television systems (CCTV) are another resource used on campuses to monitor buildings and parking facilities. Current technology speed dome camera systems allow for up to 16x magnification of camera images and virtual 360° pan and 180° tilt fingertip control. These systems allow for visual surveillance of large open areas common in the campus setting. Speed dome cameras can be programmed to view per-set locations triggered by alarm annunciation or perform a predetermined viewing tour of the campus. The camera technology available in speed domes and fixed position cameras can allow for viewing virtually in the dark.

Camera systems are typically monitored by the campus police department in radio room consoles. Multiple cameras systems are usually operated via the use of a computerized matrix switcher that allows for ease in camera selection and control of camera speed domes. Cameras are typically recorded via camera multiplexers to time lapse videotape recorders. Camera recordings have proven to be very useful in the investigation of incidents that occur on every campus. The current trend in CCTV recordings is toward the use of digital recorders that send camera images directly to computer hard drives for digital recording. Digital recorders can be supplemented with tape drives or RAD drives for unlimited recording capacities.

The key to digital recorder selection is to ensure that the system has enough hard drive space available to provide the level of desired camera resolution, the frames of recorded information per camera per minute, and the length of time being recorded such as 48 hours or as much as 30 days. Digital recorders also allow for network access to camera images in both real-time and recorded formats. This capability provides for flexibility in activity review and remote monitoring scenarios. Most digital recorders use motion detection to turn on and off camera recording to save hard drive space. Digital Systems in most instances eliminate tape changing and provide improved recorded images.

Emergency Planning
The events of September 11, 2001 make it clear that we cannot prepare for every conceivable contingency possible; however, planning and resource allocations are feasible. Campus emergency plans will require considerable effort and strong coordination between the administration, faculty, staff, and students alike. Your plans should address the "how to" of resuming normal operations as quickly as possible after disaster strikes.

The objective of the plan will be to first minimize the probability of a threat or emergency. The second is to mitigate the impact if the event occurs so that the resulting loss of operations is limited and damage minimized. The third objective is to recover from the emergency and resume normal operations as quickly as possible. Plans should address the following types of contingencies:

• Fire
• Medical emergency
• Bomb incident
• Severe weather
• Workplace violence/trauma
• Barricade/hostage
• Hazmat response
• Utility outage
• Telecommunications failure
• Major disaster/full campus evacuation

Emergency evacuation plans should be developed for each campus building and be included as sections of the campus police response plan or life safety plan. Evacuation procedures and directions to floor and building exits should be conspicuously posted in classrooms. It is imperative that plans be maintained and updated to reflect changes in personnel and procedures. Typical emergency plans address the following items:

• Purpose
• Priorities
• Planning assumptions
• Impact
• Operational tasks and procedures (pre-event, during-event, and post-event)
• Command/management
• External liaisons and coordination
• Public affairs/media relations
• Family victim support
• Medical services
• Emergency evacuation
• Emergency shut-down and restoration
• Resources and logistics
• Notifications and communications
• Records and reports
• Training and testing

It is important that a command and management control team be identified to administer plans and make decisions during the emergency. In a college or university setting this group would include representatives from the administration and deans from each of the schools within the university, operations personnel, public affairs, facility engineering, police, safety, legal, and representatives from each housing unit.

This team must designate a position to be responsible for coordinating external liaison with the local police and fire department, and the local city mayor's office. This position shall be charged with ensuring that coordination and response is accomplished via the appropriate city function. Most major cities, counties, and states have developed and maintain a crisis management plan that is administered and maintained by local government emergency agencies or the U.S. Federal Emergency Management Agency (FEMA). Your institution's anticipated plans and actions should be submitted to this group for review and coordination purposes. It is imperative that you know what services can be counted upon being provided by the local government in an emergency or disaster. Coordination with local hospitals' disaster management planning is an important aspect of a campus security plan; this typically is included in the local government contingency planning process.

Emergency planning must respond to new threats brought about by recent terrorist incidents, such as anthrax mailings. Plans must address mailroom procedures for handling and safeguarding mail as well as communicating awareness to the campus community. Mail should be screened by personnel trained in identifying suspicious mail and parcels. Precautions should be considered for isolating mail and providing separate ventilation and x-ray screening technology in the main campus mailrooms. Food service personnel should be directed to protect food deliveries and monitor serving lines to protect food from outside contamination. Institutions with technological research laboratories should consider increasing security and protection air intake vents that may be located at ground level.

The focus on campus security requires an overall integrated management approach, one that is vision oriented and considers future campus security requirements. Finally, the overall protection plan, in order to maintain its vitality and purpose, should be periodically reviewed and updated.