Response: The last mile of any safety and security program
By Mike Ginty
The common prevailing theory in the security industry is that a quality safety and security program should be first and foremost preventative, and ideally predictive. The theory being that if you put your focus into prevention and deterrence, you are afforded the luxury to be less reactive.
And while it is true many would prefer to not have an incident happen in the first place, it should be noted it is difficult to prevent all incidents from happening and extremely expensive to attempt to defend against everything at once. So, when something inevitably does happen, you want to make sure you have the right response capability in place. To properly handle any incident, you can’t just react, you have to respond.
Whether it be a smashed window or a stolen laptop, it is simply not enough to react. Reaction is only the first part of the Response. A proper response is composed of the reaction, mitigation, notification, resolution and recovery.
Reaction - Should an incident occur, ideally your office has the right resources in place and the responding individual had the right training, but ultimately a reaction is based on instinct or muscle memory. Running toward the incident and running away from the incident are both a form of reaction. In many security programs, the reaction is just the alarm going off, when the window is broken.
Mitigation - Next you need to act to conduct damage control, i.e., evacuating people when a fire alarm goes off, turning off the valve when there is a leaky pipe, or starting CPR. Mitigation involves ensuring the immediate area is safe and preventing further incidents from occurring.
Notification - This is what happens after you can stop, take a breath and call for help. Sometimes this happens before the mitigation step, but ideally it would happen after. Notification involves calling for help or escalating to management.
Resolution - Resolving an incident often takes time. This is the part of the response when you fill out the incident report, fix the window, conduct the investigation, and communicate the outcomes to interested parties.
Recovery - This final step is often missed because everyone is in a hurry to get back to business as usual. But this is when you should reflect on the gaps that allowed the incident to happen, adjust policy and procedure for future prevention, and look at updating training around these types of incidents. Incident response is not really complete until this part is finished.
As you read these steps you might be thinking, response is not just the last mile, but also the longest. To some degree you are right, but it is also the part of security that can’t completely be fulfilled through the use of technology. Cameras, alarms, access control, and notification systems can help and do pieces of this, but ultimately having a trained security professional to handle most of the components is key. There is great benefit to having a trained security professional on site to respond to the alarm, triage the situation, document the incident, work with law enforcement, and write a detailed report to help management move on to the recovery phase.
No one wants to handle that call at 3 am. Having the right response team or process in place, makes even the worst situations much more manageable.