Appendix Three
Main Library and Branch Post-Disaster Security Plan—Strictly Confidential
Lancaster Gate Public Library Main Library and Branch Post Disaster Security Plan
Table of Contents
I. Statement of responsibility
II. Identification badges
III. Visitor sign-in
IV. Controlled access to building
V. After-hours access to building
VI. Alarm systems
VII. Lock-up procedures
VIII. Key management system
IX. Access card management system
X. Security of personal belongings
XI. Vandalism/light damage repair procedures
XII. Post-disaster additional security
XIII. Parking security
XIV. Audit schedule
Additional Information
A. Post-Disaster Security Risk Analysis
B. Security Manager’s Immediate Post-Disaster Tasks
C. Information Security and Confidentiality
I. Statement of responsibility
The Security Manager will be responsible for the post-disaster security of LGPL sites. He or she should choose an appropriate delegate from the Facilities Management Department, and be prepared to assist in the auditing and updating of post-disaster security plans for LGPL branches.
II. Identification badges
Unless a visitor is a first responder, he or she must wear an identification badge. Visitors are required to return badges upon departure from LGPL sites. Badges should be numbered, and the visitors’ names and badge number should correspond in the sign-in book. Note: All strategic alliance vendor representatives must wear LGPL identification badges.
III. Visitor sign-in
After a disaster, all visitors will be required to sign in at the Information Desks (or alternative reception areas) on arrival, and to sign out on departure. This policy applies to journalists and other media representatives.
IV. Controlled access to building
In the event of a post-disaster malfunction in the controlled access system, the Security Manager may restrict access to all except those involved in response and resumption activities.
V. After-hours access to building
After a disaster all after-hours access to the head office will be restricted to those involved in business resumption activities. The Security Manager should exercise caution in dealing with after-hours loiterers near LGPL sites.
VI. Alarm systems
If alarm systems are damaged during or after a disaster, the Security Manager will advise the Facilities Manager and assist in activating the appropriate strategic alliance(s). Repair or replacement of alarm systems is a top priority.
VII. Lock-up procedures
After a disaster, the Security Manager should review LGPL’s lock-up procedures and ensure that they meet current security needs.
VIII. Key management system
The Security Manager will assist the Facilities Manager as required with the post-disaster administration of the LGPL’s key management system. This will include:
• Secure storage of all spare keys
• Logging of all key distribution
• Retrieval of all keys no longer needed by departing employees
• Disposal of all obsolete keys
• Ordering of new keys as required
IX. Access card management system
The Security Manager will assist the Facilities Manager as required with the post-disaster administration of the access card management system. This will include:
• Secure storage of all spare and temporary cards
• Logging of all card distribution
• Retrieval of cards no longer needed by departing employees
• Disposal of all obsolete cards
• Ordering of new cards as required
X. Security of personal belongings
Primary responsibility for personal belongings rests with the individual owners. As in normal circumstances, thefts and mysterious disappearances should be reported to the Security Manager without delay. Note: Investigations of missing property may be postponed until the business resumption process (i.e. the first 72 hours after a disaster) is complete.
Personal belongings should be locked away in desks or lockers. Those belongings necessarily held in workspaces should be kept out of sight if possible.
XI. Vandalism/light damage repair procedures
Post-disaster remediation of vandalism and light damage is the responsibility of the Facilities Manager, but the Security Manager should investigate all cases of vandalism and report extreme cases to the police.
XII. Post-disaster additional security
The Facilities Manager will administer a strategic alliance with a security firm, which will provide temporary security personnel to guard perimeter areas of any LGPL sites that are insecure owing to damage. The Security Manager should work with the Facilities Manager to ensure that the appropriate number of guards is available for LGPL’s purposes after a disaster.
XIII. Parking security
Parking area security measures include:
• Lighting
• Cautionary signage: “This area is regularly patrolled and monitored ...”
• Nighttime escorts to vehicles
• Regular patrols
In conjunction with the Facilities Manager, the Securrity Manager should allocate space for the vehicles of emergency and clean-up crews, strategic alliance vendors, and visitors. This space should be at reduced risk from any debris, and permit easy exit from LGPL parking areas.
XIV. Audit schedule
The Security Manager should audit and revise this Post-Disaster Security Plan annually. Audits should include a review of all new security technology, maintenance contracts for all security hardware, and the post-disaster working relationship between the Facilities Manager and the Security Manager. Division of tasks in extreme circumstances will remain an ongoing issue for everyone involved in the head office’s security.
Additional Information
A. Post-Disaster Security Risk Analysis
Taking into account LGPL’s risk assessment and analysis, the Security Manager should be aware of the following post-disaster risks at LGPL:
Water ingress, leaks and flooding from burst plumbing and water mains Smouldering fires, smoke and fumes from fires Downed wires and cables Broken glass and debris Power outages and brownouts Malfunctioning technology Intruders (mostly curious onlookers) Thieves and looters, particularly around the perimeter.B. Security Manager’s Immediate Post-Disaster Tasks
The Security Manager’s tasks immediately after a disaster will be:
• To cordon off damaged and hazardous areas.
• To advise staff of risks from structural and non-structural damage, and to warn them away from hazardous areas. (This duty could be shared with the Facilities Manager.)
• To advise the Library Management Group of any post-disaster security risks.
• To call for additional security as required, as per the appropriate strategic alliance.
• To monitor entrances and exits as required.
• To ensure that post-disaster visitors to the LGPL sites have appropriate identification.
• To give directions to first responders, repair crews, and the media as they arrive at the LGPL sites.
C. Information Security and Confidentiality
The Security Manager should play a role in LGPL’s information security and confidentiality. The main issues covered in the policy and procedures are as follows:
• Levels of confidentiality:
– Classified information: Library Management Group members only
– Confidential information: Library Management Group and employees only
– Private information: Relating to one individual only, usually personal data
– Public information: Can be released to the general public
• Security implications of different kinds of media:
– Paper
– Digital
– Microfilm
– Multimedia
– Miscellaneous
• Secure On-Site Storage of LGPL Information
– Cabinets, locked and unlocked
– Loose records (on desktops, etc.)
– Computer password controls
– Audits of data back-ups
– Storage area security
– Secure destruction of obsolete records held on-site
• Secure Off-Site Storage of LGPL Information
– LGPL standards for off-site storage vendors
– Archival security
– Indexing of information stored off-site
– Post-disaster retrieval of vital records held off-site
– Secure destruction of obsolete records held off-site
• LGPL Information in Transit
– Secure lock-up of LGPL information in staff-owned vehicles
– Secure transport of laptop computers and other portable IT devices
– E-mail security
• Information Technology Security
– Anti-theft: securing hardware to supporting surfaces
– The importance of up-to-date firewalls and encryption
– The importance of regular, fully-tested data backups
– Preserving vital documentation: manuals, contracts, reports, and ledgers
All of the above items are matters of concern during the resumption process. The Security Manager should be available to provide ongoing support for information security at LGPL sites after a disaster
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.