PROTECTIVE SECURITY

1
C4 Security Studies Programme: Protective Security

Introduction

In order to provide a comprehensive security service to any client it is essential that

a security operator understands the purpose and function of security measures as well as
the resources that may be available. It is equally important to understand who or what
is being protected and the risks faced by that person, business place or object.

Protective Security is the title given to the efforts undertaken to provide a

comprehensive security package. In essence protective security is what
security providers do.

While the topic of protective security is vast and available up to university degree level
we can consider a reasonable definition as being:

‘the systematic application of security measures and provision of appropriate resources

that enable the protection of people, property, business, information’.

Principles of Security

Attitude

In its widest concept the purpose of security is to protect our way of life. Of
course our way of life includes our safety, the physical protection of our homes
and businesses and our ability to move freely in our communities.

We often hear people say ‘it won’t happen to me’ or ‘crimes only happen in other
areas’. This still happens today despite the seriously high rates of criminal activity
that affects every community in New Zealand.

It is often this attitude that allows criminal activity and the subsequent breaches
in our personal, home or business security.

Many people still believe that it is the Police’s role to ensure we are safe and
secure and divest themselves of any need to ensure they have adequate
protective security measures or resources.

Security operators need to ensure that they have the right attitude when it comes
to patrolling communities or premises belonging to clients. The attitude must be
one that upholds discipline and professionalism at all times.

Security Awareness & Education

2
Good security can only occur if all parties involves know of the threats to security
and their responsibilities and they need to cooperate fully. This can only happen
if suitable awareness training has been delivered to all staff.

Security Measures Must Reflect the Level of Threat

The provision of security is an expensive item. Often the protective security

measures and applied resources are either more than required or more often
less than what is required.

The amount of time and money that must be invested in security arrangements
should be determined by the amount of risk that the asset or person is exposed
to. Therefore prior to spending time or money an assessment should be made of
the threat and risks faced.

Need to Know

This principle is fundamental to all aspects of security. Governmental security

organisations use this principle religiously, but often come unstuck. The principle
also aims to discourage "browsing" of sensitive material by limiting access to the
smallest possible number of people.

Defence in Depth

1. Protective security uses a multi-layered approach, known as “defence in

depth”. Defence in depth means combining several measures to make
unauthorized access difficult for an external intruder or an employee who does
not “need to know”. These measures should complement and support one
another. They may control:

• physical space
• procedures
• personnel
• technology

2. Physical security measures must also be designed to meet the threat to

security posed by the ill-intentioned person who already has authority to enter the
site, building or secure zone, rather than the intruder from outside.

3. The main physical defences are those nearest the protected item. In an
organisation with much classified material, for example, other precautions may
be needed for “defence in depth” or to guard against human error. Precautions
may include:

• security keys and containers to protect classified information

3
• access control measures
• security alarm systems to detect unauthorised access and alert a response
• physical barriers to deter, detect and delay unauthorised entry.

4. Physical measures may be complemented by procedural and personnel

measures such as:

• the “need to know” principle, limiting access to official information to

people who require it to carry out their duties
• a security classification system that identifies material that needs special
protection
• a personnel security system that ensures appropriate approval or clearance
for access to official material
• logical controls which minimise security risks to departmental IT systems
• education or training programme.

Security Controls

Defence in Depth can be achieved by utliising the following security controls;

Deter

Deter the offender by making your premise look secure. In essence we are
‘putting offenders off doing something’. This can be achieved by placing physical
barriers in the offender’s way. Examples include the erection of warning signs
and installation of exterior lighting.

Delay

Delaying can be defined as ‘slowing down the entry and exit of the offender’. This
provides two main objectives – firstly giving more time for detection and
apprehension, secondly to stop him from easily removing property from the
premises. This can be achieved by fitting doors with deadlocks etc, fastening
roller doors and immobilizing any company vehicles that may be left on the
premise.

Detect

The detection of offenders can be by various means. The most common is an

electronic intruder detection system (Alarm System). Any entry gained while the
alarm is set will cause the alarm to activate which can be either silent or audible.
In the case of a monitored alarm (monitored from a remote station) there may be
a physical response to the activation. In the case of a larger premise it may be
desirable to have a static guard placed for detection. Detection can be defined as
‘to find out what is going on’.

4
Deny

Deny the offender access by using measures such as deadlocks, bars and grilles
etc. Generally the more physical barriers placed in the offender’s way the more
successful you will be in denying them access. Denying can be summarised as
‘refusing to let someone do something or have something’.

Prevent

The saying ‘prevention is better than the cure’ is closely associated with
employing effective security in depth principles. The overall goal of effective
security is to ‘prevent’ any activity that poses a risk to a person, thing or premise
that you are responsible for. Prevent can be defined as ‘to stop something
happening’.

Protect

Our overall responsibility as security professionals is to protect a way of life for

our clients. Protection can be defined as ‘to look after and defend either property
or persons’.

Respond

How effectively a security breach is responded to will have a serious affect on the
overall loss or damage to an organisation. A response must take in to account
the ability of both the attacker and the responder.

Recover

It is recognized that individuals and organisations will at some point in time suffer
due to a security breach. The recovery phase is most important and one that is
not often planned for. An individual may have to recover from a stolen wallet. For
this they would have to report the theft to the police, gain the documents and
report them to insurance companies, credit card companies etc. A business may
have to recover from a major arson attack on their premises.

Compliance

Compliance is closely associated with enforcement. As a security operator one of

the main functions you have is to ensure that there is compliance within all
aspects of your job. Compliance can be defined as ‘to uphold rules or law’.

Enforce

As a security operator you may find yourself in an enforcement role. More often
than not you have the full authority of a client to exercise sound enforcement in

5
the execution of your duties. Enforcement can be defined as ‘ensuring people
follow the rules’. This can be achieved by abiding by site specifications, the laws
of the land and any other specific instruction you carry out on behalf of the client.

6
Risk Management

What is Risk?

The word ‘risk’ comes from an Italian word that means ‘to dare’. We take risks
every day and we make decisions on whether to accept the risk or not. Driving a
car is probably one of the riskiest things we do today when we consider the
number of people who die every year from vehicle accidents.

Risk is the presence of uncertainty of a hazardous event occurring and the

frequency or probability of it occurring combined with the consequences of it
occurring.

Likewise every business takes a risk. Just opening the doors to the public puts
the business at risk from petty theft, fraud etc.

Managing Risks

The management of these risks is the secret to a good business. Risk is defined
in the AS/NZS 4360: 1999 as ‘the culture, processes, and structure which come
together to optimize the management of potential opportunities and adverse
effects’.

Many of the risks faced by businesses (and home owners) are in the realm of
security. The answer to these risks in simplistic terms is the provision of
protective security.

The risk management process includes carrying out a risk assessment which can
be defined as ‘a process undertaken to define the security measures that need to
be put in place’. The process includes;

• Establishing the context

• Identifying risks
• Analysing risks
• Evaluating risks
• Communication and consultation

The risk management process then covers treating the risks and then regularly
monitoring and reviewing.

7
Threats and Effects

To employ effective protective security techniques it is important to understand what

types of threats exist and what effect they will have on the operational ability of the
business, the financial ramifications and the effect on the people within the business.

Generally threats can be grouped under the following headings:

1. A deliberate act

2. An accidental act

3. A system failure

4. Negligence

5. Something that cannot be blamed on people or systems

Deliberate Acts

These are acts that are deliberately caused by people. Obviously intent is a major factor
with deliberate acts. Situations you may be involved include but are not limited too:

1. Theft

2. Vandalism

3. Assault

Accidental Acts

Accidental acts can be defined as anything that is generally created by people but is not
deliberate. Situations include:

1. Spillage

2. Motor vehicle accident

3. Breakages

System Failures

System failures result from a system or part of a system failing. Generally they are
caused by a breakdown in machinery or electronic systems. Situations include:

1. Leakage

2. Power failures

3. Computer failure

8
Negligence

Negligence results when something fails due to the lack of intervention from people.
Generally due to someone not doing their job or not doing it properly. Examples of
negligence are:

1. Poor maintenance

2. Cant be bothered doing a routine foot patrol

Something that cannot be blamed on people or systems.

These situations can be referred to as ‘Acts of God’ or ‘Natural Events’. Situations

include but are not limited too:

1. Earthquakes

2. Floods

3. Tidal waves

Effects

As with any threat to security it is important to understand the effect(s) that can result if
you are or have been subjected to one or more of the threats as listed above.

The following are examples of how threats can impact on the ability of a business to
operate:

Accidental Act - A shop window is broken when a driver of a

vehicle loses control of his car and it smashes
through into the shop.

Effect - People may be injured, risk of theft from the

shop, shop may have to close temporarily, cost of
repairs to the window, possible increase in
insurance premiums, cost of preventative measures
to ensure it doesn’t happen again (bollards)

Deliberate Act - A non monitored commercial premise was

burgled on a rainy Friday evening resulting in the
loss of $200,000 worth of stock being stolen, the
burglars gained access through a skylight leaving it
open, obviously allowing the rain to enter the
interior of the premise for the remainder of the
weekend. A roller door was also jimmied off its
track to enable the offenders to leave the premise.

9
 This was discovered by a staff member arriving at
work on the Monday morning.

Effect - Loss of stock resulting in orders for clients not

being able to be completed and the replacement
cost of the stock, this may result in the business
losing clients. Cost of repairs to the premise as a
result of the damage caused by the offenders and
the rain, business may have to close. Increased
insurance premiums for the business,. cost of
implementing measures to ensure it doesn’t happen
again…physical measures (guards, alarms,
improved access etc)

Types of Industries Serviced by Security Companies.

The security industry in New Zealand deals with a multitude of businesses while
undertaking the services they are contracted to provide. This can range from a large
corporate business to a privately owned home of an individual.

Generally these businesses can be broken down to four major groups:

1. Commercial Industries - Retail, manufacturing, trade

service etc

2. Corporate Industries - Banks, Insurance companies,

Head offices etc

3. Departmental - Government Departments

(Defence, Fire, Councils etc)

4. Private Residences - Private homes

As a security operator it is important to note that for each type of industry or business,
that they will have different and unique security requirements and ways of dealing with
them.

You need to have a good understanding of the following:

1. What sort of industry is it?

2. How do they operate?

3. Why are they in business?

4. What protective security needs do they have?

5. What protective security measures do they have in place?

- design

10
 - construction
- regulations and standards
- audit procedures
- training and education
- security staff services
- physical security measures
- electronic and electrical security measures
- guard and patrol dogs

Example

Supermarket - Is a commercial enterprise. It is in business to make a profit by

selling essential groceries and other household items to members
of the public. It displays its goods on shelving which enables
customers to view, select and purchase. The main security
concerns for this premise are preventing customers and staff
stealing the goods off the shelves.

The protective security needs are met by:

1. Having few hidden corners in the shop (environmental design)

2. Customers are required to exit the shop through narrow service aisles which
are always attended by a shop assistant.

3. There are mirrors and security cameras fitted.

4. The staff has been trained in loss prevention and how to identify potential
shoplifters.

5. They employ dedicated and trained security staff to identify and apprehend
shoplifters.

6. They employ the services of a security company to conduct patrol checks on

the premise out of normal working hours.

Security Industry Sectors

Within the security industry there are numerous tasks and roles that are undertaken by
specialist sectors. It is important to remember that each sector has specific functions with
the industry.

11
Security Staff Services

Security staff services are more commonly known as Manned Services which
predominantly consists of Guards and Patrols. The main function(s) for this sector is the
security of installations, buildings, premises and venues. Some companies offer a retail
security component as well as a cash pick up and delivery service.

Alarm Monitoring

Alarm monitoring provides the ability for both residential and commercial alarms to be
monitored 24 hours per day from a remote monitoring site. If an alarm activates the
monitoring operator is responsible for advising the response company to attend and also
keeping the client updated as to what is happening on their site. Generically this is the
human link between an alarm system and a response company.

Electronic Security Systems

Electronic security systems are predominantly the hardware items associated with alarm
systems, access control systems, detection systems (CCTV), warning systems etc.
Obviously this side of the industry needs to advance alongside technology and is a
forever changing environment to work in. Electronic security involves the installation,
operation and maintenance for such systems.

Physical Security Systems

Physical security systems involve hardware items associated with physically preventing
access to certain areas or premises. It can include but is not limited to gates, fences,
(electric and non electric) lighting, doors, locks, deadlocks, ram raid bollards etc. It also
includes the installation, operation and maintenance of such items.

Consultants

Security consultants are a vital part of the industry. They are the security experts who
visit sites and premises and recommend to the client what security measures would best
suit their needs. Their main role is to conduct security audits, undertake risk assessments
and provide the best option to manage the risk. Commonly referred to as sales team
members dependant upon which company they work for.

Training Providers

Security industry training providers are responsible for providing and conducting NZQA
recognized training for those that wish to enter the industry or for those who are already
working within it. Other services some providers offer are advanced high risk training to
both industry members and clients (Close Protection, Armed Robbery, Bomb Evacuation
etc)

12
Document Security

Document security providers are responsible for processing, handling, presentation,

storage and destruction of sensitive documents.

Computer Systems Security

Computer security experts are predominantly responsible for the security of information
stored, used and transmitted via computers. In today’s world this role is becoming more
and more in demand. Their main function is to ensure that sufficient computer resources
are in place to protect sensitive information being accessed by those that have no right to
it.

Manned Service Roles and Responsibilities

As discussed earlier under Security Staff Services there are various functions undertaken
by the sector known as manned services.

This sector can be broken down further to:

1. Static Site Guards

2. Mobile Patrolman

3. Retail Operatives

4. Cash in Transit

Static Site Guards

Static site guards are employed by clients to provide a continued presence at one
particular site. This can range from a few hours per day to 24 hour coverage if the site in
question warrants it. Generally a static guard will be required when there is a high risk
of:

1. Unauthorized access

2. Fire and other natural and man made disasters

3. Burglary

4. Theft by staff, visitors and contractors

5. Failure of important electronic and mechanical systems

6. Damage and vandalism

7. Internal traffic control requirements

13
Duties of the guard can include but are not limited too:

1. Access Control

2. Control of inwards and outwards good.

3. Vehicle control, direction and parking

4. Emergency callout procedures

5. Foot patrols as required

6. Fire prevention, detection and fighting

7. Industrial safety and accident prevention

8. Physical security requirements

9. Enforcement of company rules

10. Reports on accidents and incidents

11. Emergency services assistance and liaison

12. Examination of plant, boiler systems and alarms

13. Prevention of theft, damage, loss by fire and flood etc

14. Lost and found property

15. Initial investigation of basic offences

16. Upkeep of - Occurrence Book

- Visitors Book
- Message Book
- Key Register
- Record of visiting vehicles, drivers and loads

Mobile Patrols

The value of mobile patrols is very much under estimated by virtue of the fact that the
majority of the patrols undertaken are unseen by clients. The role of the mobile patrolman
has many facets. He is a fire prevention officer, safety officer and is responsible for the
prevention/ detection of crimes against property of the protected client.

With this in mind the main purpose of a security mobile patrol is to prevent, or at its
worst, minimize the risk of loss resulting from fire, flood, theft, vandalism, the elements
and natural disasters to the property which is being protected. By virtue of the fact that
the factors listed above generally occur outside of normal working hours it is obvious

14
then that this type of service is generally conducted during the hours of darkness and
during the day in weekends and public holidays.

Types of Patrols

Bed Down Patrol

This is the first patrol after the premise has been vacated. As the name suggests, it is a
patrol that is designed to ‘bed down’ the premise and rectify any security breaches so that
on it’s completion the premise is left in a secure state.

Areas that gain attention are doors, windows, taps, lights, heaters, safes, vehicles, outside
equipment and any other requirement that the premise in question may have.

Subsequent patrols that are conducted throughout the night are designed to ensure that the
integrity of the bed down patrol is maintained. By paying detailed attention to the bed
down patrol service the invitation for a would-be intruder or other mishap is removed.

External Patrols

A patrol of this nature is to ensure that the doors and windows are secure so as to prevent
easy access into the premise from the outside. It is also a method of preventing the
outside of the building from attack. There are limitations with this type of patrol. There is
no way the security patrolman can be aware of the state of the interior of the building.
Should entry be gained by an intruder through the roof of a premise, it is possible that the
crime will go undetected until the premise is reopened.

Internal Patrols

Internal patrols will generally supplement the external patrols. The inspecting patrolman
is able to gain access to the building to conduct thorough internal checks. This is
achievable through the patrolman having keys and alarm codes to gain entry.

While he is conducting this inspection he should be noting hazards which exist that could
go unnoticed during the day to day running of the premise.

Alarm Response Functions

In addition to both the external and internal patrols a mobile security officer is able to
respond to a premise that has a monitored alarm.

When the alarm is functioning normally and being monitored from a remote monitoring
station the premise remains under constant surveillance when unoccupied. In the event
that there is an activation on the alarm, the mobile patrolman is dispatched to attend the
premise. On arrival the patrolman is expected to carry out the following:

1. Arrive onsite

15
 2. Conduct a full external check of the premise to detect any breaches of security
or points of entry.

3. Unlock the premise (if keys are held) and unset the alarm (if the code is held).

4. Conduct a full internal inspection of the premise

5. Reset the alarm

6. Secure the premise and leave an alarm attendance docket onsite.

Notes:

1. In the event that a breach of security or burglary is discovered the patrolman

will request that a key holder and the police be contacted and asked to attend.
The patrolman will then wait onsite for any security related instructions from
the client.

2. If it suspected that offenders are on the premise (multiple alarm activations or

noise from inside) the patrolman will request back up prior to making entry to
the building.

3. It is normal practice for the patrolman to leave an alarm attendance docket

(report) onsite prior to departure. The information contained within this report
could highlight any shortcomings with the alarm system or a particular area of
the premise.

4. There is no guarantee of an alarm response time frame with respect to getting

a mobile patrolman onsite. The industry standard in New Zealand is 30
minutes. To many people this may seem a long time, however, patrolman do
not have any special powers to break the law with regard to driving. Another
factor to consider is at the time of the activation the patrolman may be in
attendance at another site. The company involved should ensure that their
areas of responsibility are well resourced and that there are secondary
procedures in place.

Other Functions of the Manned Service Operation

The roles as stated above are generally the main functions of a manned service operation.
However, there are specialist groups within the New Zealand Security Industry that
undertake the following roles:

Venue Security

The main role of venue security personnel is to ensure the safety of all persons at a
particular venue. (Ericsson Stadium, Eden Park etc). This includes performers and
patrons. Duties include but are not limited to;

1. Access Control

16
 2. Prohibited items control

3. Fire and evacuation procedures

4. Crowd control

5. Removal of unruly elements

6. Over all safety of patrons

Secure Transport

Secure transport is defined as ‘the transportation of valuable commodities (cash,

documents etc)’. Generally this is a function that is specialized and involves the use of
armoured vehicles and specially trained employees of security companies.

This function includes the uplifting and delivery from a clients premise to a more secure
location (ie Bank, Cash processing facility).

Retail Security

This role can be referred to as ‘loss prevention officers’ or ‘undercover store detectives’.
Some companies offer this service to select clients and involves both uniformed and non
uniformed officers being deployed within stores to detect, apprehend and process
shoplifters.

Personal Protection

This function is better known as ‘body guarding’ or ‘close protection’. This is a

specialized role that requires intensive training and preparation to undertake. The main
role of a close protection operator is to protect an individual, their family and their
interests.

Control Room Operator

This is generally a support function for employees of a security company. This is

generally manned 24 hours per day and provides welfare, external communication and
the ability to contact emergency services, monitoring and clients for guards and mobile
patrolman.

System Monitor

A system monitor is commonly referred to as a ‘monitoring operator’. Their main

responsibility is to monitor client alarms and advise dispatch and clients when an alarm
activates. They are also responsible for ensuring that all alarm activations have been
attended too and that the premise alarm is set prior to the patrolman departing.

17
Systems Installation and Maintenance

This side of the industry is responsible for installing electronic security systems, (alarms,
cameras, access control etc) and ensuring that they are maintained in accordance with
their maintenance schedules.

Specialist Security Groups

Within the security industry in New Zealand there are certain groups that are termed
specialist security groups. For these groups there is a requirement for specialized training
and in some case a higher level of licensing required.

Role Responsibility Special Conditions

Aviation Security General security duties Employees of aviation

‘Airside” at airports security.
Specialist training
Special powers under the
CA and Crimes Act

Airport Security General security duties Employees of airport

“Landside’ at airports companies.
Specialist CoA

Court Security General security duties in Employees of the Dept of

New Zealand Courts Courts
Specialized Training
Specialist CoA

Prisoner Escort Services Delivery of prisoners to Employees of security

and from courts companies
Specialized training

Hospital Security General security for staff Employees of security

and patients at hospitals companies or in house
from the hospital

Prison Services General duties concerning Employees of the Dept of

the welfare and custody of Corrections.
prisoners in prison Specialized training

18
Parking Wardens General parking Employed by councils
enforcement duties Specialized training

Definitions

Duty of Care

When conducting security related tasks you should undertake it with responsibility, be
careful as you carry out your duties and do what you have to do to the best of your
ability.

Best Practice

Doing what is necessary, safe, effective, and lawful and demonstrates the duty of care.

Law

The acts of parliament and regulations set by government. This is enforced by the police
and complied with through the courts.

Organisational Policy

Policies that a security company or customer’s need to comply with. Advises why things
are done in certain ways.

Practice and Procedure

Defines the way in detail why and how we do things. On occasion practices and policies
are in writing and part of a security guard’s induction into a company.

Standing Orders

These are security company orders and specific instructions which apply or stand in all
situations.

Site Procedure, Post Orders or Site Instructions

These are instructions normally set out in writing that advise you or tell you how to do
things on a particular site.

Other Written or Oral Instructions.

Extra instructions given by the company or the client regarding what should be
undertaken during an assignment.

19
Summary

As security operators we must ensure that we follow all laws and workplace instructions
at all times. The only time you do not abide by this is when you have been asked to do
something that is illegal and which could compromise your trust and integrity as a
security professional.

20