How to security patrol – Ultimate guide
How to security patrol is the ultimate guide for security patrols procedures. Security patrols check the status of a site’s security and safety measures and gather intelligence to counter threats.
Here’s the ultimate guide for security patrols contents:
In summary: The ultimate security patrol procedures
In summary, the ultimate security patrol procedures are:
- Check external security measures such as, access and egress points – doors, windows, gates etc
- Inspect internal security measures for example, lighting, hazards, suspicious items etc.
- Get intelligence from people such as, speak to visitors and staff
- Get intelligence from natural and built environment for example, changes in weather and footfall
- Check for insider threat such as, people working late, accessing sensitive areas etc.
- Observe outsider threat (hostile reconnaissance) for example, people watching your assets or new technology appearing
What is a security patrol?
Security patrols check the status of a site’s security and safety measures and gather intelligence to counter threats. For thousands of years these patrols have kept people and assets safe. But, today technology is changing the security patrol. A patrol no longer needs people to perform them and people are no longer the only threat.
1. How to do a security patrol
How to do a security patrol depends on each site’s assets and risks. For example, if the site is home to a software company then it may consider its server room one of its biggest assets. In this case the guard would check the temperature in the server room is not too high.
Whereas a food manufacturer’s major asset is likely to be its food. Therefore, a temperature check would take place in its freezer room. Every patrol duty should reflects a location’s specific assets and risks.
The four aims of a security patrol are:
- Inspect site safety and security measures
- Gather intelligence
- Detect, deny, deter insider threat
- Detect, deny, deter outsider threat
Details about your security patrols will be found in the site security plan, which reflects its security risk assessment.
Download security patrol checklists
Site security patrol check list
Security patrol outsider threat
Security patrol insider threat
Security patrol gather intel
A. Inspect site safety and security measures
These security patrol procedures check whether a site’s safety and security measures are in good working order:
- Exterior security measures such as, perimeter fencing, CCTV, barriers, access and egress etc.
- Internal security measures such as, access control, CCTV, confidential waste disposal
- Exterior safety measures such as, muster points, building works, lighting
- Internal safety measures such as, fire doors, fire extinguishers, fire alarm, flood precautions
In addition, the guard should report any decline in general security and safety measures. For example:
- Lighting fault Heating and cooling in sensitive areas
- Lift and escalator fault
- Hazards likely to lead to a slip, trip or fall
- Hazardous substances exposed
- Spillages
- Leaks
- Fire exit route blocked
- Build-up of rubbish
- Unauthorised devices on site, for example external hard drives, USB drives etc.
- Suspicious items
- Listening and watching devices on site
- Documents not secure
- Vandalism
- Unauthorised vehicle on site
B. Gather intelligence
Here are some examples of intelligence gathering duties:
- Report changes in the natural environment. For example, observing changes in the weather that may impact business operations. As a result, precautions can be made.
- Report changes in the built environment. For example, observing changes in people or traffic flows. These may signify a protest is being staged nearby.
- Speaking with people from outside the company. For example, this may include speaking with local law enforcement officers, business managers and members of the public.
- Speaking with people from inside the company. For example, talking with employees may reveal they are having an unannounced social event in the evening.
Speaking with people inside a company has two additional benefits. First, it breaks down barriers with people, encouraging them to report any security concerns they may have. Second, it raises their awareness of security, deterring an inside threat.
What is intelligence?
For a patrol to gather intelligence the guard needs to be clear on what is meant by intelligence. Intelligence is often mistaken for information. However, there is a clear difference between the two:
- Information is data in a form that can answer an everyday question. For example, there is ice in the west car park.
- Intelligence is information in a form that tells a story and can inform decisions. For example, there is ice in west car park, therefore we may need to warn people.
The purpose of a security patrol tasked with gathering intelligence is to provide decision support for the company. For more on information and intelligence see Daniel Miessler.
C. Detect, deny, deter insider threat
The patrol will look for signs of inside threat. For example, people:
- Accessing sensitive areas
- Working late, after others have gone home
- Using printers and copiers to produce large amounts of paper
Also, the patrol will inspect:
- Desks of recently sacked employees
- Watching and listening devices in sensitive areas
- Damaged internal doors
- Storage areas and confidential waste bins that are not secure
- Unauthorised technology on site
For a full overview of insider threat read The CERT Guide to Insider Threats.
D. Detect, deny, deter outsider threat
A security patrol will tackle outsider threat by hostile actors in three ways.
> Deter:
- Hostile reconnaissance by wearing high profile clothing. Also, the guard will appear alert and vigilant.
> Detect suspicious:
- Technology on or near site. For example, drones or remote controlled cameras.
- People found watching, listening and recording site security and safety measures. For example, in an urban setting a person may sit in a local cafe and take pictures or videos of site security.
- Vehicles found in and around a location.
> Deny hostile actors:
- By reporting them to security services.
- By speaking with them and challenging their intentions. Also, if in-line with the law, they will remove hostile actors from site.
Speaking with a person suspected of hostile reconnaissance is enough to deter an attack. Because the person will fear they are identified they will therefore select another target for their attack. A person doing hostile reconnaissance is likely to feel anxious. Therefore, their body language will provide ‘tells’, signs of their state of mind. For further guidance on spotting hostile reconnaissance see the UK government advice.
What is a hostile actor?
Hostile actors are people that mean a company harm.
The CPNI direct security teams to detect, deny and deter hostile actors.
- Detect a hostile actor is to spot and report them.
- Deny a hostile actor is to stop their activity.
- Deter a hostile actor is to both detect and deny the actor.
CPNI suggests promoting the measures taken to detect and deny the hostile actor is a deterrent. For example, displaying posters advertising CCTV cameras are in operation is one way to deter a hostile actor.
Hostile actors are people that mean a company harm and they may operate inside and/or outside the company.
2. When to do a security patrol
It is often said that predictability is a criminal’s best friend. Giving set times for when a patrol takes place gives hostile actors the chance to exploit it. Therefore, it is wise to change the timing and frequency of patrols.
If a guard patrol needs to happen often for example, every hour, a rolling window is useful. This keeps the patrol time unpredictable but frequent.
3. Where a security patrol should go
The route a patrol will follow depends on its purpose. For example, a site inspection of safety and security measures will visit each of those assets.
In a city building a site inspection patrol is likely to visit the following areas:
- Plant Room
- Server room
- Control room (often the start and finish location)
- Entrance and exit
- Stairs
- Loading bay
- Garage
- Perimeter fence line
- Hazardous areas for example, ongoing building works
Most patrol routes will not set the order in which locations are visited. This means the patrol is unpredictable, deterring hostile actors.
4. How long a security patrol should take
There is no set limit to how long a patrol should take. However, most patrols are a trade off between resource, existing assignments and the risks faced. In any event, if a patrol uses guards then break times are likely to limit their length or require a handover.
It is important to recognise the impact of monitoring patrol times. Although a swift patrol appears an efficient use of resource, it can be at the cost of subtle tasks, such as intelligence gathering.
5. How to write a security patrol report
Security patrol reports can be summary and include:
- The time of when the patrol started
- The time of when the patrol ended
- Name of the patrol route
- Where the patrol visited
- Any findings such as breakages, faults etc.
- Name of the patrol guard
However, if there’s an incident a more comprehensive report is necessary – use our security incident report how to guide.
6. How often to patrol
A security officer should do patrols in line with the threat risk assessment. Some officers will patrol an area every hour throughout the year because it is a high risk area. Some mobile patrol security services will offer a mobile security patrols only once a week if the location is low risk.
It is important the type of patrol is varied. For example, mobile security patrols may be tasked to make a weekly inspection once a week. Therefore, the mobile patrol security services provider will ensure the inspection is made once a day but at different times.
Also, varying the type of patrol helps keep the guard alert and makes them unpredictable. As a result, hostile actors are deterred.
7. Welfare of the patrol guard
The design of a patrol route will put the safety of the guard first. When designing a patrol route, the following common hazards should be considered:
- Changing weather conditions
- Areas of poor lighting
- Uneven or slippery ground surfaces
- Height
- Working on or near Water
- Hot or cold environments such as, furnaces and chill rooms
A patrolling guard should be equipped with appropriate personal protective equipment. For example, high visibility clothing and warm clothing. Also, a torch and phone are common aids.
In certain environments such as, agricultural plants, devices will need to be safe to operate. Therefore, if a guard is equipped with a phone they should not be exposed to incendiary environments unless it is nonincendive.
Also, the guard will require periodic breaks and access to welfare facilities.
Of course, these limitations do not relate to technology, such as drones. However, they have their own limits, for example they can go wrong and need charging.
Welfare of the lone security guard
A guard patrolling alone is known as a ‘lone worker’. The British Standard BS8484 looks closely at what safeguards need to be in place for a lone worker.
Many companies will make periodic checks calls to lone workers on patrol. These calls will check to see whether the guard is safe and well. They will also follow the guard on patrol using CCTV.
8. Prove the patrol took place
In the event of an incident or crime it is helpful to have proof of presence. This will show a patrol has been done. There are seven kinds of proof of presence:
CCTV patrols instead of guard patrols
Do you need security guards to conduct patrols? You will often see control rooms using CCTV to check for hostile actors. This is more cost effective, less risky and convenient than sending a security guard out on patrol. It is also considered more reliable than a guard patrol. Because it relies on software analytics rather than human reporting. The CCTV recording is its own proof of presence.
However, CCTV tours do not provide the same deterrent as a guard patrol. The sight of a CCTV camera may deter some hostile actors. But most know very few cameras are actively monitored and therefore discount them. In addition, even if CCTV does detect something untoward what then? Unless you have a security guard on site you will wait for mobile security patrols or a police officer.
Hand-written record
You still see paper logs based in receptions, gate houses and loading bays. Used by security guards to record their name, date and time of visit. This log (often referred to as a Daily Occurrence Books (DOB) is a very basic proof of presence. But it is still a significant improvement on a security guard’s word.
(Find out what to record in a daily occurrence book).
One big problem with hand written records is fraud. The hand written sign-in therefore depends on the honesty of both the patrolling security guard and the owner.
Access control
Many buildings have smart digital access control systems installed. These systems control the movement of occupants in and out of buildings as well as within a building. A security guard can demonstrate their proof of presence around a building by presenting their access control card to proximity readers.
Assuming the building already has an access control system in place this is a zero cost option.
However, using access control systems for proof of presence does have its drawbacks:
- Access control readers are not cheap, and they are placed in locations to control staff movement, not record security guard proof of presence. Therefore, many areas covered by a guard patrol may not have access control readers in place (for example, toilets).
- Few access control systems can easily produce the proof of presence reports management require.
Data collector and touchpoints
If all you want to do is provide proof of presence of a guard patrol then this is the solution for you. The security guard achieves proof of presence by placing a data collector device against metal tags. Once the security guard has completed their patrol they return the data collector to its docking station. Data is uploaded to an online reporting portal.
Over the last few years the market has moved away from the data collector. Because a smartphone can provide the same proof of presence as well as additional functionality (at a cost).
Smartphone with NFC tags or barcodes
Scanning NFC tags involves holding the rear of a phone less than one centimeter away from an NFC tag . A reading of the tag’s identity is made by radio waves. In contrast, scanning barcodes involves the phone’s camera reading a barcode, just like a supermarket till scanner reads a barcode.
Using NFC tags tends to be quicker than scanning barcodes. Barcodes are also easier to vandalise and damage than NFC tags. For these reasons NFC tags tend to be more widely used than barcodes.
In common with the RFID reader tags, NFC tags and barcodes can be forcibly removed from their location by malicious actors.
Smartphone versus data collector
Because the phone sends proof of presence information in real time a record of their location is kept, an important lone worker consideration.
+ The mobile application that provides proof of presence often provides a host of other reporting features. These include incident and event reporting, tasks, messaging, electronic procedures and asset tracking.
+ Phone has their own communication feature (phone, text etc).
– Phones are more expensive than a data collector
– Technophobes may object to a phone
– A data collector may be tougher than a phone and therefore have a longer useful life.
Smartphone with GPS
GPS (global positioning system) can be used to provide proof of presence for a security patrol. In addition, some mobile applications offer ‘geo-fencing’, which create virtual boundaries based on GPS locations. If a phone travels beyond its geo-fence then an automated alert can be triggered. This can be a useful feature if a guard patrol is taking place in a hazardous environment, for example a railway.
Using GPS has a few drawbacks:
- GPS has a significant draw on a phone’s battery.
- In built-up environments the accuracy of a phone’s GPS is poor.
- GPS cannot plot the whereabouts of a phone on a vertical axis. Guard patrols cannot therefore be defined in multi-level buildings.
Smartphone with Bluetooth and beacons
In this instance a smartphone’s Bluetooth feature is used to communicate with a beacon affixed to specific locations. The beacons are able to relay their location, thereby providing proof of presence to a mobile application on the smartphone.
This is similar to using barcodes and NFC tags but there are some distinct differences:
- Beacons need their own power source (mains or battery with a 12 month lifespan)
- Beacons are larger than barcodes or NFC tags (think saucer size)
- You need to be physically next to barcodes and NFC tags to scan them. Whereas the Bluetooth signal can travel over 50 feet, meaning there is no need to present the phone to a fixed point.
- Because the security guard does not need to stand next to a beacon hostile actors will not easily spot a guard on patrol. This can be an advantage if the guard patrol design is to detect threats such as hostile reconnaissance.
9. People vs technology security patrols – strengths and weaknesses
Not all security patrols involve people, they can be done in four ways:
- Security guard on foot
- Mobile Security patrols (Guard with a vehicle)
- Security guard using technology
- Technology led
Each method has its own strength and weakness. Therefore, each method will drive what task to give to each patrol.
Security guard on foot
A security guard on patrol on foot is common in urban areas. Often the guard is alone but may be with another guard. The strengths and weaknesses of a guard patrol on foot are:
Inspection of a site’s physical safety and security measures
+ Great flexibility, able to move within buildings.
– Not able to quickly travel long distances.
Detect, deny and deter hostile actors
+ Able to challenge hostile actors and been seen
– Slow moving
Gathering intelligence
+ Approachable, encouraging others to speak with the guard.
+ Sensitive to the environment, therefore more likely to detect changes in the environment
– Limited range of motion
Mobile security patrols guide
A security guard using a vehicle is also known as doing mobile security patrols. The guard can patrol using a vehicle and patrol on foot. The vehicle they use may be a car, scooter, bike or Segway. The strength and weakness of a guard using a vehicle:
Inspection of a site’s physical safety and security measures
+ Able to cross large areas quickly
– May need to leave vehicle to provide close inspection
Detect, deny and deter hostile actors
+ High profile presence deters hostile actors
– Moving fast makes detecting hostile actors more difficult
Gathering intelligence
+ They can quickly visit various areas, helping them gather intelligence from different data points
– Their use of a vehicle may make them unapproachable.
Security guard using technology
The security guard will patrol using a variety of different technologies. For example, the guard can move together with CCTV and visit areas where there is no CCTV coverage.
Alternatively, the guard may patrol with the aid of an unmanned aerial aircraft (UAV/drone). For instance, using a drone to view a remote building perimeter.
The strengths and weaknesses of a using technology for a security patrol:
Inspection of a site’s physical safety and security measures
+ Inspections are easier because people and technology are faster than a lone guard. For example, a CCTV camera can quickly check a fence line that would take a guard a long time to reach
– Because a camera is multi-purpose they tend to be good at everything but great at nothing. As a result, close-up inspection of assets is difficult.
Detect, deny and deter hostile actors
+Advertising the use of technology will deter hostile actors.
+ A CCTV camera will alarm if there is unexpected movement.
– A patrol performed by technology has a lower profile than a guard.
– When compared to people, technology is less good at denying hostile actors.
Gathering intelligence
+ Using technology to make people and traffic counts.
– Technology does not encourage interaction with people.
Technology led patrol
As technology has become more common in our lives, it has started to become more common in security. The use of drones is now a familiar sight and some companies will use robots to patrol buildings. For example, robots will follow scheduled routes and communicate with a guard when it sees something not expected.
The strengths and weaknesses of a using technology for a security patrol:
Inspection of a site’s physical safety and security measures
+ Able to manage multiple tasks at once
+ Very reliable
– Highly scripted responses limits value in unexpected situations
Detect, deny and deter hostile actors
+ Capability unknown
+ Easily avoided
Gathering intelligence
+ Able to reliably perform monotonous tasks, such as people and traffic counting
– Unable to autonomously speak with people
10. Why you need a security patrol
The reason people have a security patrol is to protect their people and assets. But, this definition is too broad to be useful, it needs a specific purpose. Therefore, we asked our SIRV customers to give us specific reasons why they conduct patrols. Their response falls into three categories:
- Inspection of a site’s physical safety and security measures.
- Deter, detect, and deny hostile actors.
- Gather intelligence.
A patrol may meet one of these categories but that should not be its sole focus. For example, a guard checking a site’s fire extinguishers should also report any secret listening devices they come across.
Often a security patrol will be put in place because a risk assessment will recommend it. There are many kinds of risk. For example, reputation, finance, strategic and legal risk. However, the security patrol addresses operational risk, security risk. A security risk assessment will look at threats and hazards and the chance of them happening. It may also make a number of recommendations to tackle this risk.
Insurance companies will often make it a condition of their cover that recommendations made by risk assessments are put in place.
Hostile actors inside a company: Insider Threat
A hostile actor within a company is an ‘inside threat’. They will often be unhappy or corrupt employees. Because they are within a company, they have far greater access to company assets than outsiders. This means with little effort they can do a great deal of harm to a company.
Inside threat is a risk for all companies, regardless of their sector. It will result in:
- Information technology being sabotaged. This could occur during the employment of the employee or after their employment has ended.
- Intellectual property being stolen. Intellectual property is a broad term, it includes client lists and patent filing. The property may be design drawings for a piece of technology or a fashion item.
- Theft and Fraud: This may include the removal of assets from site. For example, a warehouse worker removing stock from site. In addition, an employee may commit fraud by giving a third party unauthorised access.
Hostile actors outside a company
A hostile actor outside a company will sometimes work with an insider threat. They may be part of a group or operate alone. They are usually classed as one of the following:
- Terrorist
- Vandal
- Activist
- Criminal
- Spy
- Voyeur
Each of these actors have their own aims. A terrorist may want to do harm to as many people as possible and gain as much attention as possible. Whereas a spy may look to obtain sensitive information in a way that attracts no attention.
A security patrol will uncover a hostile actor that is either planning an attack or launching an attack.
Manchester Arena Bombing
In May 2017 a bomb exploded at the Ariana Grande concert, Manchester Arena, UK. It killed 22 people.
The government inquiry into the killing found the bomber had gained access to the concert venue and hid in an area not covered by CCTV. “Lives could have been saved had ‘pre-egress’ security checks carried out.” Security experts gave evidence saying the attacker “would likely have been spotted and reported to the Arena control room had the… patrols covered the area in their pre-egress checks.”
If the security patrol guard had spoken to the bomber and identified him as a threat the area doors could have been shut. As a result, if if there was an explosion many lives would have been saved.
Martyns Law aims to address these shortcomings.
How to security patrol – Ultimate guide conclusion
The security patrol has protected people and assets for thousands of years. The threats companies face may develop and change but the purpose of will patrol will not.
Today, technology is helping make patrols safer and more effective. Security guards now have more time to do higher value tasks, such as gathering intelligence.
The greatest piece of technology on earth are humans. Trained and motivated, a guard on patrol offers a level of protection like no other.