Jane’s Workplace Security Handbook

Jane’s Workplace Security Handbook is an essential guide for employers maintaining responsibility for employees, customers and shareholders. This handbook provides employers with the know-how to provide a secure environment, including responding effectively to security threats. The handbook provides a guide that covers the following: violence in the workplace, terrorist attacks, domestic and international travel security, information security and organizational recovery. Recognition and preparation for all threats to the workplace and employees as well as the following:

• Violence in the workplace
• Domestic violence
• Terrorism
• Hate groups / domestic terrorists
• Travel security
• Information security

This handbook is available for single copy purchases in our online store. For quantity discounts, please fill out the form at the right.

Workplace security incidents can be detrimental to the well being of a company. This handbook serves as a guide that addresses necessary standards organizations must meet in an effort to maintain safety. The handbook is designed to assist organizations and their employees prepare, respond and recover from workplace security threats. The vital information should be used in addition to an organization’s existing procedures and policies.

Techniques and procedures are detailed, as the handbook serves as a guide to develop facility security policies, including vulnerability, assessments, the creation of crisis teams, employee training, access control, visitor identification and mail handling. As the employer’s responsibility to provide a safe and secure workplace, this handbook can be referenced for policy development and training procedures. The handbook provides information from the U.S. National Institute for Occupational Safety and Health (NIOSH).

Effective travel planning is a necessity as this guide provides comprehensive information in assessing travel risk both domestically and internationally, as well as pre-travel planning and precautions to take while traveling. This guide provides detailed procedures on development and implementing information security policies protecting information, combating viruses, communications security and data recovery.

The handbook provides suggests actions and procedures to respond effectively and safely to workplace emergency security incidents. The response checklists are generic guidelines for each incident type to be considered when establishing response policies and procedures.

The key to successful workplace security program is well planned.

TABLE OF CONTENTS

1.1 Introduction

1.1.1 What’s in it For Me (WIIFM)- Exposing the What’s in it for me rational.
1.1.2 ‘It won’t happen here’- Provides US Bureau of Labor Statistics (BLS) Census of Occupational Injuries.
1.2 Threat definition and vulnerability assessment
1.2.1 Assailant’s intent- The aims of an assailant when planning or conducting an attack.
1.2.2 Physical location- The level of vulnerability is dependent upon the organization’s physical location.
1.2.3 Business sector- The type and level of threats a business may face is dependent upon the output and partners.
1.2.4 Vulnerability- The perceived vulnerability can affect the type or level of threats an organization may face.
1.3 The terrorists threat
1.3.1 Changing attitudes- The public perception of terrorists attacks.
1.3.2 Terrorist objectives- Classification of terrorist attacks and measures used to assess vulnerability.
1.3.3 Terrorist tactics- Acknowledgement that terrorist attacks are successful based on communication among domestic ad international terrorist groups.
1.4 Preparedness plans

2.1 Introduction

2.2 Threat assessment and crisis management
2.2.1 Threat assessment team- A team able to identify threats to a workplace.
2.2.2 Crisis management- Plans based upon threats identified by the threat assessment team.
2.3 Command post and crisis teams
2.3.1 Command post- Security incidents require members of the crisis management committee to establish a command post as part of an effective plan.
2.3.2 Crisis response teams and emergency- The proper creation of response teams in lieu of various security issues.
2.3.3 Post-incident management toolbox- The toolbox should maintained and be used once an incident has occurs to initiate the recovery process.
2.4 Employee crisis training
2.5 Searching, evacuation, shelter-in-place and lockdown
2.5.1 Searching- Provides proper search techniques.
2.5.2 Evacuation- Appropriate evacuation plans according to the type of threat.
2.5.3 Shelter-in-place and lockdown- Proper lock down determination and procedures.
2.6 Vulnerability assessments
2.6.1 Understanding terrorist and criminal activity- Defines the basic principles of terrorist and criminal activity.
2.6.2 Performing a vulnerability assessment- Provides a complete analysis of a facility as it is intended to uncover security vulnerabilities and assess security procedures and equipment.
2.6.3 Collateral damage- A vulnerability assessment can provide an assessment of possible collateral damage.
2.7 Access control and perimeter security
2.7.1 Access control- Controlling access to a company’s premises.
2.7.2 Securing the facility- The use of a combination of surveillance and physical measures for organization protection.
2.7.3 Controlling access into and throughout the facility- Provisions of controlled building access.
2.7.4 Identification- Implementation of an identification system that closely scrutinizes access.
2.7.5 Visitor policies and escort procedures- A critical look at the establishment of visitor protocol.
2.8 Mail handling
2.8.1 Detection equipment- The availability of biological, chemical, nuclear/radiological and explosive detection equipment.
2.8.2 Mailroom contamination- Provides measures to limit packaging posing threats.
2.8.3 Suspicious package features- Description of suspicious package features.
2.8.4 Mail handling procedures and precautions- Review of the organization’s internal communications procedures.
2.9 Facility security checklist
2.9.1 Identification, visitor and personnel policies- Provides a detailed facility security checklist.
2.9.2 Physical security measures- Provides a checklist of physical security measures.
2.9.3 Alarm systems- Provides proper alarm facilitation.
2.9.4 Office security- Describes the purpose office security.
2.9.5 High security areas- Presents appropriate questions for the determination a high security area.
2.9.6 Security guards- Presents appropriate questions for the determination of proper use and/or addition of security guards.
2.9.7 Vehicle control- Identification and management of known and unknown property vehicles.
2.9.8 Mail handling- Outlines proper mail handling procedures.

3.1 Introduction

3.2 It’s the law
3.3 Employer liability
3.4 Policy development and training
3.4.1 Reporting procedures- Recognition of the critical element of workplace violence policy to enable and encourage employees to report incidents.
3.4.2 Policy statements- Outlines a proper workplace policy statement.
3.4.3 Training- Proper employee training of appropriate incident reporting.
3.5 Employee and vendor background screening
3.6 Recognizing potential offenders
3.6.1 Offender characteristics- Recognition of characteristics associated with perpetrators of workplace violence.
3.6.2 ‘Red flags’- Outlines the ability to recognize the signs of violent intent and/or behaviors.
3.7 Domestic violence in the workplace
3.7.1 Indicators of domestic violence- Provides a list of warning signs that indicate domestic violence affecting the workplace.
3.7.2 Offender characteristics- Provides a list of characteristics of individual who are perpetrators of domestic violence
3.7.3 Employer action plan- A list of measures employers can take ensure a secure working environment.
3.8 At-risk terminations
3.8.1 At-risk termination/separation procedure- Provide at-risk measures during the event of a termination or separation meeting.
3.8.2 Follow-up- Precautions to implement in the aftermath of an at-risk termination.

4.1 Introduction

4.2 Pre-travel planning
4.2.1 Assessing travel risk- Review political, social, religious and criminal environment of locations being visited
4.2.2 Need to know-Limit travel itineraries to a ‘nee to know’ basis with a delegated point of contact.
4.2.3 Travel contingencies- Development of a contingency plan to be used in the event of an emergency.
4.2.4 Identification and passport- Travel identification security measures for business traveling.
4.2.5 Credit cards and currency- Provides currency traveling tips, such as limitations of credit cards and awareness of currency placement.
4.2.6 Emergency information- Provides an ideal emergency contact list.
4.2.7 Hotels- Ensure hotels have been investigated and/or referred by a contact of the destination.
4.2.8 Medical information and insurance- Organize all medical and insurance information prior to a departure.
4.2.9 Legal issues- Ensure employees acknowledge and understand the laws of countries traveled to.
4.3 Precautions when traveling
4.3.1 General safety precautions- Provides a guideline for general traveling safety tips.
4.3.2 Hotel safety- Provides a guideline for general hotel safety.
4.3.3 Street safety- Provides a guideline for general street safety.
4.3.4 Transport safety- Provides a guideline for general transport safety.
4.3.5 Emergency response communications- Provides measure travelers should take in the event of an emergency.
4.4 Healthy travel
4.4.1 Health precautions- Ensure employees who travel regularly are referred to a physician for appropriate vaccinations and other information.
4.4.2 Medications and vaccination- Provides medical advise for international travelers.
4.5 Kidnap
4.5.1 Express kidnap- Noting the importance of assessing the risk of kidnap and ransom.
4.5.2 Kidnap and ransom- Ensure that travelers understand the threat of kidnap and ransom and are able to act accordingly.

5.1 Introduction

5.2. Information security threats
5.2.1 Internal- Insider misuse of Internet access.
5.2.2 External- Safeguard against hackers and intruders seeking control of a computer and/or network.
5.3 Information security policies
5.3.1 Policy development- Effectiveness of information security policy.
5.3.2 Network security- Safeguard against a network security breach.
5.3.3 E-mail- Note the ease of sensitive information in available in e-mails.
5.3.4 Encryption and authentication- Further secure communication measures.
5.3.5 Incident response team- A Computer Incident Response Management Team oversees the organization’s response to security incidents and investigations.
5.3.6 Penetration testing and surveillance- Provides a guideline for security testing.
5.3.7 Attack mitigation- Provides a list of measure to be included in an information security policy.
5.4 Incident response procedures
5.4.1 Initial response- A guideline of appropriate documentation of a security-related event.
5.4.2 Review and assessment- Factors to consider upon the assessment of an incident report.
5.5 Protecting information
5.5.1 Password protection- Provides a guideline to ensure password protection from invasive hacking.
5.5.2 Access control technology- The utilization of advanced access-control technologies.
5.5.3 Document control- A guideline to successful internal document control.
5.6 Viruses
5.6.1 Virus types- Provides descriptions of viruses, as well as a defense against them.
5.6.2 Virus infiltration methods- Ways to prevent network systems from being compromised.
5.6.3 Virus symptoms- Provides a list for employees to assist in the identification of viruses.
5.6.4 Virus prevention- Provides a virus protection guideline.
5.7 Physical security
5.7.1 Physical protection- Provides a guideline of physical protection.
5.7.2 Equipment protection- Provides a guideline for equipment protection.
5.7.3 Access control- Provides a guideline for access control.
5.7.4 Portable equipment and computers- Provides a guideline to safeguard portable equipment and computers.
5.7.5 Protect output- Provides a guideline to protect a company’s output.
5.8 Communication security
5.9 Telemetry systems
5.10 Post-incident reporting procedures
5.10.1 Documentation- A list of appropriate documentation procedures to be used in assistance with law enforcement.
5.10.2 Incident investigation- Preventative measures for reoccurring events.
5.10.3 External organizations- Investigations may require assistance the assistance of external organizations.
5.11 Data recovery

6.1 Introduction

6.2 Bomb threats
6.2.1 Bomb threat response- Awareness of training for handling bomb threats as well as the provisions of a bomb threat checklist.
6.2.2 Call handling instructions- Provides a guideline of bomb threat call handling instructions.
6.2.3 Information to record- Describes pertinent information to record during a bomb threat.
6.2.4 Questions- A list of questions to be asked during a telephoned bomb threat.
6.3 Bombs/explosive devices
6.3.1 Postal explosive devices- A list of characteristics of explosive postal devices.
6.3.2 Firebombs/incendiary devices- The significant danger posed by firebombs and incendiary devices.
6.3.3 Package bombs- Preparedness for the importation of a package bomb inside a facility.
6.3.4 Vehicle bombs- Examples of vehicle bombs and the ability to cause extensive damage.
6.4 Chemical and biological weapons
6.4.1 What to look for- Describes chemical agents, their dissemination and the factors that influence speed and effectiveness of dispersal.
6.4.2 Response procedures- Reduce panic and confusion with knowledge of how an emergency response team will respond.
6.4.3 Personal decontamination- Proper response to personal decontamination and procedures to follow.
6.5 Nuclear and radiological weapons
6.5.1 Radiation contamination- Recognition of a radiological attack.
6.5.2 Nuclear weapons- The effects of nuclear weapon detonation.
6.5.3 Radiological weapons- A list of the three main types of radiological weapons.
6.6 Armed attackers and hostage situation
6.6.1 Armed individual in the facility- Provides instructions to safeguard individuals in the instance of an armed assailant within the facility
6.6.2 Hostage situation- Provides instructions to safeguard individuals in the event of a hostage situation.
6.6.3 Armed robbery- Provides a guideline for individual response in an armed robbery situation.
6.7 Kidnap and ransom
6.8 Medical emergencies
6.9 Hazardous materials and mechanical emergencies
6.9.1 Hazardous materials- Organization preparedness through developed procedures to safely respond in the event of an hazardous material incident.
6.9.2 Gas leak- Provides a safety guideline in the event of a gas leak.
6.9.3 Elevator entrapment- Safety measures to adhere to in the event of an elevator mechanical failure.
6.10 Fire
6.11 Natural disasters
6.11.1 Severe weather- Organizations subject to severe weather should have procedures in place to assess posed to the organization and employees.
6.11.2 Tornado- Organizations subject to tornados should implement regular tornado drills.
6.11.3 Hurricanes- Organizations subject to hurricanes should monitor local weather and news stations.
6.11.4 Earthquake- Provides a list of measure to reduce risks posed by earthquakes.
6.12 Structural collapse

7.1 Importance of crisis communications

7.2 Communications planning
7.2.1 Identify a crisis communication team- A small group of authoritative people with the power to implement decisions.
7.2.2 Update and disseminate a media policy- The importance of re-issuing media policy in the event of a crisis situation.
7.2.3 Develop contact lists- An effective contact list will contain contact information of key individuals for 24 hour and 7 day a week contact.
7.2.4 Gather contact lists- Ensuring security policy and procedures for facility, personnel, travel, and information are regularly updated and maintained by the crisis management team.
7.2.5 Determine review/approval process- The importance of a process plan in place for timely review of approval of communication strategies and materials.
7.2.6 Designate crisis center- Designate and equip a crisis center to handle internal and external communication needs.
7.3 Communication training
7.4 Communication response guidelines
7.5 Crisis communications procedures
7.5.1 Crisis communications team meetings- Determine the need for or hold a crisis communications team meeting.
7.5.2 Collect information- Dispersal of information-gathering responsibilities.
7.5.3 Determine and implement communications strategy- Post information gathering, a determination of communication strategy is key.
7.6 Communications with key constituents
7.6.1 Media- The importance of an articulated media response.
7.6.2 Employee communications- The importance of employee communication to external constituents.
7.6.3 Investment community- Proactive communications for companies operating in the public sector.
7.6.4 Customers- Techniques for planning direct communication to customers.
7.6.5 Government- Workplace security incident compliance with regulatory authorities.
7.6.6 Community- Indirect community communication via elected leadership, local media and employees.
7.7 Situation and communications strategy assessment

8.1 Introduction

8.1.1 Financial cost of workplace trauma- Provides statistics and examples injury cost in the workplace.
8.1.2 Disaster recovery phases- Critical incident stages or phases: impact, inventory, rescue and recovery.
8.2 Post-traumatic stress
8.3 Post-traumatic Stress Disorder (PTSD)
8.4 Critical Incident Stress Management (CISM)
8.5 CISM: pre-crisis phase
8.6 CISM: acute crisis phase
8.6.1 Triage- The ability to sort medical emergencies.
8.6.2 Communication- Reasons for employee communication preparation.
8.6.3 Individual crisis intervention and support- Preparedness to provide individual support and crisis intervention for personnel.
8.6.4 Defusings- The shortened version of the Critical Incident Stress Debriefing.
8.6.5 Crisis Management Briefings (CMB)- The address to groups of individuals immediately after a traumatic event.
8.7 CISM: post-crisis phase
8.7.1 Critical Incident Stress Debriefing (CISD)- A group meeting or discussion about a traumatic event, which provides immediate relief to those exposed to a traumatic event.
8.7.2 Telephone crisis intervention- TeleDefusing is telephone crisis intervention that incorporates CISM defusing.
8.8 Critical incident stress teams
8.9 Memorials and anniversary events

9.1 Fact-finding

9.2 Business recovery checklist

10.1 Employee vulnerability assessment

10.2 Sample workplace security policies
10.2.1 Workplace violence policy statement- The importance of a workplace violence policy.
10.2.2 Workplace incident report form- The importance of implementing clear procedures on reporting security incidents.
10.2.3 Standards of conduct- Provides a list of examples of unacceptable behavior to be included in the policy defining professional behavior.
10.3 Sample employee announcements
10.3.1 Workplace homicide- Provides a sample announcement of a workplace homicide.
10.3.2 Workplace fatality-Provides a sample announcement of a workplace fatality
10.4 Stress management handouts and tips
10.4.1 Stress management and symptom checklist- Recognition of responses exhibited by those exposed to traumatic events.
10.4.2 Stress management checklist- Provides a stress management tip guideline to benefit those exposed to traumatic events.
10.5 Sample information security policies