The previous articles in this series have laid the ground work for the topic at hand: Security Policies and Procedures. At first glance, you may think that this does not apply to your church. But formal, written Policies and Procedures will save church administrators a great deal of time, assist in adequate staff training, reduce legal liability, and support an environment of holistic security in the church facilities. When it comes to secure procedures, the phrase “you are only as strong as your weakest link” is perfectly applicable. Criminals and wrong-doers will naturally seek the weak point in an organization’s resistance to their actions.
The overall intent of a secure policies and procedures manual is to describe and document the appropriate behavior, actions, and responses of the church staff to best support outcomes to protect the church’s people and assets. At face value, this is easier said than done. Often, describing right actions from wrong ones with outcome scenarios is essential to communicating the vision of necessary procedures for the secure facility. For example, what would a staff member do if someone carrying a toolbox knocked on the back door and said “Jackie told me to knock on the back door and have someone let me in so I can fix the telephone lines.” If it’s 12:30 pm and Jackie is out to lunch, there is no way to validate the stranger’s story and the staff member is standing there with the door cracked open. This is a common scenario of a professional criminal that preys on human nature. We are trained as humans to be courteous and saying “no” is impolite. The staffer thinks “well, he knows that Jackie the receptionist, so he must be OK;” when in reality, he could have overheard her name in the lobby or seen it written on a plaque at her desk. However, if a policy manual dictates that all contractors must have proper identification from the front desk and affected staff are notified prior to their arrival, this charade can be immediately recognized for what it is and the staff member can take appropriate action.
Written policies and procedures assist facility managers in their role to protect life, promote well-being, reduce risk and liability, and deter theft, violence, and vandalism in their facilities.
As the threat assessment should point out, understanding potential emergencies both man-made and natural will lead you to create policies for anticipating most scenarios. Emergency telephone contacts should be readily available for all staff members, especially those charged with caring for others. Ideally, the manual will outline in plain fashion appropriate responses for any given emergency. The church may have trained medical personnel on staff who may be the first responders to most medical issues. The rules of engagement should be very easy to follow without causing panic due to over-reaction. As always, any incident that threatens to harm the life or well-being of human life should elicit a call to local authorities and/or “911”.
In some cases such as bomb threats, kidnapping, and other immediate threats, checklists can be invaluable to church employees. Sample checklists are readily available on the Internet and from many law enforcement agencies. The purpose of such checklists is to give the unlucky recipient guidelines to follow that gather information useful to identifying the criminal while minimizing potential agitation.
Sometimes emergencies such as severe weather can be predicted ahead of time. In such cases it is useful to have telephone call lists to contact staff, visitors, and volunteers in advance. Keep communication lines open in the event of natural disasters and advance home and mobile telephone numbers of critical staff members to affected parties ahead of time. Don’t forget that local media broadcast outlets may offer school and church closing information to their audiences during the news hours.
If your staff understands how their behavior and actions can impact the security of the church on a daily basis, this goes a long way to protecting the facility against theft, vandalism, and various crimes against person. The average person does not realize that most common crimes are carried out during the day when access to a facility is easiest.
Probably the most important aspect of securing your facility during operation boils down to access control. Once the church doors are “open for business” in the morning, what really happens in your facility? Procedures should be put in place that funnel visitor traffic to a main receptionist or checkpoint.
This requires a facility that is designed with traffic flow and security in mind, but staff actions play a huge role in enforcing security. Strangers should be prevented from wandering around the facilities and grounds without escort. If the sanctuary or chapel is open to the public, such spaces should be supervised, at least minimally. Service personnel, contractors, and vendors should be required to check-in and verify their need to work in the facility. In some cases, visitor or contractor badges could be issued so that staff members can easily recognize them. It’s always a good idea to schedule any maintenance work ahead of time and put it in a common master schedule in case the main contact is out sick that day. Night time events may require limited facility access, such as a single unlocked or supervised door nearest the activity.
Staff should always be aware of their surroundings and know how to identify suspicious personnel. In secure areas, any stranger that walks around unescorted, even if they appear to be working for the church, should be confronted in a polite manner. “May I help you?”, “Are you looking for someone?”: both good non-threatening questions to ask such strangers. If an employee has such an encounter and the response to their questions is not adequate, the staffer should respond as if everything is OK, leave the area, report the suspicious behavior and get help immediately. Confrontations should be avoided. With good policies in place that are practiced by your staff, these potential threats will be minimized. When protecting your people and facility, it is more important to err on the side of caution.
Other procedural concerns include allowing unauthorized personnel entry into secure spaces. Strangers should not be allowed to loiter next to secure entry doors. Criminals will wait for the opportunity to enter when someone exits or enters with a valid code to pass through a secure door. This is called piggybacking, a common threat to physical security caused by negligence on the part of the employee. Often the criminal will position himself to distract the staff member from the situation at hand. For example, the criminal may be talking on a cell phone, carrying a bundle of items, leaning down to tie his shoe, etc. Organized criminals often work in pairs with one person as a lookout or a distraction for the thief. Note that secure doors with remote buzzer entry are very prone to allowing unauthorized access. It can become routine for staff to buzz in strangers without proper authorization.
Police reports and other warnings should be distributed to staff members when appropriate. For example, if a violent criminal is being sought by police in the area, distribute a picture and information about the suspect to staff working on the grounds or in reception positions.
Finally, any event that tests the security or safety of the facility should be reported and documented in writing. Even accidents like slipping on wet pavement should be reported and acted upon. High-risk events like broken windows, damaged locks, vandalism, and suspicious loitering must be recorded immediately. It is good practice to have a responsible maintenance employee walk the site routinely, at least daily, to check for security breaches or life safety hazards that require repair. Frequent meetings with the staff should touch on good practices that will make the facility and its inhabitants more secure.
Childcare operations require special attention in the secure facility. Whether it is on-site school sessions, daycare, or nursery activities during weekly services, children cannot be expected to respond as adults. Children require special attention and routines for their various age differences. Make sure that your emergency plans are very thorough when handling the evacuation of children. This often means increased staff at time of emergency. Drills can help prepare staff and guests to be better prepared in emergency situations.
Many daycare centers have strict policies regarding the drop-off and pickup of children by their parents. For example, parents are often required to escort their children to their room or to the authorized childcare provider, signing them in and out. This can prevent children from slipping away, becoming lost, or even being kidnapped on their way to their class. Emergency information including contacts and special medical issues should be kept for every child as well as any custody information or concerns.
During assemblies, it should be obvious that the life safety needs of the facility are increased. It is most important to ensure adherence to local codes. It is especially important to meet all requirements issued by the local fire inspector. These authorities will often point out risks that may have never been considered, such as blocking fire exits or improper storing of hazardous materials. A clear evacuation plan must be practiced by those responsible for its execution, and easy to follow for patrons and visitors. An emergency that escalates into panic mode will greatly increase harm to life, as seen in situations where people have become tangled and trampled as they rush to the exit.
Information Security should also be on the mind of the church employees. This can mean protecting the computer network and record-keeping files from the public. Wireless networks and email servers are commonly installed without any protection, which can lead to hijacked internet connections for dubious purposes such as bulk email spamming or more sinister hacking of credit card and personal data. Many a computer network has been brought to its knees for days at a time simply because security was not a concern during its implementation and management. In our information age, lack of email and Internet access can have a major impact on the church’s ability to minister. Take a proactive approach to address security issues before a problem arises.
One other point that’s important to understand is the role of video surveillance. Electronic security hardware will be covered in depth in a later issue, but closed-circuit television (CCTV) video surveillance systems using cameras and TV monitors are very commonly misapplied in church facilities. CCTV systems are most useful for documenting (recording) events unless there are dedicated security personnel watching the cameras at all times. For most churches, this is beyond their staffing capabilities and administrators must realize that a CCTV system will not supplant good security practices. The appearance of video cameras can help to deter common criminals from acting, but cameras do not intrinsically make the facility any safer.
Knowledge is the best weapon against security threats. Developing and implementing robust security policies and procedures gives all active church participants the power to make a difference. Creating a secure policy and procedures manual will inform the staff members and help hold them accountable for maintaining the security of the facility. This manual should be considered a working document; one that requires regular updates. Training and drills that are performed often will support the effectiveness of your security procedures.