As recent tragic events in Nairobi have shown, it is not just fire that creates the need for rapid evacuation from shopping centres or other buildings with large numbers of people. Alan Field explains the types of issues that need to be considered when reviewing risk assessments and resilience measures.

Fire is rarely a friend in property management. However, it can be of use as some of the building features and evacuation processes designed to meet its challenges can be adapted to security situations. Equally, some security scenarios will need a very different approach to that envisaged in fire safety management. It is important to understand both the strengths and vulnerabilities of these different approaches, as such awareness can really make the difference between disaster or containment in a security incident.

What is security?

With a shopping or office complex, security incidents can range from comparatively minor acts of theft or criminal damage to very serious scenarios, such as the terror attacks on Nairobi’s Westgate Mall in September 2013. When considering intruders with violent intent it is important to remember that they can have many different motives. These can include “ram raiding” or armed robbery and disputes with other persons or parties who happen to be on the premises. In most locations, these would be more likely motives than terrorism.

Security also implies access control and, sometimes, even the control of movement within the premises so that only those staff members who have legitimate reasons to be in part of the complex can be there. This is similar to a complex with public access that is designed to give them apparent free access but where there are clear design features to prevent entry to the private or otherwise controlled areas of the site. Of course, security can cover a wider definition than this, but it gives us the key pointers for looking at crowd management in terms of emergency evacuation or “invacs” (ie containment of people within the building).

Designer options

Modern shopping centres, transportation hubs and other buildings with mass public access are usually designed with security situations in mind as well as fire safety. When taking over the responsibilities for such a building, this is one of the first points to find out about before looking at the current security risk assessments. Understanding the design approach to fire and security can be very informative, especially when considering evacuation strategies.

However, if the building wasn’t originally designed with one or more security threats in mind (ie designed to deter robbers but not to contain a terrorist attack, as was the case in Nairobi), then one strategy is to see how the fire safety design may be adapted to support a defensive strategy. A defensive strategy may not always involve a total or immediate evacuation. Scenarios have to be considered and planned for as appropriate. This is why security risk assessments and specialist advice based on these extreme scenarios are so important.

For example, risks may arise from adjoining premises and/or vehicular escape routes that pass through or alongside the premises. In these cases, invacs may be more appropriate. Containing large numbers of people — especially if they become aware of an ongoing emergency outside — will require good soft skills that staff will need to be fully briefed on. Such skills will need to be as good, if not better, than those used in the process of marshalling people into pre-defined refuge areas.

Using physical controls or denying access to vehicles — for example through reinforced concrete flower troughs and bollards — is not just used to prevent “car bombs.” Such means can also be used to prevent intruders (including armed criminals) from using service roads as escape routes. Or worse still, from abandoning their vehicles within, or at close proximity to, the building so as to use the premises as a pedestrian escape route which, in turn, could lead to hostage and other life-threatening scenarios. This shows that, while your premises may not be the primary target, the potential outcomes could be just as serious.

Access and control

Access control systems can be programmed for security emergencies, for example by restricting movements in a co-ordinated manner depending on the entry point and progression of the intruders. Such systems can also be used to make progress more difficult for intruders, particularly in office buildings, by denying the use of storage areas and empty offices or units to assist their efforts. The containment of intruders can of course put any other person in that compartmented area at great risk, so that which is technically possible may not always be the wisest approach. In this scenario, consider any methods that are designed for either a total or a staged evacuation. These might include design features — for example walls or concealed doors in traffic areas that will open and enable the public to exit the building.

Sometimes these designs can also divert traffic to prevent entry to the zone or compartment in which the fire or security incident is occurring. Such features exist chiefly to minimise any panic and to assist a rapid evacuation in a fire situation. Some staged evacuation strategies also rely on such physical devices and can, depending on the site, reduce the risk of overcrowding onto exit routes simply by creating multiple egress routes or controlling the number of evacuees at any one time. These strategies can be equally useful if a serious security situation arises, for example, both the public and, perhaps more importantly, any assailants may be equally surprised by the rapid and relatively discreet methods of escape. In the worst-case scenario — just as with fire — we are looking to minimise the number of potential victims.

Communicating emergency messages

It is vital that emergency messages can be communicated effectively throughout a large site. This may be achieved through a combination of alarms, signage and public address or radio communication systems. Many organisations have different alarm signals to differentiate between fire and other emergencies, such as bomb threats. For example, most shopping centres have early warning systems to notify that shoplifters and other criminals are on site; most often signalled via radio communication. This system can be adapted for use in different security situations as a means of communicating the planned responses that are needed, ie evacuation strategies. A prompt and appropriate response to a security breach that threatens the premises or the people therein can make a lot of practical difference to the outcome.

In terms of communication strategies, all staff, including those not directly involved in security, must be knowledgeable of the emergency messages. Processes should be in place for making sure these are understood, and continue to be understood, over a period of time.

Ensuring that messages are understood will always be a challenge, say, in shopping centres where tenants and their local managers may change regularly. This means that the communication process needs to be kept as clear and simple as possible with an agreed process for reinforcing this to new and existing parties.

In a shopping centre or multi-tenanted office complex, this might include co-ordinating security policies. Part of this process should be making sure that all parties consider the risks of armed intruders and hostage scenarios even if these seem very unlikely and, perhaps, something they prefer not to think about.

Consultation with the police

Consultation with the police and other specialist advisers should always be explored and membership of local police initiatives, such as “Project Griffin” in London, is likely to help focus policies and risk assessments. Different police forces may have different approaches to handling security situations that require their intervention (particularly in the way their own response is phased or managed). So, when taking over a building an organisation should not necessarily rely on guidance previously given by a different police force on such matters.


Resiliency or business continuity planning should always consider serious security incidents. If desk-top scenarios are undertaken then considering how a security incident involving armed intruders would be handled might be a useful thing to schedule at an early opportunity.

Many organisations plan well for major incidents of all kinds. Nevertheless, new and emerging risks and how the organisation will respond to them should always be considered.

Last reviewed 10 December 2013