AS STRONG AS ITS WEAKEST LINK
Developing Strategies for a Security Program
|
5. Creating a Culture of Security in the University of Maryland Libraries
Charles B. Lowry
In mid-October 2000, the University of Maryland
libraries had an object lesson that illustrates that building a culture
of security is still a work in progress. Despite improvements in
procedures and security awareness instituted in recent years, we still
have a long way to go. In the October incident, a young man had walked
out of the front entrance of the University of Maryland's McKeldin
Library carrying a computer monitor. No one questioned him. The
incident, however, occasioned a considerable amount of discussion on the
staff e-mail.
A few days later, the same young man was stopped
carrying the associated computer processor unit and questioned by a
staff member. It is a relief to report that he was a graduate student
cleaning out his carrel and the equipment was his own. Nonetheless, this
anecdote illustrates both (1) the challenges we face in developing an
effective safety and security program in a large research library, and
(2) the progress we are making in improving security awareness among
staff.
Although significant safety and security problems are
relatively infrequent in academic libraries, all library staff members
need to maintain a keen awareness of the fact that they
are working in a busy environment that is open to the
public many hours a week. Moreover, those of us in academic and public
libraries are part of a larger community, where thousands of people
live, work, and go to school every day. To be responsible members of
this community and to protect our patrons, staff, collections, and
facilities, we must all share responsibility for safety and security.
Libraries are "systems," and security is a vital part of maintaining
balance in these systems.
Safety and security in libraries include a diverse
range of topics, from the seemingly mundanesuch as enforcing a no
food and no-drink policyto more serious incidents that include
theft and disruptive behavior. Therefore, it is important to provide
staff with the information and the tools they need to respond to a
variety of situations. Staff members need clearly stated policies and
procedures and the training to understand them so they can take action
when called upon to do soin what might be called a shared culture
of mutual responsibility for security and safety.
In 1997, the University of Maryland libraries
embarked upon an assessment of its policies, procedures, and facilities
in partnership with the Association of Research Libraries (ARL). The
security study and subsequent development of practice and policy were
implemented over a two-year period and model a comprehensive approach
for a large academic library system.
The safety and security environment in the fall of
1997 was long overdue for some scrutiny. For several years, the libraries
had contracted with the University of Maryland Police Department
(UMPD) to recruit, train, and manage Student Police Aides (SPAs).
Frequently undergraduates, the SPAs were posted at the entrance of the
two largest library buildings, McKeldin and Hornbake, and they also
staffed a security point in the "twenty-four-hour room" on the ground
floor of Hornbake. At both libraries, their principal duties were to
monitor the electronic theft-detection gates at
the exits, enforce the no-food and no-drink policy, and be on the
lookout for disruptive behavior. At the four smaller branch libraries on
campus, SPAs were employed only at closing time, when they would perform
sweeps to ensure that all patrons had vacated the facilities.
In September 1997, the UMPD indicated that it wished
to terminate the SPA contract with the University of Maryland Libraries
because it found it difficult to recruit, select, train, and retain an
adequate number of SPAs to meet the contract. Further, the UMPD was
frustrated with the criticism that resulted from the many shortcomings
in the service. For instance, SPAs often did not show up for duty on
time; they did not enforce the no-food and no-drink policy; and they
slept on the job. In retrospect, it is clear from the dearth of incident
reports that the SPA system did not really provide security, but only
the illusion of security. Unfortunately, this arrangement was more of a
security blanket that allowed us to avoid taking full responsibility for
library safety and loss prevention.
The UMPD's position and the arrival of new leadership
in the library provided the occasion to review this practice. As the
newly appointed dean of libraries, I worked with the new director of
public services to reevaluate the situation. Philosophically, we agreed
that the staff should assume the principal responsibility for safety
and security of library users, collections, and facilities. Indeed, we
noted more than once the irony of having undergraduates deal with
sensitive and often difficult matters while full-time staff members
remained outside observers. Candidly, although staff members were not
anxious to take on the job themselves, they were willing to complain
loudly when an SPA failed to open up a facility or fulfill any small
duty.
Pragmatically, we were interested in reallocating the
funds that went into the SPA contract for other staff needs. As
chance would have it, the Association of Research
Libraries, located in Washington, D.C., was seeking to pilot a security
self-study with a nearby member of the association, and the University
of Maryland was approached. Because the ARL proposal would give us an
opportunity to make a top-to-bottom review of our safety and security
capabilities and to explore alternatives, we were eager to
participate.
After some negotiation, the ARL project commenced in
October 1997 with a meeting between the Library Executive Council
(senior managers reporting to the dean), Glenn Zimmerman from ARL, and
Robert Morse from George P. Morse and Associates, a local
loss-prevention firm hired to consult on the project. Morse and
Associates would conduct a comprehensive audit of the University of
Maryland libraries' safety and security environment as a foundation for
developing self-study materials that might also be used in other
libraries. The audit would be both a management studyfocusing on
philosophy, policies, and proceduresand an assessment of existing
facilities and practices, with recommendations for corrective
action as needed. Morse presented the libraries a project proposal in
November with an anticipated completion date of April 1998.
The director of public services and the director of planning and
administrative services were designated as the in-house contacts for the
audit. Throughout the project, we remained in regular communication with
the Association of Research Libraries.
Shortly after we began the audit in 1997, the UMPD
informed us that if we wished to continue our contract, there would be a
dramatic increase in charges for SPA services once the contract expired
at the end of the year. Rates were to increase nearly 200 percent from
eight dollars per hour to fifteen dollars per hour, a figure that the
libraries' budget could not sustain. In anticipation of that
eventuality, and in recognition that the audit and its recommendations
would not be available until spring, Hornbake Library security was
turned over to the Hornbake circulation staff. We continued to use the
services of the SPAs at a negotiated rate of twelve dollars per hour in
McKeldin Library, with the proviso that we would terminate the contract
if the recommendations of the audit pointed us in a new direction.
Morse and Associates conducted numerous site visits
and interviews in late 1997 and early 1998, including meetings with the
UMPD, facilities personnel, campus security, security-related vendors
such as 3M (Minnesota Mining and Manufacturing), and numerous library
staff. These meetings were intensive in-depth considerations of the
environment. In addition, Morse conducted a thorough investigation of
six library facilities. In June 1998, Morse and Associates presented a
draft report to the Library Executive Council. After incorporating
revisions and clarifications, the Library Executive Council accepted the
final report in November 1998.
The Morse Report from 1998 is a 100-page analysis
based on interviews, documents, and direct observation. It has guided
our safety and security planning ever since. The report makes numerous
and detailed recommendations for action to improve security, from
detailed technology recommendations to those directed at general policy
and practice. The recommendations may be summarized here:
(1) The University of Maryland libraries have
no single authority for safety and security matters. A locus of
responsibility and authority for practice nevertheless must be established at
the level of a director reporting directly to the dean of libraries.
(2) A wide divergence in employee attitudes exists
toward safety and security, "ranging from substantial involvement to
disinterest and apathy." The libraries must therefore develop an
articulated philosophy along with policies and procedures, followed by a
training program for all staff.
(3) An emergency response team should be formed.
(4) To accurately assess collection loss, hard data
must be collected through regular, systematic, thorough inventories.
(5) Effective access-control systems and other safety
and security technologies such as video cameras need to be improved for
all library facilities. In this regard, several levels of technology
implementation were described, but the recommendation was that at least
Level 1, those recommendations having the highest priority, ought
to be accomplished early on.
(6) All use of student police aides should be
discontinued, and staff members themselves should assume full
responsibility for safety and security in the university libraries.
This last recommendation was the most far-reaching,
because it pointed in a direction that was dramatically different from
existing practice. The report stated matters quite forcefully:
The Security history of the Libraries indicates that
a full-time police presence is not required, but that rapid police
response must be virtually certain. The current SPA staff has no greater
authority, training, or capabilities than should be provided to similar
library staff. There is no reason to expect that security conditions
will deteriorate. . . .
The assignment of the Protection function to Library
staff requires that very specific responsibilities, duties
and training requirements be developed and utilized. Library personnel
must be instructed regarding their responsibility to
monitor their areas of responsibility and, particularly, in actions to
be taken in the event of an incident.
Once the Morse Report was submitted, the libraries
began to implement the recommendations, particularly those that did not
require financial resources. We picked the low-hanging fruit first. Two
key recommendations constituted our first priority. First, we developed
a procedures manual, consolidating the former SPA manual, disparate library policies
and procedures, and the security audit. The manual served as a foundation
for our policy, practice, and training. New "University of
Maryland Libraries Safety/Security Guidelines" were prepared in late
1998 and are mounted on the libraries' Web site, where the staff, users,
faculty, students, and the public may view them. Second, the libraries
discontinued the services of the SPAs. Security for McKeldin and the
opening and closing of all library facilities became the responsibility
of library staff. In the McKeldin Library, the circulation and
information services staff bore the brunt of these changes.
To assist in the transition, the UMPD provided
training in enforcing the no-food and no-drink policy, managing the exit
theft-detection gates, dealing with disruptive patrons, performing
opening and closing procedures, and handling medical and facilities
emergencies. This training, reinforced by the new procedures manual,
served as a foundation for a library-wide training effort early in
1999. Nearly 250 staff members have participated in this training, which
addresses the two main objectives, that is, to ensure that staff
understand security procedures and are able to implement them; and to
ensure that staff are able to use techniques (such as communication or
conflict-resolution skills) for dealing with problem customer
situations.
Training sessions began with the discussion of a
"Richter scale" instrument, one that assesses staff perceptions of the
environment in which people work and the comfort level they feel while
handling uncomfortable situations. Following some discussion and the
application of the scale, participants received a detailed orientation,
suited to their needs and responses, to the safety and security
guidelines. The session ended with role-playing of various situations
described in the guidelines.
In addition to the development of the procedures
manual and the training program, we began to examine the
many recommendations in the Morse Report for improving security for our
facilities and collections. As time passed, we allocated more fiscal
resources to the effort. We invited 3M to evaluate our security gates.
After their comprehensive evaluation, we invited them to present a
proposal for replacing the gates with upgraded 3M models. We obtained
funding through the university's enhancement fund process to replace the
gates in all facilities in early 2000. Because of the closing of
undergraduate library services in Hornbake Library, McKeldin Library had to
expand service in the fall of 1999. With resources saved from
Hornbake, we were able to upgrade video camera systems and provide card
access readers to the building so that only members of the campus
community with appropriate identification would have late-night
access.
Once the initial staff training was completed and the
manual was distributed to all staff, responsibilities for safety and
security were transferred from the Public Services Division to the
Planning and Administrative Services Division. The latter includes the
Staff Training and Development Office, which has assumed responsibility
for continued safety and security training. Conflict resolution training
was offered in the summer of 2000 as part of this effort. A Safety and
Security Committeethe "emergency response team" called for by the
Morse Report recommendationswas also formed and charged with
monitoring and improving the safety and security environment in the
library, recommending training, and continually updating the procedures
manual. In addition, floor marshals were identified and trained to
assist in building emergencies such as fire. Floor marshals completed
training that included the campus fire marshal, and the group has subsequently
coordinated practice fire drills. In the summer of 1999, the
members were appointed to the Safety and Security Committee. Within a
year, the floor marshals had been incorporated formally into the committee's operations to
ensure effective management of emergency response. It is worth
mentioning that the marshals work closely with the libraries' Disaster
Team, which has the primary function of responding to crises that
threaten collections. The Disaster Team has had to act in at least four
major "water borne" crises since August 1999, but that is another
story.
We also wanted to better educate our users and to
involve them in safety and security practices. In the spring of 2000, a
Library Conduct Working Group was charged with reviewing our no-food and
no-drink policy and making recommendations for improving communications
with our users about their role as partners in the stewardship of
library collections and facilities. The group submitted its report to
the Library Executive Council. The recommendations were informed by
contact with the university's student disciplinary system to ensure that
our policy and practice were reflected campuswide.
Although much activity has taken place, one of the
original goals for participating in the auditto encourage staff
involvement in and responsibility for safety and securityhas
remained a challenge. It is easier to write procedures and improve
equipment than it is to change an organizational culture. Staff members
continue to question their role and ability to handle safety and
security responsibilities. Nevertheless, individuals gradually become
more practiced and accustomed to dealing with these problems, and many
have welcomed the authority to act. Some remain inclined to turn a blind
eye to a soft drink bottle coming in the front door or to a gate alarm
sounding. The anecdote at the beginning of this paper suggests how long
it may take to imbue an organization with the spirit of shared
responsibility in such matters.
Through continued orientation and training, as well
as constant vigilance to improve our facilities and security
capabilities, we remain confident that we can achieve the
goal of broadly shared responsibility for safety. Although we have had
what might be called "basic training," the Staff Training and
Development Office has developed a training workshop that will be
repeated at regular intervals, with the assistance of the UMPD. The
monthly training sessions have as their goals:
(1) to promote safety and security procedures
in the university libraries;
(2) to improve awareness of safety and security
issues in the University of Maryland libraries and on campus;
(3) to improve interpersonal and intrapersonal skills
to reduce the risk associated with difficult situations or patrons
within the library system;
(4) to foster the relationship between the UMPD and
the library staff.
(5) to set guidelines for conduct with regard to
safety and security; and
(6) to supplement the safety and security provided to
each staff member.
After completing the training session with the UMPD,
members of the staff are able to meet ten behavioral objectives that
ensure that baseline skills for participation in the libraries' safety
and security program are met. They are able to:
(1) list the steps to identify problem
situations or patrons as defined by the UMPD;
(2) state strategies that can be instituted within
individual departments that would facilitate safety and security;
(3) demonstrate proper vigilance and promote sharing
of information with coworkers with regard to safety and security;
(4) demonstrate constructive dialogue that promotes
conflict resolution through practice sessions involving case
studies;
(5) recognize members of the UMPD;
(6) recognize and follow appropriate safety
guidelines provided by the UMPD;
(7) identify and record important safety information
outlined by the safety and security manual;
(8) understand and practice personal safety
habits;
(9) set limits for enforcing library policy, knowing
when to ask for help from other staff members or to call on outside
assistance; and
(10) know where emergency telephones, exits, and fire
extinguishers are located within work spaces, and be able to describe
their locations to others.
We continue to explore ways to test staff attitudes
through focus groups and surveys. We hope these studies will yield
information that will further guide our efforts to meet staff training
needs in the future.
One of the Morse Report's larger recommendations
remains to be addressed. The University of Maryland libraries continue to
lack collection inventories. The reason for our delay in beginning this
work is that we have just completed the last phase of procurement of a
new library system, one with inventory capabilities far beyond our
present capacity. The decision was taken with the selection of Ex Libris
in late October 2000. A collection inventory can now be planned.
Finally, another of the original purposes of the
Morse Report to serve as a prototype and foundation for an ARL
self-study activitylies dormant because of lack of funding. The
Association of Research Libraries remains committed to developing a
generally applicable program and will seek the funding or enter into a
partnership with libraries to enable it to do so. We welcome the
opportunity to continue to work with ARL because we recognize the value
of this experience for all of our libraries.
chap5.html
|