Prison Break: How Collaboration is Changing Security for the Better

By Lowers & Associates,

The most enlightening part of this story, though, was just seeing the joy that they all had on their faces. It was a realization that they could do this work.

Disclaimer: Portions of this conversation have been edited for length and clarity, and certain locations and details have been modified for privacy reasons.

As we approach the last few weeks of this series, collaboration has emerged as a subtle but dominant theme across the various work examples shared by our team of subject matter experts. In one sense, it’s not surprising – it’s part of the core ethos of the company. But to see it play out in so many different forms lends a unique texture to these stories that, until observed in print, might otherwise appear disconnected.

For context, L&A utilizes a collaborative approach for a number of reasons, and this includes the more immediately realized benefits of efficiency and cost savings. But additional benefits of employee engagement and cultural change are two other downstream reasons where collaboration creates a positive impact for organizations. With the former, if risk management or mitigation needs are especially complex or a disconnect in SOPs is apparent, employee engagement brings together the strategic and operational worlds, creating a more secure bond between different but equally important pieces of the organization. The culture change, then, that can happen as a result of this can be transformative long-term. However, in the short-term, the department or individual-specific learning and satisfaction that occurs through learning and contributing creates a deeper sense of well-being that employees then associate with their employer.

Nowhere is this more apparent than in #OurStory conversation with Kris Keefauver, as he recounts an investigation experience with a team of security officers that, until that point, were not empowered nor necessarily trained to take the steps required to work through a suspected crime.

You recently represented L&A as the Interim Security Director for a healthcare organization. What did that look like and can you describe some of the issues they were dealing with?

Kristopher L. Keefauver: Our task was three-fold: 1. Complete a security risk assessment of the of the campus. 2. Act as the interim security director. And 3. Be involved in the remediation efforts for any of the findings and recommendations that were brought to light during the assessment. The organization had a staff of about 10 to 12 security officers, and the L&A team was engaged to provide leadership and oversight while revamping the security department. The security team reported directly to us, we’d provide direction and supervision, and then report directly to the healthcare organization’s COO.

Serving in these capacities, a lot of what we found was that the staff that was on site weren’t necessarily aware of the policies, procedures, and processes that the healthcare organization had documented. The organization had done a great job of detailing out all these policies and procedures to be followed, but somewhere along the line, the chain of command or the dissemination of that information didn’t necessarily make it to the guard staff.

One thing we found was that when security was called, in some cases, they didn’t show up. Other times they’d show up, but not deescalate a situation. So, we were called on to help illuminate the issues they were facing, help remediate those issues, and then close the gap between what was being done and what should have been done, based on the policy and procedures. Upon further review, it was determined that the staff had completely lost trust in the security team and their capabilities.

In helping realign SOPs, revisiting hiring criteria and amplifying the need for training, you spent a lot of time on-site with your security officer team. Is there anything about the time or work together that stands out?

Keefauver: The most impactful moment for me happened at the end of a 12-hr shift. I was leaving work, heading down the stairs into the parking lot and ran into one of the security officers. After some small talk, he mentioned that they thought someone had stolen some shirts from the gift shop. I asked what their plan was, and he said, “Well, I’m going to go out in the parking lot to try and find her.” I went along with him to the parking lot.

Needless to say, we didn’t find her, so we came back in and talked to the other security officers, asking what they normally do in this situation. It was mentioned that there was one person that knew how to work the CCTV systems (self-taught), but that individual wasn’t there; so essentially, the team was going to just let it go. I’ve had some experience working with various CCTV systems, so I decided to take it a step further and do a little more investigating.

I talked to the gift shop employee and tried to get a description of the person, went to the CCTV system, and was able to locate the person based on the time she was in the gift shop, what she was wearing and other attributes. I then went back to the gift shop employee with a photo and she confirmed that that was the subject. It turns out that this subject had actually purchased a deck of playing cards. Upon further investigation, I asked the gift shop employee how the subject had paid for those cards, and it turned out she used a credit card.

At that point, I knew we were on to something so I asked if we could pull up the sale records to see if there was a name or any other identifiable information. The credit card transaction returned a gentleman’s name. We were able to talk to different levels of staff in various units to see if there were any patients under that name, and sure enough we got a hit. Digging deeper, since the individual on footage was female, I asked if there was a dedicated emergency contact for this individual. There was, so I took that individual’s name, plugged it into Facebook and it revealed that the patient and our suspected thief were ’in a relationship.’  It also revealed that this couple had three children, which turned out later that the five shirts that were taken equated to the two people and their three daughters.

So, to this point, the original security officer had been with you through this whole process?

Keefauver:  Yes!  So, I asked him, “What would you do at this point?” We ended up calling law enforcement, who arrived promptly on site. I showed them the video and asked what they typically did in situations like this. They admitted that they’d never got a call like this for any type of investigation at the facility.  But there was enough evidence to move forward and asked me what I’d like to do.

We went up to the patient’s room, asked that the subject in question step out of the room to speak with us. Law enforcement spoke to her in a separate room, asking her about the incident that took place. They came out and advised she was very cooperative and then asked me how the healthcare organization wanted to proceed. To which I said, “As long as there’s no more issues, no issues with staff, no issues with the gift shop – and we get the property back – we’re fine with her staying.”  She was very embarrassed and asked if she could return the shirts the following day because she didn’t want her significant other – the patient – to know what she had done. Her plan was to go back and pay for them once she got paid the next day, but I politely told the law enforcement officers that we’d prefer to have the property back, to which she obliged.

The most enlightening part of this story though, was being able to see the look on the security officer’s face, once he realized how to follow through with an investigation and seeing a new confidence in the security officers – it was a realization that they could do this work.

What were some of the key takeaways for the facility?

Keefauver: It brought to light a couple of things, the first being a CCTV system and knowing how to operate it. Every organization should have a quality camera system producing quality images/videos and sufficient retention, meaning that depending on the assets being protected, there’s adequate ability to review quality discernible footage, and for an extended/specified period of time. We want the organization to know how to use the system, to go back and pull up video when it’s needed for investigation purposes.

It was also enlightening, as I said, to see the officers on site go through that whole process. We collaborated on the report and they were able to take a little bit of credit for bringing the investigation to closure. For some of the security officers, it was their first job out of high school or college, for others, they were well into their career. Everyone was sharp, but we had to do a lot of learning on the job. That’s never a bad thing, but that training should be corroborated with certain written formal policy and procedure documentation that benefits both the employee and employer, signed, acknowledged and attested to.

Top 7 Risk Management Articles from 2017

By Lowers & Associates,

High reliability organizations, active assailant risk management, and healthcare security are just a few of the topics that dominated the Lowers & Associates Risk Management Blog in 2017.

Here we provide a summary of our 7 most-read articles from 2017.

1. 5 Principles of High Reliability Organizations

High Reliability Organizations (HROs) are anomalies. They exist in the kind of very complex, fast-evolving environments where you would expect chaos to prevail. But it doesn’t. HROs are able to cope successfully with unexpected conditions. That’s what makes these unusual organizations so attractive to researchers. What can we learn from them?

Read the full post >

2. When Active Assailant Situations Become Known-Unknowns

Not long ago, most Americans regarded active assailant incidents as black swan events, unpredictable and largely indefensible. However, with the increasing frequency of these events, the time is at hand when venue owners, employers, and operators of gathering places need to evaluate and mitigate the risk of these incidents, or potentially face legal consequences. And the number and type of venues at risk may increase.

Read the full post >

3. Test Your Fraud Knowledge

In case you’re thinking fraud is not an issue in your organization, you should know that extrapolating from actual fraud cases examined in 2016 and reported to ACFE, organizations worldwide lose 5% of topline revenue to fraud. Virtually every type of organization from business, government to non-profit sectors is vulnerable to fraud.

Read the full post >

4. Slideshow: What Makes a High Reliability Organization?

High reliability organizations (HROs) operate within challenging conditions. Think of air traffic control, aircraft carriers, and nuclear power plants for clear examples of such conditions. Mistakes in these settings often have catastrophic consequences. Yet they seldom fail.

Read the full post >

5. 7 Ways to Test the Reliability of Your Organization

If you are a manager in an organization, especially one that faces a complex, dynamic environment, you should be interested in learning how the principles of the High Reliability Organization (HRO) can help you. Your aim should be to develop an organization that moves continuously toward greater reliability of critical outcomes, using every failure as an opportunity for improvement.

Read the full post >

6. 18 Fraud Facts to Drive Your 2018 Fraud Prevention Plan

When it comes time to review your fraud risk management and prevention plan, it pays to have some hard statistics in front of you. This slideshow features 18 facts straight from the ACFE’s bi-annual Report to the Nations on Occupational Fraud and Abuse. The report can help you understand and respond to the threat of organizational fraud in your company, and the facts presented can serve as benchmarks for your organization while helping to uncover areas you may have failed to address.

Read the full post >

7. 3 Key Components of an Effective Healthcare Security Program

We make many assumptions about our healthcare. We assume our doctors and nurses are well trained and know what they are doing. We assume that the ER is open when we need it and the facility where we receive care is clean as well as safe and secure. While legitimate expectations, they are not always the case. When it comes to healthcare security, having an effective program requires planning, training and consistent implementation. Our latest whitepaper, 3 Key Components of an Effective Healthcare Security Program, walks through the most critical aspects of healthcare security and introduces some ways to ensure your program delivers.

Read the full post >

We look forward to continuing to deliver valuable content you can use to better protect your people, brands, and profits in 2018 and beyond. Happy new year!


  Category: Risk Management
  Comments: Comments Off on Top 7 Risk Management Articles from 2017

5 Methods to Manage Today’s Healthcare Security Environment [SlideShare]

By Lowers & Associates,

Healthcare security professionals today are directly impacted by the reality of a rapidly changing environment. The security function, as with many others, is being asked to do more with less, while addressing a frightening range of new and increasing threats.

How can you more effectively manage today’s healthcare security environment? Our latest SlideShare presentation outlines five methods: … Continue reading

What the Future Holds for the Healthcare Security Practitioner [SlideShare]

By Lowers & Associates,

The healthcare security practitioner is confronted by an alarming level of violence from a wide range of threats. Many people do not understand that healthcare and social service workers are victims of violent attacks at many times the rate of other private sector workers. OSHA bulletin 3148-06R reports some Bureau of Labor Statistics (BLS) on the issue:

  • Between 2011 and 2013, workplace assaults ranged from 23,540 to 25,630 annually.
  • 70% to 74% of these assaults occurred in healthcare and social service settings.
  • For healthcare workers, assaults were 10-11% of injuries causing days off work, compared with just 3% of injuries to all private sector employees.

… Continue reading

  Category: Healthcare Security
  Comments: Comments Off on What the Future Holds for the Healthcare Security Practitioner [SlideShare]

How Your Healthcare Security Program Can Benefit from a Third Party Perspective

By Lowers & Associates,

An effective and successful healthcare security program requires many different layers of support. Aside from program design, management, and daily staffing, there is also a strategic risk management layer to ensure your program’s direction addresses the most important security risks facing your organization.

With limited resources already stretched, many hospitals and healthcare institutions find value in having an external perspective, particularly when it comes to the functions demanding high levels of expertise and specialization. A fresh outlook can uncover hidden flaws in your program that otherwise may only be discovered in hindsight after a costly loss. Inviting a third party to help with a risk assessment, an audit, and/or various program implementations can create savings and allow you to focus in key areas so the entire program can remain healthy. … Continue reading