There are an estimated 17,500 museums in the United States. Approximately 21 percent are small museums with operating budgets of $150,000 or less, and 9 percent are large museums with operating budgets of $9 million or more. Our country’s most well-known museum complex, the Smithsonian Institution, had a fiscal 2006 appropriation of $516.57 million.

The American Association of Museums (AAM) reports that approximately 25 percent of general museums, natural history/anthropology museums, science/technology center museums and more than half of history museums have no security at all.

Obviously, the professional contractor has an opportunity to enter this market niche and provide quality security system installations.

But for the contractor to make an impact, he must be aware of the codes and standards that make up the “standards of care” for the industry.

The proposed Code for the Protection of Cultural Resource Properties—Museums, Libraries, and Places of Worship, NFPA 909-2009 edition, will be available soon and provides valuable information and requirements that should be used when marketing to museums. Chapter 8 of the code discusses the security protection plan and requires that a vulnerability assessment be conducted, examines the cultural resource property’s vulnerability to foreseeable crimes; losses through the deliberate actions of third parties, staff members or visitors; breaches in security caused by natural disasters; or from other conditions or physical situations with the potential to cause damage or loss.

The code also requires that the vulnerability assessment include an evaluation of the threat of terrorist activity that has the potential to directly or indirectly affect the cultural resource property.

And where the vulnerability assessment indicates the need for an electronic premises security system, NFPA 909 requires that the system be designed by a qualified person. NFPA also publishes the Standard for the Installation of Electronic Premises Security Systems, NFPA 731-2006, which NFPA 909 requires to be followed for all installations in museums, libraries and places of worship.

NFPA 731-2006 is an installation standard that establishes the “minimum requirements for application, installation, performance, testing and maintenance of physical security systems and components.” The standard is similar in structure to NFPA 72, The National Fire Alarm Code. NFPA 731 also requires that “installation of all wiring, cable, and equipment be in accordance with NFPA 70, the National Electrical Code.”

Another security document available from NFPA is the Guide for Premises Security (730-2006). It addresses the application of security principles based on occupancies, but because it is a guide, it is “a document that is advisory or informative in nature and contains only non-mandatory provisions.”

NFPA 730 uses the application of security principles based on occupancy type to reduce security vulnerabilities to life and property. It is the new national standard of care for premises security for public access facilities, such as museums.

It is important for the contractor to understand that not all public access facilities have identical security vulnerabilities, so there is no set of one-size-fits-all security countermeasures.

Groups of such facilities do, however, experience many common security issues. Many of these issues, as well as examples of effective mitigation/countermeasure techniques, are provided in NFPA 730 through a “tool-box” approach and provide valuable assistance and guidance to contractors and facility security planners when combined with a proven performance-based risk assessment methodology: the security vulnerability assessment (SVA). Accordingly, the professional contractor should encourage all facilities to conduct an SVA to determine the security countermeasures appropriate for their particular organization and potential threats.

NFPA 730 is based on three principles:

> Developing a security plan to ensure that security measures and personnel respond in an integrated and effective way to mitigate the effects of an adversarial event in a manner that is appropriate for that particular organization or facility

> Implementing effective countermeasures specific to public access facility, “soft target,” occupancy types to measurably reduce security vulnerabilities

> Conducting an SVA, the core of any security plan

An SVA is a powerful technique for assessing the current status of an organization’s threat exposures, security measures and preparedness. The SVA described in Chapter 5 of NFPA 730-2006 uses a systematic and methodical process to examine an organization’s vulnerabilities, ways an adversary might exploit those vulnerabilities, and aids in the development and implementation of effective countermeasures.

The guide discusses other considerations essential for protection of occupants, recognizing that adequate security is more than a matter of installing electronic security equipment. NFPA 730, since it is the national standard of care for premises security, is a significant step toward the implementation of meaningful practices for necessary security features in public access buildings nationwide.

Private sector security should be based on a comprehensive asset protection program that includes the protection of an organization’s people, property and information through development and implementation of a comprehensive security plan and the cooperation and support of top management.

A security plan should be developed to ensure that security measures and personnel respond in an integrated and effective way to mitigate the effects of an adversarial event in a manner that is appropriate for that particular organization or facility (Chapter 10).

The SVA is a systematic risk assessment technique for:

> Assessing the current status of an organization’s threat exposures, security features and preparedness

> Examining ways an adversary might exploit an organization’s security vulnerabilities

> Developing countermeasures to mitigate adversarial events

> Strengthening security and life safety layers of protection

The seven-step SVA process consists of the following:

1. Formation of a multidisciplined team

2. Organization/facility characterization

3. Threat assessment

4. Threat vulnerability analysis

5. Countermeasure development

6. Assess risk reduction

7. Document findings/track implementation

Most museum directors are unaware of any of these documents. Knowing this, a professional contractor could purchase copies of NFPA-909, NFPA 730 and NFPA 731 and present them to local museum officials as part of a sales effort to penetrate this market. At the same time, the contractor can assist with the SVA to determine which electronic systems will enhance the security of the institution. Since so many museums have no security at all, a premises security system will provide the least expensive option to improve that situation.

Of course, the challenge for any contractor is to study the codes, standards and the guide so that he will be conversant in the tools available and will know the protection requirements that a museum should follow.

Another challenge is to take advantage of the training provided by the various manufacturers of electronic premises security systems and attend trade shows to view the current state-of-the-art technology.

There are a number of organizations that have training materials or offer seminars. The educational offerings of the American Society of Industrial Security, ASIS International, can be found on its Web site, www.asisonline.org. And a source directly related to museum educational and other material of interest is the AAM, www.aam-us.org.

Professional contractors have an opportunity to enter into an untapped market. With a little homework and extra effort, you can become the museum security system specialist in your market area.

MOORE, a licensed fire protection engineer, frequent speaker and an expert in the life safety field, is a co-editor of the current National Fire Alarm Code Handbook. Moore is a principal with Hughes Associates Inc. at the Warwick, R.I., office.