Skip to main content

9. Crowded Places: Access and Perimeter

hero banner for desktop hero banner for mobile

New Zealand Police’s ‘Protecting Our Crowded Places from Attack: New Zealand’s Strategy’ provides guidance to venue operators and event organisers in relation to protecting staff and visitors from armed attacks. In this series of posts, FIRST Security’s COO Steve Sullivan looks at how you can implement the strategy and keep your people safe.

In my last post, I wrote about the Security Audit Tool that forms part of the Crowded Places strategy. Specifically, I explored what questions the audit tool asks in relation to security plans, policies, procedures and general security arrangements.

The audit is designed to assist owners and operators of crowded places to check which security matters are relevant to the type, size and risk profile of their site, and its attractiveness to would-be attackers; identify any security gaps that need to be resolved, and create an action plan to resolve them.

In this post, we continue our look at the strategy’s Security Audit Tool, this time in relation to its audit questions around ‘security at the access points’.

The document’s ‘access points’ checklist lists 24 questions that require a ‘yes’, ‘no’ or ‘n/a’ answer. With some exceptions, these questions can be categorised into three topics: (i) managing ‘choke points’; (ii) denying avenues of approach; (iii) people screening and bag searching; and (iv) credential management.

(i) Managing ‘choke points’

“Do you have processes to speed up entry or exit at your location or event, at choke points or when it gets congested?”; “Can the public enter your location or event when it’s closing, and large numbers of people are leaving?”

Choke points are narrow points that people are forced to pass through to reach where they need to go, such as an entry gate or a checkpoint. As stadium gates open before a big game, big queues can turn the entrance choke point into a bottleneck, which provides a soft target for a would-be attacker – or an obstacle for fleeing spectators.

The Manchester Arena attack of May 2017 involved an explosive device detonated at an egress point as people were leaving the arena following an Ariana Grande concert – the timing and place providing a major bottleneck. The explosion killed 23 people and wounded over 800.

(ii) Denying avenues of approach

“Would the direct route to your location or event reception area give a would-be attacker access to large numbers of people?”; “When there’s a lot of people at your location or event, do you discourage large groups congregating near its entrances or on nearby pavements or roads?”

In military terms, an ‘avenue of approach’ is the route taken by an attacking force leading to its objective. In the context of crowded places security, denying a potential hostile vehicle an avenue of approach towards a target – such as a crowd of people – can be achieved by a mix of physical security controls, access and credentialing, and crowd management measures.

It’s about keeping potential targets (e.g. congregating groups of people) and potential threats (e.g. uncredentialled or hostile vehicles) separate. It’s simple risk management: risk decreases to the extent to which exposure of a potential target to a potential threat is avoided. [Note: the topic of hostile vehicle mitigation will be discussed in more detail in my next post]

(iii) People screening and bag searching

“Do you screen people for metal objects at the entrances to your location or event?”; “Do you have advertised signs about bag searching and people screening?”; “Do you start screening people before they reach the entrances?”

 “Is the screening equipment at your location or event calibrated and set to the right sensitivity settings?”; “Do you use a flexible regime to search visitors that you can change

depending on the security situation?”; “Are your staff and volunteers properly trained and briefed on what they are searching for (such as knives, firearms and components of homemade explosives) and what powers they have?”

People screening and bag searching are key security controls, but if they’re done poorly they can constitute little more than ‘security theatre’. Security theatre can look good, but it can also cause a bottleneck serving no real purpose – and malicious actors can be adept at telling the difference.

For good reason the questions asked in the Security Audit Tool appear designed to test whether your screening processes are the real deal or just for show.

(iv) Credential management

 “If visitors to your location or event are given badges, do their badges look different to your staff badges?”; “Are all the electronic security passes and keys for your location or event accounted for and current?”; “Do your staff and volunteers challenge people who aren’t wearing a pass in restricted areas at your location or event?”

Managing who has access to what at a venue is critical. How do your processes ensure that only those who are properly credentialed have the appropriate badge or pass? How do you make levels of access visible and non-transferrable? These are key considerations.

Interestingly, a couple of the questions posed by the tool ask not just about the ‘who’ and the ‘what’ but also the ‘when’: “Can you identify people at your location or event through an online ticketing process?”; and “Do you require waste-collection services to provide details of their vehicles and drivers before they arrive at your location or event?”

The ability to identify visitors and contractors ahead of time means that you can manage their access ahead of time. Coupling a good ticketing and access control system with ID checking allows you to provide a visitor experience that is both smooth and safe, avoiding bottlenecks and delivering superior visitor experiences.

Coming up...

In my next crowded places post, I’m looking forward to exploring security at the perimeter and prevention of hostile vehicles as we continue our look into the Security Audit Tool.

As always, if you’d like to have a discussion about how to keep your staff and visitors safe, feel free to contact me at steven.sullivan@firstsecurity.co.nz