Skip to content

Q&A: Where to Start

As the threat landscape has changed, security leaders have had to adapt. It is infinitely important that the leaders responsible for the safety and security on university and healthcare campuses can comprehend and strike a balance between needs versus wants as they build their programs to respond to the changes. In this four-part Q&A, learn how four security leaders in healthcare and education tailor security programs and expectations using data, outreach, and partnerships. 



As with many aspects of life, often the most difficult step is getting started. Understanding this somewhat inherent challenge is the first step toward positive progress. In this section, explore the essential components of getting started: determining overarching goals, identifying and empowering individuals and organizations, quantifying quality and effectiveness, and emergency and contingency planning.

How do you determine your program’s overarching goals?

Frank Spano. To be truly effective, program goals must interface and complement both the larger organizational goals and the campus community’s intent. Program goals must embrace the spirit of the larger organizational goal while adjusting as needed to address specific challenges and opportunities applicable to the specific program’s needs and desired outcomes. Similarly, the program goals have to be in tune with the campus community’s intent.

More and more, campuses are adapting to identify, codify, and embrace the overall perceptions, desires, and beliefs that form the community’s identity, norms, and brand. Though not the primary driving force when compared to overall organizational goals, campus community intent is increasingly relevant and applicable in shaping programmatic goals and procedures.

Campus community intent is increasingly relevant and applicable in shaping programmatic goals and procedures.

John Dailey. It is important to constantly monitor the landscape—nationally, locally, and institutionally—to determine shifts in expectations thus shifts in goals. Quality and effectiveness of our programs may need to be balanced between community expectations and what we know is the right thing to do.

Bonnie Michelman. Through our strategic plan which we update every three years and through the organization’s goals each year. We review the mission and strategic goals and areas of focus for the hospital in general. We look at changing trends, vulnerabilities, and where are attention is most needed. Goals also must be nimble and able to change if major issues strike and resources and focus must adjust.

Lisa Terry. It is important that we develop or assist in the development of the hospital’s security strategic master plan, which essentially lays out the security philosophies, risk, mitigation, preparedness strategies, and overall goals. The security master plan is usually written for a three-year cycle with annual updates.

Who should be involved? 

Spano. Campus communities are best positioned to establish and advance organizational and programmatic goals through cross-functional teams composed of representatives from across the institution’s various departments, constituencies, and thought groups. This is often easier said than done because senior leaders within and outside the campus community are reluctant to fully embrace leadership by committee—and for fairly good reason. That said, every effort should be made to cast a wide proverbial net to engage as many aspects of the campus community as possible.

Michelman. I think it is most important for the senior security leadership team to be involved and determine a plan that uses others in the department for feedback, senior leadership for macro decisions, and often most important, other partner departments with which you have complementary and supplementary relationships. This can include the emergency department (ED), nursing, emergency preparedness, human resources, psychiatry, and other support services. Getting buy-in and ensuring others agree with your goals and priorities (or at least understand them) are critical to being successful.

Terry. The security master plan should be developed by the security department senior leaders in concert with hospital administration and supported by the organization’s overall strategic plan. It is important that input is solicited from emergency management, risk management, and leaders from other security sensitive areas.

How do you define quality and effectiveness of a program? Can it be quantified?

Spano. While quality can often be quite subjective—I prefer this hamburger over that hamburger, etc.—effectiveness tends to lend itself to a greater degree of objectivity. Campus communities are asked to quantify both the subjective quality and more objective effectiveness of all manner of programs—from graduation rates and satisfactory academic progress to organizational accreditation and reportable crimes and events. At the end of the day, quantification is often some combination of disclosures pursuant to regulatory and accreditation requirements, internal benchmarking against pre-established key performance indicators (KPIs), external benchmarking against known best practices and contemporary standards, and feedback from end users within—and related to—the campus community.

Michelman. There are some metrics that can help define the effectiveness of a program and quality standards. These may include numbers and trends of incidents, lost work time, injuries, and legal action, but this doesn’t tell the entire story. Your staff turnover is an important way to measure quality, with trends going down or changing (incidents may be higher, but it could be that people are trained better to report things they didn’t before—which is a good thing). The quality of security staff, the depth and trust of partnerships within the organization, and the relationships with relevant agencies outside the organization all impact the quality and effectiveness of your program.

Doing deep dives into data analysis to uncover trends and then redeploy resources is critical. How you manage a serious event also can be a great measure of effectiveness. Good communication strategies are essential.

Terry. The healthcare industry associates quality and effectiveness with outcomes, especially patient outcomes. It is extremely important that healthcare security practitioners measure the effectiveness of their programs by their impact on various outcomes as well. For instance, measure and reduce the number of injuries via patient assaults on officers over time due to additional training and PPE (bite sleeves, face guards) or measure and reduce the number of assaults or worker’s compensation claims to clinical staff over time due to additional training, etc. The amount spent on training and equipment can be quantified and compared with the amount spent on worker’s comp, turnover, recruitment, etc.

How do you plan for emergencies and contingencies that could impact program goals, quality, and effectiveness?

Spano. Today’s environment has reinforced the notion that the impossible is at least probable. For example, had you asked me a year ago if I believed a shirtless man in a horned fur hat and his compatriots would make their way past countless protective layers into one of the centers of American government, I would have told you that you’re crazy. But, today, this doesn’t seem too far outside the scope of possibility. The same applies to the myriad threats facing today’s campus communities.

Organizations are increasingly being tasked with identifying the unknown, making sense of an ever-convoluted mass of competing information, and identifying the needle in the haystack that is most likely to do harm. Thankfully, developing technologies, third-party assessments, external benchmarking, and good old-fashioned community engagement strategies are continuing to develop as a reliable solution suite to an ever-complicated problem set.

Organizations are increasingly being tasked with identifying the unknown.

Michelman. Planning can be done through emergency preparedness training of different types done frequently—tabletop and functional drills. We start with an all-hazard approach, take great time with a large multidisciplinary group to do the hazard vulnerability assessment, and try to cue off of that. We use situations occurring at other hospitals and other organizations, liability information, and then benchmark for excellent practices and new methodologies that can help. Our Hospital Incident Command System (HICS) command structure helps a great deal as does our relationships with outside agencies to join us in our planning or guide us. We have learned a lot about the need for longitudinal planning, for getting all staff involved in planning and preparation, and in realizing that time spent in contingency planning is time well spent.

Terry. As security leaders, it is important that we develop or assist in the development of the all-hazards hospital emergency operations plan as it pertains to security and emergency staffing. An all-hazards approach is an integrated method to emergency preparedness planning that focuses on capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters both internal and external. Because the HICS was created for use in both emergency and non-emergency situations, I have it to be an excellent resource in building the plan.

It is also important to review the organization hazard vulnerability analysis so that you can pre-identify various security functions associated with the threat levels of the respective disasters. In fact, the scope and scale of work for security may change significantly based on the emergency.

As the duties associated with the job change and additional security staff must be added, your plan should reflect how you intend to meet those staffing demands. “Just-in-time” training for additional staff and for additional job functions should be considered.


Next: Gathering Data →