The Case for Securing Doors on Campus
Host: Hello, and welcome to Prevention and Protection, the United Educators Risk Management Podcast. Today’s discussion on securing doors on campus will be hosted by Liza Kabanova, United Educators Risk Management consultant. Liza will be joined by Eric Hartman, Executive Director of Enterprise Risk Management at the University of Denver. Before we begin, a quick reminder: You can find other episodes of the Prevention and Protection Podcast, as well as risk management resources, on our website, www.ue.org. This and all podcast episodes are also available on Apple Podcasts and Spotify. Now here’s Liza.
Liza Kabanova: Hi, Eric. Thank you so much for joining us for today’s podcast about securing doors on campus and what you learned during this process. I know that this topic has many implications for students, staff, and visitor safety and on many different levels, and so I’m eager to dive into this topic and hear from you directly.
All right. Well, let’s start with why about why we’re having this conversation today. Eric, could you share a little bit about why this topic is relevant on campus?
Eric Hartman: Sure. Well, I think from my perspective, doors are this novel invention, right? We’ve had them for a long time. We’ve blocked them, but we also lose sight of what their value is. And in the process of responding to the COVID-19 pandemic, I think we all began to better understand some of the tools that we’ve always had available to us but we’ve never taken full advantage of or kind of have forgotten to take advantage of them. And so for me, this topic surfaced around our after-action review related to the pandemic’s response. And the way that we managed compliance around the pandemic had to do with the ability to secure doors and control compliance related to the pandemic by using door access. And so if you hadn’t tested, according to our protocol, if you hadn’t participated in our vaccination protocols, like we used the doors as a way to secure, and we had kind of an automated card swipe method for doing that.
And it brought to surface all sorts of advantages of thinking about doors differently [than] the way that we have in the past. That’s part of what surfaced this conversation was our own reflection on what we learned through the pandemic and what we needed to carry forward, probably with a different nuanced approach than the way that we have managed our safety and security in the past.
Kabanova: Those are some really interesting points, Eric. So for you, this surfaced during the pandemic. What are some of the lessons that you learned during the pandemic?
Hartman: We were looking at to what degree do we reopen campus and knowing that we took full advantage of our ability to secure doors, using it to leverage compliance. And so then our next step in that process was to say, before we get ready to kind of return to one of our most important values, which is this idea of hospitality, right? Inclusion. We want to keep our doors open so that people can visit, so that they can explore what it might mean to be a student. They can come to our events that we host, and we were excited to get back on track for that level of hospitality, that level of sense of belonging. And at the same time, we were recognizing that there was this elevated sense of emotional safety that had also surfaced from having doors secured, doors locked.
And while we were excited about getting to an endemic phase of the pandemic and thinking about all of the elements that might mean, we also experienced some tension as we were having conversations with deans and directors and building managers about what it means to get back to some level of new normal.
And there was this recognition that some people actually felt better that the doors were locked. And so then you, of course, go back to those things that you already know from a risk management perspective that when you have the doors secured, it drives down crime rate, like the crimes of convenience where people who maybe shouldn’t be in the building or do have permission to be in the building, but they steal things, they walk away with things, it’s easy to do it because the building’s simply wide open. I think we also realize that there’s data that we should look at to kind of see what was our experience related to crime rate when the doors were tightly secured and we were focusing on the pandemic and security.
And so as we looked at some of those pieces, we realized that not only did securing the doors help us manage compliance, it also significantly reduced the on-campus theft that we experienced as part of our pandemic response. And so then we had some real data points to say, “There’s more value here to look carefully at not just the emotional sense of security that it gave, but also the reduction of crimes or even other incidents knowing that even active shooters tend to find the opportunity to kind of penetrate a building.” And oftentimes that’s through an unlocked door. And so if you just have more doors locked, it is likely to prevent all sorts of crimes, some of which you never really get to know.
Kabanova: Eric, those are some really interesting points that you’ve made in particular. I want to dive in a little bit about before we dive into risk management practices on this topic, some of the challenges that you see with securing spaces. I know you mentioned the hospitality culture as something that’s of course a very big positive. Is that something that has also been a challenge? And what other challenges have you seen?
Hartman: Sure. We have lots of challenges. When you lock in secure doors, it creates other challenges. Sometimes people who need access can’t get access. I think the other challenges, which are just more simply, is that people forget their keys, they forget their locks, their card scans to get in, and it does create other challenges, deliveries, and those are all details that you have to kind of work through as you’re trying to balance the needs for security with the other needs that you need to kind of manage business as normal.
So there are plenty of challenges to it, and there are ways in which you can also kind of work through those details, but it does require attention to relationships, details, and some of the business operations that doors contribute to that you don’t usually think about doors as an element for how you manage your operations.
So yes, it’s a challenge. It’s mostly a challenge anytime you’re dealing with 18- to 22-year-olds to try to help them understand that they may not be able to forget important things that give them access to food or where they live or the classroom, which is why they’re predominantly there.
Kabanova: And I’m laughing right now because, I mean, college students forgetting their keys, sounds absolutely unexpected. So what are some of the risk management practices that schools can implement, and could you share just a little bit about what you’ve done so far?
Hartman: Sure. So we’ve been very strategic about the doors that we’ve been unlocking and securing. So some doors, we’ve remained secured during business hours. And I think that was one of the lessons learned is we looked at specifically, we did some geo-mapping as to where have we experienced some incidents of crime and where did we not experience those when those doors were secure, knowing that that’s likely a contributing factor to it, and how many of the doors can we keep secured and how often can we keep those secured knowing that it likely contributes to the reduction of other types of challenges. So we were very intentional about mapping those out across campus, identifying which doors we needed for business purposes, which ones we didn’t.
And historically, we had actually opened a lot more doors than we needed to, and this provided an opportunity for us to be more intentional and more specific on which doors we would open, when we would open them, how long we would keep them open, and did we want to take a more nuanced approach to what was open and when. And that began to really create a very different narrative as to how you might manage access to a building, the stakeholders that you might need to engage, and the real emotional and risk benefits that come from the nuanced approach to it.
So we did it across the entire campus. It took a lot of coordination, collaboration, relationship credibility, to be able to make some of these suggestions because we were encroaching on what was a very important value proposition. And some of that was also from an admissions perspective, right. You want anyone to show up and be able to see the experience that they might have if they actually step foot on your campus. And how negative might it be to experience too many closed doors in that encounter? Is that a liability or is that a promise that people actually might look forward to having, knowing that they’ll be in a place that has tighter controls?
We’re in a middle of a city, we’re in an urban setting. All of those pieces become pretty important to manage. But you don’t completely get to know exactly how that change would affect someone’s opinion about the place.
So you have to be kind of open to listening and to understanding what those perspectives might be. So specifically, we really looked at when do buildings need to be opened? What front doors do we have that we could open maybe for the benefit of keeping some other doors closed and secured more permanently. Now, every student’s card swipes to open an academic building – any space that they need to get in, as long as they have their card and it’s not after a too late of an hour where we’ve determined a building would be closed, they would be able to have access to. And the same would be true for faculty or staff who need access to their particular buildings. But it doesn’t mean they need access to everything. And so specific buildings we decided not to open. We looked at traffic patterns too, because we used card scan because we had two years of data from the COVID period where people had to swipe in.
We really had significant clarity as to which doors mattered more than others. So you didn’t just need to hire an architect to watch foot patterns, but you could actually do the same thing using the data analytics from your card swipes. So that informed where we felt like we should be a little bit more open and where we may be needed to recognize there’s no reason for this door to ever be open. It’s underutilized. It has a point of vulnerability, and it’s not essential to our core operations of what we need to function.
Kabanova: That’s really interesting. And my follow-up question actually was related to that. Are there any examples of spaces that you decided not to open as a result?
Hartman: Sure. So my office, really, nobody needs access to my office, and I have very few visitors coming in and formally kind of saying, “Hey, I’d really like to talk to you about risk management.” So that’s an example. And the adjacency areas of which, what I would say behind the curtain operation. So our Controller’s office, many of the facility operations that are using it for storage areas, and those things that are not student-facing. So we started to really differentiate between what was student-facing and what was not, and leveraging kind the doors as a way to kind of clarify, these offices are really not essential for serving students. So we could keep those more secured. Probably, I think at this point we have almost half of our doors that are secured at all times. You need a card to swipe in, and that was not all the case historically.
Kabanova: Yeah, I imagine that’s a huge culture change, but I’m sure that as everyone on campus kind of started to get used to key cards, kind of noticed that the change has been helpful in many ways. My follow-up question to what you were sharing was in terms of who has access to different types of spaces, you mentioned that students don’t have access to certain types of spaces. Would you be able to share some examples where students do have access to certain types of spaces versus employees versus maybe employees like yourself, who may need access to greater spaces on campus? Could you differentiate that and provide some examples?
Hartman: Sure. We have multiple levels of clearance for cards. So ,for example, Campus Safety can access everything. I’m at a level just below Campus Safety where I can access most things but don’t need access to all things. And so there’s some nuanced gradation in those particular roles for employees. And then you start to get into faculty and students and athletes, we’ll put athletes in that category as well. So for the most part, students have access to the all-academic buildings, the library, the common spaces like our community commons and their residential hall, if they’re a graduate student, we have residence halls for graduate students, we have undergraduate students. So their cards work to access all of those spaces, which we know by data that those are the spaces that they need and that they use on a routine basis. So you’re able to customize their access according to what they need and whether the door is secured and it requires your card scan to access, or if it’s locked completely as if the building is closed, then they wouldn’t have access.
So you’re looking at operation hours as one guardrail and then you’re looking at access as another guardrail. But students have this point have not really complained about their limited access to particular spaces because for the most part, we’re just mapping our policies and procedures according to what their behaviors already were exposing, looking at the card scan as data points. And then faculty have access to the same type of common spaces, but also predominantly their academic buildings and other kind of adjacent back academic buildings.
So it narrows the scope of it narrows the policy and openness to really those specific needs and then tries to secure the other pieces. And then we listen and adjust accordingly. So when we have a problem, we might have to make an adjustment. But that generally has been our approach where I don’t need access to all buildings, to be honest. I mean, I might because of my particular role, but for the most part there are areas that I probably don’t need access to and we don’t actually leverage access to it. So it just takes a more nuanced approach to it. It has to be more detailed, it has to have a logic behind it. It has to be communicated broadly to key stakeholders. But if you do those pieces, and particularly the communication pieces, it can actually hold together with integrity and with some improved both emotional safety and actual security of buildings.
Kabanova: It’s fascinating just to hear the level of planning that has to go into this and really using the data that you have to inform your decisions, and at the same time to have that flexibility when new challenges come up. I also just wanted to ask one more follow-up question on access. Are there certain more secure spaces that really require more requirements for access? And if so, can you share some examples and maybe how that determination is made?
Hartman: For example, our Controller’s office, it’s where the majority of our financial operations is managed. It’s transactional. It could be predominantly a remote operation, and in fact it somewhat is because it’s adjacent to campus, but not actually on main campus. That whole space became fairly easy to say it’s separate, it’s not student-facing. We could keep that secured. Two other spaces worth noting would be we have an office that is responsive to the needs of victims and survivors of sexual violence, and those spaces are always secured. They’re by appointment only. And so they can leverage the security protocols of card swipe to really only allow people who are in need of those victim and survivor services. So that’s the second space. And then the other space worth mentioning would be our IT spaces where we have servers or more assets in particular that we want to more tightly protect and really limit a very small number of people who would have access to it.
Kabanova: Thanks for sharing those. And I imagine there’s just some huge benefits to those different areas to know that their spaces are secured and that there’s a higher level of determination to ensure access. Next, I want to move on to talk a little bit about any challenges that you might have seen in implementing key cards and in particular if there are any challenges from accessibility or disability or an inclusion perspective.
Hartman: Sure. It’s a really good question. And I would say of the difficulties that we have encountered, it would be around, I guess, two things. One is the emotional benefits of feeling safe and secure. And then when we got ready to say, “We’d like to open a little bit, we’d like to go back and having events in your space.” And there were some folks that were like, “No, thank you.” And that creates some new challenges. You have an entire office dedicated to hosting conferences and meetings and events sometimes for external organizations or parties or conferences that you want to be open. And so there’s some tension there that you had to work through where some people were more comfortable just saying, “Actually, we’re pretty comfortable not having those anymore.” And there becomes some tension between what’s the mission of the institution and what’s the tension that it creates by reopening some of those spaces.
And that’s a sense of emotional loss when you lose some aspect of your control. Also, ADA issues related to, you can unlock, for example, instead of opening an entire academic building, we opened just a few front doors, doors that we also had cameras on so we could better control or better understand what was the activity happening in that space. But sometimes those front doors and the ones that we knew were highly trafficked were not always our ADA doors, were not always conveniently located for ADA reasons. And so we had to be mindful of the needs of folks who might have mobility challenges, and you need to think about the adjacencies or the additional care that it takes to allow access to anyone, whether a student or a visitor that you’re not adversely hindering their ability to access a building. And then, I think, the other big challenge is that people complain. They just straight up, they complain.
They don’t want to be reminded that they have to participate in a testing protocol or vaccine protocol or they’re out of compliance for something. Those are the things we learned through COVID. And then as we progressed toward the endemic phase, what we experienced is people still complain. They want access to what they want access to. They can justify it, they can rationalize it, but if you hold them accountable, then sometimes it only takes 10 minutes for them to comply with a rule or take care of something that they need to take care of or to remember their card like, well next time, just remember your card. We could let them in the building this time, but that door’s going to remain locked. And so the next time you want to use this door, you’ll just need to remember your card so that you can access it. And those are levels of complaining and negative feedback that I would say are worth the endeavor.
Kabanova: It’s hard to put a dollar amount on someone’s physical safety and emotional safety. So it’s great to hear that you’re thinking about that as you’re planning this process. Eric, you mentioned that key cards have data associated with them, and so we know in education that anytime we have data, we have some privacy considerations in mind. Are there any privacy implications with key cards?
Hartman: Well, there are. I mean, I think anytime you use data and it’s associated with a particular individual, you have the added vulnerability of recognizing that it is sometimes identity-specific information that you have to tightly control. So yes, those are the levels of detail that we have to use. I think the way that we mostly used data was in the aggregate form and to identify traffic patterns, which allows you to de-identify data sets to recognize what’s the purpose of this. It’s much more about understanding traffic patterns, understanding flows, understanding the importance of access. And so we found ways to use it that kind of allowed us to control for that. But there was very specific health information that was aligned with access to a building. So we knew we were going to keep people during the pandemic out of a building if they weren’t compliant. And we knew that because we would connect their health information with their card information, and we had to go through specific levels of privacy controls to make sure that people didn’t have access to knowing the why.
What is it about a person’s health record that prevents them from access in a building? But just knew that these individuals needed to not have access to this building. And it is a level of detail. It takes attention to controls and to the level of information and to roles specific to those data sets. So we had probably a team of five or six people who all had distinct roles in making those decisions and a clear handoff as to what they would receive, what they wouldn’t receive, how they would receive it, so that you can protect the privacy of some of that very specific and detailed information.
And I think the second part of that is we’re also in a state that just passed the Colorado Privacy Act, which is very specific about consumer rights related to privacy and the ability to actually receive all of your personal information that you might have in a file that would be connected to any of these pieces.
And so while that law doesn’t go into effect until July , we are already in the readiness stage of figuring out what that might mean and how might we have to make that available to other individuals who would make a request for their tool portability of their digital record, and thinking about all the things that might include. And as we move down this path of thinking about individual controls and individual doors, that becomes part of a record that you need to manage, secure, and think about the implications of how you retain it, how long you retain it, and making sure you minimize that footprint for the data that you need and use and the data that you can also discard of because it’s no longer usable. So we are routinely updating that information and then trying to eliminate the ownership of it, the possession of it, when it’s no longer relevant.
Kabanova: It sounds like privacy is really just another added layer of complexity for this really big topic.
Hartman: It is. And I think one of the challenges with privacy is that you have to convince people that they should care about it. I think that’ll be one of the next frontiers that we have to address.
Kabanova: Well, since we’re calling this podcast “The Case for Securing Doors on Campus,” I’d love to close out our podcast by delivering on that promise. I know many institutions are using physical keys while many others have made the switch to digital key cards. For an institution that is still using physical keys and not key cards, do you have any recommendations for making the switch to digital key cards? In other words, what’s the case for implementing key cards?
Hartman: Sure. It’s a really good question, and I’m sure it’s one which a lot of sometimes smaller institutions might be struggling with having come from one of those that still has physical keys, and it’s an expense, and we know that it’s expensive endeavor. And so then you have to ask your question, “Well, what’s the return on that investment?” And I think it’s easy for me to, having worked now in two different places, to really understand that there’s a significant amount of uncertainty that’s in our world. We’ve come to almost expect uncertainty, whether it’s pandemic, whether it’s crime, whether it’s inflation, whatever it might be. And in responding to uncertainty, do you need certain tools and you don’t always know which tools you’ll need for which particular type of risk or challenge. The ability to lock a door is a profound tool in your toolkit, and one of the reasons why I think it is it will become of elevated importance is not just on crime prevention that’s significant.
We are finding ways to use it for sexual assault, misconduct, prevention, and response. I think we’re finding it as a way to control access for specific types of operations and cybersecurity. Those are all enhanced. When you have the ability to have it digitized and you have kind of that investment made, you can be more nuanced about it. You can lock all doors in one swipe in case you have a significant type of catastrophic event or an active shooter event. Those are invaluable tools, and those alone make the case. But for me, there’s a more important reason to do it than just all of that.
And that is in the changing world that we live in, where emotional stability and mental health becomes of an increasing importance both for students and for employees, ee know that we have to respond to those needs. And the ability to secure doors is a significant asset in contributing meaningfully to the emotional safety and security of your community.
And you don’t know when you need it. What we’ve learned is there’s some nuance as to how you can use it, but at any point we might need all of it. And you don’t get that opportunity unless you have some degree of investment in the automation of it, and that is invaluable. So I can’t say enough that we would not have been successful in managing our pandemic response without the ability. We have now been successful in managing some of our minor crimes through that ability. We’ve also experienced people just feeling a stronger sense of safety and belonging because of that ability. So the evidence is there. I think many people just haven’t enabled it. They haven’t experienced it, so you didn’t know it was there. You didn’t know it had that potential until you really start to unpack having used it in a particular pandemic state. So now we actually better understand the value of it than we ever could have had we not had the experience. So for me, pretty clear it’s a valuable investment.
Kabanova: Well, Eric, thank you so much for having this really important conversation with me. Is there anything else that you’d like to add or anything we haven’t discussed yet that might be helpful for our listeners?
Hartman: I would just offer a bit about United Educators’ resources. They have an abundance of resources available on a collection of topics of which we utilize on a regular basis, and sometimes we just use those directly, right? It’s a great resource in and of itself.
I think other times we blend those to create our own kind of University of Denver-specific checklists that are customized for us, and sometimes we map some together. So if you just look at the most recent top risks across the United Educators’ members, you see that mental health is kind of surfaced as a new top issue. And while that stands independent of it, you also can start to connect it to the other resources that you have. Seeing that they have good solutions in this space related to a top risk, you need to think about that top risk’s adjacency to issues like securing doors and begin to make sense of your campus culture so that you’re meaningfully contributing to it. And that’s really enabled by a collection of UE resources that they make available. There’s a lot of rich resources there are already available for you.
Kabanova: Well, thanks, Eric. That’s a huge compliment and I’m really glad that UE resources have been valuable on your end. And thank you again so much just for having this conversation with me. I know our listeners will find your examples invaluable and hopefully that your suggestion for making the case to switching from physical keys to digital access may help some of our listeners start that conversation on their campus or maybe get some buy-in for that. And as Eric mentioned, UE has developed some resources on this topic.
We developed a checklist for physical security that UE members may particularly find helpful in identifying spaces to secure. Additionally, if you want to dive deeper into securing residence hall doors specifically, we published a shorter piece on securing residence hall exterior doors. Please check out all of our risk management resources on our website, UE.org. Thanks again, Eric, for having this conversation with me, and have a great day.
Hartman: Thank you.
Host: From United Educators Insurance. This is the Prevention and Protection Podcast. For additional episodes and other risk management resources, please visit our website at www.ue.org.