Living in New York City, I am constantly reminded of the vibrant tapestry of voices that make up our community (sometimes loudly, outside my window, at 3 a.m.). With its reputation as a hub for social and political activity, the city frequently hosts peaceful protests, marches and demonstrations. Most of these events are completely legal and authorized, reflecting a diverse array of viewpoints. We have businesses, schools, houses of worship and government facilities—all with a legitimate need and desire to encourage free and open dialogue around important issues. At the same time, ensuring safety and security for everyone involved is paramount, especially in the event that peaceful and legal protest activity slips over the line into unauthorized actions or even violence against people or property.
For security professionals in such a dense urban area, the challenges are unique but not exclusive to cities like New York. Security teams everywhere can benefit from adopting an Enterprise Security Risk Management (ESRM) approach to ensure that civil protests do not harm people or property. Taking a holistic and strategic approach to managing security risks by asking what the critical assets to protect are and what might realistically harm them, then balancing the need for protecting those assets with the organization's desire to promote or protect the protest activity.
Taking an ESRM approach requires a few simple and basic steps.
ESRM Step 1 - Understanding the Context
The first step in preparing for a peaceful protest is understanding the context and the stakeholders involved. Security professionals must recognize the intentions of the protesters, the potential impact on organizational assets, and the legal framework governing such events. Open communication channels with protest organizers can help anticipate their needs and intentions, fostering a cooperative environment.
ESRM Step 2 - Asset Identification and Risk Prioritization
Conducting a thorough risk assessment is crucial. This involves identifying potential threats to both physical and information assets and evaluating the likelihood and impact of these threats. Tools such as the ASIS General Security Risk Assessment Guideline can provide a structured approach to this process. Consider the following steps:
- Identify Assets and Vulnerabilities: Determine which assets (buildings, data centers, key personnel) are most at risk during a protest.
- Analyze Potential Threats: Understand the nature of potential threats, which could range from vandalism to data breaches.
- Evaluate Controls: Assess the effectiveness of existing security controls in mitigating identified risks.
ESRM Step 3 - Mitigation Planning
Physical Security Measures
Effective physical security measures are essential to protect organizational assets. According to the ASIS Facilities Physical Security Measures Guideline, several strategies can be employed to enhance physical security during a protest:
- Perimeter Security: Establish clear and secure boundaries using barriers, fencing and controlled entry points to prevent unauthorized access.
- Access Control: Implement strict access control measures to ensure only authorized personnel can enter sensitive areas.
- Surveillance: Utilize CCTV and other surveillance technologies to monitor protest activities and detect potential threats early.
Ensuring Protester Safety
While securing assets is a priority, the safety of protesters must also be ensured. This can be achieved through the following measures:
- Clear Communication: Maintain open lines of communication with protest organizers and participants. Provide clear instructions on areas that are off-limits and the consequences of violating boundaries.
- Medical and Emergency Services: Have medical teams and emergency response plans in place to deal with any health or safety incidents.
- De-escalation Tactics: Train security personnel in de-escalation techniques to handle conflicts calmly and professionally.
- Public-Private Partnerships: Establish strong partnerships with local law enforcement, fire departments and medical emergency responders. By working closely with first responders, security teams can ensure that all relevant parties are aware of the protest details and prepared to respond quickly and effectively to incidents. Regular coordination meetings and joint drills can enhance this collaboration, ensuring that both private security teams and public safety officials are aligned in their approach to managing protests.
Information Security
In the digital age, protecting information assets is as important as securing physical assets. The ASIS Information Asset Protection Guideline emphasizes the need for robust cybersecurity measures during events like protests. Implementing measures such as:
- Enhanced Network Security: Ensure that network security is heightened to prevent cyber-attacks, which could be more likely during high-profile events.
- Data Access Controls: Restrict access to sensitive information to only those who need it during the protest period.
Business Continuity and Resilience
Ensuring business continuity during a protest involves having a robust plan that addresses potential disruptions. The ASIS Organizational Resilience and Business Continuity Management Guideline provides frameworks for maintaining operations under adverse conditions. Key components include:
- Contingency Planning: Develop contingency plans for critical business functions that might be affected by the protest.
- Communication Plans: Ensure that there are clear communication strategies in place for informing employees, stakeholders and the public about the organization's status and actions during the protest.
ESRM and The Value of ASIS Membership
Being a member of ASIS International can be invaluable in navigating these challenges. The resources, guidelines and community support provided by ASIS have equipped me and thousands of other security leaders with the knowledge and tools necessary to implement effective security measures. ASIS standards and guidelines offer comprehensive frameworks for addressing complex security challenges, and the training I've attended over the course of my career has helped me stay ahead of emerging threats and ensure the security of assets in many different contexts.
For more detailed guidelines and best practices, you can access the relevant ASIS standards and guidelines I mentioned in this article, which offer comprehensive frameworks for addressing these and other complex security challenges. Learn more here. Additionally, ASIS offers a certificate course, Essentials of Enterprise Security Risk Management (ESRM) Certificate.
As Vice President of Integrated Security Solutions, Rachelle Loyear leads the Allied Universal Enterprise Security Risk Management approach to customer program development. The Academy of Integrated Security is dedicated to driving Allied Universal's mission of helping customers find and deploy the right combination of security professionals, cutting-edge technology, and the right processes and procedures to most effectively secure their organizations in a world of evolving risk. Rachelle is a member of the ASIS North American Board of Directors and ESRM Community Steering Committee. She serves on the Cybersecurity Advisory board for SIA, is a Certified Information Security Manager (CISM) through ISACA, a Master Business Continuity Professional (MBCP) through DRI International, and a certified Project Management Professional (PMP) through the Project Management Institute (PMI).