AS STRONG AS ITS WEAKEST LINK Developing Strategies for a Security Program

The Library of Congress has developed a comprehensive, integrated collections security program to protect its "heritage assets" (the term we have given to the Library's permanent collections). Keys to success in building this program consisted of: first, recognizing the challenges facing us; next, obtaining management and staff support; and, finally, ensuring a collaborative effort between security and library professionals. Neither library managers nor security professionals, operating alone, could have produced the high-quality program that we developed in this collaborative environment. The result is a program that not only has widespread buy-in but also has a readily understandable implementation phase—because staff members are on board and understand the concepts, terminology, and need.

As we began developing a collections security plan for the Library of Congress, we realized that the program would be successful only if we first made a realistic assessment of the existing situation. In so doing, we found challenges that we needed to recognize and address. I believe there were four main issues:

(1) "It's not my job." Although not always apparent, the Library's culture betrayed an attitude of "we versus they" between the Library's staff and managers and the Library's security professionals. Although not antagonistic, this attitude often took the form of staff members' feeling that they should not be asked to assume the responsibility for collections security but, rather, that this was the job of the security professionals. Staff members felt that they themselves had been hired and trained to help researchers and build collections, not to enforce security regulations and act as police.

(2) "All this money and not one book." At the same time that everyone agreed that security was necessary. Library staff members often resented the amount of money spent on security, believing that it took away funds from such core Library activities as reference and collections development. It was not unusual to hear a staff member say that we are spending a lot of money on security, but all that money does not buy us one manuscript or one book.

(3) "Security is locks and cages." Traditionally. when we had talked about collections security, people immediately focused on physical security—that is, lock-and-key control, surveillance cameras, intrusion detection, cages, and vaults. We believed that effective collections security, however, required a much broader-based program than simply physical security, and that if we defined the program more broadly, we also would attain increased interest and buy-in from Library staff.

(4) "Don't you trust us?" We believed that an effective security program should address all possible threats. For collections security, this involved changing procedures for access to the collections both for researchers and for Library staff. Perhaps no other aspect of developing our program evoked the level of emotional reaction, especially from staff, as we saw when we modified our policies to limit staff access to collections storage areas in 1992, shortly after closing the stacks to the general public.

We addressed these four main challenges and made every effort to enlist the support of the staff:

(1) "It's not my job." Those of us who have witnessed the mutilation and theft of irreplaceable items—and have seen the frustration of researchers who have traveled long distances for an item that can be found only at the Library of Congress, arriving to find the item either missing or mutilated—are convinced that security is everyone's job. We have adopted a concept of levels of responsibility, with the staff being the first line of defense. When the situation cannot be addressed safely and satisfactorily by the staff member, or when the event happens outside of a reading room or work area, we summon the Library of Congress Police.

We have established an active security awareness program to make staff members aware of the importance of collections security and of their role in ensuring the protection of our heritage assets for this and future generations. Examples of successful initiatives include: regular articles in the staff newsletter, the Gazette; programs for the staff such as a Security Awareness Week, with posters, bookmarks, and presentations; presentations to groups of employees; and displays of mutilated items, including the cost of the items and the unique information or illustrations that were lost.

(2) "All this money and not one book." This concern is voiced more frequently in an era of diminishing resources and increased competition for available funding. We have explained to our staff that the result of not spending the necessary funds to protect our heritage assets can be far worse in terms of mutilation, theft, and permanent, irreplaceable loss of the artifact and the information than the reduced purchasing ability that may result from allocating funds for security purposes. Staff awareness has been increased by displays of mutilated items and, wherever possible, by sharing stories of attempted thefts and mutilations that were thwarted by having alert security staff. In collections areas having a high value and unique material, success stories can significantly raise staff awareness and understanding of the need to have adequate security staff.

(3) "Security is locks and cages." Perhaps one of our major accomplishments as we crafted our comprehensive collections security plan was to move away from the traditional view that a collections security program equates with a physical security program—locks, keys, cages, security cameras, intrusion detection systems, alarms, and so forth. Indeed, as we developed our collections security program, we took a much broader approach. We felt that a truly comprehensive plan must address four critical issues: what we have, where each item is at any given time, how we preserve the items for this and future generations, and how we protect the items physically. Only the last of these four issues—physical security—has traditionally been addressed by the security professionals; the other three are traditionally addressed as core library activities—bibliographic control, inventory control and tracking, and preservation. By defining collections security as including all four areas, we were not only able to put together an integrated plan but also to bring professional librarians and security experts together in this collaborative effort.

(4) "Don't you trust us?" We took a number of positive steps to explain to the staff why it was necessary to make certain changes; even so, we were not completely successful in convincing everyone on the staff that we had to adopt the policies we did. Among the steps we took were the following:

• We held a number of staff forums in which the Librarian of Congress and security and other Library staff members explained to Library employees what we were doing and why.

• As part of these forums, we set up dramatic displays of mutilated items with captions that explained the uniqueness of the items, what had been lost and could never be examined again, and the assessed cost of the items. Staff members attending these forums and viewing these exhibits left with a very different perspective of the scope of the problem and the impact of not protecting the collections than they had had when they arrived. By showing concrete examples, we demonstrated that mutilation and theft were not mere abstract concepts.

• We established options to determine stack access for staff in various positions to ensure that staff members could continue to do their work without encountering significant roadblocks in their path, and we explained these options to the staff. We tried to remain as flexible as possible in listening to the concerns of staff and in developing appropriate options.

• We were honest with staff members in reaffirming our belief to them that they are our greatest asset and that we were not accusing them of dishonest behavior. At the same time, all of us needed to recognize that out of a staff of more than four thousand employees, it only took a few people to create serious damage to the collections. Unfortunately, there was no "profile" that we could use to determine who might create problems and therefore restrict access only to those individuals, We shared with staff specific incidents involving staff, as well as citing studies and articles supporting the need to address insider as well as outsider threats.

Once we had both librarians and security professionals working collaboratively, our next step was to develop a framework that we hoped would cover all four control areas: bibliographic control, inventory control and tracking, preservation, and physical security. We did so by adopting a series of four steps that, when completed, would constitute the collections security plan itself.

Step 1: Reaffirming the four categories of controls. This was a fairly straightforward process. We agreed—and our consultants and auditors supported our understanding—that our collections security plan would provide a program to assert:

(1) Bibliographic control. This is the most logical first step: we need to know what we have—primarily author and title information.

(2) Inventory control and tracking. Once we know what we have, we need two additional pieces of information: how many we have and where each item is assigned (for instance, the Law Library, general collections, or Main Reading Room reference collection); and the location of each item if it is moved from its assigned location (for instance, for circulation or rebinding).

(3) Preservation. Once we are satisfied that we know what we have, and where each trackable item is at any given time, as stewards of the nation's "library of last resort," we need to ensure, through best preservation techniques, that the item will be available not only for the current generation, but also for future generations. Preservation measures include components such as: regulating and monitoring the environment; emergency preparedness; proper furniture and equipment; proper handling; physical treatment; and reformatting.

(4) Physical security. Finally, we could not underestimate the importance of ensuring that the item is physically secure, especially when in its storage location. We therefore looked at vaults, cages, cameras, limited-access stacks, intrusion detection, and other means to secure the collections.

Step 2: The tiers of risk. One of the most challenging aspects of putting together the collections security plan was to establish the tiers of risk. By categorizing material into one of five categories along the tiers-of-risk continuum, we were acknowledging that all collections items are not created equal for the purpose of developing a meaningful security plan. With finite resources, and 120 million items in our collections, it is essential that we categorize material so that we can determine how best to deploy our resources to ensure the protection of collections according to their value (not simply monetary value, but also research, uniqueness, and artifactual value). We could not examine, make a meaningful determination, and provide a protection program for every one of the 120 million items in the Library's collections, but we could establish broad categories to form the tiers of risk. From our discussions, we developed a five-tier risk continuum, and we labeled the collections accordingly:

(1) Platinum. These collections essentially include the Library's most priceless items. The "Treasures" are the quintessential components of this category.

(2) Gold. These collections include the Library's rare items having prohibitive replacement cost, high market value, and significant, cultural, historical, and/or artifactual importance.

(3) Silver. These collections require special handling and include the Library's items at particularly high risk, such as computer software, popular labels in print, videos, and compact discs.

(4) Bronze. These collections include those items served without special restrictions in the Library's reading rooms and materials that may be lent without stringent restrictions.

(5) Copper. These collections are those that the Library does not intend to retain but holds while deciding, for example, which items may be used for its exchange and gift program.

Step 3: Establishing the life cycles: Our next discussion involved what the status of an item might be at any given time. We identified five possibilities:

(1) In Process. Refers to the collections while held during their accessioning, organizing, processing, and transport to storage.

(2) In Storage. Refers to the collections while in permanent storage.

(3) In Use. Refers to the collections while being used by researchers or staff.

(4) In Transit. Refers to the collections while being transported from permanent storage to another location.

(5) On Exhibit. Refers to the collections while on exhibit either at the Library of Congress or at another location.

Step 4: The security control measures—developing the grids. Our next step was to identify, for each tier of risk and each life cycle, the security control measures that would be used to protect the collections. The security control measures were aimed at responding to the four questions discussed earlier: what do we have (bibliographic), how many of them and where are they (inventory control and tracking), how do we preserve the items (preservation), and how do we physically secure them (physical security)?

We began with the physical security requirements, because physical security has received the greatest attention and is the most straightforward to address. To ensure a collaborative effort and buy-in, we put together a team of physical and electronic security specialists and library managers who had already played a major role in collections security planning. The team identified and defined the measures that should be taken to protect the collections. In the area of physical security, these measures included: marking (ownership) and tagging (theft detection strips); secured transit; intrusion detection; closed-circuit television; storage; key and lock control; electronic access control; and exit inspection. For many of these measures, we established levels of control depending on the tiers of risk. For example, for closed-circuit television coverage, we had three levels. Level 3, the highest level, was defined as "image displayed and recorded in Library police communications center during alarm condition." Level 2, the intermediate level, was defined as "Level 1 with additional cameras capturing facial features plus specific areas of interest, for instance, patron using material at desk in Rare Book and Special Collections Reading Room." Level 1, the minimum level, was defined as "recorded cameras showing large area views with limited facial details of individuals."

When we had completed this process, we had five grids, one for each of the life cycles—in process, in storage, in use, in transit, and on exhibit. [1] One of the most challenging steps followed: determining which level of control applied to which tier in each life cycle. Our guiding principle was to answer the question, "What is the minimum requirement that we need to implement to be able to satisfy ourselves that we can give assurance that the collections are being protected to the appropriate level?" In this context, we once again had to develop and accept a number of working assumptions:

• There is no such thing as absolute assurance. Although we can have a policy of zero tolerance for those stealing or mutilating the collections, we cannot give absolute assurance that nothing will ever be stolen or damaged.

• Not every item can be protected to the same level, nor should it be, given finite resources. Our program must aim at giving assurance that the appropriate level of protection is being provided. Certainly, the nature and level of protection for the Library's copy of the Gutenberg Bible is not the same as that given to today's edition of the New York Times.

• We therefore needed to establish the minimum level of security for each specific category of material. We were cognizant of the fact that our collections security plan, when finally developed, would be presented to our peers, management, and others. Credibility was key if the plan was to be accepted and was to serve as the basis for an implementation program. We needed to ensure that our security program could indeed be supported and could serve as the basis for future planning, programming, and budgeting.

Once we had completed our protection prioritization framework of physical security controls, we were ready to gain broad-based acceptance. First, we gathered a group of our peers together and presented the proposed plan. We explained it, received their feedback, and made modifications as appropriate. Next, we presented the plan to the Library's senior managers and got their feedback and approval. And, finally, we received the approval of our congressional oversight committees. The last was accomplished in early 1998.

Our planning groups were intent on ensuring that the plan, as finally adopted, would serve as a guide for action and would not be just another study to sit on the shelf. For that reason, we developed a set of actions, a timeline, and four standing subcommittees to lead the implementation phase. The four areas represented by these subcommittees are: Policy and Standards; Operations; Security Awareness; and Resources. These subcommittees meet regularly, and the chairs of each gather periodically to share progress and ideas.

Establishing minimum standards was important. But the next step we needed to take was to assess where we are, and what we need to do to meet these standards. Our assessment program consisted of visiting all the custodial and processing divisions and discussing the program with them. These field visits and the personal interaction proved to be a wise way to proceed and yielded excellent results. In discussing what we needed to obtain during these visits, we went back to our grids and looked at the dots we had placed in the matrix indicating the minimum standard. We decided that wherever a dot was present, we would replace this during our field visit with a baseline status, i.e., stating how well that specific custodial or processing unit met the minimum requirement. To aid us in gathering data, we identified five baseline statuses:

C, or completed, meaning that the division meets the minimum standard.

P, or partially completed, meaning that additional actions will be required to meet fully the minimum standard.

F, or funded, meaning that although controls are incomplete at this time, monies to create controls meeting the minimum standard have been appropriated.

H, or "in-house," meaning that the division currently does not meet the minimum standard but can do so by reconfiguring with no additional funding.

U, or unmet, meaning that the division does not completely meet the minimum standard.

We then conducted our visits, filled out the grids using the statuses above, and elaborated on these with comments. The grids prepared for each of the Library's custodial and processing divisions continue to provide the framework for security planning as we implement the minimum standards we established in the plan.

The approach we adopted was highly successful on many levels. I believe the greatest advantages are:

• Collaborative effort. The development and implementation of the collections security plan was a collaborative effort of Library managers and security managers and staff. I cannot emphasize enough the importance of this collaboration. It built mutual trust and understanding, when there is traditionally a kind of wariness. By presenting this plan as a collaborative effort, Library staff and managers more readily accepted it.

• A shared vocabulary. By getting away from an extended list of formats, value, and specific collections assignments, and by using five categories of tiers of risk that are not dependent on format or custodial unit, managers and staff throughout the Library have adopted the same vocabulary. If we say that we have developed a project to protect the gold collections, staff members understand what we are doing.

• An approved, understandable plan. A major challenge that we have faced in the past has been that, although we have long taken collections security very seriously and have a zero-tolerance policy for theft and mutilation, we did not have a formal plan to which we could refer when preparing budget requests or when deciding which collections security initiatives we should tackle first. Without such a document, we had not always been articulate or convincing in implementing collections security measures. Now we can refer to the plan when developing a program to enhance collections security.

• A blueprint for action. We found, as we went from division to division, that many of the minimum requirements had already been met, that others were in the process of being met, and that others could be done in-house. For those unmet needs that require additional funding, it is far more meaningful to place these in a multiyear plan along with prioritization (protecting our platinum and gold collections first, for example). Our requests are far better received when they fit into a planning framework than when they come as disjointed requests.

• A synergistic approach. We found that—in determining what to implement, how to implement it, and what might be unattainable—we needed to look at the plan in its entirety, rather than blindly following each minimum requirement. In so doing, we established two basic principles. First, a synergistic approach is essential because if we cannot meet a minimum requirement in one area, we may be able to use controls in place in another area to provide the same level of assurance that we are protecting our collections. Second, as good as a plan is, there is no substitute for good judgment.