Strengthening your security strategy, part 1: Assessing your security service

In healthcare, education, and other institutional environments, security isn’t just about protecting assets. It’s about ensuring the safety, trust, and continuity that support your core mission. Patients, students, faculty, and staff rely on a secure environment to do their best work—and that requires more than just a static contract.

An effective outsourced security program demands regular evaluation, clear alignment with your operational realities, and continuous improvement.

Hospitals expand, campuses evolve, and threat profiles shift over time. What worked a year ago may no longer be sufficient, or even relevant. Small oversights, like outdated patrol procedures or unclear escalation protocols, can escalate into major vulnerabilities if not proactively addressed.

This article is the first in a two-part guide designed to help institutions take a strategic, proactive approach to evaluating their security service provider.

In this first part, we’ll help you uncover potential gaps in your current program. In Part 2, we’ll help you choose the right security partner to close those gaps and build a more resilient, future-ready program.

1. Start with a security risk assessment

The foundation of any strong security strategy is a clear understanding of your risk landscape. A professional security risk assessment should include:

A detailed walk-through of your campus or facility
Stakeholder interviews
A review of historical incidents and near-misses

This isn’t just about checking for unlocked doors. It’s about understanding how real-world risks interact with your current controls, and whether your current provider is effectively mitigating them.

Are you protecting against unauthorized access, workplace violence, internal theft, or something else entirely? The answer should reflect your environment’s specific pressures, whether that’s student protests, emergency room overflow, or research lab access controls.

Security assessments should be conducted annually or whenever significant changes occur (e.g., new buildings, revised operating hours, policy updates, or recent security events).

A qualified provider won’t just offer a checklist. They’ll tailor the process to your setting and help you prioritize risks based on likelihood and potential impact.

Read more:

2. Audit your existing physical measures

Once you’ve identified risks, it’s time to assess whether your current safeguards are up to the task. That includes both human and technical measures.

Start with access control. Are all entry points staffed or monitored appropriately? Are some doors left unlocked for convenience, despite policy? Could reducing the number of accessible entrances improve control without impacting daily operations?

Next, review your surveillance system. Are cameras strategically positioned based on your current threat profile? Are they functioning properly, delivering clear footage, and reviewed regularly—not just in response to an incident?

Don’t overlook the human element. Your on-site security team should have clear, documented post orders, and demonstrate consistent, professional execution. Are guards alert, informed, and approachable? Are they equipped to handle the most likely incidents at your facility, whether that’s de-escalation with an aggressive visitor or managing large student gatherings?

And finally, evaluate basic physical assets: lighting, fencing, panic buttons, signage, and locks. Even the most sophisticated security plan can be undermined by a single broken gate or a malfunctioning badge reader.

Read more:

3. Evaluate people and processes

The best technology and protocols in the world won’t make an impact without well-trained, well-supported people. That means looking beyond your guards to evaluate how security is integrated into your broader organization.

Are staff across departments aware of emergency procedures? Has your team conducted any recent drills, such as active shooter or lockdown scenarios? Do your clinical or academic teams know what to do, or who to call in a security event?

Then examine your incident reporting process. Is there a clear, timely, and consistent approach to logging and escalating issues? Are reports reviewed with stakeholders and used to improve procedures, or are they simply filed away?

Security should not operate in isolation. The strongest programs are supported by leadership and treated as a cross-functional priority.

If your internal stakeholders feel disconnected from your provider or uncertain about processes, it may be time to reassess.

Also consider the training your guards receive, whether they are in-house or outsourced. Is it limited to licensing and onboarding, or does it include site-specific, scenario-based, or customer service training?

In highly sensitive settings like hospitals or academic institutions, guards need the tools and confidence to respond appropriately and empathetically (and also to meet compliance requirements, as in the Title IX Act).

Read more:

4. Identify “soft spots” in daily operations

Some vulnerabilities can’t be seen on a security plan—they only emerge in day-to-day practice.

For example, do guards routinely patrol high-risk areas such as loading docks, side entrances, or unstaffed hallways? Are they engaging with students, patients, or staff, or are they mostly reactive? Does shift handover include a proper briefing, or are things lost in transition?

Policies also deserve scrutiny. Are your visitor protocols enforced consistently? Do ID badge requirements apply equally across shifts and departments? Inconsistencies, even if well-intentioned, create openings for security lapses.

Be especially mindful of over-reliance on either guards or technology. In many institutions, cameras record everything … but no one is watching in real-time. Or you may have security personnel on-site, but without the tools to respond quickly or escalate effectively.

A truly effective approach blends people, process, and technology for layered coverage.

5. Close the loop: Reporting, feedback, and continuous improvement

Security is not a static contract. It’s a performance-driven partnership. Incident reports and guard logs are valuable only if they inform action.

Do you receive clear, routine reports? Are trends shared with leadership during review meetings? Are near misses treated as learning opportunities, or are they overlooked entirely?

A strong feedback loop between guards, supervisors, and your internal contacts ensures that concerns are surfaced early and addressed promptly. It also encourages guards to take ownership and pride in their work, which directly impacts service quality.

A top-tier provider should also bring forward proactive recommendations, such as revising post orders based on seasonal changes, adding mobile patrols during construction, or flagging areas that require better lighting.

If your current vendor only responds when prompted, they may be missing the bigger picture.

Conclusion

If you’ve outsourced your security services, evaluating performance is not a nice-to-have. It’s a necessity. Security must evolve alongside your premises, your users, and the risks you face.

With a structured evaluation process in place, your organization is better equipped to prevent incidents, respond effectively, and demonstrate leadership’s commitment to safety.

If you're ready to take a closer look at your current setup, GardaWorld Security offers complimentary program reviews tailored to your operations, your challenges, and your goals. Let’s talk about elevating your security.

In Part 2 of this series, we’ll cover how to select the right security partner to close those gaps and support your long-term objectives.