Kevin Ian Schmidt

Conducting a DIY Security Audit

No business is totally immune from the threat of crime but a little prior planning and a few common sense precautions are all that is necessary to deter most criminals.

Use this test to conduct a survey of your business. Each “NO” answer indicates a weakness that could help a criminal. As you eliminate the “NO” answers, you improve your level of protection and reduce your risk of becoming a victim. Go through the list carefully and systematically. You will also want to look at the business during the night and on weekends. Those are times when you may be most vulnerable.

Remember, this checklist points out your weak areas. You are not fully protected until each of them is corrected. Of course complying with these suggestions won’t guarantee that your business will never be the target of crime but it will improve odds in your favor.

This test is limited mainly to the physical security of your business. There are many other areas which also deserve your attention. A well rounded loss prevention program will also address internal security, customer theft, fraud, safety and fire prevention and emergency preparedness.

Physical Security Checklist

Building Exterior

  1. Are all vulnerable points adequately lighted?security audit
  2. Is shrubbery trimmed to provide for good visibility at all vulnerable points
  3. Is all access to the roof eliminated or secured?
  4. Have weeds and trash near your building been cleared away?
  5. If a fence would improve your protection, do you have one?
  6. Is your fence high enough and/or protected with barbed wire or tape?
  7. Is your fence in good repair?
  8. Are gates in good repair and locked properly?
  9. Have you protected solid block walls and wooden fences that someone could climb and/or hide behind?


  1. Have you secured all unused doors?
  2. Is glass in back doors and concealed or secluded locations protected by bars or heavy screen?
  3. Are all doors designed so that the lock release cannot be reached by breaking out glass or light-weight panels?
  4. Do exposed hinges have non-removable pins?
  5. Is a good quality deadbolt lock used whenever possible?
  6. Is the lock designed or the door frame constructed so that the door cannot be forced open by spreading the frame?
  7. Is the bolt protected so that it cannot be cut?
  8. Is the outside lock cylinder protected from twisting or prying?
  9. Is the lock a cylinder type with at least a five pin tumbler?
  10. Are keys issued only to persons who actually need them?
  11. Are doors with panic hardware properly secured after hours?
  12. Are padlocks locked in place when the door is unlocked?
  13. Are hasps made of hardened steel with non-removable screws?


  1. Are accessible windows protected by heavy screen or bars?
  2. Are unused windows permanently sealed?
  3. Are bars and screens securely mounted?
  4. Are window locks designed or located so they cannot be defeated by merely breaking out the glass?
  5. Is burglary resistant glazing used whenever possible?
  6. Is valuable property removed from unprotected windows after hours?

Other Openings

  1. Have skylights been protected by bars or polycarbonate glazing?
  2. Are roof hatches securely locked?
  3. Are ventilator shafts, air conditioning ducts and fan openings adequately protected with bars or wire mesh?
  4. Do you check panic hardware regularly to insure that it is properly closed and in good working order?
  5. If there are common attics, has some provision been made to prevent access through them?


  1. Is safe designed for both burglary and fire protection?
  2. If safe weighs less than 750 pounds is it secured in place and are wheels removed?
  3. Is safe well lit and visible from outside, especially after hours?
  4. Is cash on hand kept to a minimum by banking regularly?
  5. Do you spin the dial when you lock the safe?
  6. Is the combination changed when personnel possessing it terminate?
  7. Is the cash register left empty and open after hours?


  1. Do you have an alarm system?
  2. Does your system meet Underwriters Laboratory standards?
  3. Is your system tested daily?
  4. Does it report to a central station?
  5. Does it have a back-up power supply for power failures?
  6. Is your system free from false alarms?
  7. Do you or a designated employee respond to every alarm and check it out?
  8. Is the system designed to fully protect all vulnerable areas?
  9. Does your system include fire protection?

Other Considerations

  1. Do you lock up carefully at night, making sure that the safe is locked, doors and windows are secure, lights are on and the alarm is set and working?
  2. Have you recorded the serial numbers of all valuable merchandise, tools and office equipment?
  3. Do you maintain a good inventory control program?
  4. Do you guard against internal theft by having a written security policy and an audit system to maintain employee account ability?
  5. Do you carry sufficient insurance coverage?
  6. Do you have an effective background investigation program for screening new employees and promotional candidates?
  7. If your local police department has a helicopter or other aircraft, are your street numbers painted conspicuously on the roof of the business?

Office Security

  1. Do you restrict office keys to those who actually need them?
  2. Do you keep complete, up-to-date records of the disposition of all office keys?
  3. Do you have adequate procedures for collecting keys from terminated employees?
  4. Do you secure all typewriters, calculators, computers, etc. with some type of locking device?
  5. Do you prohibit duplication of office keys except for those which are specifically ordered by you in writing?
  6. Do you require that all office keys be marked “Do not duplicate” to prevent legitimate locksmiths from making copies without your knowledge?
  7. Have you established a policy that keys will not be left unguarded on desks or cabinets – and do you enforce the policy?
  8. Do you require that filing cabinet keys be removed from locks and placed in a secure location when not actually in use?
  9. Do you have procedures to prevent unauthorized persons from reporting a “lost key” and getting a “replacement”?
  10. Do you routinely obliterate code numbers on all keys to prevent unauthorized duplication?
  11. Do you have a responsible person in charge of your key control program?
  12. Are all keys systematically stored in a secure wall cabinet of either your own design or from a commercial key control system?
  13. Do you keep a record showing issuance and return of every key, including name of person, date and time?
  14. Do you use telephone locks to prevent unauthorized use of phones when the office is unattended?
  15. Do you provide secure areas for employees to store their personal property?
  16. Do you have at least one filing cabinet secured with an auxiliary locking bar so that you can properly secure sensitive documents?
  17. Do you leave lights on at night?
  18. Do you record all equipment serial numbers and file them in a safe place?
  19. Do you shred sensitive documents before discarding them?
  20. Do you lock briefcases and bags containing important material in a safe place when not actually in use?
  21. Do you insist on proper identification from all vendors and repair persons who come into your office?
  22. Do you make regular bank deposits and avoid keeping large sums of money in the office overnight?
  23. Do you clear desks of important papers every night?
  24. Do you frequently change the combination to your safe?
  25. When employees work alone at night do they set the door lock to prevent anyone from entering uninvited?
  26. Are emergency phone numbers posted near all phones?
  27. Is computer access restricted to authorized personnel and are access telephone numbers kept confidential?
  28. Are all doors leading to the office protected by heavy duty, double cylinder deadbolt locks?
  29. Are all windows, transoms and ventilators properly protected?
  30. Is there a closing routine established to make sure that everything is properly secured prior to leaving?
  31. If the office is protected by an alarm system, does the equipment work properly and is it set every night?
  32. If you employ a guards, do you check their watch clock tape or dial each morning to be certain that they are doing their job properly?
  33. Do you periodically review your security policies and procedures and update them where necessary?
  34. Are computer files routinely backed up and backup files stored in a secure off-site location?

Policies, Procedures & Training

  1. Do you have a Workplace Violence Prevention Policy?
  2. Do you have a Crisis Media Management Policy?
  3. Do you have a Disaster Preparedness Plan?
  4. Do you have a Workplace Harassment Policy?
  5. Do you provide on-going training to employees at all levels of the organization regarding these policies?

Obviously, completing this checklist won’t solve all your security problems. It will however, give you a good idea of the level of security that now have. With that knowledge, you can begin to develop a security program that provides the type of individualized protection your particular business requires.

If after completing this survey you find that the security of your business is poor or if you have any questions regarding security procedures and equipment, contact me.

Remember too, this test covers only a small part of a complete business security program. Your business isn’t fully protected until you have taken steps to improve the security of every aspect your business.

After a Security Audit, it is also a good time to check out your security policies, and my post, the 7 Security Policies you need, is a great starting point.

Risk Assessment Guidelines

risk assessment

Purpose of Risk Assessment Guidelines

Most Corporate Risk and Security requires all locations to implement the baseline physical security controls described in the physical security standards. These controls are considered the minimum standards for the majority of locations. However, as a result of political, environmental or other local issues additional controls may be necessary. An analysis must be completed for each location to determine what additional risk exists and what additional controls are required.


Corporate Risk and Security will conduct a risk assessment of each location every three years or less if necessary.


Risk Assessment: the risk assessment is a process, which identifies and quantifies the real risks and key business factors associated in operating a business location. The process is based upon a survey which facilitates the gathering of data specific to the following: environmental factors, business factors, site location and design, municipal resources, crime and demographic factors, business risk profile factors.

Environmental factors: weather, geological activity, political, chemical.

Business factors: value of operation, proprietary information, key assets (including manufacturing processes) duplicated/non-duplicated activity, level of staff, impact to total corporation.

Site Location and Design: physical attributes, fire suppression, public accessibility, access points and natural hazards.

Municipal Resources: public utilities police and fire resources and response, medical resources, bomb procedures, disaster assistance.

Business Risk Profile: crime history and demographics, population analysis, historical crime survey and possible trends.

Check Out: How to Complete a Risk assessment


Risk Analysis Process:


  1. Evaluate the risk exposures and determine the corresponding risk category that must be applied to that location, if any, in reference to the Corporate Profile.
  2. The evaluation for the location must be done and approved by the Corporate Director of Risk and Security.
  3. Both a vulnerability and exposure matrix will be used for three distinct categories: (1) natural disasters; (2) man-made incidents; and (3) incidents.
Check Out: Understanding of Real Risk


Risk Quantification will be conducted by Corporate Risk and Security who will utilize four categories for quantifying risks in reference to the Corporate Profile:

Category 1 (Extreme Risk):

Civil and other war situations wherein the central government does not control significant geographical areas, which are in the partial control of insurgent forces, or where government control is immediately threatened. Also, nations or cities undergoing violent transformation through a military coup or revolution. A major environmental hazard has been determined to be uncontrollable and would cause serious harm, i.e., volcano. Travel and/or event movement are discouraged.

Category 2 (High Risk):

Locations where terrorist or guerrilla groups pose a serious threat to a nation’s political and/or economic stability; a country or city faced with widespread street violence resulting from political dissension or economic unrest. Also, countries or cities with known potential for military coup/militia groups or evidence of prejudicial treatment against foreign/nationality interests. Only essential travel would be recommended. Any location where company has been the target of terrorists around the world. Additional measures should be set forth to mitigate the threat of bombings, bomb threat searches, and reduce any real event risks to personnel and property. An environmental hazard has been determined to be uncontrollable and would cause harm if incident occurs. Stringent security precautions and travel awareness is warranted.

Category 3 (Moderate Risk):

Locations where political or economic turmoil is evident and/or terrorist/guerilla groups are regularly active but have not become strong enough to threaten government stability. Also, nations or cities involved in potentially violent regional disputes or with high rates of crime. The threat of violence in the work place is high. Non-US locations where the risk exists or is emerging where economic crime, underground/street gang/mob influence is prevalent. The measures designed to prevent or mitigate violence are on property must be implemented in all US locations wherever the risk exists worldwide. An environmental hazard is possible due to location and trend of natural disaster paths, i.e., cyclone paths, tornado alleys, earthquake epic centers, etc. Upgraded security precautions are warranted for travel or investment if disaster mitigation methods are required.

Category 4 (Low Risk):

Locations relatively free of frequently recurring acts of political, economic or criminal violence and societal arrest. Nations or cities where organized antigovernment elements or terrorist/guerilla groups may be active but maintain only limited operational capabilities. No known environmental hazards are apparent. Modest security precautions are warranted for travel or investment if corporate security concepts meet corporate standards.

If you have any questions do not hesitate to contact me.

Transparent Security: not seeing it is the point

transparent securityFor businesses, the need for increased security is apparent. Yet there are many cases where the businesses may not want the appearance of security to be obvious. Although government organizations usually make security a priority over aesthetics, corporate and private facilities often cannot afford to follow this policy. With government facilities, if a property requires 12-foot-chain-link fence with razor wire, then that is what is put into place.

So where does that leave facility executives at corporate and private organizations? Many are taking physical security design to a new level: transparent security. Transparent security is strategy that addresses the need for security while respecting the importance of a low-key appearance.

Transparent Security

Enabling Technology

Transparent security follows two lines, hard and soft. Hard includes equipment, specifically equipment that is designed to be discrete or invisible. Soft involves policies and a strategy known as Crime Prevention Through Environmental Design (CPTED). Occasionally, nonsecurity objects may be used to serve soft security purposes. In one recent application, maple trees were planted in a park specifically to prevent vehicles from traveling into a restricted area. The trees were part of the park, the placement was part of the security plan.

The concept of transparent security design is proactive. The idea is to look for potential problems and take steps to put invisible or unobtrusive material in place to mitigate the potential problem.

Technology is helping to make transparent security easier, and recent advances in the field of window films are an example. An optically clear film is available that can be applied to almost any window, providing a significant increase in protection. Window films provide several security advantages. Glass-fragmentation retention film actually strengthens the glass, increasing the force necessary to break the glass and prevents glass fragments from flying. Window film is relatively inexpensive and is typically done as a retrofit on existing glass. An added benefit is that when properly applied, glass fragmentation window film is invisible.

Glass fragmentation window film has been applied at facilities owned by such diverse organizations as NASDAQ, Wells Fargo, and not surprisingly, the Department of Defense.

The idea of hiding security devices is not new. Manufacturers have been building hidden or low-profile closed-circuit television camera housings for years. Intrusion-detection equipment has also been available in hidden housings. Now, manufacturers of high-security vehicle barriers have followed suit. The vehicle barrier approach is unusual in that high-strength antivehicle bollards are now available in an ornamental configuration. One manufacturer has created a line of architecturally designed fiberglass and plastic sleeves to slip over bollards.

These ornamental barriers are being used to protect buildings as well as to control vehicle access in residential areas. In California, West Hollywood is employing the same type of antiterrorism bollards as used by the federal government to stop car bombers. The city’s barriers are used to block off residential areas from nighttime traffic off Sunset Boulevard from the new Sunset Millennium Shopping Center. The high-security barriers will stop vehicles weighing as much as 7 tons travelling at speeds of up to 62 miles per hour.

Security Meets Design

On the other side of the country, multiple entrances to the Florida State Capitol Building rate protection as well. High-security decorative bollard systems are proposed for the legislative members’ garage that will blend in with the aesthetics of the building. This system balances strength and design by placing ornamental trim around the perimeter of each bollard. In a crash test, the same bollards stopped a 7.5 ton vehicle traveling at 44 miles per hour. Mixing strength and aesthetics, these bollards carry a U.S. Department of State and Department of Defense rating of K8, L2, the highest rating that the government has given to a bollard system.

The impact of security is evident in perimeter systems, too. Some facilities are blending designs into the metal perimeter fence construction to reduce the visual impact of the fence. The corporate headquarters for Delta Airlines in Atlanta is surrounded by a fence with the Delta logo incorporated into it. Less than 10 miles away, the corporate headquarters for the Southern Company — parent company to Georgia Power and other utilities — sports lightning bolts bent into the metalwork of the perimeter fence. In both cases, the additional metal does nothing to increase the physical security.

CPTED takes the built environment and carefully modifies it to increase security. The concept has been used by planners and architects for many years to control behavior; the emphasis is on the placement of existing nonsecurity materials to achieve a security benefit.

CPTED classifies people as either normal users, abnormal users or observers. Normal users are the people that belong in a facility. They are the employees, the guy who fills the drink machine, the customers and anyone else who has legitimate business in a facility. The abnormal users are the opposite of the normal users. They are the thieves, the vandals, the graffiti artists and everyone else who is to be kept away.

The idea of letting some people in while keeping others out is at the heart of any access control system. What makes CPTED different is the idea of observers. A CPTED observer is a person who has been placed at a specific location to minimize the probability of a crime. The concept is simple: The more people looking at something, the less likely crime is to occur. As the number of people looking is increased, so is the probability that someone committing a crime will be seen, and therefore identified and caught.

Visibility Matters

Observers are not told that they are “observers.” They are not there to watch a location and report any crime. But reasonable people are is likely to call 911 if they witness a crime. Thus, security in crime-prone areas can be improved if there are reasons for someone — the observer — to be present. For example, park benches provide a place for people to sit, and as a result, they become places for observers to gather. From a design perspective, an observer is a transparent security measure.

CPTED also utilizes the concept of taking high-risk activities and placing them in low-risk areas to minimize the potential for crime. This is done without the use of security devices and is also transparent. Bank ATMs, for example, are inherently high-risk. The transparent goal in providing security for an ATM is to place the machine in an area of high visibility.

As the need for security continues to increase, transparent security design is becoming a factor in good architectural and security planning. Minor changes can make a big difference, without compromising aesthetics.

How do your alarms communicate?

There are many ways that a signal from a fire or burglar alarm can reach the receiver; from POTS (the telephone line that you talk on every day) to sophisticated radio transmitters that seem to have been designed for the CIA to cellular service. Whatever method your security system is using, the important function is to get the correct data from the device (motion detector, heat detector, door contact, etc.) to the base station where dispatching occurs.

The oldest method is the regular telephone wire. In the older systems, each account leased a copper wire connecting them to alarm company central station via the local telephone company switching station. Developed in the 1870’s to measure changes in current at a box in a store or home, it is still used by many private customers. One problem is that the communication flow depends on a solid connection between the two points – if a wire is cut on a pole, the earliest systems show an alarm. Over the past few years, telephone companies have begun to phase out this type of service, since maintenance costs are high and switching equipment is dated.alarm communications

The answer is derived channel monitoring – where the phone company provides a special device at the switching station and another at the alarm company. The digital signals are then monitored by the phone company for quality control – so line faults can be reported and alarms transmitted more securely. Please note this system is an option: not available in all areas of the country.

A third source may use a cell-phone similar to what you probably carry with you today. It was marketed in the 1980’s and allows the alarm user to transmit data on the same system that local cellular phone companies provide. There is a charge, of course, as you are paying for the phone number and usage. A typical system has an alarm control interface, a cell phone mounted in a cabinet with back-up power, and an outside antenna if needed. This device allows for alarms to be transmitted even if local phone service is down, providing that it can “hand-shake” with a cellular tower site. Upgrades are ongoing, such as the same technology that allows you to operate your laptop computer in the car. (Telemetry)

Another plan of action is radio, again this is a newer technology developed in the past twenty years. The simplest type simply substitutes a two-way radio (such as your officers use in the field) to transmit alarm information from one building to another instead of a phone line. This requires a dedicated radio channel as well as line-of-sight reception. A better solution is becoming part of a commercial network, where tower sites and equipment are maintained by a private company and channels are shared based on repeating the messages from office building roofs, water towers, mountaintops and other elevated locations.

Hardwired alarm panels are less expensive than wireless panels, but they are harder to install. Keep this in mind when working on budgeting for alarm systems. An average alarm installation with a hard-wired system takes about 12-16 hours. A typical wireless installation will take less than 4 hours.

Another consideration is that some types of construction lend themselves well to a hardwired installation, and others will require the use of wireless.

Even if you select a wireless alarm panel, some jurisdictions still require that the device back-ups are hardwired. These typically include the power transformer, the electrical ground wire, the telephone connections and any keypads/arming stations and audible alarms.

Check Out: Emergency Action Plan Basics

The main difference between a hardwired and a wireless alarm panel is how each one communicates with the protection devices connected to the system. A hardwired panel will require a wire to each “zone” or device on the system, while a wireless system utilizes a radio frequency to communicate with the “zones” or devices that are connected to it.

While a normal electrical circuit is a Parallel Circuit, a typical hard wired alarm circuit is a 2-wire normally closed loop with end of line supervision commonly referred to as a Series Circuit.

A Series Circuit allows electrical current to flow from the alarm panel, down one wire through the alarm initiating device and back to the alarm panel. When the current is interrupted, the panel will register a fault on the circuit/zone. End of Line (EOL) resistors are added to the circuit so that the alarm panel can supervise the condition of the zone for ground faults, electrical shorts and open or cut wires.

Multiple normally closed devices can be connected to a single zone by connecting the devices in series, with the EOL resistors installed on the last device in line. This way, the entire circuit is completely supervised from the panel to the last device in line.

When wireless alarm systems first appeared on the market, they were not the most reliable systems around. Most of them utilized non-supervised wireless transmitters to communicate to each of the field devices. A non-supervised wireless alarm transmitter would only send a signal “one way” to the alarm panel receiver when it was activated.

For example, when a door or window was opened, the transmitter would send a wireless signal. The alarm panel would receive the signal and activate the appropriate zone. The transmitter would not send a signal when the door or window was closed, so the receiver/zone had to reset itself after a few seconds. With a non-supervised wireless system, you could actually arm the system with a door or window wide open without even knowing it.

Most new alarm systems utilize a redundant bi-directional fully supervised wireless connection for two way communication between the transmitters and the alarm panel receiver. With fully supervised wireless, the alarm panel can tell you the real time status of a door or window. If a door is open, it will keep the zone faulted until the door is closed.

Most of the early wireless systems were very limited in their addressing schemes. They utilized dip switches with binary addressing (explained later) to differentiate between points on the system.

This was O.K. if your wireless system was installed and commissioned correctly, but what happened when a neighboring location installed the same type of system? If the neighbors motion detector was addressed the same as your dock door, your alarm would go off every time they moved around inside their building. As you can imagine, this could cause some major problems that were very difficult to troubleshoot.

Modern wireless systems utilize serial numbers, binary house codes, or other proprietary technology to assure that only transmitters enrolled into your panel will be received by your alarm system. If you do your research and purchase a good reliable supervised alarm system, you should never need to worry about your neighbor’s wireless transmitter setting off your alarm system.

Another problem with the older non-supervised systems is that you did not know when the batteries in the transmitters are low or need to be replaced. The only way to verify that they were working is to periodically test them.

Because, even the most sophisticated wireless alarm panels are useless if the transmitter batteries are dead, therefore supervised wireless panels are programmed to check in with each of the remote transmitters at least once every 24 hours. If your transmitter has a low battery, the keypad/arming station will immediately inform you of the trouble condition.

Check Out: Improve Your Security Guard Service in 5 Steps

With any wireless security system you should always test the performance of your system regularly. The range of any wireless product can be affected by the environment and the structure in which it is installed. Additionally, the range can be adversely affected by environmental conditions, interference form electrical devices or even the orientation of the transmitter in relation to the receiver.

So who is the winner of this argument? Well, according to Underwriters Laboratory (U.L.), the most secure and reliable installation methods utilize hardwired installations with End of Line (EOL) 1 or 2-resistor supervision. In fact, U.L. approved installation standards for federal government and other high security installations require all zones of protection to be hardwired with complete 2-resistor line supervision.

Not to say that wireless systems are an inferior product. In fact the fully supervised systems offer excellent protection that is perfectly suitable for 90% of residential installations.

If you are considering a wireless alarm system, be warned, there are still systems being sold and installed today that are non-supervised, so make sure that any system you are considering offers complete wireless supervision.

If you opt for a hard-wired alarm system, make absolutely sure that the system is installed with the supervisory resistors at the end of the line. To make installation faster and simpler, some installers will place the resistors in the alarm panel rather than at the end of the line.

While this method provides supervision of the zone for ground faults, it does not provide protection for a direct short or worse yet, someone splicing into the wire and shorting them together which will essentially close the loop so the panel will not see the zone open or close.

Whatever method that your security department chooses to move the alarm information from the point of occurrence to the receiving station, make sure that you can provide interference-free data and your staff is able to interpret and dispatch the information. As technology grows into the twenty-first century, new ideas about alarm transmission will be unveiled and older technology will be challenged by parts shortage, lack of technical support, or noise on the line. This article does not offer any specific vendor names or ultimate solutions – but I hope that you will examine your burglar and fire alarm system with an eye toward data transmission.

Basics of a Security Risk Assessment

security risk assessment

A proper security risk assessment is necessary to truly understand what security risks your company faces. As a physical security professional you must understand how to conduct a proper security risk assessment. Check out the Risk Assessment Guidelines to understand in-depth what a full security risk assessment entails.

The following tips will guide you in understanding how to conduct a Security Risk Assessment.

Zone 1: The Interior

Every facility executive needs to protect interior space from unauthorized entry. The means available include:

  • An effective system at the front desk or lobby to identify and badge employees and visitors
  • Locking systems
  • Intrusion detection and 24-hour alarm monitoring
  • Closed-circuit television (CCTV) in key locations
  • Security guards

Zone 2: The Perimeter

The typical multi-tenant building perimeter base building system focuses on elements that are incorporated into the design of a new structure, but also may be retrofitted. Some of these elements are:

  • Window coatings to minimize glass shards; polycarbonate glass from grade to 30 feet or higher
  • Structurally hardened building exteriors
  • Defensive landscaping — avoiding landscaping that conceals intruders or provides natural “ladders”
  • Lighting and CCTV in key areas
  • Control of loading dock traffic
  • Control of building entrances — main lobby and elevator core interface with public

Mail facilities are also vulnerable to biological and chemical weapons, and unauthorized entry. To combat those threats, consider:

  • Limiting access to authorized personnel
  • Placing barriers at the building perimeter to decrease access and reduce the impact of hazards
  • Installing X-ray package-screening equipment
  • Installing nuclear, biological and chemical (NBC) detection equipment
  • Installing negative pressurization systems to contain hazardous materials
  • Using HVAC filtering and treatment, such as HEPA filters and UV treatment

Finally, the building’s air systems and mechanical room, if located on the perimeter, are another area of vulnerability. Protect air handling systems from tampering by:

  • Fencing off fresh-air intakes and return-air vents or moving them to roof
  • Securing mechanical room exits

Zone 3: Building Grounds

Building grounds should be treated as a defensive zone to prevent cars and trucks, which might be carrying explosives, from crashing into the building. One security measure against these threats is the installation of highway barriers, but these are unsightly. Instead, use landscape elements to create a stand-off zone around the building, remembering that the effect of blasts diminishes with the distance from the blast. Effective methods include:

  • Using mature trees, landscaped earth berms, raised planter beds, benches, ornamental fencing and ornamental light posts
  • Incorporating effective lighting

Zone 4: Property Boundary

Implement security measures at the property line, which may include:

  • Roadway and barrier systems, such as a guardhouse
  • Communication systems in remote parking lots, such as emergency intercom and CCTV surveillance
  • Secured access to gas, water, electric, telephone service and utilities, such as locking manhole covers

Zone 5: Parking Structures

Parking structures are a significant area of vulnerability. Limit and monitor access and use, particularly if the parking structure is within or under the main part of the building. In addition to eliminating on-street curb parking, successful methods might include using:

  • Parking control system
  • Vehicle identification system
  • License plate recognition system

Zone 6: Public Domain

Finally, leverage the assets that are available to property owners in the public domain: streets, police, fire and emergency services departments. Coordinate security policies and procedures with public agencies at the local, state and federal levels, as appropriate. Establish a liaison to obtain real-time intelligence about actual and potential threats.

In today’s world, facility executives must take a holistic approach to security planning, programming and system design. They must assess the full range of security assets available — both human and electronic — and develop a system that protects the property at every zone from the interior to the public domain.


Here are suggestions of what to check before contracting Kevin Ian Schmidt for a physical security risk assessment.

This article is just to provide you with the basics of a security risk assessment, so you are knowledgeable on what to expect when hiring a consultant, and will potentially be able to address minor, simple issues beforehand to save cost.

Layered Security

layered securityAt its most basic, layered security refers to concentric rings of site and building security. These rings typically progress from the exterior boundaries of a site to the exterior building shell to increasingly secure areas within the building. The rings are not always symmetric or well defined, but each one represents an increase in security hardening against external threats as one moves inward from the site boundary or building exterior.

In a layering approach, design consideration must be given to the flow of people and material as they move though public, private and restricted building areas. Controlled paths need to be established in conjunction with each layer of security. This is where design with security concerns in mind can minimize implementation and future operating costs.

Equally important are the internal security layering requirements that segregate building spaces from one another — a key requirement when multiple tenants or departments with differing security needs occupy a single building.

Securing Core Areas

Most buildings share core areas that include vertical transportation, electrical and telephone rooms, janitor closets, and public amenities like parking areas, lobbies and toilet facilities. A successful security design must not only plan for the flow of people and material during occupied and unoccupied hours, but also consider how this flow affects the sharing of public and service areas.

For example, building access from surface or underground parking facilities needs to be segregated and directed to a common access control point to minimize security staffing and other operating costs. Because of past incidents in high-profile buildings, underground parking may in the future be limited or not be provided at all.

When designing security to maintain segregation of building areas, life safety code requirements must be observed, and the required emergency egress paths must be maintained using appropriate egress hardware. Though it sounds simple, this is one of the most difficult requirements to implement because it requires comprehensive understanding and interpretation of building codes and close coordination of door hardware, security system and fire alarm system requirements.

Check Out: Physical Security Program – Know the Process

Design Principles for Security

Proper design and use of the built environment can assist in effective security layering. The following four design principles are key:

  1. Natural surveillance: The ability to keep potential threats easily observable in parking areas and building entrances.
  2. Territorial reinforcement: Defining private and public areas in the facility or campus using landscape plantings, pavement designs, gates and fences
  3. Natural access control: Design of streets, sidewalks and building entrances to indicate clearly the public access routes and to discourage pathways outside the secure areas, using structural elements to complement electronic access control.
  4. Target hardening: Design using features that prohibit entry or access, such as window, door and air intake location; locks; dead bolts; electronic card access; and closed circuit television (CCTV).

To enhance security, building exteriors will in the future likely be designed with fewer windows and other openings; exterior windows and doors at the lower floors will be reinforced. Fresh air intakes will no longer be at grade. The number of outside entrances for pedestrians on foot or from parking areas will be reduced to channel the flow to lobby security stations that can be staffed with the minimum number of personnel.

Underground parking, loading docks and service entrances will be located and designed to segregate and effectively control the flow of personnel and goods using transition areas. Building service areas, toilet facilities, corridors, and electrical and telecommunication closets will be located so that the building’s net usable space can be subdivided, segregated and secured as needed to meet the requirements for each tenant or department’s security, while maintaining the code-required means of egress.

Technology’s Role in Layered Security

In addition to physical barriers, a layered approach to security typically requires electronic security systems — different combinations of things like badges, biometrics, card access, door alarms, CCTV and package scanning machines in different combinations — along with personnel trained to make the final decisions. The effective placement of these systems can reduce staffing requirements.

The upper box on page 53 shows the placement of card access devices and personnel to control access to building core areas from the outside while minimizing staff needed to handle visitors.

In the example shown, everyone who wants access to non-public areas of the building is directed to the turnstiles that control access to the elevators. Visitors can gain access when authorized by the security personnel.

In a building similar to the one in the example, delivery trucks could gain access to the loading dock after being cleared by the security staff. Depending on the security level required, access to the freight elevators can be further controlled after inspection of the cargo.

Check Out: How do Your Alarms Communicate

Further security layering can be implemented for personnel and material that have been cleared for access to tenant spaces. The bottom box on page 53 shows a typical arrangement of multiple-tenant floors. Tenant security is maintained with the use of card readers to control access into the space. Tenants that need to track personnel who enter and leave their spaces can use their own card readers. Tenant personnel can gain access to the toilet facilities while maintaining security; the use of keys or card readers at the toilet facilities is an option that needs to be evaluated separately. Those making deliveries from the freight elevator need to request access to tenant spaces via telephone or intercom.

CCTV systems with motion detection can provide continuous monitoring that is useful not only to grant access to the protected spaces, but also to provide forensic evidence needed to investigate security-related incidents. Digital CCTV provides for easy retrieval of information on demand without the time-consuming searching required by older analog systems.

Although security layering is a valuable strategy for controlling the flow of people and materials within the building, it isn’t the whole story. Operational plans are needed to limit access only to suppliers and staff with legitimate need. Deliveries of supplies from known sources should be coordinated in advance. Delivery times may have to be restricted to off-peak hours to avoid unnecessary delays to building occupants. For particularly sensitive areas, requirements for background investigations of outside contractor staff may need to be established to prevent “Trojan horses,” such as bugging devices, from being introduced into the building during construction, maintenance or deliveries. Emergency plans need to be developed and tested with the building occupants to address different types of security-related emergencies. Exit and emergency pathways need to be established for different scenarios.

Special measures and additional staffing may be required for special events, such as social functions and tenant relocations, where a large number of strangers may require access to secured areas.

In new buildings, security layering can be integrated into the original design in a very cost-effective manner. But, of course, occupants of existing buildings are demanding increased security as well. In most of these buildings, security improvements are more costly to provide because of significant additional staffing costs or building modification costs to redirect the flow of people and materials. Many existing buildings were designed with multiple entrance pathways; these buildings must add significant security staff or make costly changes to the building itself to provide minimum levels of security. Building owners will have to treat those additional expenses as a cost of doing business; tenants are demanding increased security, and those measures carry additional costs. Another challenge for existing buildings is that the security layering approach requires both building owners and tenants to accept changes in behavior without developing a trench mentality.

When it comes to upgrading security from what was acceptable in the past, there is no free lunch. To put it another way, no pain, no gain.

With new buildings, costs can be minimized. Doing that requires building owners to remember two key points: first, that during the design process it is never too early to plan for security; second, that many tools are available to provide security. And it’s not just building owners who need to think in a new way about security in new buildings. The increased demand for security also will require a change in the mindset of architects and engineers. Design professionals will have to consider how to incorporate into building designs the sometimes conflicting desires and requirements of building owners, occupants, vendors, visitors and governing agencies.

If everyone on the design and construction team focuses on security early and consistently, security does not need to be expensive and in many cases can be incorporated with minimal impact on the tenants who spend a great deal of their everyday lives in the building.

It’s also important to remember that effective security requires the building owner to address both operational and security technology issues as well as architectural factors. For example, it is critical that the issues of security staffing and training be addressed. With solid planning and an awareness of the tools available to designers, building owners can achieve the security levels they need without high ongoing costs.

Understanding of Real Risks

Photo Courtesy: Nick Carter/Flickr
Photo Courtesy: Nick Carter/Flickr

To anyone who has an understanding of real risks, some of the most unnerving stories about security involve facilities where nothing bad has happened — at least not yet. These are facilities where vulnerabilities exist but haven’t been discovered or addressed yet.

Case in point: the headquarters of a large health care company. A security review determined that anyone in the lobby could go straight into the rest of the building without being stopped. But the audit recommendations to address that problem languished in the hands of company executives. Six months later, the company found itself embroiled in tense collective bargaining negotiations. One day, a group of people barged in through the front door, raced through the lobby and disappeared into the heart of the building. The stunned receptionist could do nothing but call the police and hope that nothing happened until they arrived.

Think that a security breach like that — involving an obvious vulnerability — is an isolated case? Look around many facilities, and it’s not difficult to spot security risks: a door propped open, poor lighting in the parking lot, a window cracked open or an unlocked gate. And obvious risks like those are only the beginning. Facilities face a wide range of potential threats. The real question is, which vulnerabilities are most likely to be exploited?

There are plenty of excuses not to address that question. An office building may be deemed too small to require a detailed security audit. Or its out-of-the-way suburban location may be judged safe because it does not face obvious, high-profile risks. Cost is often an obstacle. So is the lack of an on-site person who is directly responsible for security.

Excuses aside, experts agree that conducting an audit is paramount to making sure that everyone and everything in a building is as safe as possible.

In order to really do anything from a security standpoint, you have to know what your risks are, how can you make security decisions if you don’t have a clear understanding of what your problems are?

Some buildings are clearly high-risk and therefore demand that special attention be paid to security. A good example is a nuclear power plant, the security level requires special attention to detail. The Nuclear Regulatory Commission has specific guidelines for how those facilities should be secured, and it’s not just the release of nuclear material into the air that has to be addressed. Many of those plants, for example, have regularly scheduled deliveries of chemicals via truck or rail. That schedule requires evaluations on which roads leading to the plants have the most risks. Moreover, the possibility that someone may try to sabotage the truck or train delivering the chemicals should also be considered, Benne says.

The definition of what constitutes a high-risk building has changed over time. For example, the threat of terrorism has created a demand for specialized research buildings to study and respond to a biological event.

The federal government is looking closely at the security of those biological labs. Two types of assessments are typically conducted on those labs: a bio-risk assessment that focuses on handling and containing biological agents, and a more traditional security assessment that addresses outside threats, such as someone trying to enter the facility.

If you’re designing a facility with agents that are lethal, the community wants to know what you’re doing to protect it, it’s a sensitivity and not just a process.

But for every building that is closely scrutinized because it is clearly at high risk, there are many more facilities where risks have never been adequately identified. And a building need not be a landmark to face significant risks. A good example is a branch bank located near the entrance ramp to a highway. Someone who understands risk assessment sees that a financial institution has branches located where other financial institutions have had robberies. Those (new) branches will then be seen as high-risk and added security measures would be put in place.

Time for Action

Formal security audits should be done on a regular basis, noting that there are three occasions in particular when they should be conducted. The first is when a site is being considered for a new building. There are commercial and consumer crime statistics companies available that conduct threat and risk assessments based on geographical location. Their assessments detail what the crime and murder rates are for a specific address and compare those rates to those of the city and county.

Many times you’ll find that the differences are miniscule, but if one location has a greater crime rate, it may have an impact on the decision.

A security audit should also be conducted when a significant change has been made to an existing facility, such as an addition, and when there’s been a serious incident. In the latter, the goal is to find out why an incident occurred and how it can be avoided in the future.

A security audit is a three-step process: first, where do you stand today? What are your policies? Procedures? Equipment? Second, where do you need to be? Third, if there’s a significant gap between where you are and where you need to be, how do you fill that gap?

Risk assessment can go beyond a security audit and try to determine how survivable a business is if something catastrophic occurs. A number of companies went out of business after the World Trade Center collapsed on Sept. 11, while others survived but got “a big wake-up call.” You can’t, for example, put all the data in one location. You need redundancy. Companies have to ask how they’ll continue operating if they want to keep the doors open after an emergency.

Check Out: How to Complete a Risk Assessment

Excuses, Excuses

Despite the benefits of security audits, many companies don’t do them because of the expense, the average in-depth security audit costs between $10,000 and $50,000.

It’s often not easy for a security director to justify spending money on a security audit when nothing bad has happened in or around a building. Recommending that an audit be conducted is much like making a sales pitch to management. The reason? A security director is competing with others on the staff who want money to be spent on new computers or the replacement of a compressor.

Audits also aren’t conducted because there hasn’t been an incident in or near a building and so no one feels the need to look for weaknesses. That misses the point of doing a security audit. The goal is to be proactive in organizing a plan to handle different types of threats and reduce liabilities.

Having a plan could pay off when partnering with an insurance company, if you can show them that you’ve done an audit, an insurance company may lower your premium, so there are some benefits that are outside of just mitigating risk.

Another reason security audits are neglected is because it is assumed that the risks facing the facility are so clear, and the appropriate countermeasures so straightforward, that a detailed analysis of security risks seems superfluous. For example, administrators at a school that has several open perimeter doors may decide to lock all those doors in a reaction to violence at another school. And while the doors may stay locked for the next several months, at some point security typically becomes lax once again if another incident doesn’t occur. An audit can help structure and focus to security efforts.

This isn’t to say that security incidents at a similar type of building, or strategies used by comparable facilities, aren’t important parts of the security decision-making process.

Piece of the Puzzle

Clearly, a review of strategies used by comparable facilities is an essential component of a security plan. A facility executive responsible for K-12 schools, for example, should be aware that other schools have put an increasing focus on perimeter security, so that no one has unchallenged access. So when someone walks in, they can get to a certain point and then they have to be vetted by signing in, showing credentials and being checked out before they can progress further into the building. At most schools, and this is slowly changing, you can just come in and wander around. Knowing how other schools are addressing security risks can help educational facility executives make decisions about their own buildings, but knowledge of industry trends is no replacement for a security audit.

An audit is especially important when the installation of security systems is being considered. Facility executives may decide to add video cameras because a similar building did so. But if there are no provisions for monitoring the cameras, they won’t achieve the goal of improving security. Organizations make short-term changes that lack the thoroughness of a well-thought-out plan, often costing money without a return of investment in improved security.

Organizations that don’t conduct security audits often end up with knee-jerk reactions to incidents. Suppose a company is having its products stolen but it’s unclear exactly how that’s occurring. Feeling the need to take some action, the company’s management might decide to put cameras throughout the facilities. However, if the products are being put in briefcases, cameras won’t spot the thefts.

Although getting input from the local police department may be useful in the audit, simply asking the police for advice about ways to improve security is no substitute for an audit. Police focus on law enforcement, which is different than securing a building. Law enforcement responds to criminal activity and security is designed to mitigate criminal activity.

Check Out: Basics of a Security Risk Assessment

Taking Action

Some organizations have a security audit conducted and then fail to act on its recommendations. Taking that approach, however, opens management to liability because there’s an obligation to fix the items that the audit found. An audit is likely to find more problems than there are dollars to address them. At that point management needs to set priorities, determining what situations and events are possible, what their probabilities are, and whether their impacts would be catastrophic, minor or something between the two. These are tough decisions, how do you invest money in things that might never happen?

Of course, if audit recommendations are ignored, and an incident occurs, the company must deal with the effects of the incident as well as the cost of countermeasures, which will surely be taken. In the case of the health care company that ignored the audit recommendation to improve lobby security, the intruders wound up in the office of a facility manager, who called the security manager demanding to know how the breach could have occurred. The security manager pulled out the audit report, which had warned of the risk of such an incident. Companies don’t fully understand the cost associated with the risk. As a result of the incident, the lobby was compartmentalized to preclude the possibility of a similar event in the future.

What facility executives and security directors need to remember is that there is no way to prevent all security incidents. If a security breach occurs, there will often be recriminations, with people saying that management and others involved in security should have seen it coming. But there’s a huge list of things that can happen, the goal from a security standpoint is to identify things most likely to occur and take reasonable steps to prevent them.

5 Common Ways Employees Steal

Small-business owners aim to hire trustworthy workers, but companies must be aware that theft will occur. Understanding common ways employees steal requires that you look at the type of items thieves go after and the methods used to take them. Theft can have a significant impact on a small business and can even result in your business failing. Knowing the five most common ways employees steal can help you develop methods to combat the problem.

5 Common Ways Employees Steal


Employees can transfer money from cash registers into pockets when they handle sales, or they can sneak cash out of open or unsecured safes or petty cash drawers or boxes. In addition, an employee might also quote to a customer a purchase amount higher than the actual price of an item and then keep the difference at the point of sale. Once the employee has the cash, he simply walks out of your business with it at the end of his shift.


Loss of inventory or shrinkage from theft can happen in the merchandise distribution process. It frequently occurs on the sales floor with employees hiding merchandise in apron pockets or on shelves behind other items to pick up at the end of their shift. It also occurs before merchandise becomes available to the public. Employees will take items from warehouse shelves or newly arrived merchandise before it’s scanned into your inventory software. Employees have also been known to steal shipping trucks containing merchandise meant for their employer’s business.

Check Out: Using Social Media for Investigations


Some employees pocket small items such as pens, staples or scissors slowly and repeatedly over time or take them on the day they quit before they officially resign. Others steal more expensive items such as furniture or equipment after hours when they work unsupervised overtime or after they access your business without permission when it’s closed for the day.


Employees sometimes falsify records or perform actions that result in receipt of payment for work they didn’t do. Some employees request reimbursement of travel or other expenses unrelated to work such as reimbursement of a business lunch that was actually a personal meal. Employee thieves will also fill out time sheets with hours they didn’t work or take extra breaks and fail to deduct the time. In addition, employees can steal by taking personal phone calls, chatting with co-workers or surfing the Internet for hours instead of working.


Many employees intentionally steal information from their employers to benefit themselves or competitors. Types of information include customer lists, office memos and proprietary product, service or other data. Theft might occur via email, or the employee might print out the information, or copy it to a flash drive or cellphone, and simply carry it from your business in hand or in a bag or briefcase.

Read: Tips to Identify Internal Theft

Prevention of Employee Theft

Although many preventative measures exist to combat the five most common ways employee theft occurs, some measures can help lower the impact on your business. For example, compare physical inventory against shipment and sales records; perform cash, payroll and computer usage audits; and install security systems such as time-tracking devices and cameras to monitor employee activity. In addition, train employees to recognize common behavior patterns of thieves such as repeated requests for outside breaks, unsupervised overtime or to be transferred to a stockroom or cashier position.


5 Non-Verbal Indicators in Interviews

When setting up a room for conducting an investigation interview, there are a few basic rules the investigator should keep in mind. Aside from making the interviewee feel as comfortable as possible, the interview room should also facilitate clear communication, including non-verbal. This means that there should be no physical barriers between the interviewee and subject that might block the interviewer’s view of the subject.

There are good reasons for this. Firstly, a physical barrier, such as a table, can act as a psychological barrier. In a situation in which open communication is sought, putting up barriers obviously goes against the goal.

Another reason to keep furniture out of the way is to provide the investigators with a full-body view of the subject. This is important when assessing the subject’s body language, or non-verbal clues, when he or she is answering questions and providing detail about the incident in question.

There have been many articles, books, even television shows, written about how to detect deception in investigation interviews, and there are as many theories as there are theorists. But there are a few fairly well researched and generally acknowledged non-verbal indicators in interviews that may indicate that a speaker is being deceitful. As long as the investigator is experienced enough to know that one sign does not make the subject a liar, these clues can be considered as part of an overall strategy to assess the credibility of the interviewee.

5 Non-Verbal Indicators


hand manipulatorThese are hand motions a person makes when talking. They are normal and often used to illustrate a point. During times of low stress, a person uses illustrators at one rate, but when the stress level increases the subject’s use of illustrators may increase or decrease. A change in the use of illustrators, therefore, may be taken as a possible clue to deception.


Like illustrators, manipulators are hand motions. But rather than illustrating a point, they are used to displace nervousness. Examples of manipulators are playing with jewelry, picking lint off clothing or clasping and unclasping the hands.

Full-Body Positioning

A person who is engaged in a conversation and being honest will often lean toward the person they are talking to as the questions get more serious. A dishonest person might lean away from the interviewer, changing his or her posture completely.

Check Out: Guidelines for Investigation Interviews

Fleeing the Interview

Similarly, a subject who is being dishonest might actually arrange his or her body in a position that suggests fleeing the room. While the person’s upper body is facing the interviewer, his or her legs may be facing the door, as if in an unconscious effort to leave.

Covering the Mouth

And while it seems too symbolic to be true, liars will sometimes place their fingers or hands over their mouths, as if to contain the lies before they escape, just as they did as children.



The Basics of Body Language:

Your primary goal when reading body language is to determine their comfort level in their current situation. There is a process of combining verbal cues and body language to determine this.

Positive body language:

  • Moving or leaning closer to you
  • Relaxed, uncrossed limbs
  • Long periods of eye contact
  • Looking down and away out of shyness
  • Genuine Smiles

Negative body language:

  • Moving or leaning away from you
  • Crossed arms or legs
  • Looking away to the side
  • Feet pointed away from you, or towards an exit
  • Rubbing/scratching their nose, eyes, or the back of their neck

A single cue can be misleading so it’s essential to pay attention to multiple behavioral cues.

Reading the Non-verbal Clues

One thing to keep in mind is that non-verbal clues mean nothing in isolation. Some people exhibit these characteristics when they are not stressed, and some people are stressed all the time, whether they are being deceptive or not. So it’s important for investigators to treat clues as insight into where to probe further, rather than as proof of deception.

Investigators should also be careful to assess the state of mind of a subject as part of assessing credibility. Subjects who are mentally unstable or who are inebriated or under the influence of drugs do not exhibit reliable clues. In fact, it’s not a good idea to interview these people at all.

PEACE Method of Investigative Interviews- Overview

A number of police forces through the world are using a model of investigative interviews that is more information gathering as compared to obtaining a confession from a suspect. As we in the safety world are concerned with gathering information following an accident I thought the technique might be of interest to readers. The method incorporated is what I’ve been teaching for years, but the use of the mnemonic PEACE brings all the ideas together nicely.

P – Preparation and planning
E – Engage and explain
A – Account
C – Closure
E – Evaluate

I’ve deleted some police/legal concepts from the web based material and added a few comments of my own.

P – Preparation & Planning

Crucial elements of good planning and preparation for an interview situation include:

  • Understanding the purpose of the interview;
  • Defining the aims and objectives of the interview;
  • Understanding and recognizing the points to prove or to clarify;
  • Assessing what evidence is available and from where it can be obtained;
  • Assessing what evidence is needed and how it can be obtained;
  • Preparing the mechanics of the interview (stationery, exhibits, location etc).

E – Engage & Explain

PEACE interviewsThese two terms also known as ‘Interview Preamble’ refers to early phases within the actual interview and is defined as follows:

The essential element of engagement is an introduction appropriate to the circumstances of the interview. It is desirable that a proper relationship is formed between the interviewer and interviewee. This requires, for example, that the interviewer develops an awareness of, and is able to respond to, the welfare needs of the interviewee and any particular fears and expectations.

The engage phase is followed by the explanation phase in which the investigator should outline the reasons for the interview and explain what kinds of action will be followed during the interview, particularly the routines.

Check Out: Effective Communication Skills – NONVERBAL

A – Account

This term describes the stage in which the interviewee’s recollection of the events of interest is obtained. This stage is directed at obtaining the fullest possible account from the suspect. There are two accepted approaches of inducing recollection known as:

  • The Cognitive approach;
  • Conversation management.

Different techniques for assisting recollection are associated with each method. With the cognitive method, the interviewee is asked to think back and mentally relive the event, initially with minimal interference from the interviewing officer. The interviewer does not interrupt, makes effective use of pauses and avoids leading questions. The interviewee is then encouraged to recall the event again using a different chronological order, or from a different perspective.

When the conversation management method is used, the interviewee is asked first to say what happened and the interviewer then subdivides the account into a number of individual parts which are enquired about in turn for further details.

The cognitive method provides the interviewee with greater control over the way the interview develops, whereas conversation management attributes more authority to the interviewer. This basic difference between the two approaches broadly defines when each is most appropriately used. For example, conversation management may be more appropriate for reluctant interviewees than the cognitive method.

C – Closure

To avoid immediate or future problems with the relationship formed between the interviewer and interviewee, investigators should ensure that, at the end of an interview:

  • interviewees are thanked before leaving;
  • everyone understands what has happened during the interview;
  • everyone understands what will happen in the future.

Closure should also include elements such as giving the interviewee the opportunity to ask any questions. It is crucial that the interviewer always ensures that there is a planned closure, rather than an impromptu end, to the interview. The interviewer should summarize and check back as to what the witness has said.

E – Evaluate

After each interview is completed, the event and the material that came from it should be evaluated fully. The first consideration is whether the objectives of the interview were achieved. Decisions must then be made about whether any further interview is required or whether other inquiries need to be made. Evaluation can also help interviewers to improve their interviewing skills. To this end, they should take the opportunity to reflect on their personal performance and identify areas for future development or improvement.


When conducting an investigative interview, you also need to be aware of the non-verbal indicators.

Understanding the PEACE Method is an important part of an investigative interview, but know the Factors to consider in an investigative interview is equally important in being successful when using the PEACE Method.