By Jim McConnell
Let’s talk about church security. But wait! Do we all speak the same language when it comes to the definition and scope of these two words?
Why do we need to define these terms and what is the consequence of not defining them and documenting them? Here’s why:
- Does it line up with our scriptural doctrine?
- Does it line up with our insurance coverage?
- Does it line up with our legal counsel’s scope and understanding?
- Does it fit within our community and culture?
- Does it line up with law, where we are operating, not just where our building is?
- Does it line up with our budget?
- Does it line up with our duty of care, moral and ethical obligations?
- Do our elders or board or denominational HQs agree with it?
- Is it important for our congregation and visitors?
- Does it line up with what our Heavenly Father wants us to do, today and in the near future?
Let’s separate who (individually) operates security day-to-day within your organization and what you call the department/team/function in your organization. Let’s focus on getting it right for the organization as a whole. Then we can determine who, when, how much, budget, training, documentation, auditing, and testing…and what goes on the badge or shirts or hats.
From working with churches on security for more than 30 years and in a corporate security environment for more than 28 years, I lean to these initial definitions/principles:
- Church – You might think this is the easiest to define, but when it comes to leadership’s responsibility to security, safety, medical, this is far from the four walls of your building or the four corners of your property. Don’t forget about the church’s own parish offsite, kids camp, missions trip, pastor travelling to sister church in Thailand, prison ministry, online church, home groups, your payroll/giving records, etc. It’s been said that “The Church is where the Church operates.”
- Security – The prevention, detection, response to a crime or violation of organization rules/policies
- Safety – The prevention, detection, response to an accident (think spilled milk, water leak, trip hazard)
- Safe – This is the feeling that humans (congregation, staff,, suppliers, visitors, employees, people we are serving) have when the level of security and safety are balanced to address these humans’ key security/safety concerns in the moment.
- Medical – This is a supporting function of a good security and a good safety program. But guess what? The opposite is also true, that during a medical event/incident/emergency, the security and safety function is the supporting function of the medical function. Thus, this is an equally critical function. From Johnny’s boo-boo to medical evacuation from a missions trip, medical is the No. 1 security/safety challenge (implementation to incident) of churches.
Based on statistics I have studied and actual incidents I have been involved in, the top three security and safety issues in our churches/parachurches/houses of worship world are:
- Medical Issues
- Missing Parents
- Insider Threats
That doesn’t mean the 50 other threats/types of incidents (e.g., violence) aren’t real or probable, and it doesn’t mean these three are our highest priority to improve. They are just the most common from this guy’s perspective.
To determine the scope of what we have to consider, let’s get a little controversial for a minute. Is a church really a corporation with a symbol faith on the building and a primary mission of serving mankind? Is what a church needs to consider for safety and security, as a corporation, any different than, say, ABC Fortune 25 Company? The general answer is no.
Here are a few domains/functions of security that we need to discuss as examples. I provide a more comprehensive list on my website’s checklist page:
- Physical Security (cameras, keys, panic buttons, locks, strong locking fire-resistant file cabinets)
- Information Security (salaries, HR records, giving records, board meeting notes, counseling notes, cloud security, email)
- Cyber Security (laptops, phones, desktops, cameras, giving records apps, websites)
- Insider Threat (fraud, theft, physical abuse)
- Investigations (employees, congregants, supply chain)
- HIPAA (counseling notes, camp medical forms, medical incident reports)
Did you spot the cross domain mix? Cameras, giving records, counseling notes…that’s why churches need to think about converged security, which is the natural mix of different security domains into one program.
Again, it doesn’t mean that Billy Bob, the facilities guy, is going to do Mary Lynn’s cybersecurity role, but it does mean the leadership has to understand the scope of security, safety, medical needs/requirements/wants of the organization.
Once you have agreement on the key domains, your team/staff/church is going to focus on determining the next steps? Determine and document:
- Ownership at the board/leadership level and at the operational level, even if you outsource some or all of the function
- Budget (to build, maintain, and mature)
- Documentation (the implementation, training, operations, and metrics)
- Training (initial, sustainment, scenario, and table top)
- Testing/Auditing (fraud analytics, scenario testing)
You have locks on your door (so does the 7-Eleven that is “open” 24x7x365), you have Band-Aids in the children’s area, you have a mop and bucket…so, guess what? You have a church security, safety, medical program started.
Does it need to mature? Do you need to invest financially? Do you really need to understand all the domains to the expert level? Not today, but you do need an action plan to mature in the near future.
Take a look at the checklist on my website and step through it as a self-assessment of where you are today (put the date on it). Gaps are going to exist, but you likely have less gaps than you realize and a great starting point to mature many areas of security. If you have more questions or need to discuss some specific needs, reach out. I would be honored to help you.
Jim McConnell is CEO/CSO/Principal of Ask McConnell, LLC, a converged security service company based in Dallas/Fort Worth, Texas, that provides security operations, advisory, consulting, and training for clients “From the Church House to the White House,” www.askmcconnell.com.
