The purpose of your SOCs post orders and site procedures is to establish an orderly and productive procedural response to all nonemergency, security, fire, and life safety events affecting and reported to your company. Additionally, the post orders must outline the duties required by your SCOs on a regular basis. The post orders you create or have in place must be followed as written unless ordered to do so by authorized personnel. In this chapter, we will provide some of the basics that must be written into your post orders for you to ensure that you are providing your staff with the most detailed procedures and up-to-date information. Not everything can be written down and SCOs will need to adapt to many different situations that are regularly presented to them. But if a task becomes a regular habit then it should be documented on how to complete the task and who it should be reported to for follow up.
Authorized personnel; up-to-date information; electronic post orders; site procedures; security personnel; incident report; daily activity report
The purpose of your SOCs post orders and site procedures is to establish an orderly and productive procedural response to all nonemergency, security, fire, and life safety events affecting and reported to your company. Additionally, the post orders must outline the duties required by your SCOs on a regular basis. The post orders you create or have in place must be followed as written unless ordered to do so by authorized personnel. In this chapter, we will provide some of the basics that must be written into your post orders for you to ensure that you are providing your staff with the most detailed procedures and up-to-date information. Not everything can be written down and SCOs will need to adapt to many different situations that are regularly presented to them. But if a task becomes a regular habit then it should be documented on how to complete the task and who it should be reported to for follow up.
Any UL certified central station is required to have paper copies of your post orders and site procedures on hand for SCOs to be able utilize during their shift. Assuming your SOC is UL certified you will need to create your post orders in a word document form that can be printed out, and placed in a binder to meet the UL requirement but to our knowledge no one relies solely on paper anymore. Paper copies of procedures are only if your computers crash. Post orders can easily be broken into eight chapters (see more detailed example provided later in this chapter). Below is the intended purpose for each chapter:
1. Introduction—The same information as covered in the previous chapter.
2. Duties—All the daily tasks that need to be done and how to do them. New hires will need to refer to this often until the task becomes a habit. Every daily task that is required should be documented and placed in this chapter which normally becomes the largest chapter in the post orders.
3. Call center procedures—This section covers anything that relates to anyone calling into the SOC for information or support.
4. Emergency procedures—Depending upon the nature of the business for your organization this could become your most referred to chapter by your SCO’s.
5. Standards and policies—This section should cover everything from workplace cleanliness to personal hygiene and much more because those things need to dealt with up front for new hires
6. Equipment procedures—This section details how to use every software program and piece of equipment in your SOC.
7. Post order changes and updates—You may need to change a current post order or add a new one but do not have time to update the printed copy. Place the changes or additions in the book here until the entire post orders can be updated.
8. Appendices—Your appendices should include examples of the various checklists used regularly and documents that are required to complete.
There are different ways you could host your electronic post orders and site procedures for all your SCO’s to easily access. The goal is to make it as easy as possible for SCOs to find and click on the information they need to review. If they have to click more than four times to find the information they are looking for then it is too difficult and you need to create something more streamlined.
A shared network drive folder that can only be accessed by your team and various individuals within your security organization such as the SOC manager’s upper management or support personnel within the security department. If you use this method, your folders need to be organized in a way that makes sense to all the staff and does not require several different clicks to find the information they need. Your procedural documents need to be locked so that SCOs are not making their own editing changes. Only the SOC manager and SCO supervisor should be making changes to post orders and site procedures.
Microsoft SharePoint is another tool that can be used to set up your post orders and site procedures that can be accessed. Unless the SOC manager or the SCO supervisor have the skills to do so this usually requires someone from your IT department with strong SharePoint skills to set up your page to include everything you need. If your IT department can commit to creating this page for you then this is a great way to set your SOC because you can have more on the SharePoint page than just procedural items, you can also include daily activity reports (DARs), incident reports (IRs), and your pass on log. A SharePoint page is also searchable and would make it easier for the SOC management to search reports if they need to conduct a follow up on an event.
Microsoft Outlook contacts can be modified to use as a way to store your post orders and procedures. Outlook would work well with a group email inbox. With Outlook you create a folder for the post orders in numerical order to reflect the chapter and section order of the word document. Create a separate folder for the site procedures and put them in the order that your company uses such as a site number or by city and/or state.
The previous examples are what a large number of companies have available to them but there are also software programs you can purchase that perform these functions for you easily. We know that can it be difficult to convince upper management to spend the money required for purchasing one of these programs but the software can also provide a way to manage your IRs, create metrics and provide trend analytics.
Every SOC should have a shared email address for the entire SOC staff to access to be able to respond to your internal and external customers. Too often your customers will email upper security management, the SOC manager, the SCO supervisor, or one of the fulltime SCOs directly and if that person is out of office, on PTO, dealing with an alarm or away from their station the email request will not be handled in a timely manner and customer service satisfaction will drop. Everyone in your company should be taught to email the shared email address directly. Every person in the security department should always turn on their out-of-office reply and ask people to contact the SOC at the shared email if the request is urgent. The SOC then becomes the heartbeat of your company’s security department.
Security personnel often work closely with the ethics, legal, human resources, and communications departments of any company. When working with those groups, the expectation for the SOC and its staff should always be to conduct themselves with the utmost of integrity and character as they perform their duties and tasks. Teach your staff that the daily habits and attitude that they carry toward their work will determine their character as a professional and reflect upon your security organization as a whole. All it takes is one big mistake or one bad employee to cast a negative light on your SOC and the security organization as a whole. Promote teamwork on a regular and consistent basis, because if each shift partner does not work with the other then the team suffers as a whole and you will have customer complaints made against your SOC.
All SCOs should be made aware of and understand the standards that are required for their duties and this should be written into the standards portion of your post orders. A reminder of the basics could even be posted on the wall within the SOC for each SCO to review everyday. Here is an example of what could be posted:
The duties in our SOC will include a great deal of customer service, working with different people, several different forms of computer software and equipment. You will work with mechanical, intrusion and most importantly fire alarms. You will monitor access and perform remote patrols of sites, even in different states, with our camera monitoring system. As a SCO here, you are expected to promptly assess and respond to alarms and incidents, and most importantly be truthful and factual. You will protect the company and its employees, contractors and guests at all times.
You are never alone. Your shift partner will help answer your questions. If both shift partners are unsure of how to handle a situation, then you should call the SOC On Call.
There will be times when you will have to make quick decisions due to the urgency of the situation. In such cases, good judgment should prevail and follow up communication with the SCO Supervisor, SOC Manager and/or the upper management of your security organization must be made immediately.
Always perform in the most professional manner possible and be a good shift partner.
Always remember the company and its personnel are our customers and we are here to serve their security needs.
Always complete your assigned tasks and duties to the best of your abilities.
Always keep your chain-of-command informed of problems and situations that affect the SOC and its personnel.
Don’t hold unnecessary and/or prolonged telephone conversations while on duty, as they distract from your duties, alertness and minimize performance.
Personal electronic device usage in the SOC is forbidden and will be cause for disciplinary action, which could include removal from the account.
Reading of literature or material not connected with your duties, the company or the security industry, unless authorized by a supervisor, is strictly prohibited while on duty.
Horseplay and/or disorderly conduct must be avoided at all times and will be cause for disciplinary action. Such acts are dangerous to the individuals involved and constitute conduct unbecoming of the job and its position.
Do NOT rely on your memory alone; always have a pad of paper and a pen available to write down pertinent information.
Action on or off duty must not be such that it brings unfavorable publicity to the SOC, the company or unfavorable contact with law enforcement agencies.
Do the best you can every day.
1. Welcome to the security operations center—This welcomes your new employee.
2. Company mission statement and core values—Provide information that will help your employee understand your company to include the nature of your business plus the values your company promotes within your industry and the public.
3. Introduction to your role as a SCO—The previous standards during the course of work can be placed in this location.
4. Why the SCO is important—Explain why their job is important to your organization and the company as a whole.
5. SCO job description—Provide a copy of their job description here.
6. SOC mission statement—Provide the mission statement here.
7. SOC post order summary—Establish the purpose of the post orders the SCOs are required to follow and their areas of responsibility.
8. SOC supervisory authority—Describe what authority the SCOs have, who has the authority to override the post orders due to extenuating circumstances and what to do when that happens.
9. Staffing and schedule—Write the current staffing requirements and provide an example of the schedule as stated in Chapter 6.
10. Hours of service—Explain the hours of service and why it is important to maintain coverage and how to accomplish that. The SOC must have two SCOs per shift, 24 hours a day, 365 days a year and one SCO must be in the SOC at all times. Add what to do if their relief doesn’t show for their shift and what to do in the event of family emergency or sudden illness. Above all they must understand that they cannot leave their post until properly relieved by another fully trained SCO.
1. Duties and the SOC on call—Describe the responsibility of doing their job to best of their ability and who is the primary on call for after-hours questions.
2. Shift duties in chronological order—Each shift will have their own duties to perform on a daily basis. This procedure is to ensure the equal distribution of work being performed and should be distributed between each workstation. The goal is not to keep them busy because alarms and customer requests will do that but describe who is in charge of updating the DAR or responding to emails that are received in the shared email inbox.
3. Daily activity reports (DAR)—The DAR is crucial to maintaining a log of all activities during the course of the day. It must be constantly updated throughout each shift as events unfold. It is a legal document and should be treated as such. Always remember that if it isn’t in writing, then it didn’t happen. SCOs should try to be as detailed and specific as possible. Each entry should be noted with the initials of the SCO that created the entry. The most common question about the DAR is, “what should I write?” The best rule to live by is, “when in doubt, write it out!” All DARs should be completed electronically and saved by date in a shared drive folder for each SCO to be able to write in. To ensure simplicity and reduce the amount of forms being created and saved, there should be one DAR for the entire SOC each day. Unless you have a software program for daily reports or are using SharePoint we recommend you use a spreadsheet to accomplish this task. Midnight shift would create a new one from a previously made template at the start of each day and the shift duties describe who would have control for creating new entries into the DAR. Provide the procedure on where to find the template, how to set up, and save the new DAR.
4. SOC email inbox and inquiries and requests—This is your group email address that all SCOs can access. The goal is to have emails that are sent to the SOC responded to in less than 2 hours, completed in less than 8 hours’ time and should be completed in an absolute maximum of 24 hours. Each shift should respond to and complete each request as fast as possible. The day shift will often be the troubleshooters. If after-hour shifts are just not sure what to do with the request, then they should submit it to the fixed day shift personnel. If a SCO is having a problem helping the customer, or you need someone to make phone contact with the person directly and they work regular day hours, then you should refer the request to the day shift personnel who will often be the troubleshooters since they are often the most experienced operators. The day shift personnel should always follow up with the after-hours staff on how they were able to solve the problem so those shifts will know for future reference. When the day shift SCOs are having problems then they will work with the SCO supervisor and/or the SOC manager to get the problem solved and get the customer taken care of!
5. Pass on information—The passing on of information from one SCO to another SCO is one of the most critical tasks that is performed everyday by your staff. You need to document that pass on’s are required and it will become a strong habit. There are three ways pass on’s can be conducted.
a. Verbal—When the relieving SCO has arrived they should be briefed on the events of the previous shift, any major incidents, and any tasks that need to be completed. They should be informed of any new policies or procedures that may have been implemented since their last shift.
b. Email—Is a great way to pass on information because it can be written while still fresh in your mind and sent to the appropriate personnel.
c. Pass on log or board—Most security posts have pass on logs but in a SOC using a computer is necessary and email can often replace logs. Having a pass on board placed on a wall in the SOC with highly important information can also be utilized. This allows the oncoming SCO to look at the board in case he forgets the verbal.
All three have their benefits and could all be utilized at the same time depending upon priority or purpose of the pass on information. The best way to ensure that communication is passed on correctly from shift to shift is to perform all three. It may seem like extra work but you only protect yourself, your coworkers, and the entire reputation of the SOC.
6. Weekly, monthly, and quarterly reports—Reviewing access to restricted or others areas is important to ensure that no one is doing anything improper. Whether they want the reports or not, your restricted area owners should receive access history reports for their specific areas. Running history reports is best tasked to the slowest shift, usually the midnight shift. Set your procedures that every Sunday night/Monday morning midnight shift is running reports for the prior week and on the first of each month the midnight shift runs the history report. Sarbanes-Oxley (SOX), DoE, and DoD often require maintaining and monitoring access history of restricted areas.
7. Site access control—See Chapter 9, Enterprise Access Control.
8. Key control—We are both proponents of card access control for a site’s perimeter and any room of importance shared by more than one person. But each site will always have some form of key control such as keys issued to security officers, various maintenance or other service providers, and individual offices. Your SOC may not be issuing the keys but they should know the procedures for your security officers in case the officers call the SOC for guidance. You should have procedures in place that answer who is authorized for any key, and how that issuance is recorded.
9. Maintenance issues and condition reports—Create a procedure for what to do if a security officer reports a maintenance issue, or if the SOC sees an issue on a camera such as a water leak. All maintenance issues reported through security should be catalogued in a database as a condition report.
10. Special projects—Your SOC will always have special projects. The dayshift should not be expected or required to complete everything. Spread the workload to the off-hours shifts such as bulk access card printing jobs, large access control projects, researching information for the corporate security department or the SOC, reviewing camera video to try and find a particular incident. Write in your post orders that regular SOC duties come first and special projects second. It should be required that they report why they could not complete a project on time if they were too busy performing regular SOC duties.
11. Investigative support—The SOC should be a primary supporter for any company investigator because they can run history reports, archive and review video, plus provide past incident reports of any significance to the case. All SCOs should know that any investigative support provided to a company investigator is completely confidential and should not be shared with anyone outside of the SOC. If someone were to discuss a case with someone outside of the SOC without prior permission from the investigator or the SOC chain-of-command that they would be subject to termination.
12. Communication department—If your company has a communications department create a procedure on how to contact someone from that department in the event that they need to be notified of a situation or media request.
13. News media—What should your staff do if the media calls, or arrive at one of your locations? Most likely your procedure will be to call the communications department but if you do not have one then you should have a plan in place of how to handle the media.
14. Corporate safety—How will your SOC interact with your company safety department? If your SOC is the primary for reporting incidents such as medical emergencies or accidents that result in injuries on the job, have a procedure in place that dictates who will be notified and how.
15. Information technology department—The IT department is one of the most valuable allies in performing the duties in the SOC. All SCOs need to know how to contact the IT staff 24 hours a day in the event that a computer or server goes down that affects the performance of the SOC.
16. Human resources—The SOC should know whom to contact and for what reason, if there is an issue with staff for any reason. The human resources (HR) termination procedure should be intertwined with the SOC. HR should know to contact the SOC immediately after the termination of any employee because they are there 24 hours a day.
17. Legal department—Create a procedure for how the legal department should be contacted in the event of a process server. Work with someone in the legal department to determine exactly what they would want to be notified right away of what can be just an email notification.
18. Add as necessary—Every company is different and will have their own company-specific nuances and procedures that must be recorded. This section of your post orders can grow as large as you want it. You cannot write a procedure for everything but if it is a regular occurrence then you should have something in writing. It is important to stress to your SCOs that they are not required to remember the procedures verbatim. They should know that you expect them to know where to find the information and the proper procedure when they need to utilize it.
1. Security systems—A centralized enterprise access control system will receive many calls related to equipment not working properly such as doors not unlocking when card is presented. The procedure should start with SCO’s utilizing a troubleshooting checklist to determine the nature of the issue and then what to do to rectify the issue such as putting in a service ticket to your systems integrator. A SOC troubleshooting checklist will be provided in the appendix. If your security department is centralized, the SOC might be the first call from a site manager who wants to install new security equipment. Have a procedure in place for what information they should capture and who it should be passed on to for getting the new systems in place.
2. Incident reports (IR)—Employees may call the SOC to report an incident that took place at their site if different from your SOC location. The SOC staff should be trained and have procedures on what to do when receiving an IR how to document and catalog the IR into the incident reporting database and who should be notified regarding the incident. These calls could include but are not limited to:
a. Emergency services are called or just show up
d. Damage to property such as accident or vandalism
e. Hazardous material or waste spill
j. Customer complaint about your company
k. External complaints against your company such as a company truck driver weaving in the road.
Writing the incident in a factual manner leaving out opinions and personal beliefs must be mandatory because these documents could end up in a court of law. Your staff has to act like junior investigators while on the phone with internal or external customers asking questions from the reporting party to ensure that they have all the facts of the incident being reported. Teach your staff to always ask one last question when taking incident reports, “is there anything else you can think of that may be important to know regarding this matter? Anything at all?”
3. Mass notification alert system—If your company has a mass notification system, your SOC should be at the heart of that system. You should have procedures in place that describes what kind of alerts that can be sent out and who is authorized to send those alerts. Distribution lists (DL) could include site, regional, or business unit breakdowns. Every SCO should know how find who is authorized to have the SOC send out and alert and to who or which different DLs.
4. Add as necessary—Depending upon the nature of your company’s business, there are several other items that could be included in this section such as:
a. Site specific call out of personnel
c. Claims against your company
d. Fitness for duty calls such as supervisor calling to inform that he or she believes that their employee in unfit for duty
1. Emergency preparedness—In an emergency, in any company events occur that stress the capabilities of the people, equipment, and systems that are in place. While planning can be conducted for expected disasters such as severe weather, sometimes all the planning and procedures cannot get you ready for when something is actually happening. Place in your post orders that you understand this and that they should try to remain calm, professional, and document everything that happens.
2. Emergency notifications—Your post orders should contain who is to be notified in the event of an emergency whether by site, region, or business unit.
3. Emergency plan—You need to have an emergency plan in case your SOC is required to evacuate the building they are located, which could be due to many things such as a gas leak or fire. If you have a backup location to move to or activate, this should be written in detail here.
4. Fire—Your SOC needs a plan on what to do if there is a fire. UL requires that tarps be placed over alarm monitoring equipment. If your SOC is UL certified to monitor fire alarms, this section is a good place to put basic alarm monitoring and response procedures to fire alarms.
5. Medical emergencies—Procedures should be in place for receiving medical emergency alerts inside the SOC’s building, and at other sites with and without security officers.
6. Severe weather—What to do in the event of severe weather such as tornado.
7. Power outage—What to do in the event of a building power outage at any site location.
8. Phone outage—What to do if the SOC’s location loses phone capabilities. UL certification requires you have a backup phone and most central stations keep a cell phone on site for those moments.
9. Suspicious parcel—What should the SOC do if the mailroom calls and states they have received a suspicious package.
10. Workplace violence—Describe what to do if the SOC receives a report of potential or actual workplace violence.
11. Elevator emergency—Building elevators often have phones or intercoms these days and these can be programmed to call into your SOC. Procedures need to be in place instructing staff how to handle and what to do.
12. Trespassers on company property—Have a procedure that details how to handle a trespasser at any company location and that authorizes your SOC staff to call the police without hesitation.
13. Civil disturbance: Strikes, protests, or demonstrations—Is your company prone to strikes, protests, or other civil disturbances? If yes, write a procedure for how those should be handled and who should be notified.
14. DHS National Terrorism Advisory System—In the United States or other countries, is your company considered part of critical infrastructure? Then you might be required to take further action in the event that the Department of Homeland Security (DHS) or other government bodies raise the alert level due to potential terrorism. Your SOC should be monitoring news 24/7 so they should know right away that an alert has been issued and needs to take action.
1. SOC and cleanliness—This can be one of your most important chapters of your post orders. Laying the policy of workstation cleanliness and shared area usage such as a refrigerator or kitchen area.
2. Personal hygiene: The difficult topic—Many central stations are tiny little rooms with two or more people working in close relation to each other. You must write that your SOC staff should understand that everyone has bodily smells and that it is important to prevent subjecting your shift partner to them by not bathing or showering prior to work. It is also important to promote not wearing large amounts of overpowering perfume or cologne that could be agitating to someone else. Write that it is okay for an employee relieving another to immediately wipe down the workstation to prevent the sharing of germs that could infect another employee. They should not be offended when that happens. Wiping down a workstation before you take it over should be the norm because this will help prevent the spread of infectious germs and reduce the calling off sick factor.
3. Uniform dress code—Write exactly what the dress code is for your SOC. Try to be as detailed as possible. Any room for interpretation will result in personnel wearing items that they should not be wearing.
4. HOW you communicate—This may seem like a strange chapter to place in your post orders but is critical to the success of your SOC. Your staff must understand that communication is a professional skill that must be constantly honed and crafted. Describe the proper greeting when answering the phone in your SOC and make sure they answer the phone that way each time. Write about practical phone etiquette and the do’s and don’ts such as staying away from talking about things such as politics or religion with customers calling into the SOC. Remind your staff that they should appreciate their customers whether internal or external and not become cynical when answering the same questions repeatedly. Teach your staff by writing in your post orders that it is encouraged and required to ask questions when working with customers. Teach your staff to use professional phrases versus informal phrases.
5. Public relations—Teach your staff that when dealing with the public they are representatives of the company and that it is important to make a good impression. They should be courteous, sound competent, use tact and discretion. Teach your staff to never say they do not know something. They should always tell customers they will get back to them as soon as possible with an answer.
6. SOC security and personal safety—This section should describe what is the proper procedure for someone to enter the SOC with authorization that does not work there and how visitors must be properly identified before entry and signed in upon entry. Staff should be instructed to never give out any personal information or scheduling info about anyone working in the SOC.
7. Personal electronic devices—This rule must be strictly enforced and all SCOs must understand that their personal electronic devices are NOT allowed in the SOC. You should write out the list to include the following:
b. Laptops or other computer devices
d. Digital or film cameras or camcorders
i. MP3 players (Apple, Sony, SanDisk, etc.)
j. Handheld gaming devices (Gameboy, PlayStation Portable, iPod touch, etc.)
k. Gaming consoles (Xbox, PlayStation, Nintendo, etc.)
8. Email and Internet policy—All SOC staff should know that they have no privacy when it comes to their work email and web surfing. They should not be allowed to access personal email while at work to include Gmail, Yahoo, Outlook, or other Internet email providers. This chapter could also describe various email standards or show what the required auto signature is for SCOs on their work email.
9. Proprietary information—This policy is needed to explain that they are required to protect company proprietary information at all times.
10. Break policy—Describe the break policy. How long are they allowed to be gone? Where exactly are they allowed to go while on break? How quickly must they be able to return in case of emergency? These questions must be answered in this section and thorough as possible to remove room for additional interpretation.
11. Tobacco policy—Describe the tobacco policy. Is tobacco even allowed on the property? If so, where are they allowed to smoke? What about smokeless tobacco? These questions must be answered in this section.
12. Leaving the SOC? Carry the cell phone or radio!—Anytime a SCO leaves the SOC for a restroom break or other reason, they should be required to carry the SOC cell phone or site radio in the event something major happens and their shift partner needs to call them back to the SOC as soon as possible (ASAP) for assistance.
13. Television policy—Every SOC we’ve run has had cable news running 24/7 in the SOC. If there is an event that could affect your company, the news could be the first way you find out. But if you have cable news you’ll have other channels available and you must describe what is allowable to watch such as local or national news networks and weather channels. You may need to write what volume level is acceptable because some SCOs might want to turn the volume up to where it is too loud and distracting. It is recommended that you lock all channels that are not allowed for viewing during a shift to remove any temptation to watch the National Football League (NFL), movies, or other nonwork-related channels.
1. Physical Access Control System (PACS)—Every PACS has a help button and a user guide but they are usually loaded with extra verbiage that is not helpful or they do not provide enough visuals to explain how to get from point A to point B. In your procedures create personalized examples of how to do everything from acknowledging an alarm, programming an access card, or programming a reader into the system by using pictures to explain everything that is needed to do step by step. Be sure to include procedures for how to:
b. View the details of an alarm.
c. View a map of the alarms location.
e. Work with auxiliary outputs.
f. Manual, timed, or conditional commands to devices.
g. Running activity, history, locator, muster, and access card listing reports.
h. How to read and understand a cardholder’s profile and status.
i. How to assign access to a cardholder.
j. How to add, modify, or delete a card reader or monitor point.
2. Video surveillance system—Create procedures that simplify how to log in, set up cameras for monitoring, how to pan, tilt, or zoom a camera, how to review video, how to archive video for review at a later date or time.
3. Workstation phones—All phone systems are different and your SCOs need to know how to log into your phone system, place calls on hold, transfer calls and conference calls together. If you have a call coding system, you will need a procedure on how to code your calls after a call is completed.
4. Audio recording system—If your SOC is monitoring fire or burglar alarms, you should have an audio phone recording system to record all your calls coming in and going out. This is necessary for your operators to review calls for their incident reports to ensure that they are documenting detailed information.
5. Any piece of equipment or software the SOC uses—This section could grow to be the largest of your post orders depending on the number of different pieces of equipment and software packages you use on a regular basis in your SOC. These are basically your cheat sheets for your operators to follow until the steps are committed to memory. Other procedures to consider adding if you have them:
a. PACS servers operating and troubleshooting
b. SOC cell phone or handheld radio
Your hard copy of the post orders should be kept in a three-ring binder for easy removal of expired and additions of new or updated post orders. Printing a whole new set of post orders is unnecessary until you have several changes already completed. Temporarily post changes and new additions here until the entire post order book or binder can be updated.
In your appendix section, provide good examples of regularly used checklists and other documents.
For every site you have within your system you need to create a specialized site-specific procedure saved in a location where each operator can easily find it both electronically and hard copy if necessary. For any new site that you add into your system, your SOC should be provided the following information:
• Site security manager or other responsible party provides information to SOC about new site.
• This should include restricted (RST) area info.
• Knox box info or other exterior information for fire department response.
The SOC manager should never be the responsible party for approving the final draft of the site procedure. The local site security manager or facility manager should be the final person to approve a site procedure. Having a local authority approve the procedure validates that the information written is correct and is the proper way to handle a situation. This document should include the following information:
b. Region or business unit affiliated with.
d. All phone numbers affiliated with the site.
e. List of restricted areas within the location and their owners.
f. A notes section that could include any random note of pertinent information that would be important for operators to know.
How to handle an intrusion alarm step by step and the actions that are necessary to take to complete an alarm response.
How to handle a fire alarm step by step and the actions that are necessary to take to complete a fire response.
How to handle a mechanical alarm step by step and the actions that are necessary to take to complete a mechanical alarm response.
This should include your regular business hour contacts, your after-hours contacts, key site management personnel, and all the emergency services number that are applicable to that site.
Each site will have their own unique synchronicities and may require one or more special instructions that require a different action than those already documented in the site procedure.
This document can always grow as necessary if there are more specialized instructions to ensure that each site works well with the SOC. Part of that is through the partnership of working with the local site management to ensure that the proper procedures are being followed. Each site manager should understand that the site procedure will only change if the site informs the SOC of changes at the location.
For current locations in your system your site procedures should be updated annually at a minimum or on an as-needed basis. This is a task that can easily be assigned to one of your dayshift operators who can easily attempt to contact the site security manager during regular working hours to verify that the procedures are still correct.
Post orders is one of the most difficult tasks for SOC management because they will always need modification and updating to ensure that your staff is following the proper procedures, especially if you have several new hires working. But make sure your staff does not have the capability to make their own modifications to the post orders as they see fit. At one SOC, we had a major change completed by IT and that modified everyone’s permissions giving all SOC staff the ability to modify the post orders as they see fit without us knowing about it. But the SOC staff knew it and decided not to share that information. One time a midnight SCO missed a regular daily task and when they realized their mistake, they simply changed the daily task schedule in their post order to remove the task from their schedule, which was conducting a system status check of the site video servers and cameras. It’s considered important. When a camera was found offline later that morning the Lead SCO checked the DAR and because the system status check was not noted in the DAR had to begin to review when video was lost, which was before the system status check should have taken place. When the midnight SCO was questioned about it, he simply stated “it’s not in the post orders.” The Lead SCO knowing full well that the task is in the post orders was about to lose their mind when the midnight SCO said “check the post orders.” So, the Lead did check and discovered that the task was gone. After a further investigation revealed that the last IT data archive backup showed that the task was there in the document previously and the last person to modify the post order was the midnight SCO we knew we had a problem with. When the midnight SCO was presented with the evidence, he was asked “why did you modify the post order instead of just admitting your mistake?” He pleaded the fifth amendment. Seriously. He left to pursue other opportunities.