Council White Papers

​Navigating through the many pages of our website leaves both security novices and seasoned practitioners with a quick overview of the many facets of the security profession.  But where can you find specific guidance on the range of security issues faced daily by the world's businesses?

The 34 ASIS Councils represent both security specialties such as investigations, crime prevention and loss prevention, and information technology as well as specific industries such as banking, commercial real estate, healthcare, and utilities. The members of these councils are subject matter experts in their specialties. The following samples of Council produced papers are free this month to members and nonmembers alike. As a group, they represent solutions to pressing issues that are essential components of a security professional's portfolio.

Each month we off free resources on our security spotlight topics. We also offer additional resources to the ASIS membership. Not a member? Join Today   

» View Past Security Spotlight Topics​​

​White Papers

(access to these materials requires creation of a free ASIS web account)

Active Shooteractiveshooter.png
White Paper, 2016
ASIS School Safety & Security Council

This 59-page paper consists of thirteen articles by twelve authors, all members of this active council.  It concludes with five appendices that reference a tabletop exercise, two Security Management articles, a guide from the U. S. Department of Education, and an ASIS International guideline.

Five of the articles deal with active shooters, phases of an attack, and K-12 schools as soft targets. Another four describe ways to gather proactive intelligence by using situational awareness to observe pre-attack indicators, behavioral threat assessment teams, behavioral cues, and target hardening of classroom doors through physical security enhancements. Three more look into responses, including training for and the actions of emergency responders and the pros and cons of arming teachers.

In his article, "Lessons Learned," former council chair Lawrence Fennelly explores the need for both school officials and first responders to evaluate what happened during a training drill or actual event. The following questions can guide that review:

  • What strategies worked well and what did we do right during the response?
  • What could have been done better?
  • What systems and procedures worked well and what needs to be re-evaluated or changed?
  • What additional equipment or training would have made the response better?

Active Shooter - High-Rise Building Scenario
White Paper, 2016
ASIS Fire and Life Safety Council, 2016

The main point of this detailed paper is that the vertical nature of a high-rise building changes the way managers and first responders should react to an active shooter incident. Specifically, a partial evacuation or relocation to a safe floor requires tenants to move up or down in the building, thus increasing the likelihood that they may encounter the shooter. Also, elevators may be commandeered by law enforcement or recalled to the lobby if the fire alarm is activated. In these cases, ordering a shelter in place may be the most effective strategy. To be effective, training on how response procedures will be implemented through tabletop exercises and computer simulations is essential. The authors note this information is “no longer a taboo subject, but is of vital interest to tenants that are clamoring for information.” They following action are among their recommendations:

  • Notify tenants as quickly using as many methods as possible, including speaker system announcements, phone calls, and mass notification systems.
  •  Reduce or eliminate the options a shooter has to move in the facility such as recalling elevators, closing and locking doors, and advising tenants to secure their spaces.
  • Tenants should be trained to not activate fire alarms, which will likely confuse and delay rather than assist in the response. Building managers, engineers, security should be capable of silencing and resetting alarms.

Bullying, Cyber-Bullying, Teasing, Hazing, Harassingbullying.png
ASIS School Safety & Security Council and the Crime and Loss Prevention Council, reviewed by the Women in Security Council, 2014

The purpose of this collaborative effort is to identify issues, examine what seems to be working and what isn't, and recommend guidelines tailored to local school conditions in response to the international problems listed in the paper's title.

Several behavioral and legal definitions of bullying are included. Succinctly, bullying involves repeated harmful acts and an imbalance of power. Recognized forms include sexual harassment, ostracism, and hazing. The paper includes examples of state laws and school policies on harassment, hazing, and bullying and recommendations for parents on what to do if their child is a victim.

Statistics on cyber-bullying in schools from a 2013 Virginia School Safety Audit intimates that school administrators are unaware of this activity in their schools: only two statewide reported more than 100 incidents in the previous year, and more than half said there were none.

Data collected from students by Rick Shaw the same year portray a different picture;

  • 85 percent of students surveyed witnessed and/or experienced bullying at school, and 33 percent said they witnessed or experienced bullying multiple times a month.
  • 94 percent of students said they would or would consider using an online anonymous incident reporting option. 
  • Shaw concludes that "all reports from students, staff, and others must be met with decisive action, an immediate investigation, and fair consequences so kids do not lose confidence in the school's capacity to act.

Controlled Substance Compliance ProgramControlledSubstance.png
ASIS Pharmaceutical Security Council, 2014

The misuse and abuse of prescription drugs has been referred to as an epidemic in the United States and is more prevalent than the abuse of illicit drugs. This paper focuses on the challenges facing the pharmaceutical industry in its efforts to develop, implement, and maintain an effective controlled substance compliance program that satisfies the regulations of the U.S. Drug Enforcement Administration (DEA), which investigates and prosecutes violations of the Controlled Substance Act.  In those efforts, DEA has established standards for effective security controls and operating procedures necessary to prevent diversion. Examples of the 14 security systems and needs deemed by DEA to be in compliance include the building's construction and general characteristics; the properties of safes, vaults, and secure enclosures; public access and perimeter fencing; supervision of employees; and guest or visitor procedures.  The following points are also key factors leading to compliance:

  • DEA diversion investigators are authorized to enter controlled premises and conduct inspections of distributors, reverse distributors, manufacturers, narcotic treatment programs, researchers, importers, and exporters.
  • Successful programs monitor controlled-substance ordering, report suspicious orders, and are aware of a customer's due diligence programs, which must be a collaborative effort across internal business units.
  • All registrants that handle controlled substances share the responsibility to continuously monitor, protect, and enhance the safety of the pharmaceutical supply chain and to combat increasingly sophisticated criminals who attempt to breach it.

Global Security Strategic Planningglobalsecuritystrategic.png
By Thomas A. Engel
ASIS Leadership & Management Practices Council, 2015

This paper offers specifics on performing a strategic plan aimed at providing security insights when a corporation seeks to expand operations globally. The analysis begins with evaluating the strengths, weaknesses, opportunities, and threats, a SWOT analysis, of the project.  The analysis should include the following steps:

  • Define the objectives of the project or the international mission and identify its strengths and weaknesses.
  • Speak with the stakeholders to determine their level of involvement with the overseas venture.
  • Gather information on the nature of the business and its short- and long-term business goals for the new county or city.
  • Plan the eventual growth in security services needed to meet the expectations.

Ideally, corporate security should be involved in the actual selection of the overseas site in concert with other departments, including legal, human resources, travel, IT, and real estate.  An outside security consultancy might be needed to assist in analyzing the internal and external risks affecting the selection of various cities or regions of a country. Another seven factors affecting the decision are reviewed, including global laws and regulations, particularly affecting privacy; requirements for the actual design of the facility; internal audit and compliance requirements; currency conversion issues, and infrastructure concerns, particularly the capabilities of local law enforcement, fire, and medical services. The paper concludes with a sample spreadsheet to help generate applicable SWOT questions.

Human Trafficking and Slavery: A Global Crimehumantrafficing.png
ASIS School Safety & Security Council and the Crime, Loss Prevention Council, and the Women in Security Council, 2015

What becomes clear throughout this paper is that the extent of human trafficking worldwide is difficult to quantify.  A 2004 report by the U. S. Department of State estimated that between 600,000 and 800,000 people are trafficked annually across international borders. The victims are either kidnapped or lured by promises of a job, marriage, or money. Since the perpetrators take away all forms of identification, it is difficult to identify and help the victims, 80 percent of whom are women.  School-age youth, particularly those made vulnerable by challenging family situations, can be targeted through social media or after school programs; identified at shopping malls, bus depots, or clubs; or recruited through friends or acquaintances.  The paper includes case profiles, prosecutorial options, and details on specific victims. It also includes the following ways to report suspected incidences of human trafficking:

  • Help is available from law enforcement by calling a toll-free number of submitting a tip to
  • The National Human Trafficking Resource center has a 24/7 toll-free number and a website:
  • The National Center for Missing and Exploited Children also has a hotline, and incidents can be reported at

Sexual Victimization: Roundtable Report 1SexualVict.png
Crime Prevention and Loss Prevention Council, March 2016

To mark Sexual Assault Awareness Month, the council heard from a specialist in the field of sexual violence and victimization.  The ensuing report summarizes his discussion and the resulting opinions and recommendations of the council members.  In general, experts have separated perpetrators of these crimes into five classifications, including the assertive macho individual who uses physical violence to achieve their goal; pedophiles driven by a need; and individuals who take advantage of a circumstance they find themselves in.  Most people do not consider sexual harassment as a workplace violence issue, which is a serious mistake.  These episodes often are progressive, beginning with verbal abuse and ending with physical assault.  Sexual violence in many countries are not reported or investigated in the same manner used by many western societies. Security professionals need to gain a greater awareness of the prevalence of this crime and act in the following ways:

  • Develop prevention strategies and include strong policies and procedures, victim avoidance training, and professional training of investigative forces.
  • Develop and publicize victim reporting channels that are sensitive, impartial, and confidential so victims feel comfortable and secure reporting such crimes.
  • Gain the ability to impartially examine the incident through the eyes of the victim, not the eyes of an investigator.

Operation Partnership: A Primer on Getting Started operationpartnership.png
Trends and Practices in Law Enforcement and Private Security Collaborations
James T. Roberts, CPP
Law Enforcement Liaison Council

This paper begins by acknowledging that the tragic events of 9/11 made both government policing elements and private security professionals realize that neither had the manpower, technology, or training to security the population and the critical infrastructure from future attack. The result has been a national consensus that the law enforcement and security professions can do a better job of protecting citizens by sharing assets. The ensuing six sections of the paper detail twelve benefits of partnerships, the importance of leadership buy-in, and examples of successful partnerships. Of particular importance is the section on "Getting Started." Based on interviews of police and security leaders, fifteen steps were identified as a common road map that leaders can follow to create a viable and successful partnership. The following is a sample:

  • Document the partnership strategy and initial short-range plans.
  • Establish a home base and organizational structure.
  • Address the legal formation of the partnership.
  • Monitor progress, measure success, and report to the members and the public.

Security Metrics SurveySecurityMetrics.png
ASIS Leadership and Management Practices Council, 2014

The information presented in this paper is gleaned from the responses from 290 ASIS management-level professionals who participated in the ASIS Foundation Security Metrics Research Project. In general, the results were encouraging: 76 percent of respondents collect and communicate metrics within their organization. Several opportunities for future examination surfaced as well. For example, 61 percent of respondents do not compare their results to any external benchmarks.  Reasons why need to be explored further. Also of note was a summary of thirteen aspects of a security program that are most frequently measured to determine performance levels or program effectiveness. The most common were guard force performance, cost, physical security, criminal incidents and investigations, and security incidents. Of these five, only costs and security incidents are commonly reported to senior management.  Additional observations tally responses to such questions as what metrics are most value by senior management, why metrics are used, and whether collected metrics align with organizational risks and objectives.  The authors pose two conclusions to the findings:

  • More data is needed so that security professionals and adequately benchmark data and who its relevancy to the C-Suite.
  • Security professionals must understand what is considered relevant in their organization, including financial and business performance as well as risk and compliance data.

ASIS International Cultural Properties Council

Houses of Worship: Security Risk Analysis Guide
Cultural Properties Council

This report is presented in the form of letters that ASIS chapters can use to engage local clergy in a security risk analysis (SRA) process. The author successfully tested its specifics in a three-hour training program for 50 clergy in concert with a local police department, and the Power Point slides he used in the training are included. The process can also be used to assess the security of an individual house of worship (HOW). The SRA includes a security survey that enagles the leadership of a HOW to:

  • Identify critical assets requiring protection.
  • Assess potential threats, hazards, and vulnerabilities.
  • Use a numerical scale to determine the level of consequence and probability of each potential vulnerability.
  • Enable the key focus team to select appropriate security strategies to mitigate problems.

The paper details specifics that must be addressed in each phase, shows how to categorize and prioritize assets and threats, and recommends ways to implement cost -effective security strategies. The paper concludes with 33 actionable steps that can have an immediate effect on improving the safety and security of a HOW.

Proprietary, Contract, and Hybrid: Benchmark Study of Museum Security Staffing Approaches
Office of Policy and Analysis, Smithsonian Institution, February 2014

The Executive Summary of this study is based on a range of findings, including 12 interviews with museum security professionals and contractors, and an online survey of 59 museums and security professionals.  The goal was to ascertain how museums were using security officers for both perimeter and gallery posts and whether the officers were primarily contract or proprietary. The report establishes how the respondents viewed the need for security officers in the future and how they view staffing costs in both scenarios.  The study also considered the different expectations for officers posted at the museum's perimeter compared to in the galleries.  The findings showed that protection is more important at perimeter posts, and that visitor service is more important at gallery posts.  A summary of the advantages and disadvantages of both staffing options is included.  A list of primary factors leading to a successful security staff contract, including:

  • A well-written document must detail costs, annual increases, roles and responsibilities, and required training.
  • Continuous, hand-on management is needed by the museum with good teamwork between the proprietary and contract staff. 

No staffing model emerged as inherently better; the preferred model depended on security goals, cost, size of museum, and human resource management requirements.  Ultimately, study participants were found to be satisfied with the security staffing model they were currently using. 

Council Sponsored Education

Security Documents and Project Management Process
24 - 25 October 2016
Providence, RI, USA
Sponsored By: Security Architecture and Engineering Council

A fundamental knowledge of how security related facility projects are done is key to a  project's success. Understanding the design and construction process and its related documentation enhances your value as an educated facilities security program team member.

Physical Security Master Planning Workshop
26 - 28 October 2016
Providence, RI, USA
Sponsored By: Physical Security Council

What steps are required to begin a Security Master Plan and what site surveys are important? Control room design – ergonomics vs. economics? Who will be on your team and what role(s) will they play? What types of systems best fit your team's needs and requirements? What are the various types of project formats?

Crisis Management: Program Planning and Crisis Plan Development
05 - 08 December 2016
New Orleans, LA, USA
Sponsored By: Crisis Management and Business Continuity Council

Is your organization prepared for a tornado, earthquake, or flood? What about a cyber attack or workplace violence event? Will your company be able to continue to function in a public health emergency? In today's volatile world, the threats organizations are exposed to are expanding—and companies that fail to prepare for potential crisis events are unlikely to recover effectively.

Additional Information from the O.P. Norton Information Resources Center

Download a PDF of all papers produced by ASIS Councils in the past two years

The O.P. Norton Information Resources Center offers a complete list of materials produced by ASIS International, including newsletters, white papers, guides, and research reports sponsored by the ASIS Foundation.  Access the complete list, here.