Roadmap to a Security Operations Center

It starts with the people

Seattle Pacific University (SPU) in Seattle, Wash. Is relatively small, with only 3,688 students enrolled, and yet security officials on campus organized their people within core processes and armed them with a Security Operations Center (SOC) that integrated access, video, and intelligent, multi-modal communications.

For those of you who follow this industry, you know this is a remarkable feat. I sat down with Mark Reid, Director of Safety and Security and Cheryl Michaels, Associate Director, at SPU who also founded Educational Safety LLC, a security consulting firm.

Worman: What is the vision and mission of the security role within SPU?

Reid: Our primary mission is to provide a safe working, learning, and living environment for the SPU community through the administration of programs, activities, and systems that enhance safety.

Worman: What was the program like when you first started?

Reid: I started in 1986 when the major concerns were crimes against property, student safety and health, and fire safety. We began programs to address these concerns with CCTV, better fire protection systems, increased campus lighting, and enhanced security responsiveness. We developed a security program that maximized the benefits available from current technology. We were early adopters of AED technology. We have always prioritized life safety concerns.

Michaels: I started in 2001, shortly after the Nisqually Earthquake. The technology in place at SPU far surpassed anything my previous employer had been using. The security program was firmly grounded in protection of lives and property from accidents and injuries. However, the Nisqually Earthquake experience energized SPU around emergency planning and Security, under Risk Management, had begun redefining the scope and vision of the University’s crisis response plan.

Worman: How did you proceed?

Reid: We focused on best practices and best technology. We looked outside of our industry for tools, techniques, and program ideas to protect our community. We studied after-action reports from tragic events to determine what precautions might produce the best outcome for safety purposes. We developed plans that included many stakeholders around the University. We wanted to have broad participation in the process.

Michaels: The emergency crisis and management plan is a living document, and ever evolving. At the start of the planning, we knew we needed to create a broader base of trained responders. We created a building emergency coordinator program modeled after the Floor Warden Program many fire organizations encourage. Since it was established, SPU has about 90 voluntary participants that help communicate emergency messaging and response to evacuations and acts of violence. We also began holding an annual campus wide evacuation drill, and around 2007 added a campus wide lockdown drill. SPU was unique then and now compared to other universities in that these drills required whole community participation and interrupted business operations and classes in session.

Worman: How did you identify the need for a SOC?

Reid: A 24/7 SOC enhances communication and information. It allows you to organize and integrate technology in a way that supports the responders. It provides an opportunity to quickly develop situational awareness and it provides the tools to respond in a way that enhances life safety. It was clear that without an integrative space we could not deliver the kind of service and safety that we wanted to provide. A SOC allows you to cost effectively build in resilience and it allows trained individuals to be more effective in an emergency. It allows us to view the condition of our campus in any circumstance and have the information to make better decisions.

Michaels: The why drives the what that determines the how. This is our formula. For example, why do we want to lock down? Because it saves lives and because it reduces or eliminates deaths, injuries, direct and vicarious trauma, and economic loss. What do we need in order to lockdown? Access control, video, and rapid communications. How can we integrate all those components to provide us with situational awareness? We asked ourselves, what information do we need for accurate situational awareness, and how do we want to consume that information? Once we knew the goal (the why and the what), we began to identify those mitigating elements and response protocols that will reduce or eliminate deaths, injuries, direct and vicarious trauma and economic loss.

Worman: What are the key pieces of a SOC?

Reid: Surveillance video allows you to quickly understand a condition or a threat, it allows you to identify key actors, and it can provide first detection of key events. Access control systems are an essential component of any SOC. You need to understand the physical condition of your facilities. You can make immediate adjustments to your security condition, including locking down, through the automation these systems provide.

Alarm systems, although not usually the most exotic technology, can provide key information in life safety situations. Fire alarms, fire sprinklers and intrusion alarms can provide rapid critical information for important life safety threats.

Multimodal communications encompass the ability to send or receive key information in any situation. You will need radio, phones, notification systems and other tools to receive reports from your community, direct, and inform your response team.

Lastly, an emergency notification system should support multimodal communication of hazards, protective actions, and other precautions people need to know for their safety. It is common these days to have mass notifications to send text messaging, emails and make phone calls but more is better. Emergency communications are difficult, and you need as many tools as possible to get message diffusion through a community.

Worman: What does the future hold?

Reid: I think that for several years, people have hoped that targeted violence against people and organizations was a passing sociological condition. I think there is evidence that this concern will be with us and that there will be codes and standards to address these issues and require some level of emergency planning. The down side of that approach is that codes and standards often lack flexibility to move with new technology. Best practices are in a process of continuous change and new threats are continually emerging.

This article originally appeared in the March/April 2019 issue of Campus Security & Life Safety.