1 FY02 ASA Presentation PROVIDE CRIME PREVENTION AND ACCESS CONTROL SERVICES Presented by: Harold Dawkins List Presenters Office of Research Services National Institutes of Health 18 November 2002

2 Main Presentation ASA Template ……………………………….……………………………….4 Customer Perspective……………………….……………………………….5 Customer Segmentation …………………….…………………………………6-8 Customer Satisfaction……………………….…………………………………….9 Internal Business Process Perspective……………………………………10 Service Group Block Diagram…………………………………………………..,11 Conclusions from Discrete Services Deployment Flowcharts……………12-13 Process Measures…………………………………………………………… Learning and Growth Perspective………………………………………….16 Conclusions from Turnover, Sick Leave, Awards, EEO/ER/ADR Data……..17 Analysis of Readiness Conclusions…………………………………………….18 Conclusions and Recommendations………………………………………19 Conclusions from FY02 ASA..………………………………………………… 20 Recommendations……………………………………………………………21-22

3 Table of Contents Appendices Page 2 of your ASA Template Customer segments graphs Process measures graphs Process maps Learning and Growth graphs Analysis of Readiness Information Asset utilization graphs

4

5 Customer Perspective

6 DS1 and DS 2: Building Entry Systems. Our customers are everyone in the NIH community who depend on access control systems. We are currently converting to the Andover system, which is a proximity card reader system that is more sophisticated, and provides more security than the previous system used. As of now: We have converted 98% of cardkey readers on perimeter doors to the Andover system. 80% of campus interior and animal doors completed. Leased space perimeter conversion is being phased in. DS 3: Locksmith services. The distribution of trouble calls and installations for the locksmith does not show an effect. ORS has submitted as many work requests/orders for locksmith service as the Clinical Center. The remainder of the Locksmith’s work is equally distributed amongst the Institutes with the exception of NCI. Customer Segmentation I

7 Customer Segmentation II DS 4: ID Badges. ID system statistics give us accurate insight into the makeup of the NIH population. 43% of the badges issued under the new ID system have been issued to non-FTE employees. Contractors make up about 22% of the total. (See chart on page 8). DS 5: Consult on crime prevention: ORS, NIAMS and NIDCR were our biggest customers for crime prevention consultation, presentations, and follow-ups on reports of theft. DS 6: Community Policing. Since 9/11, community policing has been on hold because we are lacking a sufficient number of officers to provide both heightened security and community policing services. DS 7: Provide security for special events. Our primary customers are everyone who plans and stages special events. All approved events are channeled through us for security analysis. About 80% of all special events involve 50 or more attendees.

8 Customer Segmentation DS4: Issue and Manage ID cards

9 We did not survey customers this year However, in 2003 we plan to survey as follows: DS-1 and DS-2: A/Os who interface with building entry systems DS-3: A/Os who request installations, and/or modifications DES project officers who request advice, and /or consultation Individuals requiring service on an emergency basis DS-4: A/Os and delegates who interact with ID Card system DS-5: A/Os, facility managers, Project Officers DS-6: Facility managers DS-7: Event coordinators Customer Satisfaction

10 Internal Business Process Perspective

11 Service Group Block Diagram “A COMBINED EFFORT’ All of the activities fit together in a proactive approach to prevent crime. The effectiveness of each discrete service is dependent upon each other.

12 Our Service Group completed 7 deployment flowcharts for 7 discrete services DS 1: Develop a centralized point for receiving work orders/requests for additions to the access control system. As reflected in the flow chart there is a prolonged process in receiving and processing requests. A centralized point for receiving and processing would expedite this service. DS 3: The efficiency of the locksmith service can be improved by establishing a means to transfer information onto a “Computerized Signature Card.” This improvement will serve to enhance the overall process. DS 4: In the current process for issuing employees IDs, an employee decides whether the individual is an employee or a contractor and issues the appropriate ID. However, the system already “knows” whether the individual is an employee or a contractor. We are modifying the system so that it automatically assigns the proper ID for the individual. This should save time and improve accuracy. Conclusions from Discrete Services Deployment Flowcharts

13 DS 5: The prevention process depends on the active participation, involvement,and communication of all components involved. This contributes the overall prevention of security breaches, and an effective recommendation and implementation process. DS 7: The security of the events process relies on open communication/participation of all parties involved to comply with security requirements in order to ensure the success of this process. Conclusions from Discrete Services Deployment Flowcharts

14 Process Measures: DS1: System malfunctions before/after installation of new equipment. DS3: Total number of requests for emergency service. DS5: Crime rates before/after crime watch presentation. DS7: Total time invested on the coordination of special events process.

15 Findings from process measures data: DS1: Data on system malfunctions do not discriminate between system problems and mechanical problems, therefore there is no data to support process measures for system malfunctions before/after installation of new equipment. DS3: All emergency calls are stable at approximately 100 per month. However, because the total workload for the locksmiths has increased significantly while staff has decreased. We know that non-emergency response time is increasing. We expect to document this in DS5: To determine the effect of our presentations, consultations etc., we need to measure crime rates before and after we work with the IC “clients.” Because heightened security after 9/11 reduced the incidence of crime at NIH dramatically, we will use FY 2002 as a baseline year and measure “before and after” crime rates beginning with DS7: In providing security for special events, only 21% of our time is spent in actually attending the events. The other 79% is spent in planning and coordination.. We’ve included in the Appendix a detailed description of some of these steps for a particular event.

16 Learning and Growth Perspective

17 Our data does not reflect any significant issues. Conclusions from Turnover, Sick Leave, Awards, EEO/ER/ADR Data

18 To maintain a tactical and technical edge on those who mean NIH harm, we will need to keep up with rapidly changing security, loss prevention and crime prevention techniques, and we will need continually to invest in new equipment and systems as technology evolves. Because of growth in the locksmith workload, we will need at least 2 additional FTEs by We will also need an additional FTE in Facility Access Control. Also 2 additional FTEs in the crime prevention unit due to the expected increase in responsibilities involving the addition of the CC, construction of a bio-defense facility, expanded security oversight of the Fort Detrick site, and other out of state NIH facilities. Enhancement of computer software with data management capabilities in order to provide a more efficient means of documenting relevant statistical data. Analysis of Readiness Conclusions

19 Conclusions and Recommendations

20 Conclusions from FY02 ASA While our service group encompasses several separate organizational units, we do make up a meaningful service group. We provide a combination of service that requires us to work together and depend on one another to help protect the NIH community. There is no centralized point for receipt of work orders/requests for additions to the access control system. We are understaffed in the locksmith’s branch for the amount of required work/requests.

21 Recommendations -I Because of security control limitations at multi-tenant facilities (see process map 1a), we recommend that NIH re-evaluate future multi-tenant leases wherever possible to ensure additional security control flexibility. Develop security requirements to include/enhance all on and off campus building perimeter access points. Create additional reporting capabilities for the Andover System that are more user friendly, and simplify system malfunctions, employee errors, security breaches, etc., Improve the operation of the interface between the NIH Enterprise Directory (NED) and the Andover Continuum access control system to prevent problems that occur when downloading employee badge information. In year 2003, the locksmith branch should have the capability of tracking response time for non-emergency calls..

22 Recommendations - II Primarily, because of the security mandates following the events of 9/11, the NIH community should be educated regarding the special events process from approval/request for service to providing security for service. Non FTEs need security clearances prior to the issuance of an identification card due to the implementation of the current Andover proximity card reader system. Because of the current chaos in access control policies and procedures (see Process Map 1a) we recommend the creation of an “Access Control Unit” responsible for developing and implementing access control policies and procedures.

23 Appendices

24 Appendices Include the following: Page 2 of your ASA Template Customer segments graphs Customer satisfaction graphs Block diagram Process maps Process measure graphs Learning and Growth graphs Analysis of Readiness Information Unit cost graphs Asset utilization graphs Any unique measures graphs

25

26 Customer Segmentation DS1: Install & Maintain Building Entry and Security Systems Completed Conversions from Cardkey to Andover Interior 72 Card Reader 412 FDA 19 Off Campus 65 Animal 68 Converted 98% of cardkey readers on Perimeter doors. Lease space perimeter conversion is being phased in. Campus interior and animal doors are 80% complete.

27 Customer Segmentation DS3: Provide Locksmith Services.

28 Customer Segmentation

29 Customer Segmentation

30 DS7: Coordinate and Provide Security for Events Customer Segmentation

31 Process Measure Graphs

32 Process Measure Graphs DS3: Provide Locksmith Services * Jan to Sept.

33 Process Measure Graphs DS3: Provide Locksmith Services

34 Process Measures Graphs DS3: Provide Locksmith Services

35 Ratio of 4 to1 for time spent planning events compared to time spent at events. n 1914 Total hours spent on Events Hours spent for planning & coordinating (79%). 396 Hours spent attending events (21%) DS7: Coordinate and Provide Security for Events

36 PLANNING AND COORDINATING SECURITY FOR SPECIAL EVENTS ON THE NIH CAMPUS: Meet with event sponsors and establish a liaison Inform Police Managers of the event Establish personnel requirements and any other additional needs of the department Arrange for cost reimbursement from institutes Obtain a list of attendees/participants Develop a Security Plan Contact the building events management staff where the event is being held FINDI N GS FROM PROCESS MEASURES DATA FROM DS7:

37 If dignitaries are attending, contact and coordinate with their protection details Notify the fire department and fire prevention personnel Make arrangements to ensure all vehicles coming onto campus are inspected Make parking arrangements for all vehicles associated with the event. Provide sufficient area for the news media Ensure that there is sufficient signage on campus so that employees are aware of any road closures, detours, etc., due to the event. Some events require in-depth planning. Such an event was the two day Menopausal Hormone Therapy Conference that occurred during the month of October In addition to Secretary Tommy Thompson, there were 15 dignitaries, 50 speakers, and one thousand attendees expected. We worked closely with the building 45 events coordinator and management staff. Arrangements for various media staff were made. We also made special arrangements for special guests and handicapped personnel. FINDI N GS FROM PROCESS MEASURES DATA FROM DS7:

38 Since the Secretary was attending, we coordinated with his protection detail to ensure his safety. In addition, we put additional security measures in place to ensure the safety of all visiting persons. We had a contingency plan for any emergency that may arise. The K-9 explosive team was deployed to the Natcher Building to conduct a security sweep prior to the start of the event. Once the building was swept, it was secured by designated security personnel. Police officers were assigned various posts within the building. Some officers were roving, and others were posted outside the building. All vehicles entering the campus were inspected, including the non-NIH buses transporting persons to the event. No vehicle were allowed on campus without being inspected. K-9 officers searched the vehicles of special guests that were cleared to parked directly in front of the Nathcer Building. Due to the overall sensitivity of the event, there were concerns for any attempts to disrupt the conference. The Intelligence Branch of the NIH Police Department conducted a briefing in order to dispense all relevant information available regarding disruptive groups. FINDI N GS FROM PROCESS MEASURES DATA FROM DS7:

39 Process Maps

40

41 DS1b. Maintain Building Entry and Security Systems Date: 11/4/02Participants:ASA Team ISR (Contractor) Automated Systems Unit Police 911General CampusSystem Generates trouble message Initiate trouble call Respond Is it warranty issue? Repair Analyze problem Hardware? Repair Yes Handle any police issue Yes No

42 DS 2: Operate and Maintain Building Entry and Security Systems Date: 11/4/02 Participants:ASA Team Facility Access Control PoliceIC A/O Determines need for access Is information on the individual in NED System? Inputs information Does individual have ID Card? to DS 4 Yes Is individual an employee? Send requestfor access to Facility Access Control Yes From DS 4 No Request NCIC check No Check NCIC OK?Deny requestNo Send to requestor and Facility Access Control to grant request Yes record Notify requestor by Modify electronic record

43

44

45

46

47