the risk management blog

Prison Break: How Collaboration is Changing Security for the Better

byLowers & Associates | July 29, 2020
The most enlightening part of this story, though, was just seeing the joy that they all had on their faces. It was a realization that they could do this work.

Disclaimer: Portions of this conversation have been edited for length and clarity, and certain locations and details have been modified for privacy reasons.

As we approach the last few weeks of this series, collaboration has emerged as a subtle but dominant theme across the various work examples shared by our team of subject matter experts. In one sense, it’s not surprising – it’s part of the core ethos of the company. But to see it play out in so many different forms lends a unique texture to these stories that, until observed in print, might otherwise appear disconnected.

For context, L&A utilizes a collaborative approach for a number of reasons, and this includes the more immediately realized benefits of efficiency and cost savings. But additional benefits of employee engagement and cultural change are two other downstream reasons where collaboration creates a positive impact for organizations. With the former, if risk management or mitigation needs are especially complex or a disconnect in SOPs is apparent, employee engagement brings together the strategic and operational worlds, creating a more secure bond between different but equally important pieces of the organization. The culture change, then, that can happen as a result of this can be transformative long-term. However, in the short-term, the department or individual-specific learning and satisfaction that occurs through learning and contributing creates a deeper sense of well-being that employees then associate with their employer.

Nowhere is this more apparent than in #OurStory conversation with Kris Keefauver, as he recounts an investigation experience with a team of security officers that, until that point, were not empowered nor necessarily trained to take the steps required to work through a suspected crime.

You recently represented L&A as the Interim Security Director for a healthcare organization. What did that look like and can you describe some of the issues they were dealing with?

Kristopher L. Keefauver: Our task was three-fold: 1. Complete a security risk assessment of the of the campus. 2. Act as the interim security director. And 3. Be involved in the remediation efforts for any of the findings and recommendations that were brought to light during the assessment. The organization had a staff of about 10 to 12 security officers, and the L&A team was engaged to provide leadership and oversight while revamping the security department. The security team reported directly to us, we’d provide direction and supervision, and then report directly to the healthcare organization’s COO.

Serving in these capacities, a lot of what we found was that the staff that was on site weren’t necessarily aware of the policies, procedures, and processes that the healthcare organization had documented. The organization had done a great job of detailing out all these policies and procedures to be followed, but somewhere along the line, the chain of command or the dissemination of that information didn’t necessarily make it to the guard staff.

One thing we found was that when security was called, in some cases, they didn’t show up. Other times they’d show up, but not deescalate a situation. So, we were called on to help illuminate the issues they were facing, help remediate those issues, and then close the gap between what was being done and what should have been done, based on the policy and procedures. Upon further review, it was determined that the staff had completely lost trust in the security team and their capabilities.

In helping realign SOPs, revisiting hiring criteria and amplifying the need for training, you spent a lot of time on-site with your security officer team. Is there anything about the time or work together that stands out?

Keefauver: The most impactful moment for me happened at the end of a 12-hr shift. I was leaving work, heading down the stairs into the parking lot and ran into one of the security officers. After some small talk, he mentioned that they thought someone had stolen some shirts from the gift shop. I asked what their plan was, and he said, “Well, I’m going to go out in the parking lot to try and find her.” I went along with him to the parking lot.

Needless to say, we didn’t find her, so we came back in and talked to the other security officers, asking what they normally do in this situation. It was mentioned that there was one person that knew how to work the CCTV systems (self-taught), but that individual wasn’t there; so essentially, the team was going to just let it go. I’ve had some experience working with various CCTV systems, so I decided to take it a step further and do a little more investigating.

I talked to the gift shop employee and tried to get a description of the person, went to the CCTV system, and was able to locate the person based on the time she was in the gift shop, what she was wearing and other attributes. I then went back to the gift shop employee with a photo and she confirmed that that was the subject. It turns out that this subject had actually purchased a deck of playing cards. Upon further investigation, I asked the gift shop employee how the subject had paid for those cards, and it turned out she used a credit card.

At that point, I knew we were on to something so I asked if we could pull up the sale records to see if there was a name or any other identifiable information. The credit card transaction returned a gentleman’s name. We were able to talk to different levels of staff in various units to see if there were any patients under that name, and sure enough we got a hit. Digging deeper, since the individual on footage was female, I asked if there was a dedicated emergency contact for this individual. There was, so I took that individual’s name, plugged it into Facebook and it revealed that the patient and our suspected thief were ’in a relationship.’  It also revealed that this couple had three children, which turned out later that the five shirts that were taken equated to the two people and their three daughters.

So, to this point, the original security officer had been with you through this whole process?

Keefauver:  Yes!  So, I asked him, “What would you do at this point?” We ended up calling law enforcement, who arrived promptly on site. I showed them the video and asked what they typically did in situations like this. They admitted that they’d never got a call like this for any type of investigation at the facility.  But there was enough evidence to move forward and asked me what I’d like to do.

We went up to the patient’s room, asked that the subject in question step out of the room to speak with us. Law enforcement spoke to her in a separate room, asking her about the incident that took place. They came out and advised she was very cooperative and then asked me how the healthcare organization wanted to proceed. To which I said, “As long as there’s no more issues, no issues with staff, no issues with the gift shop – and we get the property back – we’re fine with her staying.”  She was very embarrassed and asked if she could return the shirts the following day because she didn’t want her significant other – the patient – to know what she had done. Her plan was to go back and pay for them once she got paid the next day, but I politely told the law enforcement officers that we’d prefer to have the property back, to which she obliged.

The most enlightening part of this story though, was being able to see the look on the security officer’s face, once he realized how to follow through with an investigation and seeing a new confidence in the security officers – it was a realization that they could do this work.

What were some of the key takeaways for the facility?

Keefauver: It brought to light a couple of things, the first being a CCTV system and knowing how to operate it. Every organization should have a quality camera system producing quality images/videos and sufficient retention, meaning that depending on the assets being protected, there’s adequate ability to review quality discernible footage, and for an extended/specified period of time. We want the organization to know how to use the system, to go back and pull up video when it’s needed for investigation purposes.

It was also enlightening, as I said, to see the officers on site go through that whole process. We collaborated on the report and they were able to take a little bit of credit for bringing the investigation to closure. For some of the security officers, it was their first job out of high school or college, for others, they were well into their career. Everyone was sharp, but we had to do a lot of learning on the job. That’s never a bad thing, but that training should be corroborated with certain written formal policy and procedure documentation that benefits both the employee and employer, signed, acknowledged and attested to.

ABOUT THE AUTHOR

Lowers & Associates
Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >