The past two weeks we touched on “The Good” but this week we’ll provide you with “The Bad” - examples of how improper security measures or lack of them will foster a poor security culture and potentially lead to security violations and breaches of security.

Access Control

  • TWIC credentialing – When TWIC card inspections are not done properly, whether at a 100% rate or not, fraudulent TWIC cards will not be detected. For example, one facility discovered fake TWIC cards on two separate occasions in the same month inside the secure regulated facility during a drill to verify TWIC cards.    
  • Random screening techniques – During separate audits while observing vehicle and pedestrian screening, some improper techniques were discovered. A security guard climbed into the rig of a semitruck and was moving things around – You can only step up and look inside, you cannot climb in the cab of a truck because it is NOT a search.  Remember only law enforcement officers are allowed to conduct searches.  Another instance a security guard was asking pedestrians that were being screened to lift up their shirts so their waist line can be observed.  This will get you in all kinds of trouble.

Physical Security

  • Perimeter fencing and gates – On several occasions, we have seen fence lines with so much vegetation and tree overgrowth you cannot see the fence; gaps underneath the fence and between gates large enough for a 200-lb person to squeeze through; Jersey barriers up against the outside of the fence line providing a nice step to climb over or a large, heavy throw rug hanging over the top of the barbed wire fence; swing set chain used to lock the gate to the secure/restricted dock area or little to no fence around pipelines entering the facility, or not restricting access to critical kill points, such as electrical substations.

Security procedures

  • Record keeping – There are so many FSOs that are afraid to delete, throw away or shred documents, especially when it comes to security matters. We cannot count how many times during an audit that several years’ worth of paperwork is unnecessarily kept.  One facility had over 9 years’ worth of stuff – which equated to 12 two-foot-high stacks of paper on a table that was mostly Sensitive Security Information (SSI) in the FSO’s office, which most of the time was left open.  You only need to keep security documents for two years and Declarations of Security (DoS) for 90 days past expiration.  Training records are kept for the duration that individual is employed at your facility.

It’s hard to believe a lot of these poor security practices exist, and they are not hard to find if an audit is done properly or if an FSO conducts a thorough review of their facility and documentation.