A Failure to Communicte About Security Projects Can Be Fatal
Carolinas HealthCare System’s Bryan Warren explains how knowledge and mitigation can prevent incidents from occurring after security technology is installed on a site.
It has been said that no single snowflake feels responsible for the avalanche. In the security field many of us deal with the law of unintended consequences on a routine basis. That is to say, any action – from smallest to largest – can have unforeseen results down the line.
Because so many processes are so extraordinarily complex and interconnected, unless you can see the entire issue and all of its possible outcomes (which is all but impossible in most cases) one person can never predict how a seemingly small change can have catastrophic results. Consider this real-world example: A panic device is installed at a newly renovated nurses’ station for use in the event of workplace violence to quickly and discreetly summon assistance. Security is not involved in the hardware selection process, and so the unit manager goes with the least expensive option available, a hard-wired analog connection.
The button is successfully tested when first installed; three months pass without incident. During this time, the hospital’s IT department has a large project on the same nursing unit and so it reroutes a number of communication lines to accommodate new equipment, one of them belonging to this panic device. Neither security nor the integrator that installed the device is notified of this line reassignment. So, no changes are made in the security communications center and because of budgetary issues, time-consuming preventative maintenance checks have been discontinued for such equipment.
A workplace violence incident occurs and staff on the unit activates the device, but its signal goes nowhere. Staff members then call security and scream into the phone, “We need security on 3 Tower!” But they hang up before specifying which facility they are in, resulting in the dispatcher sending officers to the wrong 3 Tower (since they renamed this unit as part of the renovation and there are now two 3 Towers at different hospitals across town from one another).
Help finally arrives but much later than anticipated; people have been hurt and the finger pointing begins.
Be Accountable for Informing Fellow Stakeholders
Who is to blame? The answer is not so simple. The panic button was installed without security’s input, which would have called for a digital solution with self-diagnostic capabilities tied into the existing security systems. No preventative maintenance check was performed due to budgetary reductions, and so no one knew the communications line had been compromised. IT didn’t inform anyone that it was taking lines or follow up to determine what these lines were tied to. At no point did anyone think to tell security the unit was going to be renamed 3 Tower, a duplicate of a long existing nurses’ station in another hospital for which security was responsible.
What makes this a cascading failure is that at any point along the line, knowledge and mitigation of one or more of these issues could have prevented the failure from occurring and staff members being injured. A simple interdisciplinary meeting involving the 3 Tower clinical staff, IT, security and the device installer would have uncovered many of the issues with the planned use of this device and resolved them before the incident passed the point of no return.
There was an Internet meme from a few years ago which puzzled, “What would you rather fight, one horse-sized duck or 100 duck-sized horses?” While this is a humorous mental exercise, if you think about it at least you would see the horse-sized duck coming and you would only have to deal with one large issue versus 100 smaller ones. Only by involving one another during new renovation or construction projects (even if it’s not your job to do so) can we root out such issues early and prevent them from becoming much larger problems.
After all, few problems have resulted from the over sharing of information.
Bryan Warren, MBA, CHPA, CPO-I, is Director of Corporate Security for the Carolinas HealthCare System in Charlotte, N.C.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!