An EsRM Blueprint for School/Campus Safety and Security
This is part 1 of a series that will help schools understand the fundamentals of EsRM and how it can help their approach to safety and security.
Now that schools and universities have realized, for the most part, that they are not immune to the need for risk management programs it’s time to look at the approaches being bandied about. There are a deluge of vendors lining up to provide services, useful or not, and schools find themselves with budgets they never had before. The number of programs and safety awareness events popping up are staggering, and school officials are entering a world that only larger enterprises have faced in the recent past. It took a list of tragedies to move the needle for many schools, but some have deployed fairly comprehensive risk management programs for years.
The strategy and approach schools take must be correct before operations and tactics can be addressed, and intelligence must help shape all of the above. Let’s take a look at how the principles of enterprise security risk management (EsRM) can be applied in the education industry.
What is EsRM?
As a quick refresher, EsRM is a theoretical construct, application, and approach to risk management that emphasizes cost effectiveness, holistic (non-siloed) involvement by the whole organization, real-time understanding of multi-variate threats as they impact the goals and viability of an organization. It’s the combination of all impacts (whether positive and negative) that will contribute to the success or failure of an organization. EsRM is not a collection of departments or individual security approaches; rather it is a core competency of the business or organization that is attempting to operate and thrive in a very uncertain world. Schools must also follow these principles, and the return on investment (ROI) is even greater given the stakes and the need to optimize security and risk management resources.
Schools have goals that are different from corporations, but there are still similarities. Schools care about their public relations and image. Private schools and universities compete with other private schools. Schools have to budget and allocate resources for operational efficiency and quality. Schools can be vulnerable to lawsuits and heavy losses due to catastrophe. Schools have probably the most vulnerable and sensitive asset needing to be protected: students. Schools have students traveling overseas that are vulnerable to multiple threats. There are drugs, parties, sexual exploits, violence, crime, human risks, concussions, academic cheating, suicide, and cyber risks facing schools in varying degrees that impact the school greatly. The number of impacts on education has become significant as students spend a large percentage of their early lives at school. Schools are spending an increasing amount on school hardening and physical security such as more guards, higher walls, access control, cameras, and more. Just like companies do.
Daily Rhythm Often Hinders Collaboration and Change
Schools also have siloed departments that interfere with an effective risk culture. Students, parents, staff, and administration are all working on their individual tasks. There is a semi-rigid and scripted daily rhythm that rarely offers much time for collaboration and sharing across the organization. Communication is challenged and there are significant blinders in place that veil several threats just under the surface. Parents are often on the outside looking in and have very little understanding of what risk management is in place. Schools have largely been operating in a vacuum as if the world can’t impact them in the same way it impacts us all outside of the campus and in our business lives. With the growing threats, the rising budgets, and emerging technologies available, there are fewer and fewer excuses for school administrators to lean on. “What now?” is not a plan and schools can no longer hope to be bailed out by first responders and law enforcement. The duty of care for schools is here to stay and I’m sure this is music to the ears of many advocates of school safety and security.
To help schools get started we will be publishing content and hosting webinars to cover the various steps (see below) to realizing effective and valuable risk management for schools. It should be noted that technologies and other enablers will be needed throughout the process. We will identify areas where there are technology enablers available and present ways to assess and choose these capabilities. It should also be noted that the following list is only a guide based on extensive experience and best practices. The maturity of your organization with respect to EsRM is somewhat subjective and in the end, you should utilize methods that work best for your organization. Always strive to improve and don’t become complacent; once you come up with a program, give it a chance.
A Simple Guide to Get Started with EsRM for School Security and Safety
- Develop infrastructure to support EsRM
- Determine most important and most vulnerable goals and objectives
- Analyze known threats to goals
- Continue monitoring known and unknown threats
- Establish communication protocols and committees across the organization
- Establish and agree on baseline optimal security and mitigation needs
- Develop comprehensive risk and crisis management operations, training, supporting tech
- Interface and coordinate with response capabilities (rehearse)
- Monitor and measure effectiveness, value, and goals
- Report, analyze, discuss with stakeholders including parents, students, and officials
If you would like to get on our mailing list for free webinars and more information on an EsRM approach to school safety and security, or to see a demo of our EsRM software for school safety and security, click below.
Interact with this post on Social Media
CEO & Founder
Toby is a risktech and ESRM futurist who earned two Master’s degrees in Biology (Neuroscience) and International Relations in addition to becoming a member of the US Army Special Forces, more commonly known as the Green Berets. After leaving the military with over 10 years of risk management and intelligence experience, Toby founded Alpha Recon to be a risk technology innovator in enterprise security risk management (EsRM). Focused on rapidly changing and diverse risk management challenges across traditional corporate boundaries, Toby is a proponent of strategy and intelligence-focused risk management, limiting liabilities while advancing opportunities and outcomes for business with the help of machine learning/AI. Toby is an unconventional thinker who believes that solutions have remained siloed, irrelevant, and rarely lower risk or provide opportunity for organizations and their assets in a measurable and proactive way.
Toby served around the world in high threat areas advising senior military, foreign governments, and U.S. government officials and dignitaries. Engaging with local communities he gained first-hand security and risk management experience in complex environments. During this time, Toby became an expert in risk management, intelligence operations, and threat mitigation with an appreciation for proactive and practical methods. His equal appreciation for deep learning and risk models to synthesize multi-variate data and make it valuable is evident in Alpha Recon’s software approach. Toby’s theories and ideas about holistic risk understanding and strategic management challenge the status quo and will no doubt result in better practices and solutions to help the performance of enterprises around the world. Toby enjoys speaking about innovations in risk technology, measurable risk management, and building consensus for enterprise security risk management around the world.
Toby is currently on the technical committee and working group for ESRM on behalf of ASIS, developing the Enterprise Security Risk Management guideline.