PEOPLE, BUILDINGS, AND COLLECTIONS Innovations in Security and Preservation

"How much security is too much or too little?" is a tough question, especially for managers who are charged with preserving and protecting their institution's collections. Funding constraints alone might make the question seem irrelevant, because most of us perceive that we never get enough funding. I believe, however, that the answer lies in assessing that delicate balance between access and security. As we all know, there is a natural tension between the access required by staff and patrons and the security controls installed to prevent theft and mutilation of the collections.

My brief reply to the question of how much security is too much focuses on the issue of authorized staff and user access. If security controls in place or contemplated essentially deny access, then a library or museum becomes nothing more than a secure storage vault. Yes, the collections would be secure, but denying access to authorized users also robs the institution of its essential mission.

Indicators of too little security for the collections are systematic losses and mutilation of collection materials, high lighting the need for increased controls. Many of us have faced challenges in this area, which all too often find their way into the press. So, again, institutions must continue this delicate balancing act, enabling authorized access while minimizing the risk of exposure created by vulnerabilities to the threat of theft and mutilation. A tall order and tough challenge for all of us in this business.

One helpful approach is to focus on "innovation" in collections security planning, innovation in terms of approaches to building a workable and effective security program for cultural institutions. I am not referring to "technical" innovations, as in closed-circuit television, intrusion-detection systems, electronic access controls, or key tracking capabilities. I would like instead to highlight innovations pursued at the Library of Congress in terms of building a common framework for assessing risk and the collaborative approach we have developed in sustaining our security programs. The following background items place these innovations in perspective.

Before 1997, the approach taken by the Library of Congress to security was fragmented and lacked an overall strategy. In 1997, the disparate functions were consolidated under the central control of a single entity, the Office of Security. One of the first tasks of the Office of Security was to articulate the Library's vision for security. This vision or strategy has been captured in the October 1997 Library of Congress Security Plan. The Security Plan defined the threat to the collections and focused on creating a planning framework of physical security controls to protect the Library's collections. It also established parameters for the Library to protect its facilities, staff, visitors, and other assets.

The Security Plan describes the tiers of risk categorizing our collections, their cycles, and the minimum standards adopted for physical security controls. The plan establishes an innovative framework for the Library to assess risk, identify its unmet requirements, and build budget requests to address these critical needs (see chapter 4).

Outside auditors conducting risk assessments in select custodial and processing divisions adopted the plan's framework of risk in assessing vulnerabilities and control weaknesses. These risk assessments outline a critical path of actions that each division must address to minimize its vulnerabilities to theft and mutilation.

Perhaps most important, the plan's framework has enabled the Library to integrate its security needs in comprehensive budget packages cutting across our separate curatorial and processing divisions. For the first time, the Library can summarize for its funder—the Congress—the status of needs across the Library and can project timelines for addressing these requirements. Institutions rarely gain all funding requested for security. We now, however, can depict what controls are needed to protect the collections across a commonly shared framework of risk.

No single office could have accomplished all these tasks in a vacuum. The Library of Congress adopted a wholly integrated, collaborative effort to capture the insights and needs of our principal operating units. The Office of Security collaborated with the Collections Security Oversight Committee (CSOC) to develop its plan and an implementation strategy that remains in place today. The CSOC, its four standing subcommittees, and ad hoc working groups have a continuum of initiatives that over time will create a more secure environment for the Library's collections.

Following the publication of the Security Plan in October 1997 addressing minimum standards for physical security controls for the collections, the CSOC spearheaded development of standards for preservation, bibliographic, and inventory management controls within the plan's framework of risk. To date, preservation controls have been integrated with the physical security controls described in the 1997 Security Plan (see chapter 7). Again, the common framework and language have facilitated communication between separate disciplines. The task is a work in progress, but progress indeed has been and will continue to be made.

The Library has also contracted with an outside auditor to conduct objective random sampling projects in select divisions, with the intent of establishing over time credible baselines of theft and mutilation. To date, the projects have yielded positive results, showing no theft or mutilation in one of our most heavily used special collections—a clear indicator that our security controls are working.

Beginning in April 2000, a special CSOC working group initiated a project to test the feasibility of developing minimum standards for controls to protect the Library's digitized collections. An extensive external peer review of the group's work to date is now under way. The intensity of the Library's effort to develop security controls protecting the collections has also encompassed the Library's need to protect its facilities, staff, and visitors from a wide array of threats, which range from terrorist attacks to individual acts of violence directed toward our staff. As a result of the shooting of two U.S. Capitol Police officers at the Capitol in July 1998, followed by the U.S. embassy bombings in East Africa, Congress directed significant physical security improvements for the Capitol complex, including the Library's three main buildings. The Library developed a Security Enhancement Implementation Plan in February 1999, addressing requirements articulated in the 1997 Security Plan. The physical security enhancement plan is a multiyear program of security upgrades to strengthen the Library's established minimum standards for police command and control, entry and perimeter security, and related law enforcement enhancements to conform with the overall Capitol complex security objectives.

Under the Security Enhancement Implementation Plan, the Library is building a new consolidated Police Communications Center to integrate the Library's intrusion detection and security monitoring systems. The Library is also expanding entry and perimeter security to include additional screening equipment and associated modification of building entrances, exterior monitoring cameras and lighting, and garage and parking lot safeguards. The design phase for these projects is complete, and construction and installation will take place over the next two years.

In conclusion, I would like to summarize insights we have gained at the Library of Congress over the past several years as we have developed our security program:

(1) A clear strategy for an integrated approach to protect people, buildings, and collections must be established.

(2) It is important that libraries and other cultural institutions develop a framework of risk creating a common language across their organizational units to facilitate cooperation across separate functional disciplines.

(3) Collaboration among all involved entities is essential to building an integrated approach to security.

(4) Cultural institutions must preserve the authorized access of staff and patrons while balancing the risks such access poses.

(5) There must be a commitment to invest in physical security improvements that will significantly enhance the security of our facilities, our people, and the heritage assets entrusted to us for safeguarding.

The Library has made much progress in securing and preserving its unique collections and upgrading facilities security, with the continuous support of Congress. The Library's security program is a dynamic, evolving program that ensures that the Library can sustain this progress within an established security management structure that can adapt to changing threats and new technology.