About Us








Articles and Information


Planning for the Unique Security Needs of Religious Institutions 
By Cathi Marx, ALCM, COSS, CHS – V, and Celene Adams

Religious institutions and organizations in the United States and elsewhere continue to fear the potential of violence perpetrated against their members and their property.

Their fears are warranted. Because despite the fact that U.S. hate crimes motivated by religious bias decreased overall in 2007(the year the FBI released its latest “Hate Crimes Statistics” report), they nevertheless accounted for 18.4 percent of total hate crimes. 

In 2008, for instance, just a few of the violent incidents suffered by religious institutions included: gunmen opening fire at a Mosque in Florida, as worshippers celebrated Ramadan, the start of the Muslim holy month; a fire that gutted the Chabad Shul Synagogue, in Florida; and the deaths of two people at a Unitarian Universalist church in Tennessee, after a man shot them with a gun he’d hidden in a guitar case.

Further, while 4.3 percent of hate crimes motivated by religious bias are directed against religious institutions, 11.3 percent take place in schools, according to the FBI report. Many of these crimes involve defacing property with anti-Muslim or anti-Semitic graffiti. For instance, a large menorah set up by the Chabad House at Harvard University in Massachussetts was vandalized in December, 2008, as students celebrated the holidays. Slurs, mockery, bullying and assaults of both teachers and students are also common hate crimes in schools. The Anti-Defamation League’s “Annual Audit 2007” identifies 227 anti-Semitic acts reported at K-12 schools and college/university campuses nationwide. 
Such occurrences emphasize our need as security professionals to improve protection against crimes motivated by religious bias for all types of organizations and institutions, but especially for religious institutions and organizations with religious affiliations (RIOs).

Yet, in doing so, we face unique considerations; RIOs have specific security needs, and as security professionals we must be sensitive to them.

For instance, we must be aware that: 

• RIOs are often non-profit, so they do not have large budgets. 

• RIOs foster and value a sense of community among staff, so they may be reluctant to placing checks on internal operations. 

• RIOs want to provide their members with a sense of psychological as well as physical security. Consequently, they are sensitive to security jargon and may resist use of such terms as “lock down” or “code red.”

• RIOs are often staffed in part by volunteers, many of whom are part-time and/or elderly and do not always comprehend the necessity for new security requirements. 

• RIOs are necessarily concerned with the “welcome factor” – balancing security planning with maintaining a receptive environment for the public. RIOs do not want to alienate members with a “fortress” mentality.

Awareness and integration of these unique qualities are as much a part of the security-planning process for RIOs as are its other aspects. Sensitive and diplomatic consideration of each of them must be part of any RIO security-management process for it to be successful. 

Three stages of creating security-management programs for RIOs

The process of creating a security-management program for an RIO is executed in three stages: assessment, planning and implementation. 


The first stage, assessment, involves several steps, including:

• Working with police to become aware of the crime demographics particular to the RIO’s neighborhood and specifically to RIOs within that neighborhood.

RIOs’ primary safety concerns involve vandalism and perceived threat, or intimidation.
The FBI report shows, for example, that 972 incidences of vandalism were perpetrated against religious organizations in 2007, while there were 290 incidences of intimidation.

Working with police and other emergency professionals can specify the type of threat RIOs are most vulnerable to within a particular neighborhood. RIOs are susceptible to the same types of crimes as occur in the surrounding area; so collaborating with police can help to determine whether threat potential is perceived or actual, or whether it is a threat to physical or emotional well being. Further, working with police can isolate via what routes such crimes are most likely to occur. 

• Identifying potential threats to the RIO, including natural, man-made and internal threats

Sometimes an organization’s exposure to risk is highest in the form of man-made liabilities. RIOs typically are 24/7 operations: They run programs all day every day, for groups ranging from preschoolers to seniors. Consequently, the portion of their risk exposure is inherent to the nature of the ROI’s existence. 

• Meeting with and receiving input from everyone in the RIO, including the members

Making security planning part of RIO culture is crucial. RIOs often have a family mentality, and the idea that a threat could exist from inside the organization can be difficult for members to accept. The easiest way to counter this resistance is to make everyone a participant in the security-planning process. Asking members for their suggestions goes a long way toward changing an RIOs perspective from resistant to cooperative and preemptive. Elicit members’ help in terms of accessing information about how the building is used, what the procedures are, how volunteers are selected, etc. Ask them to take you on a tour of the property, or ask if you can shadow them as they go about their usual routines 

• Identifying assets in terms of property, high-profile members, and events and activities that could be targets.

Including high-profile members in a risk assessment is essential because these individuals may be targets, both on-site at the RIO and in their private residences.

For example: If a high-profile member attends an event at the RIO, not only the RIO may become a target during the event, the member’s residence is also vulnerable during that period of time, especially if the event announcement was made via the RIO’s website. 

• Conducting a physical assessment of the property

A physical assessment of the property is of course necessary to any security-planning process. However, it should go beyond what areas of the property are used and when, to include who else uses the property and how.
Security consultants should encourage RIOs to require identification of anyone such as repair and maintenance personnel arriving at the property, and advise them not to admit anyone without an appointment. All deliveries should be delivered only to the main office. Delivery personnel should not wander the facility with packages. Further, RIOs should question anyone whose behavior or actions warrant intuitive suspicion. For example, one RIO raised concerns when a new visitor attended services because, although the visitor was dressed in traditional religious apparel, he did not speak the language of their prayers, used a vehicle to arrive at services and was hesitant to engage in conversation with other RIO members.

In conducting a physical assessment, security consultants must also look beyond the obvious and be creative. For instance, when one RIO planted trees on its property, it used large river stones to enhance the landscaping around the trees. Anticipating that the rocks could to be used to break windows on the premises, the security consultant advised the RIO during the threat assessment to cement them attractively into place. 

• Assessing the RIO’s website

An organization’s website is like its bulletin board. It contains calendars of events, pictures and announcements of schedule changes, etc. In a sense it’s a living document that represents an organization’s vitality.
Consequently, RIOs may feel resistant to restricting the way they use it. However RIOs must exercise stringent care in publicizing information on their websites. Information such as aerial photographs of the property, details of event calendars and names of high-profile members are especially vulnerable to abuse, as such information gives anyone with malicious intentions date/time specifics to target the ROI during the event and/or the homes of members whose information is posted. 

The best approach to convincing an RIO to include its website in a security- management program is to emphasize that it need only change the way it presents information, rather than advising it not to present information at all. For example, security consultants should advise RIOs to post only general information on their websites: An ROI might announce a service or event but offer a number to call for further information. This is important especially, for example, if babysitting is offered during an event; the exact location/date/ time that will be children on the property should never be posted. 


Once you have ascertained all the potential ways a crime could occur, it’s time to begin the second stage of the security-management process planning. Planning involves the following steps:

• Defining countermeasures to potential threats 

An RIO may or may not be willing and/or financially able to address all defined risk areas, but individualized planning can tailor the security plan to the RIO’s greatest needs while recognizing its unique culture. Balancing your agenda as a security professional with the RIO’s will achieve the greatest results and will encourage the RIO to rely on your expertise in future.

• Creating a safety and security committee from members at all levels of the institution 

The conversation you began with members during the assessment stage bears additional fruit during the planning stage. By this time, if you have developed rapport with the RIO’s members and leaders, they will have accepted the security program’s value and will cooperate in creating a committee to systematize its implementation throughout the organization.

Such a committee can designate members as being accountable for training other staff, conducting routine drills and property inspections and keeping the safety mandate visible in the organization’s culture through tools such as prominent displays of emergency numbers and prompt reporting of suspicious persons. 

• Providing recommendations to "harden the target," such as barriers, access controls, video surveillance, gates, walls, etc.

Often, recommendations to improve an RIO’s physical impermeability are met with resistance due to the costs involved and to the organization’s desire to maintain approachability. The RIO may not, for instance, want to build a wall around the premises, or it may not have the funds to install an electronic security gate. If this is the case, hardening the target is still possible with low-cost alternatives. For example, the RIO’s computer systems might require relocation or an off-site data back-up system. Other options might include installing an inexpensive buzzer system on all doors, placing a water fountain or other obstacle in front of double doors to prevent cars from driving through the facility, and requiring all staff to wear badges to increase the public’s estimation of the RIO’s security level. In one case, simply removing a tree from the property lowered the likelihood of an intruder gaining access via the roof.

• Budgeting realistically and cost effectively

Budgeting realistically includes not only providing creative alternatives to expensive security measures but also finding creative ways to raise funds for them. For example, while non-profit RIO’s budgets are limited, members may be willing to sponsor donation opportunities for security, such as sponsoring security cameras. Another option might be a homeland security grant, available through local, state or federal programs. 


Implementing your security plan should involve everyone in the RIO and include an ongoing dialogue about the organization’s evolving needs. This final stage in the process of risk management for RIOs is facilitated if everyone in the organization holds some responsibility for an aspect of the program. Designated duties might include: training volunteer staff to recognize suspicious persons; inspecting the premises regularly; updating emergency personnel’s contact information; scheduling security seminars; and conducting periodic evacuation and lockdown drills.

Communicating results is also vital to keeping staff motivated in the ongoing maintenance of a security program. As always, this requires diplomacy. Security professionals will achieve more by pointing out areas where RIOs are doing well and making recommendations for improvement than by focusing solely on areas in which performance needs work. 
Finally, security is an ongoing process. Even the most carefully created security program will erode over time if not continually and vigilantly updated. Create a maintenance timetable to regularly check procedures, update training and inspect premises so as to keep security policies and procedures vital.

Avoiding fear but staying realistic

While security professionals’ approach to working with RIOs must assess and address ROIs’ physical, procedural and attitudinal vulnerabilities in a way that is sensitive to ROI culture, it must also include a realistic assessment of both the probability of threat and its potential severity.

We as security professionals know that, with regard to security risks, it is no longer a question of “if” but of “when.” However, it is counterproductive to create an environment of fear. A security professional cannot simply “cry wolf,” so to speak. While there is good reason for ROIs to exercise preventive measures, an alarmist approach is not sustainable over the long term.

Instead, we must cultivate a culture of observance. Because after all is said and done, observation is an ROIs best defense. Along with specific assessment, planning and implementation, we need to help ROIs create an overall ethos of security. We need to teach ROIs to feel comfortable questioning anything that feels intuitively suspect and to collaborate with external security professionals. 

Ultimately, this will give ROIs both the psychological and physical security they need.

Further Resources

Cathi Marx is Vice President of Risk Management Services with Aspen Risk Management Group. Contact Cathi at: 619/294-9863, or via the Web at: www.aspenrmg.com.

Celene Adams is a San Diego-based freelance writer. Contact Celene at: 619-825-6062, or the Web at www.celeneadams.com.