5 steps to a total security solution

This blog was co-authored by James Minninger, a security consultant with Sorensen, Wilder & Associates. A retired police sergeant in the suburbs of Philadelphia, he was an operator on SWAT, lead tactical firearms instructor and less lethal munitions operator. He is certified in basic and advanced SWAT operations, hostage rescue, basic and advanced weapons of mass destruction tactical operations and hostage negotiations.

When performing security vulnerability assessments in long-term care (LTC) communities across the nation, some common areas of concern exist: active shooter/armed intruder vulnerabilities, thefts, domestic violence incidents (staff and residents), drug diversion and elder fraud. These truly are valid issues facing these communities. But how can we design and implement a security strategy and solution to address these security vulnerabilities and mitigate further problems?

Several areas need to be considered when designing and implementing a total security solution (the P2T2 system): having the right People in place throughout the community, developing realistic security policies and procedures, staff/resident security training and having the proper integrated security technology. These areas need to work with each other to prevent gaps in the security solution. Let’s look at a systematic approach to diminish those gaps.

Step 1: Assess

A team of knowledgeable professionals with industry-based experience and expertise in the LTC environment should assess the community for security vulnerabilities. This assessment team, which consists of qualified healthcare security professionals, looks for gaps in the security environment, assigns a current risk level, provides solutions to mitigate the vulnerability, re-evaluates the risk again after solutions are implemented and then justifies the solution recommendation. The assessment team should interview staff regarding security perceptions and concerns, review current security related policies and procedures, research area demographics (crime statistics, trends, previous history, socio-economic, topography and environmental), review security-related training provided to staff, and look at the security technologies in place. All of these elements are combined to provide the most complete and accurate security vulnerability assessment possible and it should be compliant with the United States Department of Homeland Security (DHS) National Infrastructure Protection Plan (NIPP) framework for assessment of risk in healthcare.

Administrators may have an idea of vulnerabilities of the community, as voiced by staff and residents, but an independent third-party consultant specializing in healthcare security should be considered as a “fresh set of eyes.” An assessment will provide the administration with a list of needed “security fixes,” and, if done thoroughly, it will also provide a level of prioritization for implementation.=

Step 2: Develop

A holistic security plan based off the security vulnerability assessment now can be developed. The plan, which becomes the foundation upon which the security management program is built, reviews the vulnerabilities and becomes a roadmap for budgeting, implementation and training. A risk/cost analysis can be completed to determine where your security budget needs to be focused. A three- to five-year strategic plan for security improvements based on the community’s budget can also be developed here.

Policies and procedures based on technology implementation, facility needs, industry standards, best practices and current accepted trends need to be developed at this point to correspond with the utilization of new technologies. Policy and procedure may only need to be modified if currently in place, but need to be evaluated if new technologies are introduced or new security response plans initiated.

Step 3: Integrate

When most people think of security integration, they think about how the security technologies interact…does the access control “talk” to the CCTV? Does the intrusion alarm notify key personnel when activated? What happens when a duress button or nurse call is activated? We often see piecemeal systems because of community building expansions or “upgrades” in technologies or the use of different manufacturers for the same end result (CCTV, access control, wander management) in different buildings on the same campus.

Communities need to use software that provides a platform of integration for all the technologies. A good PSIM, or physical security information management software, can provide this integration platform and allow room for future expansion or upgrades.

Security integration goes well beyond cutting-edge technology. An integration plan needs to incorporate your human resources (including your residents), security-related policy and procedure, staff training and security technology. All four aspects are important cogs in the security wheel. If one does not function properly (or worse yet, at all), then the investments in security enhancements are weakened and your residents, staff and community assets are not as safe as they could be. A focus on seamless integration of policy and procedure, technology and training should allow for system redundancies. If there is a weakness in this triad, the redundancies developed should provide a stopgap.

Step 4: Training

The best plans and intentions to keep residents, employees and assets safe and secure is “all for naught” if proper training is not part of the solution. Staff training should be developed in a systematic way to provide employees with a structured tier of instruction. Didactic instruction, tabletop (discussion-based) drills, and full-scale exercises should be developed, planned and executed in a detailed training management plan, which ensures that employees are aware of and well-practiced in the facility security plan.

Documented staff training will reduce liability exposure for the facility. Furthermore, community “town hall” style meetings for residents are an important part of this training section. Staff (security, resident coordinators and administrators) meet with residents to explain the importance of visitor management, activation of duress and nurse call systems, reporting of suspicious activity, evacuation and lockdown procedures and why it is important to adhere to the community safety and security policies.

Step 5: Maintain

Employees come and go, policies and procedures need to be reviewed and adjusted, training needs to be ongoing, and technologies, software and firmware need upgrades. The ongoing review of every aspect of your security management program needs to be addressed in an annual security maintenance plan. In addition, a service agreement can be crafted with a trusted security integrator to ensure all aspects of your security technology systems are working as they should. We have seen many communities ignore this step, and in the long-term, full security systems needed to be replaced because of the failure to maintain.


Adhering to this five-phase approach will create a well-crafted security plan for your community, ensuring the safest environment for residents, employees and facility assets.

Related articles

The security vulnerability assessment

'Active shooter' events: Balancing resident, staff safety

Preparing for 'active shooter' events: Lockdowns

4 steps to protect residents from financial fraud

Topics: Disaster Preparedness , Leadership , Risk Management , Staffing