Home Publications

LIBRARY SECURITY GUIDELINES
DOCUMENT
JUNE 7, 2001

Prepared by
Security Guidelines Subcommittee of the BES Safety & Security of Library Buildings Committee

Table of Contents

Introduction and Definitions

Introduction

"Library Security Guidelines" is a document based on a similarly-titled work done in 1996 under the auspices of the Smithsonian Institution, which in turn, is based on a 1989 publication from the American Society for Industrial Security (ASIS). Titled, "Suggested Guidelines in Museum Security," and issued by the ASIS Standing Committee on Museum, Library and Archive Security, the ASIS Guidelines were revised in February 1997 in response to changes in the burglar alarm standards by Underwriters Laboratories effective October 1, 1996. The original 1989 publication was the work of the Professional Practices Sub-Committee of the ASIS Museum, Library and Archive Committee. Members included Steve Keller, Stevan P. Layne, Darrell Wilson, Edward Dolan, Ernest Lipple, Robert Burke, Barton Rinehart and Tom Prevas.

The 1996 work was produced by Eric Belzer, an intern from Buena Vista University in Storm Lake, Iowa, and the project was managed by David Liston, Smithsonian Protection Outreach Officer. "Library Security Guidelines" attempts to ensure as much standardization as practical and where possible with the ASIS document on museum security while still meeting the unique needs of the library and archive community.

This revision was completed by a sub-committee of the Safety and Security Committee, Buildings and Equipment Section, Library Administration and Management Association (LAMA), a division of the American Library Association. The sub-committee, chaired by Merri Hartse, Spokane Public Library, included Sylvie Bouchard-Estrella, Queensborough Public Library, Henry DuBois, California State University at Long Beach, Susan Hildreth, San Francisco Public Library, and Gregor Trinkaus-Randall, Massachusetts Board of Library Commissioners, did most of its work in late 1998 and early 1999. The document will reside on the LAMA website, available at no charge to everyone.

"Guidelines" are not standards, and this document does not attempt to establish standards. While some industry standards are recommended, the use of the term standard in no way implies that libraries that do not adopt the recommendations are in any way negligent.

Not all aspects of all recommendations will apply to all libraries. But most will apply or can be closely adapted by libraries. Smaller libraries in particular may find it difficult to comply with these recommendations. Libraries are so diverse that there will be those for which these guidelines do not apply. While the recommendations are voluntary, they represent the composite opinion of the leading experts in the field of library security as being appropriate for most, if not all, libraries.

It is also clear that smaller libraries will not have the staff necessary to comply with some guidelines. Many libraries do not have a director of security or even a security force and should not be obligated to hire a staff member specifically to serve as Director of Security. But in adopting the spirit of the guidelines, the small library will designate one person to hold this title and be responsible for these duties in addition to his or her regular duties.

Successful library security programs are based on clearly defined and well-communicated behavior policies for public and for staff. Although these guidelines do not explicitly refer to "rules of conduct" for the public or staff, the guidelines are based on the assumption that the library has a set of rules governing public and staff conduct in place. Behavior policies or "rules of conduct" are a local responsibility that will be unique to each library setting, but these policies should be reviewed by the library's legal counsel and approved officially by the library's governing body. Security personnel will have a very difficult time enforcing behavior rules if these rules are not clearly communicated to the public and staff.

Security in your library, just as security in your home, is every staff member's responsibility. Even in the library with its own security force, the security officers can only be in one place at a time, it is everyone's responsibility to ensure that both public and staff have a safe environment. Hopefully, these guidelines can help you provide a safe environment for everyone as well as to protect your collections.

Definitions

alarm monitoring facility: central station where security, fire or other emergency alarms are monitored and persons are dispatched to investigate the alarm.

assets: refers to what the library has or owns and considers valuable, including human life, collections, structures, properties, even the good name and operations of the library.

collection and objects: materials collected by libraries and archives to include but not limited to books, periodicals, manuscripts, maps and recordings.

commissioned: award of law enforcement powers to arrest and bear arms.

disaster: uncommon, uncontrollable events such as a dangerous weather storm causing damage, sometimes contrasted with "emergency" which refers to interruptions to library operations that are relatively common, controllable emergencies such as electrical power outage, often used synonymously.

emergency: an interruption to library operations that is relatively common, controllable, contrasted with "disaster" above, but often used synonymously with it.

guideline: procedure, practice or system recommended as a minimum step toward providing protection in a library. These are not standards.

Library/archives manager: operational director of the library or archives.

object or collection object: one of the materials, collected by libraries and archives, defined under "collection" above.

perimeter security: protection concept of designing a three-dimensional ring around objects of value, often one inside another, such as a property line perimeter, building shell perimeter, non public area perimeter and high value area perimeter.

policy: as used in this document is a library-wide scheme, while "program" and "plan" are management procedures for specific subjects. Specific procedures may be called "instructions," "manual," or "rules".

protection: includes physical security, fire protection and emergency planning, contrasted with "security" below, with which it is often used synonymously.

secured area: an area who perimeter security has been reviewed and usually reinforced, with entries and exits locked or under observation and generally alarmed when empty.

security: generally refers to physical security protection, but here, as elsewhere, is a common synonym for "physical protection" that includes fire protection and emergency planning.

security manager: library/archives staff person who is appointed to be responsible for library security and protection issues.

security staff: staff who have security duty to perform, when they are performing that security duty.

shall: means "critical" for compliance

should: means "highly desirable" for suggested or recommended compliance.

special collections: refers to high value collections.

staff: any persons who can be held responsible for their actions by the library, including paid and unpaid staff, volunteers, interns, researchers, contract and maintenance workers.

staff with primary security duties: staff who are dedicated to work conduct security duties most of their working time, usually staff of a security office or security department.

1. Duty to Protect

The Library Director, or designee in safety and security matters, should be responsible for:

1.1 ensuring the physical protection of both library employees and library patrons. He/she also is responsible for protecting the building, its contents, and its immediate surroundings. This responsibility includes, but is not limited to, the development and integration of protection programs for fires, floods, earthquakes, and other natural disasters.

1.2 ensuring that library employees are informed of and instructed in their obligations in safety and security matters, for example, the obligation to protect lives and collections, to provide aid to disaster victims, etc.

1.3 taking all reasonable steps to minimize loss and damage to collections, furniture, and equipment.

1.4 developing and integrating a library asset protection policy that addresses, as appropriate to the nature and size of the library, fire and emergency protection, described in Section 4; physical barrier and lock and key protection, described in Section 5; security staff protection, described in Section 6; personal access and parcel control protection, described in Section 7, and security alarms and electronics protection, described in Section 8.

1.5 auditing the library's assets and its protection systems on a regular basis. When possible such audits should be conducted by security professionals independent of the library with no product or service-related bias.

2. Foreseeability of Loss

The Library Director, or designee in safety and security matters, should be responsible for:

2.1 anticipating, and taking measures to prevent predictable losses such as minor vandalism, injuries, theft of library materials or library user property, utility interruptions, and the non-return of items borrowed from the collection.

2.2 anticipating, and taking measures to mitigate catastrophic losses that occur during emergencies and natural disasters, such as earthquakes, major fires or floods, major structural, medical and chemical accidents, weather related catastrophes, and those from civil unrest, drawing upon local and regional experience as a means of loss avoidance (see Section 4). As the library develops strategies and programs for security it should examine the experiences and responses of neighboring institutions who have come to grips with some of these issues. Law enforcement, fire service, risk management, insurance professionals, and others with expertise in loss prevention also should be consulted as appropriate.

2.3 working closely with agencies responsible for recruitment and appointment of personnel to ensure that staff and professional employees have received verification of their identity and past history, avoiding, where possible, any potential threat to other staff, the public, the collections, or other building contents.

2.4 documenting all losses, including those from fires, natural disasters, crimes, antisocial behavior, etc., that occur on or near the library involving employees, library users, their property or library property. This information should be collected and organized in a manner that facilitates the anticipation and prevention of further losses.

2.5 maintaining communication with theft reporting media, particularly electronic distribution lists dealing with library loss prevention, security, and stolen property reporting as a means of avoiding the purchase of stolen property and of keeping abreast of security trends and issues.

2.6 reporting promptly any obvious losses to appropriate external agencies to increase the possibility of recovery, to promote the apprehension and punishment of the perpetrator(s), and to help other libraries avoid similar losses.

2.7 seeking professional external evaluation of any high threat sites within the library and any collections, furnishings, or equipment with unusually high value in order to anticipate and prevent security program inadequacies.

3. Adequacy of Protection

The Library Director, or designee in safety and security matters, should be responsible for:

3.1 managing situations of gravity and sensitivity and to provide clear and immediate or timely emergency direction.

3.2 preparing a library security policy that includes staff rules to protect people, collections, facilities and grounds, and that applies to everyone regardless of position, rank, title, status, or similar reason.

3.3 developing an internal security plan for protection of staff, workers, and patrons. See Appendix B.

3.4 evaluating threats against persons and the library to develop effective protection programs with goals, objectives, timetables, and benchmarks to counter specific threats such as fire, theft, vandalism and mutilation, and personal safety.

3.5 preparing and keeping current a library fire evacuation plan and an emergency disaster plan for each library with specific staff instructions and directions, including emergency closing and evacuating, staff notification, life safety responsibilities, maintenance of building integrity and utilities, library stand-alone procedures, and emergency conservation and recovery. See Section 4.

3.6 preparing a security operations manual for routine, operational and emergency situations, which is especially useful during the absence of higher level managers. See Section 6.

3.7 integrating similar facilities and protection duties for background checks; facility and grounds management; emergency liaison with the Federal Emergency Management Administration and other emergency agencies; library strategic planning and construction, and government inspection and reporting for the Occupational Safety and Health Act and the American with Disabilities Act.

4. Fire and Emergency Protection

The Library Director, or designee in safety and security matters, should be responsible for:

4.1 integrating a fire and emergency protection program into a library protection policy to avoid and mitigate losses to the library. Fire risk is the major threat to libraries and archives and library protection should be managed accordingly, following the guidance of National Fire Protection Administration (NFPA) National standards, especially NFPA Standard 909 for the Protection of Cultural Resources, Including Museums, Libraries, Places of Worship and Historic Properties, and subsequent revisions. Each state and city may have fire codes additional or slightly different from NFPA standards which can be easily verified with the local fire department.

4.2 using reliable early warning fire detection and annunciation systems that are both visual in the form of a strobe light and audible by a bell or horn, with signals clear and distinguishable from other signals and easily understood by all users of the library, including persons with disabilities. The systems must comply with NFPA Standards 71 And 72 and its equipment must be approved by Underwriters' Laboratories (UL), Factory Mutual (FM) or similar nationally recognized testing agencies.

4.3 requiring sufficient exits and exiting guidelines, including areas of rescue assistance, following NFPA Standard 101 on life safety. When a building is occupied an exit shall not be locked preventing its use, obstructed or in any way made unusable. If doors are equipped with electronic/magnetic devices they must release in a fire evacuation situation or loss of power.

4.4 requiring a fire service physical inspection of the library to plan its tactical response, verify the library's compliance with local and state fire codes, and review the library's use of fire prevention practices such as control of the use of open flames (by cooking, smoking, candles and welding). A fire service should also inspect electrical appliances before use including the use of timers with heat generating appliances and check compliance with fire service room occupancy limits. Use of electrical appliances should be limited to a staff room.

4.5 publishing a library evacuation plan and displaying emergency exiting diagrams and instructions for staff and patrons, including persons with disabilities, with a minimum of one fire drill exiting per year, in which the staff fully participate.

4.6 ensuring that fire detection systems are monitored continuously at a separately located station such as the municipal police or fire station and a library monitoring center (whether it be a panel in the occupied building if on its own and/or linked to a security monitored center). Appropriate NFPA Standards such as NFPA Standard 71 and 72 should be followed, using equipment that is approved, and is periodically inspected and recertified by UL. If an uncertified monitoring facility must be used because of local necessity it should be done only with the approval of the local security and fire protection authorities, with regular on-site inspections for its adequacy.

4.7 installing fire service approved fire fighting equipment of an approved kind and quantity, including portable fire extinguishers inspected at least semi-annually and placed in strategic locations throughout the library, following NFPA Standard 10, and when possible water standpipe and hose systems, following NFPA Standard 14. Staff should receive training in the appropriate use of fire extinguishers.

4.8 setting a high priority on protecting the library with an automatic fire suppression system, since libraries hold combustibles and often have structures with open stairwells. A safe, reliable, and often recommended system for libraries and archives is a cross-zoned, wet-pipe water sprinkler extinguishing system specified for minimum sufficient water release, for installation throughout the library, but especially in areas with special risk such as mechanical rooms, kitchens, shops and work spaces using flammables, chemicals and electrical equipment. Automatic fire suppression systems should follow NFPA Standard 11A on medium and high expansion foam systems; NFPA Standard 12 on carbon dioxide extinguishing systems; NFPA Standard 13 on sprinkler systems, and NFPA Standard 17 on dry chemical extinguishing systems.

4.9 planning an effective physical layout of the library with fire walls and doors and the use of automatic door closures following NFPA Standard 101 on life safety and fire dampers and fan shutoffs in ducts to prevent the spread of fire and smoke throughout the library, following NFPA Standard 90A, for air conditioning and ventilating systems, to include an efficient means to ventilate smoke and toxic gases created by fire. Raise awareness with staff and patrons to ensure closure of fire doors to contain a fire situation from spreading.

4.10 requiring regular inspection and testing of fire detection, annunciation, suppression and fire fighting systems following appropriate NFPA standards, local fire service codes and equipment recommendations, whichever is more stringent. These include NFPA Standard 13A on the inspection, testing and maintenance of sprinkler systems and NFPA Standard 72H on testing protection signaling systems.

5. Physical Barrier and Lock and Key Security

The Library Director, or designee in safety and security matters, should be responsible for:

5.1 integrating a physical barrier and lock and key security and/or card system program into a library protection policy that requires adequate and regular use of physical security closing and locking devices and sound lock and key accountability.

5.2 employing perimeter protection, not leaving external library, non-public, or high value perimeters open or unprotected, nor permitting a contractor to do same. Adequate operable closure hardware for doors, windows, hatches, gates and cabinets, especially locks, should be furnished. The director should match the relative security of devices and carriers, including balancing the relative protection afforded indoor openings by the door, door frame, hinges and lock.

5.3 preferring physical perimeter barriers to electronic or staff security checks, closing unused or unnecessary doors, windows, and other exits. While programmable access control systems with digital keypads or cards or biometric readers are encouraged, these and alarms are not adequate physical security by themselves.

5.4 securing high security perimeters with solid surfaces and high security closures on its openings. High security perimeters are perimeters holding special collection storage and other high value objects and the library perimeter, which includes above and below ground level, the roof, open balconies, and atriums.

5.5 using good quality, pick resistant deadbolt locks, on high security perimeters, which use keys whose blanks are not commonly available from locksmiths without a registered signature. Door, window, or hatch hinges and installation nuts or screws for high security hardware should be secured and located on the protected side of the opening. Key openings on the external side of high security perimeter doors, that are not needed for operations, should be fused closed in order to deny their use by lock picks and unauthorized keys. Exterior windows should use pins or locks not easily opened by breaking panes of glass without detection, not cam locks as the major device. Sliding glass windows should use double cylinder deadbolt locks, not thumb turn locks. Double doors and double hung windows may require reinforcement with bars, posts and pins.

5.6 requiring exhibit cases to be firmly constructed or fixed to the wall to avoid easy entry. Use of security screws and brackets, hangers with locking devices or other similar methods that require a knowledge of the attachment systems and time to remove them, should be used. Cam locks, except high security types, should not be used for display cases.

5.7 requiring an effective key and/or cardkey program, as part of the access control program, for accountability, control, and strong physical security. This should be planned and operated by one person, preferably closely allied with security operations.

5.8 requiring all keys and/or cardkeys to high security areas to be issued, signed for and returned daily to security where they should be stored in an adequately locked container in the library and accounted for each night.

5.9 accounting for, keeping written record of, and having physical control of keys and/or cardkeys not issued and key blanks.

5.10 limiting key and/or cardkey abuse by not issuing keys or cardkeys with bit codes or room numbers to be marked on them. Any contracted locksmith should be bonded.

6. Security Duties and Security Staff

The Library Director, or designee in safety and security matters, should be responsible for:

6.1 integrating a security program into the library protection policy for all staff in the library in order to provide security monitoring of conditions. Staff security should include self protection, protection of immediate responsibilities, surroundings and property, and minor additional security duties when there are no full-time security staff. Libraries with designated security officers should continue this practice even when the Library Director or security manager employs security officers, referred to here as "staff assigned primary security duties."

6.2 requiring all staff to protect themselves and their immediate property and take action when necessary to protect lives and property and report any difficulties for quick correction. All staff should be required to fulfill basic security duties such as being aware of who is in their work areas, following routine security procedures for staff and property, reinforcing patron rules of decorum, keeping valuables out of sight if not locked up, completing first-person opening and last-person closing procedures, and following emergency instructions.

6.3 providing sufficient security staff as "staff with primary security duties," at all times that the building is occupied under the direction of a security manager, when there are significant general or specific threats and risks to persons, collections or the Library. Sufficient staffing includes consideration of adequate security coverage during breaks, shift changes, illnesses, days off, weekends, holidays, and other absences.

6.4 requiring persons assigned to positions with primary security duties to be physically and mentally fit to perform in that capacity, detailed in Appendix A as Suggested Security Staff Qualifications. Complete a background check successfully, described in Appendix B as Staff Pre-employment Screening Guidelines. Comply with state and local requirements.

6.5 requiring staff with primary security duties to be responsible for security, including good customer service to patrons and staff, protection of life and property, fair rule enforcement, completion of all fair orders and instructions, staying on duty until relieved in the absence of superiors, and the coordination of emergencies of the library.

6.6 providing staff assigned primary security duties with a procedures manual and sufficient training, including post or patrol assignment security responsibilities, the handling of patron and staff problems and complaints, the handling of library and protection equipment, and the handling of violence and emergencies, especially during the absence of high level managers. The minimum training for security should be one day of classroom instruction prior to working and continuing on-the-job training by a competent and experienced instructor. Security supervisors should be adequately trained. Licensed, armed, and medically qualified security staff require regular retraining and recertification.

7. Personal Access and Parcel Control

The Library Director, or designee in safety and security matters, should be responsible for:

7.1 integrating a personal access and parcel control program into the library protection policy in order to protect lives and assets at the library. It should use physical barriers, entry/exit control devices, and security staff checks and should include everyone using the library, including staff of every category, board members, volunteers, contract and construction workers, interns, researchers, maintenance staff and office visitors, without excepting any library user from security controls. The personal access program shall define controlled areas by geography and by time, such as secured areas of high value continuously; establish the limits and conditions for their entry and use, including by time and day of week; and establish a means for staff to gain access to those areas to carry out their duties.

7.2 requiring those staff who have been prepared to perform basic security functions to identify and determine the authority or purpose of persons before permitting persons to cross secured library perimeters. As a minimum, security staff should protect the perimeter for entering and leaving non public areas and high security areas during open hours.

7.3 requiring security staff to maintain and use security registers to record consistently the entries and departure of visitors to non-public areas and to all areas during non -public hours. Security staff should use these or similar registers to record also the issue and return of visitor badges, after-hours entry and departure for everyone, and the removal of property from the library and grounds. Contractors and construction staff should be required to comply with this system or be segregated from library areas.

7.4 providing its staff a symbol of authorized access with some visible form of identity such as a name plate, emblem, uniform, or badge to reassure patrons of a staff presence and discourage patrons from imitating the work privileges and behaviors of staff. Security staff should issue a one-time entry badge or authorization card for visitors to non-public areas, with requirements to comply with visiting rules and be escorted during visits to high security areas.

7.5 requiring staff to wear a staff photo identification badge or card visibly to permit easy and safe recognition for entry and work of trusted staff when visibly worn in non-public areas and in all areas of property from the library or grounds (when the total number of staff exceeds more than can be easily recognized by everyone, such as about thirty people). A good photo identification badge or card system should be no smaller than 2 inches by 3 1/2 includes in size which is laminated or otherwise protected from tampering or forgery and include the name of the library, a reasonable photo, the person's full name (if required), a register number and/or color identifying the staff function and a date of expiration. A full record of badges or cards, preferably as a duplicate from what is issued, should be kept.

7.6 limiting and controlling access to secured areas containing sensitive and high value materials such as areas with special collections, negotiables, and sensitive records. Visitors should be limited by means such as registry, key issue, alarms, and/or security escort entry requirements. Visitors should positively identify themselves, demonstrate a clear need to visit there, sign in and out, and be accompanied at all times by security staff or qualified professional staff. Security should require a ratio of one security escort for every ten persons when groups visit.

7.7 limiting and controlling object entry, if desirable and feasible, to prevent dangerous and unwanted objects from entering and exiting, to prevent illegally or inappropriately obtained materials from leaving. The Library Director should require staff with primary security duties to perform visual and physical inspection of all materials entering and leaving.

7.8 requiring all library materials being removed from the library to be documented at the checkout desk, as a loan.

7.9 requiring a staff person with primary security duties to review regularly the safety of incoming mail and the security of outgoing mail, including parcels left at the door for pickup or drop off.

8. Security Alarms and Electronics

Reliable alarm security systems require local alarm annunciation when an area is occupied; consistent and rapid human response; professional selection and application of alarm sensors for good alarm coverage; secured communication lines and a backup power supply; appropriate adjusting, testing, inspection and maintenance; and a back-up annunciation at a commercial alarm monitoring facility.

The Library Director, or designee in safety and security matters, should be responsible for:

8.1 integrating electronic intrusion detection and security signaling systems into the duties of security staff in order to provide improved security monitoring of conditions. When no security staff is available, instruct Library staff in its proper use to maximize its effectiveness.

8.2 using security alarms to provide continuous alarm protection to some areas and interrupted schedule alarm protection coverage to other areas. Alarm systems in high security areas should have an overlapping security protection with other alarms and a backup alarm annunciation at another location or reporting of alarm to a central station that is monitored 24 hours a day.

8.3 responding to every security alarm annunciation consistently and rapidly. Every local alarm annunciation should be both audible and visual. When the library is closed and empty, the Library Director shall require the security manager, contract security company, or local police to make a consistent and rapid response to every security alarm. The person or company responding to each alarm should report each occurrence and the results of the alarm investigation in writing to the Library Director.

8.4 fully alarming all library exterior perimeter openings, including high and low areas. All exterior doors, ducts, hatches, and windows which open should use magnetic contact or micro switches to alert the alarm monitoring station of an unauthorized opening. Alarms should be installed on the inside or protected side of the opening. Perimeter exterior surfaces with glass, including doors, panels, skylights and windows in window wells, should use glass break detecting sensors that annunciate when the glass is broken or volumetric motion detection to detect the intrusion.

8.5 using volumetric motion detection sensors when possible at strategic places throughout the library during closed hours to detect the unauthorized movement of persons and to detect persons using the library after hours. Some sensors should be visible and some be difficult or impossible to detect. Some should be combination detectors in order to reduce the number of "false" alarms.

8.6 carefully selecting alarms for object and room protection, especially where high value or high risk materials are kept. Special collection storage rooms and walk-in vaults where high value objects are kept should remain continuously locked and alarmed with magnetic contact or micro switches on all openings; be equipped with vibrator alarm sensors on all flat surfaces to detect forced entry from unprotected areas, and should use motion detection or equal protection inside large areas. Microdot tags and similar radio frequency (RF) field labels using exit detectors should be imbedded in high risk library and archive materials. Safes and vaults which contain high values should be located inside secured areas and alarmed with an effective kind of sensor which triggers when opened without authority.

8.7 using closed circuit television (CCTV) security monitoring systems when the person watching the monitor has a very high opportunity consistently to notice a problem situation or condition that requires security attention or when an automated CCTV system records that problem situation or condition. CCTV can be considered to assist in verifying staff entering secured perimeters, including with a buzz in; verifying library or alarm conditions; observing readers using high value materials; and detecting the unusual or critical presence of persons or animals in an area that may require attention or response.

8.8 activating or deactivating all or certain alarms at the beginning and end of times of library shutdown (e.g., nights, weekends, holidays, and closed seasons). Staff who open and close facilities should be authenticated by using an alarm keypad with a confidential code or similar means. These persons and those facing a special threat or excessive fear should be protected from takeover by a silent duress/panic alarm.

8.9 installing hard wiring alarm systems whenever possible. Where this is not practical, wireless should be used and supervised in order to 1) signal when batteries become discharged below a minimum power level and 2) require the control panel to poll or check the detectors at least one per hour or more frequently, as UL standards require.

8.10 using a secure alarm monitoring facility that follows UL Standard 827, Central Station Alarm Service, and meets the equipment listing requirements for at least the "Standard Line Security" level of protection against compromise or tampering. A compromise is the disconnection of the protected area from the communication line or from the alarm monitoring facility without initiating an alarm signal at the alarm monitoring facility or prevents the transmission of an emergency signal or request for assistance. As a minimum, a UL-listed panic device should link to an outside alarm monitoring facility and should be maintained. Any alarm communications link less than a UL "Standard Line Security" is considered to be unprotected and should be commissioned as an alternate acceptable means of alarm line supervision by a professional security consultant and by the library director.

8.11 monitoring security alarm lines against tampering with signaling, supervising the circuit to detect any line alterations and making it capable of operating during a power failure for minimum of twenty-four hours or longer if local conditions require on batteries, alternative power supplies, generators or other means.

8.12 requiring appropriate adjusting, testing, inspection and maintenance of the security alarm coverage and services, with various testing to be continuous and ongoing. Maladjusted, malpositioned and untested alarm sensors do not protect. Badly maintained and uninspected alarm systems often do not protect.

8.13 using a back-up annunciation system at a commercial alarm monitoring facility or, where jurisdiction permits, at a municipal police or similar emergency dispatch station. The alarm monitoring facility should follow UL Standard 1610 for central station burglar alarm units and meet Grade AA equipment listing requirements for protection against tampering and compromise. Libraries with highly trained and adequately equipped full-time professional security staffs should consider establishing their own proprietary alarm monitoring facility within a secured area of the library in order to provide better security with more alarm backup, flexibility and monitoring.

Appendix A: Suggested Security Staff Qualifications

The Library Directory should establish reasonable and justifiable qualifications for security officers, here called staff with primary security duties, detailed in Section 6. Security enforcement requires legal consultation and coordination with local law enforcement. Emergency or security staff require medical training and certification if they provide emergency first aid and cardiopulmonary resuscitation. Armed staff require agreement and coordination with local law enforcement, legal offices and protection specialists; compliance with local, state or national licensing laws; and additional employment screening, training, licensing and supervision.

Appendix B: Staff Pre-Employment Screening Guidelines

With the advice of legal counsel, loss protection professionals and law enforcement officials, the Library Director should manage the conduct of background checks as part of an internal security plan that is integrated into the library protection policy for the protection of staff, workers and patrons.

The Library Director should require all library staff applicants and appointees to complete all basic application requests honestly and completely, with final acceptance dependent upon the completion and acceptability of these.

A written job application that accounts for all periods of employment and gaps between employment during the past five years, to ensure that the applicant not avoid including any incarceration, hospitalization, employment termination or other relevant condition. Note that applicants who submit incomplete or dishonest materials should be given one opportunity to correct their information. Those who misrepresent or avoid questionable information should require further investigation for final acceptance, to determine whether this behavior would continue while employed at the library. A note should be included in any corrected record of the difference between first and second application information. Because prior employers are often reluctant to release negative information, even for legal purposes, a safe, all-encompassing question that deserves a fair answer is whether the previous employer would consider rehiring the applicant.

A signature to verify that all application materials are correct and personally done, with a permission or release form for the library to conduct further background investigation record checks. Note that this should advise applicants that records will be checked and that non acceptability shall be cause for not hiring.

An interview in person by a responsible interviewer at the professional level. Note that the interview should double check that the materials submitted belong to the person being interviewed and were completed by that person. Skilled interviewers should note behaviors that may indicate unusual nervousness, incompleteness or deception about any data or issue that merit further investigation.

Several personal and professional references, as appropriate, who vouch for a person's character and integrity. Note that an applicant or appointee may arrange for someone to respond or pose as a reference. References should be checked to determine that they are who they say they are by checking references' organizations with whom they are affiliated, requiring them to receive mail at the addresses listed and cross-checking given telephone numbers in the telephone directory or with directory assistance.

Educational achievements and licensing data, especially where relevant to the job. License checks show the library's intention to verify work related skills and work histories. An educational achievement check verifies the library's correctness in awarding a work position based on academic achievements. Note that a driver's license check should indicate if the applicant has a major health, drug or alcohol abuse problem that interferes with safely operating a vehicle. A crafts or guard license or certification check, including union card check, should indicate if the applicant has legitimate work qualifications and a length of satisfactory work in the field.

The library director should evaluate each staff position for vulnerability that a person in that position presents to the library, to staff and to patrons, and establish a corresponding level of background check to balance that vulnerability. Here is an example of three category levels that is a suggestion for all readers.

Basic level background check: designed for staff with little or no access to special collections, patrons, valuables, sensitive information or the management of negotiables. This may include staff who work outside the facility and those who move freely in the office spaces but do not have clear or obvious access to any of the above.

Intermediate level background check: designed for staff with typical access to collections and patrons but little or no access to valuables, sensitive information or the management of negotiables. This is "typical" staff access to the library during public and office hours and non staff visitors with a similar capacity. These persons may move through the collection areas unattended before public hours or before offices close, without access to special collection or high security storage. They do not manage special collection materials or valuables, do not have high security keys, do not have after hour access and are not assigned in a regular public contact role that may place a patron or the library in jeopardy. Note that an intermediate level staff check requires more certainty to personal identification and accuracy of records checks, with these additions:

A criminal conviction history check for a period of no less than five years prior to the date of application or as far back as is legal in the jurisdiction. Note that a policy check or "name check" requires a check by social security number and that a juvenile criminal record is not able to be released and checked.

References from previous places of employment for at least the past five years. Note that a prior employment check reports working difficulties and may uncover legal difficulties that were not reported in the criminal conviction history.

Advanced level check: designed for staff with a level of access that poses a higher potential risk, with regular access to special collections, patrons, valuables, sensitive information or the management of negotiables. This includes staff with primary security duties; mail room, loading dock and shipping and receiving staff; those with sensitive information, especially computer information and computer programming; cashiers and cash handlers, accounting and purchasing staff; and staff with access to special collection storage, high security areas and high security keys. Advanced level staff checks shall require a complete application process above, plus:

A reference from all previous employers in the past ten years and a criminal conviction history check for a period of no less than five years prior to the date of application or as fare back as is legal in the jurisdiction. Note the intermediate entry above for criminal conviction checks and the previous employer check note from the basic application check.

A minimum of three references in addition to those previously provided by the applicant, obtained during an interview with the applicant. Note the entry on references above and that the sooner the check may be conducted after receiving the references during the interview, the more valid it may be.

A consumer credit check to determine the applicant's credit history. Note that credit and payment histories reveal financial responsibilities and pressures, personal habits, lifestyles and spending habits that reinforce an understanding of the applicant's character and possible motivation or predisposition to theft or embezzlement.

A civil records check to reveal any unreported civil actions that may reflect on the library. Note that permission is required and that a number of different jurisdictions for places of work and places of residence may require inquiries.

Verification of the education achievements claimed by the applicant. Note that distinguished staff are given privileged status at the library and are publicly known for their academic standing on the basis of education achievements that should be verified. While transcripts are relatively easy to obtain, numerous awards and achievements may be more difficult to certify.

A photograph and fingerprints to certify personal identity. Note that fingerprinting requires the taking of good prints and does not require a fingerprint check at the time of hiring. A photograph from the photo identification card process is sufficient. These records may also permit a staff to be identified or removed from a suspicion list during an investigation.

The library director should require that all persons managing background checks and investigations undergo advance background checks knows as a "full field" investigation, to be conducted and analyzed by a professional consultant or local police officials, not by staff from an umbrella organization who may have concerns or controls that may affect the data or the outcome. The person or persons conducting these investigations need simply to report the result of the investigation against the advanced level acceptance standards above, keeping the information permanently on file. No one involved in the background check process at the library is exempt form it. Board members and persons appointed to positions of public attention connected with the library should also undergo this process for the protection of the library.

The security manager or person responsible for security should gather, review and maintain the required background information in professional and confidential manner and summarize, report and recommend through the personnel director to the library director, most confidentially, a final opinion for each applicant.

The library director should make a decision with the security director and personnel director for final acceptance for employment. Those making final acceptability judgments should link discrepancies in background checks with potential vulnerabilities at the library and make judgments within local law and good ethical judgment. The library director should depend upon the security manager and personnel manager to advocate the best from their professional positions. Each final acceptance decision, change and exception to final acceptability rules or criteria should not be a unilateral decision nor should they have to be unanimous.

Note that this appendix does not define how to determine final acceptability for particular library positions, except for those who review background checks, who must be above reproach. There is no clear-cut criteria for being denied final acceptance except based on civil, legal, and ethical opinions. The background history of the individual should not be the sole criteria for denying employment or promotion, but should be a major factor.

As examples only: applicants with felony records within the recent past, especially for any form of theft and individuals with arrests for use of illegal drugs or narcotics, should be considered subject to denial of final acceptance for intermediate and advanced level access when they have access to high value records and information. Applicants with a record of serious sexual and child abuse convictions should be considered subject to denial of final acceptance for intermediate and advanced level access when they may work closely with patrons and staff. Applicants with older records of criminal or civil convictions or bad credit history may indicate potential risk but not necessarily dishonesty; security manager may wish to consider the possibility of the applicant to reform.

Library staff who manage and process background information should refrain from gathering and refuse to record, report or store information that is irrelevant or immaterial to deciding the final acceptability of the applicant, such as material that is legally discriminatory and court records for civil disobedience involving moral turpitude, sexual preference or similarly irrelevant data. Legal counsel should determine what information may ever be released to individual applicants or others under the Freedom of Information Act.

Exemptions from undergoing background checks and requiring a positive final acceptance are strongly discouraged but inevitably necessary when information and records are incomplete and decisions must be made. No staff should be exempt from the appropriate, pre-determined level of background check nor any decision postponed for an inordinate length of time. No staff should be exempt from preparing an application or providing a release to authorize a background check. Library managers should avoid exempting persons with high status who may present serious vulnerability to the library, including well known scholars, management and board members and those with high public and professional reputation or standing.

When certain records and information are unavailable to investigators, they may gather and use as optional information:

A personality profile test, where legal, that is professionally recognized, to determine an applicant's attitude toward honesty, drug use and similar matters.

A physical examination with drug test, where legal and properly administered, to determine the applicant's freedom from medical illnesses and drug or alcohol abuse.

A worker's compensation check, where legal, may identify applicants who have left previous staffs after committing insurance fraud.

Applications and background check information as personal information, should be protected in use and in storage, with limited access under high security. Consult with a legal counsel if the applicant or others may legally request its release and under what conditions under the Freedom of Information Act. When practical, applicant files should be sealed in an envelope within the file so that it is available for future reference, but not readily available to those in the personnel management or administrative capacity without a need to know. Application and background check information may be retired to another place of record, under the same high security controls, but never destroyed.

Library Security Guidelines-Draft, March 5, 1999