infrastructure & building risk assessment on new and ...€¦ · building & infrastructure...

Building & Infrastructure Risk Assessments – ASIS Expo 2016

9/7/2016

1

1

Infrastructure & Building Risk Assessment on

New and Existing BuildingsE. Scott Tezak, PE, BSCP – Security Practice Lead, TRC Companies

Lawrence Fitzgerald, CPP, PSP – Security Group Leader, TRC Companies

2

Why Perform A Risk Assessment?

• Are you concerned about current events and how they impact your employees, clients, and facilities?

• Do you have an upcoming project?

– Large capital infrastructure investment

– Signature capital improvement / addition

• Do you have aging infrastructure / aging systems?

• Does your organization lack safety and security program documents, technology solutions, and physical solutions?

• Do you need assistance organizing a 5‐, 10‐, 20 year safety and security plan for your organization?


9/7/2016

2

3

What Type of Risk Assessment?• Safety system inventory?

• Security system inventory?

• Threat assessment?

• Vulnerability assessment?

• Threat and vulnerability assessment?

• Risk assessment?

• Detailed engineering security assessment?

In 2003 (only 2 years after 9/11), a DHS study on TVAs compared over 45 different methodologies that were in use at that time

4

Integrated Rapid Visual Screening (IRVS) with ISC Module

IRVS v5.0, 2013

BIPS 11: Interagency Security Committee (ISC) Assessments, 2013

BIPS 02 and 03: Tunnel and Bridge Assessments, 2011

BIPS 04: Building Assessment, 2012

Multiple Configurations and Options•Standalone or Network / Multi-user •iPad app Capability•Web Data Extraction Capability


9/7/2016

3

5

Part 1: The IRVS Methodology

Provides framework and methods that can be adjusted

Free, non‐proprietary– Method

– Database

– Training

Written by DHS/FEMA for use by state and local agencies

Government / commercial sector‐specific plan (NIPP)

6

Part 1: The IRVS Methodology

Risk = (Threat Value) x (Vulnerability Value) x (Asset/Consequence Value)


9/7/2016

4

7

Objectives: • Risk Analysis of mission critical functions, assets and supporting

infrastructure systems• COOP Analysis: Prepare, Respond, and Recover• Organized storage / retrieval of: reports, pictures, diagrams, GIS

products, miscellaneous documents,• Free Product for all Federal, State, Local, Commercial users• Stand-alone system: MS Access database

Process• Pre-Field Actions:

– Tailor Threats/Hazard: Blast, CBR, earthquakes, floods, wind, landslide, and fire

– Tailor Resiliency: Government, School K12, Business/Financial, Retail, Medical, General

• Field Activities– Consequences Assessment, Threat Assessment,

Vulnerability Assessment, Resiliency computations

• Post Field Activities– Summary Calculations / Reports

Part 1: IRVS Database

Basic IRVS Screening• Current Modules: buildings, subways, and tunnels• Categorizes 15 building types and 20 hazardous

events: Internal and External of Blast, CBR, earthquakes, floods, wind, landslide, and fire.

• Risk Summary: Threat, Vulnerability, Consequence of Loss, Resilience.

• Tailored evaluation (up to 272 questions)• Tool interactions are automatically calculated by pre-

assigned weights, interaction logic, and context-based algorithms. Risk is based primarily in target attractiveness (for manmade hazards).

8

Part 1: IRVS Database


9/7/2016

5

9

Display on Google EarthDashboard: Listing Completed / Scheduled

Site Risk Summary:Threat, Vul., Consequence, Resiliency Total Risk Summaries:

All screenings

Part 1: IRVS Database Component

10

Part 2: The ISC MethodologyUndesirable Events (UE):• DBT: 29 events (may add more) • Set Necessary LOP (1-5) for each event• Event only applicable to certain Criteria

Criteria:• ISC starting point: 86 criteria• Each Criteria split into 5 Levels of Protection

Dashboard: • Completed / Scheduled Events• Results

Pictures, Files, Reports: • Analysis Graphs, Status of each Criteria,

Comparison Matrix, Charts, Photos, GIS

ISC Risk Management Process


9/7/2016

6

11

Part 2: The ISC MethodologyStep / Action Reference Document

Determine FSL Facility Security Level Determination for Federal Facilities

Identify Baseline LOP and Countermeasures

Physical Security Criteria for Federal Facilities

Identify and Assess Risks

Physical Security Criteria for Federal Facilities: The Design‐Basis Threat (U)

Determine LOP Required to Address Risk or Highest LOP

Physical Security Criteria for Federal Facilities: The Facility Security committee

Implement Countermeasures

Physical Security Criteria for Federal Facilities: The Design‐Basis Threat (U)

Measure Performance

Use of Physical Security Performance Measures

12

Part 2: ISC Database Component


9/7/2016

7

13


14



9/7/2016

8

15

Case Study 1: IRVS During Design Phase

Renaissance Square Transit Center Rochester‐Genessee Regional Transit Authority

16

Transit Center Project Scope 87,000‐square‐foot

Center 30 Bus Bays ‐26 indoor,

4 on Mortimer Entrances on St Paul

and N Clinton LEED Silver Certifiable Access Controlled Gates Video Surveillance

System

Security and Operations Control Room

Customer Amenities Restrooms Family restroom Ticket Vending Food Vending

Operator Amenities Concourse restrooms Break room Operator kiosks Tap in sign in


9/7/2016

9

17

Security Scope• Perform TVA using IRVS w/ ISC Module• Applied the recommendations of the TVA to the design

• An important effort that ensured RGRTA was aware of– Mitigation being implemented – Level of protection being provided

• In addition to 50% and 70% reviews– Calls with design‐build team– Dialogue with RGRTA on residual risk

• Final report links design to SSMP

18

Incorporating Security Into Design

Influenced site design• Bollards

• Fencing/gates

• Lighting

Influenced building design• Protection of select structural elements (man‐made threats)

• Roof enhancements for snow loading

• Glazing protection (man‐made threats and natural hazards)

• HVAC system modifications (man‐made threats)


9/7/2016

10

19

Results of the TVA / Design Review • 53 mitigation actions proposed for the site and

facility

– 39 actions incorporated into design

– 14 actions incorporated into plans and procedures

• 74% of actions resulted in physical improvements to the design of the site / facility

– Opportunity to implement CPTED during design phase (not post construction)

– Engaged local PD and Fire into design for Security

Emergency response

20

Case Study 2: Statewide Facility Security Assessments


9/7/2016

11

21

Program Needs Driving Assessments

Security Mission Statement and Standardized Approach

to Integrated Security

Enterprise Security Management Systems and

Command Centers

Site Specific Integrated

Electronic and Physical Security

Systems

Security Plans, Policies, and Procedures

22

Putting Assessments to Practical Use• Establishing Security (and other) Standards only part of the process

• Site assessments need to be performed to document existing conditions and identify gaps, variation will be high– Buildings owned/operated by other State entities– Buildings managed and operated by contracted firms

• The right Standard, evaluated with an integrated assessment, will provide – A clear understanding of security posture– A compliance/non‐compliance with new Standard– A road map of required projects/investments to address gaps

in site‐specific security programs


9/7/2016

12

23

Customized Site Summaries• Standards Program sets ISC criteria as the security standard / Levels of Protection (LOP)

• Assessments were used to identify – Existing conditions

– Program needs

• Database stores findings and data

• Customized Site Summaries provide– Site summary

– Projects needed to meet desired LOP

– Rough Order of Magnitude (ROM) Cost Estimates

24

Report Contents


9/7/2016

13

25

26

Applications to Non-Federal Clients

• State offices of facility management

• State agencies with high‐profile public interaction

• Regional transit entities

• County government faculties management

• Modified versions (based on the process)

– Utilities sector

– Local government

(Note: ISC Module requires a Federal sponsorship)


9/7/2016

14

27

Questions / Comments

E. Scott Tezak, PE, BSCPTechnology Engineering ServicesSecurity Practice [email protected]‐656‐3675 (o) / 617‐921‐0995 (c)

Lawrence Fitzgerald, CPP, PSPEngineering / Construction / Remediation Security Group [email protected]‐620‐3881 (o) / 207‐620‐4452 (c)

infrastructure & building risk assessment on new and ...€¦ · building & infrastructure...

Documents