031 Security Standards - Jun-19

Security Standards
Technical Document
Version 0 – June 2019
R AFFLES \ ORIENT EXPRESS \ BANYAN TREE \ DEL ANO \ SOFITEL LEGEND \ FAIRMONT \ SL S \ SO \ SOFITEL \ THE ORIGINAL S
RIXOS \ MANTIS \ MGALLERY \ 21C \ ART SERIES \ MONDRIAN \ PULLMAN \ SWISSÔTEL \ ANGSANA \ 2 5HOURS HOTEL S
H Y D E \ M ÖV EN P I C K \ G R A N D M ER C U R E \ P EP P ER S \ T H E S EB EL \ M A N T R A \ N OVOT EL \ M ER C U R E \ A DAG I O
MAMA SHELTER \ TRIBE \ BRE AKFREE \ IBIS \ IBIS S T YLES \ IBIS BUDGE T \ JO& JOE \ HOTELF 1
Security Standards | Technical Document
1. Guidelines | 2. Building | 3. Technical Equipment | 4. Human Action
Glossary of Terms
Term Definition Term Definition Term Definition
AACS Automated Access Control System GTS Guard Tour System NPR Number Plate Recognition
ACS Access Control System HMA Hotel Management Agreement NVR Network Video Recorder
ADA Americans with Disabilities Act HPG High Profile Guests Payment Card Industry –
PCI-DSS
Data Security Standard
ATM Automated Teller Machine HR Human Resources
PDSCR Pedestrian Screening
AV Audio Visual HVM Hostile Vehicle Mitigation
PIDS Perimeter Intrusions Detection System
BR Burglar Resistant Information & Communications
ICT
Technology PIN Personal Identification Number
BW Biological Warfare
ID Identification PTZ Pan-Tilt-Zoom
CBR Chemical Biological Radiological
IDS Intruder Detection System Redundant Array of
RAID
CCTV Closed Circuit Television Independent Disks
Standards issue by the International
IEC
CEO Chief Executive Officer Electro-Technical Commission RDD Radiological Dispersal Device
Crime Prevention Through IED Improvised Explosive Device RFID Radio-frequency Identification
CPTED
Environmental Design
IP Internet Protocol SSCR Safety & Security Control Room
DT Dual Technology
IR Intruder Resistant SRA Security Risk Assessment
EKMS Electronic Key Management System
International Organisation for TSA Technical Services Agreement
ISO
FEBR Forced Entry Ballistic Resistant Standardisation.
UPS Uninterruptable Power Supply
FoV Field of View IT Information Technology
WTMD Walk-Through Metal Detector
GUI Graphical User Interface KAC Key Access Control
GSA General Services Administration NGO Non-Government Organisations
2 Accor Technical Document | Version 0 | June 2019

1. Guidelines
1.1 Introduction Supported by a strong network of partnerships with the diplomatic and consular
authorities and with the security managers of international businesses, the safety
and security department runs and coordinates a unified and pragmatic security
Security is a key aspect of the “contract of confidence” existing between
policy designed for the group’s staff and establishments.
AccorHotels, its clients and its colleagues. The company is a responsible business
which must assume its security obligations in a disciplined and professional
The effectiveness of this policy is dependent upon its strict application.
manner, anticipating any risks in as far as possible. The decision-makers have
permanent responsibility and even liability on this point, and may be obliged to
provide proof at all times not only that no fault was committed within the company 1.2 Development of Document
but also that relevant and sufficient risk prevention measures were taken. The
slightest carelessness or negligence may result in criminal, financial or commercial In developing this document, establishing an overarching global baseline required
consequences, particularly those resulting from a loss of reputation for the brand. an in-depth review of security-related standards pertaining to physical, technical
and operational practices. In doing so, standards, regulations, laws and best
Additionally, the need for security felt by clients and staff is further heightened practices of the following six regions were focused on:
by a complex, fast-changing and often stress-inducing climate where security
—— Western Europe
is concerned. AccorHotels must propose solutions which are both effective and
reassuring. Our acquired knowhow in the security field should be a source of added —— Eastern Europe
value, enabling us to exploit future growth opportunities by innovating in the way
—— North America
we manage risks.
—— South America
With this in mind, AccorHotels has set up a safety and security department with —— Middle East & Africa
the aim of defining and supporting a comprehensive security strategy, under the
authority of the group’s deputy Chief Executive Officer (CEO). A network of security —— Asia Pacific
correspondents and managers enable it to monitor and support the deployment of
this strategy. 1.3 Purpose of Document
Technical documents, operational information and communication resources have In keeping with AccorHotels’ security mission and objectives, the approach to
been developed and made available to all stakeholders in order to generate a security management for AccorHotels’ hotels and assets, is to maintain safety
genuinely dynamic interactive process, conducive to responsiveness, adaptation and security and to prevent terrorist and criminal acts before they take place,
and dialogue. This agility is all the more vital as the subject is a multifaceted and thereby ensuring the safety and security of AccorHotels’ guests, visitors,
constantly changing one. employees, contractors, assets and reputation.

This document does not supersede local security and safety laws and regulations 3. Provide guidance that may be used to develop the detailed security designs for
where applicable, but serves as a point of reference for evidence of a security risk the mitigation of security risks to AccorHotels’ hotels and assets.
mitigation strategy.
4. Describe what must be done to ensure the most effective and cohesive security
plans are developed.
Whilst first response to an incident will be conducted by the onsite safety and
security team, when the incident has escalated beyond local control, the local 1.5 Ownership & Responsibilities
authorities shall maintain primacy over policing and emergency response in the
event of an incident, and the local AccorHotels security plans shall support their An effective security system is, in the first instance, contingent upon the
needs. AccorHotels will work closely with national law enforcement agencies. commitment of institutional leadership. This responsibility extends beyond the
Group Safety & Security management team. Security systems will inevitably fail
To facilitate the integration and effectiveness of security across AccorHotels in the absence of commitment from the top echelons of AccorHotels down to
hotels and assets, this document sets the guidelines for the implementation of the lowest levels. Furthermore, top down leadership at a strategic level is vital to
security throughout each location. The implementation of this document, and regularly reviewing the threat environment to all AccorHotels assets, and to adapt
supporting security management plans, is to be managed by the local hotel risk management systems accordingly.
Safety & Security Manager.
Security measures are to be applied based on the security risks to individual assets, 1.6 Global Brand Standards Review
tailored to address specific risks and in accordance with appropriate legislation.
AccorHotels Safety & Security Management shall review this document on an annual
This document serves as the minimum baseline standard for security to be applied basis to ensure its continuing suitability, adequacy and effectiveness. This should be
to all AccorHotels’ hotels and assets, regardless of type, size or location. factored into an annual implementation plan, which involves the continued review
of identified critical sites, assets and risks, and reassessing mitigation requirements.
1.4 Aim of Document It is the responsibility of the AccorHotels Safety & Security Management department
to ensure this document remains pertinent by continually revising the document
The aim of this document is to provide guidelines for the implementation of security in accordance with changing laws, regulations, standards, and Best Practice
risk management and security design of new builds and at existing hotels and requirements. Where required, input should be sought from other departments,
assets. To achieve this, AccorHotels should aim to: such as Legal, Finance, Facilities Management, Health & Safety, to ensure that any
1. Ensure a coordinated, and wherever possible, integrated approach to security changes do not breach any non-security laws and regulations. Any changes to this
planning across individual and collective AccorHotels sites. document should be approved by the AccorHotels Security and Safety, and Design
and Technical Services departments before being implemented.
2. Provide the ‘security doctrine’ by which planning and design should be
completed for the security management of AccorHotels’ departments, facilities
and systems.

1.7 Security Risk Management ENVIRONMENT

DEFINITION
RISK LEVEL
1.7.1 Security Risk Definitions A site located within a stable political-economic environment, with
good support from local government and law enforcement and no
AccorHotels will assess and determine the security risk level for the location of contemporary history of civil or political unrest. Historical and forecast
each development; it shall be referenced in the Technical Services Agreement extremist activity is low or non- existent; there is no reported history
of organised or violent crime against the hotel sector or its guest
(TSA) and the Hotel Management Agreement (HMA). As part of these agreements, LOW
profiles, and no local Non-Government Organisations (NGOs) or brand
AccorHotels will determine if the specific risk level requires the engagement of a considerations. This site is in an established and traditionally low-crime
qualified Security and Risk consultant who will be appointed by the Owner. For area, likely to be adjacent to similar business premises and is integrated
projects that are identified in a High Risk or Red Zone, a security consultant will be with the local and regional community. The only notable problems
concern petty crime and late night rowdiness.
mandatory. This consultant will be responsible for the design and implementation
of the security systems as defined in this section.
A site located within a generally stable political-economic environment
that has support from local government and law enforcement and no
Security risk evaluates the likelihood of state or non-state actors engaging in actions
immediate incidents of civil or political unrest. Historical and forecast
that harm the financial, physical and human assets of a company, and the extent to extremist activity is low but information suggests that this situation
which the local government is willing and able to protect those assets. Actors that may change. There is active organised or violent crime within the local
may pose a security risk to companies can include political extremists, direct action environment but not specifically within the hotel sector or its client profiles.
MEDIUM
There may be local Non-Government Organisations (NGOs) or brand
groups, security forces, foreign armies, insurgents, petty and organised criminals,
considerations. This site is located in an area that has frequent reports
computer hackers, protesters, workforces, local communities, indigenous groups, of opportunist crime and there may also be minor local and/or regional
corrupt officials, business partners, and in-country company management and staff. community considerations. Guests are advised to avoid walking in
The impact of security risk on companies can include war damage, theft, injury, the vicinity of the hotel after dark and all journeys are made via hotel
transport or cabs.
kidnap, and death, destruction of assets, information theft, extortion, fraud and
loss of control over business. Security risk may vary for companies and investment
projects because of factors such as industry sector, investor nationality and A site located within an unstable political-economic environment, with
geographic location. little immediate support from local government and law enforcement
and a history of civil or political unrest. Extremist activity within the
region is reported with a historical targeting of western hotels and/
or clients, particularly through the use of vehicle borne and personal
borne improvised explosive devices, and kidnapping. There may also be
HIGH a history of organised or violent crime against western businesses and
their client profiles, and regional Non-Government Organisations (NGOs)
or brand considerations. This site is possibly located in a high-crime
area and may experience organised hostility toward brand or premises
within the local and regional community. Guests are advised to remain
within the hotel environs at all times and all journeys are made via hotel
transport or pre-booked liveried taxis.

1.7.2 Security Audits, Risk Assessments 1.8 The Security Risk Assessment
& Re-evaluation
The Security Risk Assessment (SRA) provides an overview of AccorHotels’ critical
sites and assets as well as the threats, both current and forecasted to these. By
Security Risk Management is a cyclical process involving the review of the risk and
analysing where a critical asset may be vulnerable to an identified threat, a risk
commensurate revision in mitigation measures. The robustness of systems can be
to the project is identified. These identified risks are categorised by their level of
revised upwards or downwards based on this review process, thus streamlining
risk to operations, which allows for decisions to be made regarding the level of
security operations into a cost-effective process which does not compromise the
protection provided. The Security Risk Assessment (SRA) is the responsibility of the
asset in question.
local Security Manager who is charged with continually revising the document to
ensure that it remains current with changing laws, regulations, standards, and Best
The appropriate protective measures are incorporated from the very design phase
Practice requirements.
of a project (whether this concerns a new build or renovation) or deployed as part of
an action plan and quickly adapted to the changing threat status.
1.8.1 The Process
The AccorHotels Safety & Security management team shall review the local policies
and procedure documents, and the Security Risk Assessment (SRA) document for The findings of the Security Risk Assessment (SRA) will inform and guide the
each asset on at least an annual basis to ensure its continuing suitability, adequacy subsequent security planning and design strategies. The methodology applied
and effectiveness. This should be factored into an annual implementation plan, should follow international standards and best practice, such as ISO 31000. At a
which involves the continued review of identified critical assets and risks, and minimum, this process will involve the following activities:
reassessing mitigation requirements. Should evident requirement arise – due to an
obvious change in risk level or a noteworthy trend of increasing security incidents, —— Establishing Context: This involves gaining an understanding of Stakeholder
for example – then the frequency of review should be increased. requirements, a detailed understanding of the project and the geography of
the region.
Whilst the local security manager is typically best placed to conduct this annual review,
—— Risk Analysis and Evaluation: This entails identifying and analysing the threats
if necessary, an outside company/consultant can be appointed to perform this task. This
that may confront AccorHotels’ sites, assets and people; the vulnerabilities to the
process of review requires the completion/updating of the Asset’s Risk Register.
identified threats; and the potential impacts of those threats upon operations.
The current risks to AccorHotels’ sites are thereby identified, and rated in order to
The survey is to take into consideration the local authorities and the hotels near
illustrate their relative importance in the context of the project.
the site or in the region. This assessment is deemed vital in countries or regions
threatened by terrorism and where the geopolitical situation dictates that such a —— Risk Mitigation: The security strategies will be developed to provide the possible
risk could arise. treatment options for the identified risks.
An annual review of the Security Risk Assessment (SRA) shall be completed and
may be required to be rewritten in the intervening period, should its material
precepts and/or security threat level significantly change in the intervening period.

1.8.2 The Two Identified Major Risks Facing 1. The national socio-economic situation;
AccorHotels —— The risk of a deterioration in the social fabric, resulting in an increase in acts
of incivility and minor criminality;
1. The risk of malicious acts —— The growth of violent local movements representing ethnic, political or social
minorities, or extremist groups;
— The hotels may be the target of several types of risk, the seriousness of which
may vary in degree: —— The local presence and specific objectives of international terrorist or
anarchist organisations;
— Offences committed in the surrounding environment and in the outdoor
or indoor car parks: Armed robbery, theft from vehicles, theft of vehicles, —— Public opinion concerning the nationality of the company and its staff.
miscellaneous thefts, damage caused to vehicles, setting fire to vehicles, etc. 2. The governmental response. Preventative policy and law enforcement
— Offences committed inside the hotel: assault, assault with a deadly weapon, action plan:
thefts from bedrooms, direct theft from individuals, theft in the hotel, —— The legitimacy enjoyed by the government in place and the strength of
disorder, drug-taking or prostitution, etc. opposition movements;
2. The specific risk of terrorism —— The relationship of the country in question with France, the European
— The terrorist threat is now an endemic phenomenon which has led AccorHotels institutions and more generally the West;
to take security measures within its establishments in order to: —— The level of involvement and commitment of the authorities handling
— Dissuade terrorists from targeting these establishments domestic security and the quality of the cooperation between these
authorities.
— Reassure guests and staff
3. The AccorHotels in the countries concerned
The efforts already initiated by AccorHotels to protect itself from this threat
must be continued relentlessly. The media impact in the event of a terrorist —— Its image, its activities and its history;
attack is felt internationally. Such events remain etched in people’s minds, for —— The outlook for future development;
a very long time.
—— Its strategic proximity to other companies;
—— The siting of head offices and establishments – Analysis of the

1.8.3 Assessing the Risk of Terrorism and Political & immediate environment.
Social Instability 4. The location of the hotel, the head office or the establishment concerned.
This assessment results from the country’s geopolitical situation. This threat —— The layout of the premises;
increasingly targets hotels, which are both major stakeholders in the tourism sector —— Vulnerabilities linked to the urban environment (town centre, suburbs or
and places where large numbers of local people and/or foreign visitors are gathered. industrial estate) or the rural environment (isolation);
The threat status. This is assessed based on the following points:

—— The effectiveness of the local security services; AccorHotels is committed to combating sexual tourism involving children,
particularly in countries in which this problem exists or is spreading.
—— Effectiveness of the local health and emergency services (fire brigade, hospitals, etc.).
The Group’s activities are organised in line with ECPAT and the World Tourism
1.8.4 The Changing Nature of Risks to Existing Hotels Organization, which lays down the key principles for the deployment of an active
policy in this particular field.
The preventive measures detailed in the technical guide must always be considered
and adapted to each hotel’s particular context. AccorHotels has concluded agreements with Non-Government Organisations
(NGOs) like ECPAT and works closely with the public services and local embassies in
During the operational lifetime of the hotel, the nature, frequency and scale of the those countries in which the Group operates.
risk may change and require that additional measures be taken, adapted to this
The WATCH programme was developed to provide hotels with the resources and
new context.
information they need to combat this scourge.
Close monitoring of local information and of the AccorHotels’ “security intranet”
resources should result in the implementation of these additional measures which, 1.8.6 Security Risk Treatment – The ‘B.T.H’
in certain cases (terrorist threats) may be extremely urgent.
Security Method
1.8.5 Human Exploitation The “B.T.H” security method operated by AccorHotels establishes the minimum
baseline for security for physical, technical and operational security measures to be
Sexual Exploitation of Human Beings implemented at AccorHotels’ hotels and other assets, in order to avoid all reasonably
foreseeable malicious acts of crime and terrorism. In this instance, “reasonably
The free circulation of people facilitates the movement of prostitutes from one foreseeable” means that:
country to another as part of “prostitution networks” organised and managed —— New Builds – Preventative measures are selected based on the outcome of a
remotely by unscrupulous individuals. Security Risk Assessment.
—— Existing Sites – The careful monitoring of events makes it possible to identify the
The Internet allows for discreet contacts to take place between clients and
additional measures required, including their priority and urgency.
prostitutes, who use our hotels to carry on their business, for short periods
(6 to 10 days) but on a regular basis, involving rotation, moving discreetly from
The “B.T.H” security method is based on the following areas of security focus:
one hotel to another.
—— B = Building This means taking full account of the problem of security from the
AccorHotels provides training and awareness building kits to combat the sexual design stage onwards, and subsequently during the construction or renovation
exploitation of human beings. of a hotel.
—— T = Technical Equipment This concerns additional technical equipment (video

Sexual Tourism Involving Children systems, anti-intrusion systems, etc.), which boost security by compensating for
any weaknesses the buildings may have.

—— H = Human Action Regardless of the quality of the construction and equipment,

human action is still a decisive factor when it comes to guaranteeing a hotel’s
1.9.2 Security Zoning
security. This is a variable factor that needs to be adapted according to the
AccorHotels has developed a zoning system for all properties to which access and
changing nature of the risks.
other security controls can be applied.
1.9 Security Planning & Design Zone Definition Security measures
These security design guidelines in this document define the level of security • Technical surveillance
counter measure only that shall be developed and installed during the Design and • Roving security guard patrols
Immediate external vicinity of
Construction phases. For each site (new or existing) consideration must been given building. Public access area;
• General Crime Prevention Through
Environmental Design (CPTED) principles
to the variances in building structure and resort layout that will require a plethora PUBLIC Access control dependant on
• Physical security barriers
of solutions to fully provide the appropriate level of counter measures. The layout district security measures and
procedures. • Appropriate signage
of properties will change considerably depending on the development type (hotel, • District wide security measures and
resort, serviced residences etc). procedures
Throughout the document, reference may be made to particular security industry An area that is accessible to • Technical surveillance
the general public. Security • Ability to restrict access
recognised standards for risk, planning, design and operations. If a standard is not SEMI
has the capacity to restrict • Roving and static security guard presence
applicable to a particular region, there is a Regional Standards Correlation table at PUBLIC access to this area during • Visible boundary
Appendix A that can be used by the local Hotel Security Manager to identify the times of heightened threat. • Appropriate signage
equivalent regional standards.
• Access Control
• Technical surveillance
1.9.1 The Security Masterplan
An area that is predominantly
SEMI-
private but has a requirement • Screening equipment
PRIVATE for authorised public access. • Security checkpoints or stations
A security master plan must be drawn up according to the changing nature of the • Appropriate signage
threat, for which the group safety and security department will provide its help
• Access control
and support. • Physical security barriers
A high security area that
• Technical surveillance
If necessary, the services of an approved outside company may be used. PRIVATE permits access to only
• Roving security guard patrols
building services staff.
The preventive measures detailed in the technical guide must always be taken into • Appropriate signage
account and adapted to each hotel’s particular context. • Consistent physical boundary
In all cases, the security master plan must be coherent vis-à-vis the project and the • Advanced access control (e.g. two factor
reconciliation of the “Security” and “Fire Safety” masterplans are vital. Highest security level – Secure authentication)
zone that prevents access to • Technical Surveillance
RESTRICTED even the most determined • Physical protection as per required
All hotel construction or renovation projects should incorporate and facilitate the attacker. Stringent access standards where applicable (e.g. structural
subsequent deployment of security equipment in order to be able to respond as control. hardening)
quickly as possible to a deteriorating security situation. • Appropriate signage

Within given zones, there may be a requirement for individual rooms to have an
Term Security Measures
increased level of protection, however this will be on a case-by-case basis. The
following Security Zone Matrix displays the minimum-security requirements at CCTV Closed Circuit Television Surveillance
transition points between zones. A glossary below provides definitions for the
systems outlined in the matrix. IDS Intruder Detection System
AACS Automatic Access Control System
SEMI SEMI- KAC Key Access Control

FROM\TO PUBLIC PRIVATE RESTRICTED
PUBLIC PRIVATE
PDSCR Pedestrian Screening
CCTV, Burglar Resistance class as defined in Security Standard

CCTV, IDS, BR 1-6
PUBLIC AACS/KAC, ENV 1627:1999
BR3
IDS, BR4
The casual burglar tries to break open the window, door or shutter
BR1 by using physical violence e.g. kicking, shoulder charging, lifting up,
CCTV,
CCTV, tearing out.
SEMI PDSCR,
AACS/KAC,
PUBLIC AACS, IDS,
IDS, BR4 The casual burglar tries additionally to break open the window, door
BR3
BR2
or shutter using simple tools e.g. screwdriver, pliers and/or wedge.
CCTV,
SEMI- AACS/KAC, The burglar tries to gain entry using an additional screwdriver
PRIVATE IDS, BR4 or
BR3
and a crowbar.
BRS
The experienced burglar uses in addition saws, hammers, axe,

CCTV, BR4
chisels and portable battery powered drills.
AACS/KAC,
PRIVATE
IDS, BR4 or
BRS The experienced burglar uses in addition electric tools e.g. drills, jig-
BR5
and sabre saw, and angle grinder with a disc of max. 125mm diameter
The experienced burglar uses in addition powerful electric tools,

RESTRICTED
BR6 e.g. drills, jig- and sabre saw, and angle grinder with a disc of max.
230mm diameter.
Table 1–3: Access Control Zoning – Security Equipment Deployment Matrix Table 1–4: Access Control Zoning – Glossary of Terms

1.9.3 Focus of Security Design Security Focus Areas for Consideration
To ensure that the holistic approach to security is truly incorporated within the fabric • Pedestrian access points (guest, visitor, back of house and colleague
of, correct planning and design focused on particular building locations and functions Perimeter entry points)
Access • Vehicle access points (guest, taxi, heart of house)
will ensure that the different user groups are recognised and understood with regards
• Vehicle access parking (guest, valet, hotel vehicle, taxi, waiting)
to how they interact with the site (i.e. transitioning between Access Control Zones as
previously described); as well as ensuring the site not only protects at a baseline level, • Main entrance
but has adaptability physically and operationally incorporated to increase the security • Loading Dock
Building
posture of the hotel depending upon changes to the threat environment, special events • Fire exits
Access Points
and/or different times of the day. • Car parking access points
• Other vehicular or pedestrian access points
Below is a list of areas for consideration where a focus on security is required: • Reception desk
Reception
• Elevator/Lift lobbies
Facilities
• Seating Areas / Informal meeting areas
Food and • Restaurants

Beverage • Lounges and Bars
Areas / • Conference facilities
Banqueting • Ballrooms and Meeting rooms
• Front of house corridors • Gardens
• Guest rooms • Swimming pools
• Public elevator / lift lobbies • Tennis courts
Public and • Spa/ Health club/ Fitness • Changing rooms
Guest Areas centres/ Swimming pools • External seating areas
• Retail facilities • Business Centre
• Automatic Teller Machines
(ATMs)
• Heart of House corridors • Fuel tanks
• Service elevator / lift lobbies • Elevator /Lift motor rooms
• Secure rooms • Cabling rooms
• Baggage storage • Plant rooms
Heart of House • Staff cash rooms • Laundries
Areas • Audio Visual (AV) rooms • Sewerage
• IT rooms • Heating/cooling plant
• Cash counting areas • Electricity/Power supply
• Kitchens (including generators/
• Staff rooms transformers)

1.9.4 Security Systems 1.9.5 Coordination of Security with Other

Engineering Disciplines
Security systems can be sometimes misconstrued as the panacea to security,
thereby providing a false sense of safety and draw critical resources and manpower
The security measures must be part of an overall project concept in order to
away from other more valuable security tasks. Security systems should be seen
successfully incorporate measures which are coherent, compatible and which
as an “enhancement” to a balanced security strategy, incorporated with suitable
comply fully with local legislation.
physical and operational security.
The following must be addressed within the design:
Security systems planning should include:
Security Focus High Level Protection Objectives Design Focus High Level Protection Objectives
Exit doors open if a fire alarm sounds and Emergency
Public Fire safety
Provide monitoring and situational awareness for public, private Vehicle Access Routes
Monitoring &
and restricted areas.
Communications Personal liberty Compliance with laws concerning video surveillance
Establish room/centre for monitoring and controlling security Hotel reception Inspection and verification measures must be acceptable
Command and systems. This function will play an integral role in the support and measures to the guests
Control success of events allowing for resource deployment and incident Access control measures must be adapted to the various
response coordination. Disabled access
disabilities
Compliance with laws concerning the refusal of entry to
Use fixed and pan-tilt-zoom (PTZ) cameras for monitoring and Human rights
undesirables
recording. Systems to be active (monitored live), passive (only
Video
reviewed following an incident or query), and/or intelligent
Surveillance Urban planning rules Nature and height of the fencing
(augmented with analytic algorithms that analyse data and
provide alerts to specific events or behaviours)
The environment Energy consumption of all security systems; light pollution
Provide physical barriers to restrict movement between areas,
Access Control
including mechanical or electronic controls. Vehicle controls & roads Department of transport
In seeking to respond to different functions, you may find that some measures
Alarms and Provide sensors and signalling devices to alert personnel about a
Intrusion change in the physical environment that may require a response or appear incompatible with one another.
Detection investigation.
I.E. Security and fire safety may be incompatible concerning the locking of doors.
Conversely, other measures satisfy several functions simultaneously.
Table 1–5: Security Systems

I.E. Fire safety measures and protection against theft are compatible with the
LANDSCAPING
prevention of terrorist-related risks.
INT. DESIGN
ARCHITECT
SECURITY
LIGHTING
SIGNAGE
TRAFFIC
Furthermore, hotel construction or renovation projects should incorporate and
FIRE
facilitate the subsequent deployment of security equipment in order to be able to SECURITY COMPONENT
IT
rapidly respond to a deteriorating security situation.
CPTED, raised curbing, bollards, planters, etc.    
I.E. immediately fitting the housings for the future installation of a CCTV system.
Provision for vehicle screening, searching
    
Example: the fitting out of the basement in those places at which security and rejection
equipment is likely to be subsequently installed (don’t run pipework near security Provision for quick deployment of personal
gates, in order to leave the possibility to subsequently install a retractable and baggage screening equipment at building   
road-blocker). entrances
Restrict number of ingress points from public realm

    
Coordination is vital between the experts and designers concerned in order to into private areas
define security measures which are compatible, realistic and effective in all fields.
Create common pathways for pedestrian travel
  
throughout the Master Plan, limiting short-cuts
Below is an example of a design coordination matrix that would assist with
Provide natural surveillance within the
ensuring effective coordination takes place on projects. development and to/from adjacent public ream    
areas and roadways
Minimise areas of entrapment and/or ambush
such as narrow corridors, stairwells, overly dense    
landscaping, etc.
Way-finding       
Pedestrian Crossings      
Utilised laminated glazing and rigid glazing

 
mounting in areas of high risk
Mitigate events of disproportionate

       
structural collapse
Technical security         

1.10 AccorHotels’ “Security” Intranet Resources

The safety and security department has introduced a number of resources, which
are available to all operational teams.
The department’s intranet site makes it possible to access security information

such as news, but also country-specific analyses and recommendations concerning
security for travellers.
The APACHE crisis management system is also online and includes:
1. The Crisis Management manual
2. The emergency response cards
3. The warning cascade diagram
4. The contact details for global crisis management, accessible 24/7
The additional management resources made available to the group’s network

of security/crisis correspondents enable them to deploy the security policy in a
coherent manner.
Whether directly and/or via its correspondents, the safety and security department
operates an information exchange network with the diplomatic representatives
and those of the local authorities. It shares feedback on best practices collected
from AccorHotels’ experience and operations, but also from its contacts in various
business sectors encountering the same problems.

2. Building PROTECTION OBJECTIVES
1. The wall / fencing system should be deployed to prevent criminal activities,

vandalism and trespass and should provide high level of resistance against any
attempt to climb or cut.
2.1 Perimeter Security
2. The wall / fencing system shall be a minimum 2m high, and topped with anti-
The hotel surroundings and its outdoor car parks may be the subject of: clamber measures.
—— Undesirable or hostile intrusions by people or vehicles 3. The minimum overall wall / fencing system height shall be 2 metres and buried
300mm below the ground. Consideration should be given on deploying double
—— The theft of vehicles or theft from vehicles
fence layers to create sterile zone based on the threat/ risk level.
—— The risk of an attack: ram raiding and/or car bomb
4. Where there is a requirement for “sterile zone”, the spacing between internal
However, all measures taken to secure the hotel perimeter must also guarantee
and external fences should be free from climbing aids
access for the security services and for security firms transporting cash:
—— It must be possible for the fire brigade / local Civil Defence / emergency response 5. Where increased security Hostile Vehicle Mitigation measures are required, the
vehicles to neutralise security equipment in order to gain access to the site wall / fencing system shall have a compliant crash-tested rating.
under all circumstances
6. Any openings within the wall or fence in excess of 620 sq. cm and which
—— Access for security firms transporting cash must be guaranteed without pass through or under the perimeter wall, shall fitted with additional security
requiring them to get out of their vehicle screening or bars to prevent them being used to by-pass the wall.
7. Selection of perimeter security fence type depends on the threat/ risk level
2.1.1 Wall / Fence (Low, Medium or High) security, and protection measure shall provide at least 2
minutes’ delay against climbing, cutting or burrowing attacks.
Perimeter Security fencing typically provide the first component of the overall Delay
function, whilst also demarcating the boundary of the site and creating a defensible 8. At least 5m stand-off distance between the fence line and any significant
space around the asset. structures, roads or climbing aids will be maintained.
The perimeter shall be inspected a minimum of once per week for damage and 9. The ANTI-CLIMB measures shall be applied to the security perimeter fence
signs of intrusion by the Security Guard Force and records of inspections shall be and walls to enhance the site perimeter protection and make it difficult for
kept. This inspection will also include recording signs of vegetation that has grown intruders to climb the wall / fencing system.
to a height that can conceal an intruder, and where vehicles and equipment have
been stored near the perimeter that could be used as a climbing aid. A regular 10. There are a variety of anti-climb structures/ security topping can be installed
program of wall maintenance shall be implemented and damages which may to the top of the fence or wall such as Concertina coil, razor mesh panel, wall
compromise the integrity of the wall shall be repaired as soon as possible. shark tooth, spike rails, etc.

2.1.2 Security Gatehouse 2.2 Vehicle Access Control & Hostile Vehicle
The gatehouse can serve as the control hub and shelter for security personnel. The
Mitigation (HVM)
gatehouse is to be, designed to support a minimum of three security personnel. As
The securing of access points reserved for clients, suppliers, staff and service
a control hub, the gatehouse controls the vehicle barricades, traffic control devices,
providers has two key objectives:
access control, lighting and vehicle screening operations.
—— To force vehicles and pedestrians to use access points at which they can be
checked by security staff.
PROTECTION OBJECTIVES —— To prevent any (unauthorised) person or vehicle from entering the site, without
needing to assign a member of the security staff to this task.
1. The security gatehouse shall be of suitable sighting and construction that they
provide a good direct view of the entrance system and external approaches. —— To successfully reject unauthorised vehicles without compromising the security
posture of the site, nor disrupting operations.
2. Within each of the gatehouse there shall be adequate domestic facilities for
the guard force (such as air conditioning and water provision) and adequate
To achieve this, obstacles (ditches, chicanes, low walls, embankments and
internal and external communications.
vegetation) should block any attempted intrusion (particularly by vehicles to be
3. The gatehouse windows shall be strong enough to resist stones, and the used for ram raiding or packed with explosives). In certain cases, parking should be
gatehouse doors shall be of a suitable design and construction that they can prohibited and above all impossible near the buildings.
withstand forced entry.
The aim is to prevent unauthorised access by vehicle whether benign or
4. The internal lights of the gatehouses shall not destroy the night vision hostile, without it being necessary to assign a member of security staff to
of patrolling security officers and should not expose security guards to monitor the access point.
observation at night from outside the site.
5. Where guard facilities are located near the roadway, provide a minimum
platform width of 914 mm behind the curb. This width is the minimum
necessary for security personnel to stand post adjacent to the facility,
therefore additional platform width is recommended to provide additional
safety through increased lateral clearance and space for security personnel
carrying weapons or equipment.
6. The gatehouse must have space for the storage of manual vehicle screening
equipment including under vehicle mirrors, explosive trace detectors “sniffers”,
and other loose equipment required for conducting routine and elevated
security operations.

PROTECTION OBJECTIVES PROTECTION OBJECTIVES
1. The speed reduction measures on approach to vehicle gates and around site will 9. The security system must take account of the risk of a person or child getting
significantly force approaching vehicles to slow down and reduce the impact of snagged on the gate, who could then become trapped against a wall or a
hostile vehicles on sites. Chicanes are a typical form of speed reduction measures. fixed structure.
10. The systems should be capable of being manually unlocked.

2. Stand-off distance should be enforced via the use of barriers and associated
measures which prevent hostile vehicles gaining access to the site/building by
one of the following illicit means: 11. Light/beacon/audible device installed to signal that barrier is on operation.
a) Penetration – using the vehicles kinetic energy whilst moving at speed to
crash through barriers;
b) Bypass – driving around barriers or tailgating through them; 12. Protection of the motor unit and electronics by the use of a secure metal housing.
c) Spoofing – overcoming entry control procedures, for example by convincing
guards of legitimate access rights;
d) Encroachment – exploiting areas where barriers do not enforce stand-off 13. Remote opening (entrance and exit) controlled from the security control room.
distance, such as mounting a kerb;
e) Duress – using threats, physical violence or kidnap to force guards to
14. An embedded (non-protruding) intercom system connected to security.
lower barriers.
3. The use of crash-tested vehicle barriers such as rising bollards, road blockers, crash 15. Automatic control (entrance and exit) using vehicle sensors (which can be
sliding gates, V-gates, manual crash arm barriers, landscaping and street furniture turned on or off from reception) or Main Security Control Room.
will create a continuous line of Hostile Vehicle Mitigation (HVM) around the 16. A direct communication link between the vehicle access gate (entrance and
perimeter of the site, with no gaps greater than 1200mm. exit) and security by means of an audio or video intercom unit (embedded).
4. The vehicle access gates and pedestrian access gates should be the same height
as the fences (minimum 2m), with the top bar being fitted with “shark’s teeth”, 17. Bollards or kerbs either side to prevent the jambs from suffering impact damage
ensuring that there are no bollards, blocks or other features nearby which could be
used to aid anyone trying to climb on them.
18. Barriers monitored by CCTV
5. The planned protective measures must nevertheless allow access for the fire
brigade / Civil Defence / emergency services under all circumstances.
6. The vehicle security gates and other automatic equipment must be covered by Dependent upon the individual Hotel requirements (i.e. site survey and assessed
maintenance contracts to ensure that they are always kept in good working order. risk), the following additional design measures are to be considered:
—— Boom barriers installed in front of the door or mesh gate with several control
7. The design should avoid any risk of anyone getting accidentally knocked over.
options from reception or from the automated units themselves: boom barrier
alone, boom barrier + door or mesh gate.
8. Electrical equipment, earth connections, automated equipment and security
features must comply with standards and regulations, avoiding any accidental risk —— Security electrical power supply via the security electrical panel backed-up by
of a person or vehicle coming in contact with the gate when it is still moving. the generating set.

—— Locally controlled by means of magnetic cards, passes or ID cards for hotel staff.
Vehicle Entrances & Exits
—— Automatic opening when a vehicle approaches, activated at certain times from
reception. The entrances and exit points for vehicles are equipped with an automatically-
opening door or mesh barrier. Particular attention should be focused on lighting,
—— Entry and exit points equipped with parking payment points, accepting
video surveillance and access systems.
magnetic cards or bank cards directly.
Pedestrian Entrances & Exits

At times of heightened terrorist threats, the parking of any vehicle is prohibited
and must be prevented in front of the establishment by means of fixed or mobile
If the car park provides direct access by stairway or lift to the
obstacles, with the use of these areas then being exceptional and subject to checks hotel interior, enhanced access control measures must be
by security staff. In emergency situations, if the existing protective systems are implemented and in particular CCTV.
FROM THE CAR
insufficient, the access points and façades must be protected by the installation of
PARK TO THE
road blockers or rows of spikes. Such access points must be dedicated access points. Failing
HOTEL this, the access control system should make it impossible for
an unauthorised person to gain access to the different floors
2.2.1 Underground Vehicle Parking of the hotel.
The underground car parks and their access points can be the scene of:
The door opening or floor selection system on the lift must
—— Physical assaults be equipped with access control systems.
FROM THE HOTEL
—— The theft of, or from, vehicles TO THE CAR PARK All elevators within the car park must stop at the Ground
Floor level (upwards and downwards travel).
The underground car parks and their access points must be suitably equipped to
prevent these specific risks.
To ensure the security of individuals, the emergency exit
doors must open by simply turning a handle or pushing
CAR PARK an anti-panic bar. The emergency doors are under video
EMERGENCY surveillance and when they are opened, an alarm is
EXITS automatically relayed to the security office or to reception. In
all cases, it must be possible for staff to be aware that these
doors are being opened the moment this happens.
Car parks that give access to the loading docks must have
LOADING DOCKS roller shutter doors designed-in to provide the ability to “lock
down” the entrance out of hours.

2.3 Security by Design 2.3.2 Landscaping & Urban Design
2.3.1 Crime Prevention Through Environmental Landscaping and Urban Design should be seen as an enabler to implementing
passive security measures within the design; which can benefit the site by achieving
Design (CPTED) many of the security-related principles and concepts adopted for both vehicle and
pedestrian access control, surveillance, and the mitigation of blast effects within the
CPTED methodologies should be the basis of all security planning, incorporating plot. The adoption of the following principles can provide these benefits:
architecture, lighting, and circulation planning with security design. It is
—— Hostile Vehicle Mitigation – Landscape features and urban design shall be used
predominantly aimed at new buildings as it is much easier to influence a new
to exclude vehicles from specific areas.
design, and encompasses design methodology for the layout of buildings within the
environment to minimise the potential threat to a premise. The principles can also —— Boundary Definition – Design and changes in construction materials can be used
apply to existing hotels where there is scope to review the current layout and make to define the transition zones between public and restricted areas.
changes to reduce potential threats.
—— Topology – Changing elevations and angles can delineate the change in
ownership and intended use of an area, as well as provide protection against
CPTED is not related to different threat levels but rather is associated with
vehicle ingress or explosive threats.
eliminating weaknesses in architectural and landscape design – vis-a-vis,
“designing-out” security vulnerabilities. It encourages building designers to adopt —— Way Finding – Using landscaping and the built environment to intuitively draw
crime prevention measures in the design of developments, creating a safer and pedestrians and vehicles to desired locations.
more secure environment. The aim is to produce a safe and secure environment for —— Natural Surveillance – Creating clear sight lines that balance the need for privacy
users of public space without creating an enclosed high profile security barrier. and shading, with the need for surveillance and lighting around the hotel grounds.
CPTED promotes four key strands: —— Landscape Selection – Selecting materials that don’t impede natural surveillance
(low shrubs and high canopy trees), or plantings that deter attempts at
—— Natural Surveillance – Natural surveillance increases a site’s deterrence by taking unauthorised entry (thorny bushes, etc.)
steps to increase the perception that people can be seen if conducting illicit acts.
—— Lighting – Providing sufficient lighting to promote a sense of security through
—— Natural Access Control – Natural access control limits the opportunity for crime adequate intensity as well as consistency.
by taking steps to clearly differentiate between public space and private space.
—— Territorial Reinforcement – Territorial reinforcement promotes social control 2.3.3 Asset Hardening
through increased definition of space and improved proprietary concern.
Some areas may require additional “hardening” to prevent unauthorised access,
Activity Support – Activity support increases the use of a built environment for
i.e. forced entry, sabotage, vehicle impacts, etc. This shall include increasing
safe activities with the intent of increasing the risk of detection of criminal and
the physical strength of a feature (window, wall, door, etc.). It can also include
undesirable activities.
increasing the number of physical layers between a space and an asset, adopting
a “defence-in-depth” approach.

2.3.4 Adaptability PROTECTION OBJECTIVES
The hotel shall design in adaptability, allowing for security operations to elevate 1. Security Lighting must deter the intruder by creating a feeling of uncertainty;
when the threat environment changes, or when specific high-profile visits or provide light to assist the detection of intruders; and avoid creating shadows that
local events take place. This will ensure that the Hotel can safely remain “open for could offer concealment.
business” without requiring additional security risk to be accepted. Examples of
adaptability can include:
2. Security Lighting must also be able to conceal guards; assist with visual
—— Rising bollards / road blockers at vehicle access points. Normal operations they observation; and Support other detection methods (e.g. Video Based
would be in DOWN position, heightened threat level they would be in Detection).
UP position.
—— Power & Data points at strategic locations (including Hotel entrance points) 3. Security Lighting must not cause a hazard; be a nuisance; disadvantage the
guard force.
where people and baggage screening systems can be deployed.
—— Internal partition doors to segregate people and rooms to restrict access to

certain areas. 4. The lighting shall be designed to operate at minimum appropriate levels
automatically during periods of darkness, and the lighting controls, including on/off
—— Dedicated areas (i.e. vehicle lay-bys at entrance points) that can be utilized by switches or motion detection, shall be installed within protected areas or shall be
additional security / local police/military vehicles if security presence is increased. capable of being locked against tampering.
A scenario could include for the visit of a VVIP or dignitary.
2.4 Lighting Security lighting will be in operation around the entire perimeter and at key
locations throughout the Hotel, including Critical Assets, entries to hotels, other
Lighting is a very perceptible security feature for guests and a good way of accommodation types and back of house areas within the car park and pedestrian
dissuading people from committing malicious acts, particularly in the car parks walkways. Exterior building doors shall be illuminated with lights by the use of
and the pedestrian access areas. However, you should ensure that the lighting is dedicated fixtures or area lighting. There shall be area lighting at each parking area,
coherent for the whole “secured zone”. and the pedestrian routes to those parking areas to provide illumination at night
time. All security lighting fixtures shall be inspected not less than once per week
to ensure system integrity and proper operation. Repairs shall be made promptly.
With the exception of accent lighting, illumination should maintain uniform lighting
levels across all the areas that are lit. The following are recommended Lux levels for
security lighting deployment:

Areas Recommended Average Lux 2.5 Signage

Façade/Landscape 5
Signage around a perimeter provides authorised and unauthorised persons with
Building Perimeter/Internal Roadways 15 information about site access, the site security protection system and advisory
guidelines. At a minimum, it is recommended that the following signage is in place,
Pedestrian Entrances 100 written in the local language and English:
—— No trespassing
Emergency Exits 50
—— Prohibited items and substances
General Outdoor Areas 10
—— Visitor directional
Service/Loading Area 100 —— Emergency contact
—— CCTV in use
Interior Spaces (when unoccupied) 5
—— Any other signage details required by law
Gate House/Guard House 300
Emergency Assembly Areas 50

2.6 General Building Security
Parking 15 Both during the day or at night, the buildings may be the subject of:
—— Intrusion by ill-intentioned persons (planning violent actions, assaults, or

armed robbery)
—— The risk of a terrorist attack: suicide bomber, bombs contained in luggage, etc.
Securing the site requires measures adapted to each type of hotel:
—— High-rise building
—— A hotel built in a fenced area
—— A leisure hotel, which is totally open and sometimes located on a seafront.
—— Street-side hotel building
The security plan must be drawn up in coherence with a dedicated security

assessment performed with the help of the AccorHotels security department or,
where applicable, the involvement of an approved outside service provider.

2.7 Building Access Points 2.7.1 Doors & Locking Units

According to the threat status, securing the access points to the building (for The external doors and the closure and control methods must make it possible
guests, staff, suppliers and service providers) should make it possible to: to regulate and control access based on security levels which may vary according
to the nature and status of the threat concerned. It must be possible to lock the
—— Prevent intrusions by individuals with malicious intent
entrance to the hotel remotely. Access control systems using key cards, chip cards
—— Filter access, allowing in only authorised persons or other proximity devices must be coherent for the whole establishment
—— Inspect luggage, parcels, and mail where applicable.

PROTECTION OBJECTIVES
PROTECTION OBJECTIVES 1. External building doors shall be of steel, solid core wood or industrial glass
construction, and any exposed hinges shall have their pins spot welded to
1. Reception desk: The reception desk must be positioned so as to provide a preclude knocking out of the pins and removal of the door from the hinge side.
direct view of:
a) The hotel entrance 2. All exterior building doors shall be closed and locked at all times when not in
b) The lifts to the bedrooms use, during periods of minimal staffing, and on nights, holidays, and weekends.
c) The bottom of the main staircase
d) All public areas or at least their access points 3. Overhead and rolling doors shall be secured from the inside using high-security
e) The lifts from the car parks padlocks or similar locking devices.
4. The practice of securing overhead doors with a hasp and padlock on the exterior
2. Mobile reception:
side should be avoided unless there is no other means to secure the door.
a) Security, reception and concierge staff must always be able to monitor
people’s comings and goings through the building entrance points.
b) W arning systems and remote door closure systems must be immediately 5. Locks should be appropriate for security applications that are consistent with
accessible to them. international standards.
c) A
video feed of people accessing the hotel entrance must be available on
the mobile equipment available to them to enable them to fulfil their tasks. 6. The lock mechanism should include a suspension device.
3. Filtered access control: 7. It should be possible to change lock cylinder combinations or replace the entire
a) Areas designated for the use of enhanced security measures (entry gates, cylinder so that the loss of keys will not increase the risk of intrusion.
tunnels, detectors, etc.) must be located a sufficient distance from the hotel
so as not to endanger those people already inside the building. 8. Lock boards should be made of anti-rust steel to protect the lock box from
corrosion and tampering.
4. Roof access: Doors that give access to the roof shall have the following: 9. There should be minimal distance between the bolt and the handle.
a) Contact sensors on doors alarmed to Safety & Security Control Room (SSCR).
b) Video surveillance of door.
10. Balcony doors must be provided with Child Restrictors positioned at minimum
c) Guard Tour System “touch” point for patrol check confirmation.
1.5m from base of door.

Where a double door entrance is designed, the interior of the double door entrance
is equipped with an intercom system connected to the reception telephone.
2.7.3 Emergency Exits
The second door is reinforced in the incoming direction to be able to resist any
In order to prevent intrusion by undesirables or the introduction of any illegal items,
attempted forced entry (the door should be able to withstand around fifteen
the emergency exit doors must always be under video surveillance and equipped
minutes of attempted forced entry). The second door can be remotely opened or
closed from the reception desk. with audible alarms providing notification of unintended opening.
Guest room doors shall be of a construction commensurate with Fire & Life Safety
codes, and shall have a door viewer (minimum 160-degree view), with disabled PROTECTION OBJECTIVES
rooms having a second door viewer at 1.2m (4ft) high. It shall be connected to the
Guest Room Locking system.
1. No emergency exit door should ever be locked but should remain closed.
Interconnecting guest room doors shall be of a similar construction to the main
guest room door and shall be fitted with a mechanical thumb lock, with clean face
on the opposite side. 2. A means of emergency egress from occupied buildings shall be provided
at all times.
For non-key locked rooms, a safety chain/night latch shall be fitted to the inside of
the guest room door. 3. Each building should have a minimum of two doors designated as ‘Emergency
Exits’ at opposite ends of each floor or section of a building to facilitate the
effective evacuation of personnel in case of a fire or other emergency.
2.7.2 Key Management & Control
4. Doors should only open in an outwards direction, close and latch automatically
Lock and key security forms a vital element in the protection of the Hotel perimeter (un-pulled), and not require any special knowledge to operate.
and buildings within, protecting the Hotel from criminal and terrorist threats. Locks
may be attacked by picking, force, or breached using lost or stolen keys. Therefore, 5. ‘Emergency Exit’ should be clearly marked with luminous/ illuminated signs
key security is designed to reduce the exposure to such an attack. The systematic that can be seen in the dark and through fire smoke. All signs shall be code
control of locks and keys is one of the most important components of any security compliant and in accordance with AccorHotels Fire Global Brand Standards.
program. Without proper key control, locks provide little deterrence to illegal or
unauthorised entry into a facility. 6. Routes to these doors should also be marked with luminous/ illuminated arrow
signs so that personnel can see the way to these doors.
The Electronic Key Management System (EKMS) restricts access to physical keys,
and is used for the control of physical keys within the hotel. EKMS imposes control 7. The doors should comprise wood, be covered with a steel sheet, and have non-
to ensure that physical keys can only be withdrawn by authorised personnel. The visible, anti-rust hinges; should not have handles, but instead, have push bars
EKMS software can be integrated with the Electronic Access Control system, on the inside so they cannot be opened easily except in an emergency.
allowing security management to control authorisation permissions review / audit
staff accessing the keys. All mechanical key type locks, including padlocks are to be
registered on the Hotel master key system.

2.7.4 Windows, Roof Vents and Hatches 2.8 Mitigating Blast Effects
Window protection must meet two objectives: There are certain structural and non-structural measures that may need to be
implemented in order to minimise injury and damage in the event of the detonation
—— To prevent the risk of anyone falling out/being pushed out of the window from
of an explosive. These measures shall be:
inside, on the hotel’s floors.
—— Included in the design of all new buildings
—— To prevent intrusions by unauthorised persons from outside, on the ground floor
or in other places, by climbing. —— Incorporated into existing buildings, where applicable
For the bedrooms, these windows must be equipped with an opening limitation The majority of injuries following a bomb blast are from glass fragments (which are
system. Additionally, windows protected from the outside must include safety classified as secondary fragments).
glazing matching the level of risk faced by the site.
Injury to occupants from glazing is categorized into one of the following three levels:
PROTECTION OBJECTIVES —— Superficial hazard: Glass debris would travel into the room at a low velocity and
land within 1m (3ft) of the window. Unless a person was standing directly next
1. Windows, roof vents and hatches shall be secured at all times when not in use. to the window at the time the glass breaks, he or she would only sustain
superficial cuts.
2. All opening windows in guest rooms are to be restricted to 100mm maximum —— Low hazard: Glass debris would be expected to be thrown into the room for a
opening; only possible to be opened from inside guest room. distance of not more than 3m and not exceeding 0.5m (1’-8”) above the floor at
3. Exterior windows should face on to main, well lit, busy thoroughfares and not this distance. Injuries would be limited to cuts on the lower body, and fatalities
on to isolated passageways. would not be expected, although a person standing within 1–2m (3– 6ft) of the
window could be seriously injured.
4. These windows should be made of tamper proof material or from glass sheets
with appropriate properties for burglar resistance. —— High hazard: Glass debris would be thrown much further into the room at high
velocities above the 0.5m (1.6ft) height. Serious injuries, cuts to the upper body
5. Windows should be consistent with international standards, such as ISO 20492. and face, and fatalities would be expected.
—— In the United States, General Services Administration (GSA) performance

6. Window screening material shall be in compliance with local health, safety and standards for glazing subject to dynamic overpressure loading (i.e. bomb blast)
fire regulations.
have been established.
7. Hatches on the roofs shall be secured.
8. Balcony barriers must be minimum 1.1m from finished floor to top of balcony rail.

GLAZING HAZARD DEFINITIONS
Descriptor Performance Level Protection Level Hazard Level Description of Window Glazing Response
Glazing does not break. No visible damage to glazing

1 Safe None
or frame.
Glazing cracks but is retained by the frame. Dusting or

2 Very high None
Superficial Hazard very small fragments near sill or on floor acceptable.
Glazing cracks. Fragments enter space and land on

3a High Very Low
floor no further than 1m (3.3ft) from the window.

3b High Low
floor no further than 3m (10ft) from the window.
Low Hazard
Glazing cracks. Fragments enter space and land
on floor and impwact a vertical witness panel at a
4 Medium Medium
distance of no more than 3m (10ft) from the window
at a height no greater than 0.6m (2ft) above the floor.

floor and impact a vertical witness panel at a distance
High Hazard 5 Low High
of no more than 3m (10ft) from the window at a height
no greater than 0.6m (2ft) above the floor.

2.9 Internal Hotel Security Access to the attractions shall have clear and uninterrupted views from inner
reception areas to observe whether unauthorised personnel “tailgate” authorised
guests into membership areas.
2.9.1 Reception Facilities
All attractions (spa/health club/fitness centre, swimming pool, bars, clubs,
At the Hotel entrance and reception areas, Hotel security and concierge staff retail outlets, conference centres, etc.), shall be secured and alarmed when not
will be stationed to guide visitors creating a “controlled area”. This area will be operational (outside of opening hours). This shall include door alarms at access
monitored by video surveillance cameras. In operational hours, Hotel security and points and movement detection within the domain of the attraction.
concierge staff will be stationed to assist guests and visitors at the reception areas.
The layout of the reception area shall provide the front desk and concierge desk Automatic Teller Machines (ATMs) shall have dedicated alarm facilities that are
a clear view of the entrance, elevators and waiting areas. The reception area shall monitored by the security control centre. A silent panic alarm facility shall be located
be in clear view of the entrance and shall be positioned so that entrants cannot adjacent to Automatic Teller Machine (ATM) replenishment areas. This area shall also
bypass it for direct access to the guest elevators. During periods of high security, be covered by a motion detector and a CCTV camera which automatically displays
personnel and baggage screening will be deployed in this reception area; providing when an alarm is activated.
a security check of all guests and visitors. During this time, it is essential that all
other pedestrian access points are closed / locked-down so all personnel on the site
premises are processed through the screening area. Panic alarm facilities shall be
2.9.3 Public & Guest Areas
provided at the reception desk area for staff to alert the Security Office.
All public areas shall be free of access control facilities unless there is a requirement
to restrict access to an area for a specific purpose. This shall be decided on a site-
2.9.2 Food & Beverage / Conference & Banqueting by-site basis. Access control facilities shall be required to restrict access to areas
where activities are limited to authorised staff and guests through hotel residency
Cafés, restaurants, bars and conference/banqueting facilities will present increased or memberships, such as spa/health club/fitness centres, swimming pools, and
risks from fire, harassment, and anti-social behaviour. The security strategy and conference facilities.
design will need to consider these factors. Restaurants will be required to conform
to guidelines issued by AccorHotels in regards to their in-house security systems. External general surveillance cameras shall provide images of the communal areas
Nonetheless, the basic general measures below are likely to feature as minimum between the Hotel perimeter and the buildings themselves. This shall be limited to
requirements of this guide: vehicular and pedestrian access routes unless additional coverage is deemed necessary.
—— Video surveillance to deter/detect petty crime and suspicious behaviour. For general surveillance, fully functional cameras shall be installed in strategic locations
to provide good coverage of all general access routes.
—— Intrusion detection to alert security operator of a breach to retail unit during
closed hours. Areas covered include:
—— Cash / credit card handling procedures. —— Front of house corridors
—— Additional security personnel during conferences/banquets to control access. —— Guest rooms
—— Segregation of users through locking down area/routes to unauthorised persons.

—— Public elevator / lift lobbies Plant rooms, fuel stores, etc. shall also be locked and alarmed when not in use.
All external access points to plant rooms shall be enhanced to the same level as
—— Spa/ Health club/ Fitness centres/ Swimming pools
building access points.
—— Retail facilities
Loading dock access points into the building shall also be enhanced to robust levels
—— Automatic Teller Machines (ATMs)
so that in the event of attack these doors can be secured and locked.
—— Gardens There shall be sufficient “no-entry” signage that warns guests of restricted rooms or
areas within the hotel.
—— Swimming pools
—— Tennis courts Heart of House Areas shall include:
—— Changing rooms —— Heart of House corridors
—— External seating areas —— Service elevator / lift lobbies
—— Business Centre —— Secure rooms

—— Baggage storage
Additional lighting may be required to enable cameras to capture images in dark
areas within the zone of coverage. —— Staff cash rooms
—— Audio Visual (AV) rooms
The layout of communal areas shall be such that it is difficult for unauthorised
personnel to move around or through an area without being observed. —— IT rooms
2.9.4 Protection of Heart of the House Areas
—— Cash counting areas
All access points between staff and public areas shall have access control facilities —— Kitchens
to stop guests from accessing specific areas. This is as much for health and safety
—— Staff rooms
reasons as for security reasons.
—— Fuel tanks
At access points to staff and service areas from public areas, the layout shall be clear
—— Elevator /Lift motor rooms
of obstructions to make it difficult for an unauthorised person to enter a staff or
service area. —— Cabling rooms
The Heart of the House areas will be monitored by video surveillance cameras, with —— Plant rooms
specific coverage of access points to staff and service areas from outside of the —— Laundries
building or from internal public areas.
—— Sewerage
All back office secure areas which handle cash or secure storage areas shall be —— Heating/cooling plant
alarmed with entry points being physically locked and door alarms fitted as well as
movement detectors within the secure area. —— Electricity/Power supply (including generators/transformers)
—— Safety deposit box safe room

2.10 Protecting People & Property PROTECTION OF LEFT LUGGAGE
The hotel must: 10. A luggage storage room should be fitted out near reception to store guests’
—— Guarantee guests that suitable measures to protect them are in place left luggage.
—— Secure the staff changing rooms 11. The structure of the luggage room’s interior walls must be explosion-proof, to
—— Protect its premises against the risks of theft or violent attacks contain the blast from any possible explosion.
12. This room must be kept locked and subject to access control measures,
PROTECTION OBJECTIVES including access card entry.
PROTECTION OF BEDROOMS
13. A video camera is placed inside, and covering the entrance to the room.
1. Guests must be protected against violence and potential thefts in the bedrooms.
PROTECTION OF HOTEL STOREROOMS
2. The lifts and stairways providing access to the hallways where the bedrooms
are located must be subject to access control. Doors and windows providing 14. Rooms containing products which are likely to be stolen (particularly
access to balconies must be lockable from the inside. consumable products, wine and alcohol) must be equipped with card key type
locks and CCTV coverage.
3. Direct access to bedrooms from the outside or via passageways must be
studied on a case-by-case basis. PROTECTION OF STAFF CHANGING ROOMS
4. The door surround for the door providing entry to the bedroom must be able 15. The hotel staff must have individual lockers, closed using a lock or a padlock
to sufficiently withstand any attempt to break in and must feature a lock which are logged in the master key system.
compliant with the “security system standards brand”.
5. The bedrooms are equipped with safes meeting the group’s “safe brands 16. The changing rooms must be equipped with locks or access control systems.
standard”. A disclaimer for valuables must be provided with the safe.
PROTECTION OF GUEST VALUABLES BEDROOMS
6. The bedroom safes are to be solidly attached to the wall or shelf.
7. The safes shall be fire-resistant safes.
8. Safe combinations are to be entered by the Guest.
9. A minimum of 5 double-key safety deposit boxes per 100 guest rooms shall
be provided.

2.10.1 Security Containers 2.10.1.2 Safety Deposit Boxes
Safety Deposit Box rooms provide guests with a secure location to deposit
Security containers are an important part of the security design, as they offer
items that is over and above the standard of the in-room safes. The minimum
staff and guests a secure place to store money, important documents and
requirements for the Safety Deposit Box Rooms are:
valuable items.
—— The room shall be located at the ground floor left, next to lobby but in the back-
2.10.1.1 Guest Room Safes of-house area.
—— The door of the room shall be controlled using an electronic access control system.
Each hotel room must have a battery powered in-room safe with a manual override
system integrally designed-in. It must be secured to the fabric of the room (i.e. —— There shall be sufficient video surveillance coverage of the room entrance and
the masonry wall) and place at a height that is comfortable for guests to use. At a inside the room.
minimum, the safe must be able to accommodate a 432mm/17” laptop computer. It
—— All Safety Deposit Boxes shall be affixed to the fabric of the building (i.e. the wall
must not have any electrical outlets. Minimum requirements of the safe include:
and/or floor).
—— Minimum dimensions 200mm high x 500mm wide x 400mm deep
—— The construction of the walls, ceiling and floor shall be concrete.
—— UL-1037 certified
—— Each box shall be opened with 2 keys (1 key each with guests and duty manager)
—— American with Disabilities Act (ADA) compliant telephone style keypad
—— The protection level shall meet the following standards:
—— 4 or 6-digit guest code
—— EN-1143-1/UL Class TXTL 60 or equivalent for burglary protection
—— LED display for easy user guidance
—— EN-1047-1/NT Fire 017/UL class 350 or equivalent for fire protection
—— Confirmation buzzer to open/close
—— Anti-tamper switch 2.10.1.3 General Safes
—— Outside battery change

General safes shall be used for the safe storage of cash, documents, IT equipment,
—— Override opening through palm top/PDA and in some unique cases, weapons. The minimum standards for the safe shall be:
—— Room shall be located at ground floor or below ground level in the finance office
In each room, a note shall be displayed warning guests against keeping high-
—— Common structural capacity is 400kg/square meter
valuable items in their room, even in the safe of the room. The note must
encourage them to deposit their high-valuable items in the safe of the hotel. —— The room shall be located at the ground floor or below, next to the finance office.
The note must be explicit, written in English and in local language.
—— The door of the room shall be controlled using an electronic access control system.
—— There shall be sufficient video surveillance coverage of the room entrance and
inside the room, and dedicated coverage of the cashier’s safe.

—— The safe shall have both combination and key lock

2.11 Swimming Pool Security
—— The protection level shall meet the following standards:
The swimming pool and children’s pool shall be contained within an enclosed
—— EN-1143-1/UL Class TXTL 60 or equivalent for burglary protection
perimeter to prevent uncontrolled or unauthorised access to the area. The
—— EN-1047-1/NT Fire 017/UL class 350 or equivalent for fire protection perimeter enclosed should comply with local laws and regulations at a minimum,
and there should be suitable control measures for access in and around the pool
General safes will be required in the following locations:
areas, including physical barriers, management systems and supervision. Where
—— General Cashier’s office the swimming pool area has no enclosed perimeter, a risk assessment must be
carried out to identify the most effective way of providing substantially equivalent
—— IT department
protection in lieu of fencing.
—— Finance department
The design shall provide lifeguards/security with general surveillance of the
—— General Manager’s office
swimming pool and children’s pool. Adequate lighting shall be provided during
—— Human Resources office periods of low light to assist with the natural surveillance of the life guards/security
—— Safety & Security Control room personnel. Negative displacement alarms to be provided as part of the swimming
pool design.
2.12 The Safety & Security Control Room (SSCR)

Whenever possible, the Safety & Security Control Room (SSCR) is to be provided. When
legislation allows for this, it’s a good idea to have the security and safety staff working
together in the same room.
The SSCR interface will allow system operators to simultaneously view, monitor and
action the most appropriate fire/anti-intrusion/CCTV system alarms from a single
point of control, monitoring the entire event from a video wall (with data input from
video imagery, lift controllers, emergency routes, audio communications and alerts,
etc.). It should be designed ergonomically to provide a safe and comfortable working
environment. This room will act as the Crisis Control room should an incident occur.

1. The Safety & Security Control Room (SSCR) is required to successfully 5. All safety & security systems will need to be monitored and controlled either local,
coordinate and manage Hotel security operations on day to day basis and centrally or both, by an appropriate number of fully trained staff. This is required
during special situations as an emergency or crisis events. to ensure that alarms can be assessed and verified in the shortest period of time.
This in turn will provide authorized personnel with the maximum amount of time to
respond to the event.
2. At a minimum, the following systems shall be monitored:
a Video Surveillance System
b Access Control System
c Intrusion Detection System 6. Where a Safety & Security Control Room (SSCR) cannot be established a room
must be allocated to house the security control room, which should be subject
d Call for Assistance / Intercom System
to access control, in which the CCTV cameras can be monitored.
e Panic Alarm System
f Vehicle Barrier Controls
g Guard Tour System
h Fire Management System
7. Entry to the control room should also be monitored by video cameras, enabling
i Elevator Management System
a staff member to control access to the room.
j Gas Leak Detection System
k Public Address System
3. The purpose of effective security control room is to reduce the response 8. The proposed layouts will be effective under high and low staffing levels and
time of security personnel to a security incident and to ensure effective ensure that each operator’s workspace does not enter other’s ‘intimate zones’
communication and co-ordination of their deployment or that of law and compliance with ISO 11064 (Control Room Ergonomics).
enforcement officers to critical, real time alarms generated by the
security systems.
9. Storage for the video recordings and other systems equipment should be in
4. Safety & Security Control Room (SSCR) relies heavily on the appropriate a secure Systems Equipment Room; in a separate location from the Safety &
operational configuration of security systems and clearly developed security Security Control Room (SSCR) and only accessible to specially authorised persons.
policies and procedures supporting a clearly defined security and incident
management plan.

2.13 Safe Haven / Room When designing a room to be used as a safe haven, the recommended minimum
attributes are:
A safe haven/room provides immediate refuge for staff in the case of a criminal or —— A hardened solid door (260mm thick), jamb, door hardware, and locks.
terrorist incident at the Hotel. The safe haven/room will be known to staff members,
—— Walls, floor and ceiling to be reinforced or internal erection of modular Safe
and they will be given specific instructions as to what thresholds will be met for Haven/Room in larger room or space (BS EN 1063 Class BR6NS). The walls and
them to be alerted to go to the safe haven/room. ceiling shall not also form part of the building exterior.
—— A duress alarm,
PROTECTION OBJECTIVES —— Either no windows or window hardening,
—— No more than two entry doors

1. The Safe Haven/Room is the last layer of defence against assault by intruders.
—— A means of communication – Cell phones, walkie-talkies, Sat-Phone
2. At a minimum, it shall have six-sided hardening of the floor, ceiling, and walls —— Storage for bottled water
appropriate against forced entry/ballistics resistance standard
—— 1m2 for each person who will occupy the room
3. It shall be strategically positioned taking into considerations boundary —— An internal light source connected to a separate power source
hardening, space allowances, route considerations, communication systems,
and utility needs. —— Toilet facility
4. The time it takes to get into and secure it should be on the order of seconds.
2.14 Protecting the Air and Drinking Water
5. The escape path to the Safe Haven/Room should not cross the expected The establishment’s air and water treatment systems must be protected against the
assault path of an intruder.
risks of attack by chemical or bacteriological pollution.
6. The room should hold the capacity for up to 20 persons.

1. The air inlets for the air treatment systems must be located at a height and
7. During normal operations, the appearance of the room should not be obvious
in a place which is not accessible by climbing, in order to prevent any gas or
that it is a Safe Haven/Room – i.e. meeting room or board room.
contaminants being introduced.
2. The water connection point and other technical facilities where the drinking
8. It shall be fully air conditioned, have internal lighting, and contain CO² monitors
water system is accessible must be equipped with doors or manholes which
and smoke detectors.
are locked shut, by key, at all times.
9. It shall provide up to 8 hours’ independent endurance with no external power 3. The water production sites (desalination, pumping, etc.) or water treatment and
requirement. processing sites must be secured to avoid any risk of pollution.

2.15 Chemical, Biological & Radiological Protection 2.15.1 Background on Chemical, Biological,
Radiological Materials
Chemical, Biological, Radiological (CBR) is a general term that covers three distinct
groups of hazards:
2.15.1.1 Chemical
—— Chemical, Poisoning or injury caused by chemical substances, including ex-
military chemical warfare agents or legitimate but harmful household or Toxic and corrosive chemicals generally affect their victims relatively quickly
industrial chemicals. (minutes or hours later). The options for deliberate attack range from household
chemicals available over the counter, through the use of industrial chemicals such
—— Biological Illnesses caused by the deliberate release of dangerous bacteria,
as cyanide, to chemical warfare agents such as the nerve agent sarin.
viruses or fungi, or biological toxins (e.g. ricin, a natural toxin occurring in plants).
—— Radiological (radioactive) Illness caused by exposure to harmful radioactive 2.15.1.2 Biological

materials contaminating the environment.
Infectious diseases have been used against armies and civilian populations
Terrorists may seek to use chemical, biological or radiological materials in letter
throughout history. In the twentieth century, military biological warfare (BW)
bombs. It is difficult to provide a full list of possible CBR indicators because of
programs have made use of highly purified organisms or toxins in weapon systems.
the diverse nature of the materials. However, some of the more common and
obvious are:
In contrast to toxic chemicals, the effects of biological agents generally take longer
—— Unexpected granular, crystalline or finely powdered material (of any colour to appear: incubation periods of days to weeks are not unusual, though toxins
and usually with the consistency of coffee, sugar or baking powder), loose or generally act much more rapidly. Many of the infectious diseases resulting from
in a container. CBR devices containing finely ground powder or liquid may be biological releases are transmitted readily from person to person. Anthrax is an
hazardous without being opened. exception, and is not spread in this way.
—— Unexpected sticky substances, sprays or vapours.

2.15.1.3 Radiological
—— Unexpected pieces of metal or plastic, such as discs, rods, small sheets
or spheres. Radioactive (radiological) materials are unstable substances that emit potentially
harmful radiation. A radiological dispersal device (RDD), often referred to as a
—— Strange smells, e.g. Garlicky, fishy, fruity, mothballs, peppery, meaty, rotten.
“dirty bomb,” is typically a device where radioactive materials are combined with
If you detect a smell, do not continue sniffing it. However, some CBR materials
conventional explosives.
are odourless and tasteless.
—— Stains or dampness on the packaging. Upon detonation, no nuclear explosion is produced but, depending on the type of
the radioactive source, the surrounding areas become contaminated. As well as
—— Sudden onset of illness or irritation of skin, eyes or nose.
causing a number of casualties from the initial blast, there may well be a longer-
term threat to health.w

2.15.2 Protecting Against Chemical, Biological, 2.16 Securing Funds and Transactions
Radiological Attacks
The hotel must consider the security of those persons handling and possibly
transporting cash. External Cash-In-Transit companies are to be used for the safe
CBR counter measures have not yet been proven in a civil / commercial
collection and transportation of hotel cash and valuables. In extreme cases where
environment and therefore advice shall be obtained from local government sources.
these companies do not operate, staff may be authorised to transport hotel cash and
valuables, however this will be subject to a risk assessment and detailed route planning.
However, there are some basic design measures that shall be considered in the
design of a building to minimise the potential effect of a CBR incident. These are to
Decisions concerning the transportation of cash must be taken based on the
be addressed during the design by the MEP consultant.
location of the hotel, the risk incurred, the total amounts of cash to be collected,
money management, the layout of the buildings and access points, and the
possibility or otherwise of depositing cash with bank branches. Additionally,
depending on the environment, special attention should be paid to:
1. Review the physical security of your air-handling systems, such as restricting —— The security of transactions and of cash registers;
access to intakes and outlets.
—— The security of the safe;
2. Restrict access to water tanks and other key utilities. —— The method used for transporting cash (the company’s own staff, professionals, etc.).
3. Consider whether you need to make special arrangements for mail or parcels,
e.g. a separate post room, possibly with dedicated air-handling, or even a
specialist off-site facility.
SECURING TRANSACTIONS & CASH REGISTERS
4. Limit unauthorized access to building construction drawings, particularly those 1. The transaction points must be designed in line with PCI-DSS requirements
relating to building services. concerning in particular video surveillance for electronic transactions and the
storage of banking data.
5. Secure all building services plant and equipment rooms to prevent
unauthorized access. 2. The cash desk should be housed in a secure draw and contain only a small
amount of cash.
6. Limit unauthorized access to the roof area, particularly if the roof is overlooked.
In general, the roof is the most vulnerable point of entry to the building. SECURING THE SAFE
3. The safe is housed in the manager’s office or in an accountant’s office. This

7. Chemical, Biological, Radiological (CBR) Materials in the Postal / Courier room is usually locked with a key.
Services
4. A safe with a ‘piggy-bank’ slot, with 1 or 2 keys, enables employees to place
cash in the safe without accessing the safe itself.

THE CASH TRANSPORTATION CIRCUIT PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI-DSS) REQUIREMENTS
1. The amount of cash present on-site will vary from hotel to hotel depending on 7. Build & Maintain a secure network
the level of electronic transactions. a) Install and maintain a firewall configuration to protect cardholder data.
b) Do not use vendor-supplied for system passwords and other security parameters.
2. Handling, collection route and deposit in vehicle must be out of public view.
8. Protect cardholders data
a) Protect stored cardholders data
3. A number of basic rules must be observed. The route taken by the b) Encrypt transmission of cardholders data across open, public networks.
“cash carriers” within the building and the rooms accessible to the cash
transportation company should be well-lit and kept clear of all obstacles which
could hinder or present a danger to the security guards transporting the cash. 9. Maintain a Vulnerability Management Program
a) Use and regularly update anti-virus software or programs.
b) Develop and maintain security Systems and applications.
4. The schedule for collection shall be known only to the General Manager.
10. Implement Strong Access Control Measures

5. The exact route, which must be covered by CCTV, will be carefully planned a) Restrict access to cardholders data by business need to know.
out by the cash transportation company, in coordination with the hotel b) Assign a unique ID to each person with computer access.
management. c) Restrict physical access to cardholders data.
11. Regularly Monitor and Test Networks

6. Where possible, dedicated parking, routes, access doors shall be used.
a) Track and monitor all access to network resources and cardholders data.
b) Regularly test security systems and processes
12. Maintain an Information Security Policy

a) Maintain a policy that addresses information for employees and contractors

3. Technical Equipment
3.1 Access Control Should there be any areas where additional security is required, it is possible to
require additional security provisions to validate the credentials of the person
presenting the access card. Validation methods are use of a Personal Identification
The primary objective of Access Control is to mitigate the risk of intruders accessing
Number (PIN), biometrics (such as fingerprint or voice) or by provision of two
restricted/sensitive areas of the Hotel and in particular areas where valuable items
different persons’ access cards (two-man rule).
are stored, which are vulnerable to attack. A secondary objective may be to enable
the Hotel’s Human Resource function’s (HR’s) monitoring of employees’ access
Where access control measures are employed for guests, some of the access points
through offices for performance, disciplinary, and other purposes.
may require communications systems (intercoms) to enable guests to contact
a hotel staff member who can remotely grant them access should they have
The hotel must possess the necessary, fully operational technical equipment for
difficulties with their access cards.
ensuring effective access control over the entrances and exits and to deal with
all risks of intrusion. This equipment must be compatible with the evacuation
This technical access control equipment adds to and reinforces the measures
procedures if a fire alarm sounds and the protection level they provide must be
already taken at the architectural stage, based on the “Building” objectives:
determined based on the risk assessment:
Automatic vehicle gates and pedestrian gates;
—— Access control for the public (the signposting and equipment available to the
—— Retractable bollards;
public must be easily understood and usable by disabled guests);
—— Automatic boom barriers;
—— Special checks carried out on clients and luggage;
—— Height bars;
—— Access control for personnel;
—— Lighting;
—— Access control for deliveries;
—— Control systems (access passes, other proximity devices);
—— Access control for cash transportation companies;
—— Security screening gate;
—— Technical access control.
—— Doors (entrance, double-door entrance, bedrooms, peep-hole, door-chain,
double-locks);
3.1.1 Electronic Access Control System
—— Safe (bedroom, hotel);
Automatic Access Control Systems are used to monitor and control access through —— Windows / Balcony doors;
doorways and provide a method of identifying users in secured areas. As well as
monitoring the movement of persons, systems can be configured to track the —— Intrusion alarm;
movement of assets such as high value items like Audio Visual (AV) equipment or
—— Perimeter Intrusion Detection.
lower value items such as laundry carts.

When access passes, proximity cards or biometric data are used, rules for their —— Doors with readers installed should have automatic, magnetic closing
management need to be defined and strictly applied. Cards, badges and passes mechanisms fitted; be alarmed; and covered by video surveillance for
must not include any markings enabling a third party to work out what they are monitoring. Doors’ mechanisms should be adjusted to shut within a few
used for. seconds after opening so that intruders cannot immediately follow behind
card users (‘tail-gate’) to gain unauthorised access. All doors should have the
An electronic Access Control System shall be installed at the doors of the functionality to automatically unlock and be operated manually in the event of
aforementioned vulnerable areas and zones in order to either physically permit fire or power failure.
access or mitigate the risk of intrusion by personnel through these spaces.
—— The system should have the functionality to record the access activity of readers
and produce statistical reports on usage for analysis and evidence.
3.1.1.2 Access Control Cards
1. The electronic Access Control System (ACS) shall provide credential to
authorised person accessing restricted areas of AccorHotels. Main categories of Access Control cards to be issued. The first category comprises
cards for employees, cards for contractors, and cards for visitors and cards for
2. The Access Control System (ACS) shall be integrated with physical barriers such guests.
as doors, automatic rising barrier, barricade, etc. and remotely operated from
a central control station or via the use of local smart & biometric card readers
—— Employees’ cards should be blank, with the exception of a simple, coded marking
deployed at these locations.
with a number, such as ‘E-001’ for example, in case they are lost. In which case,
potential intruders who find a lost card would not know from whence the card
3. All staff, visitors, guests & contractors within or visiting the Hotel will be originated. For the same reason, contractors’ cards should also be blank, but
provided with security pass/ card/guest room card which will grant access into
also marked with a ‘C’ and a number such as C-001 for example, to differentiate
predefined areas. All critical areas and rooms will be protected by electronic
locking mechanism, and only personnel with right privileges on their cards will them from employees’ cards.
access these secured areas.
—— Cards should be programmed to only permit employees and contractors access
to those zones where they work and no more. Unauthorised cards should initiate
an alarm to a monitor that can consequently be responded to.
3.1.1.1 Minimum System Requirements
At a minimum, the system shall comprise: 3.1.1.3 Guest Room Access
—— A central monitoring station from which the system can be controlled

This part of the hotel should benefit from maximum protection to guarantee the
and monitored.
security of guests and their belongings. Cards, badges and passes must not include
—— Electronic readers (e.g. proximity) installed on the unsecured side of the doors any markings enabling a third party to work out what they are used for.
(i.e. outside) that automatically open and close doors for authorised users.
—— Electronic cards (e.g. proximity), for users to apply at the readers.

—— Access to the floors on which the bedrooms are located

3.1.2 Intrusion Detection Systems (IDS)
—— The lifts for clients and staff must be equipped with a system allowing
access to the various floors using a Radio Frequency Identification (RFID) The aim of the intrusion detection system is to enhance the overall security systems
pass. It must be possible to activate and deactivate this system according to of AccorHotels by detecting any unauthorised intrusions at the earliest stage, and
operational circumstances. transmitting alarm signals back to the security control room.
—— The stairways must also be fitted with access control systems while at the
same time meeting the evacuation requirements for emergency exits. PROTECTION OBJECTIVES
—— The bedroom doors
1. The Intrusion Detection System (IDS) system components ideally shall
—— RFID magnetic locks allowing for access traceability. They must be equipped be continuously monitored for normal, alarms and trouble conditions.
with a spy-hole and a door chain. The Intrusion Detection System (IDS) will indicate deviations from normal
conditions at any location in the system which includes identification of the
—— RFID magnetic locks must be provided by an AccorHotels approved sensor in which protected zone occurred and whether the deviation is a false
preferred supplier. alarm or malfunction.
2. The system shall be interfaced with other sub-security systems such as

Internet Protocol (IP) video surveillance to call-up related cameras placed at the
alarmed zones, and provide video images of the area and define the type of
alarm as opposed sending security patrol to the alarmed area.
3. A combination of different intrusion detection devices can be implemented

throughout AccorHotels including the following:
a) Dual Technology (DT) detectors
b) Door reed switch
c) Duress alarm button
d) Other technologies

3.1.2.1 Doors 3.1.2.3 Perimeter Intrusion Detection System (PIDS)
This feature is vital to the establishment’s security as it immediately detects Depending upon the Security Risk Assessment, a Perimeter Intrusion Detection
whenever a door is opened. This is a vital accessory to accompany the CCTV system. System (PIDS) may be required. There are different technologies available which
The following doors must always be equipped with break contacts: can be used based on the sterile zone applications/ double fence layers and site
conditions. Types of PIDS include:
—— The hotel’s final emergency exits;
—— Video Surveillance Video Motion/ Analytics system
—— Staff entrances;
—— Fibre fence-mounted detection system
—— Delivery entrances;
—— Long-range Passive Infra-red (PIR) detectors
—— Access points for security firms collecting cash;
—— Microwave system
—— Access to service rooms, outdoor enclosures or outdoor technical facilities.
—— Buried fibre detection system
—— The car parks’ emergency exits;
—— Buried leaky co-axial cable
—— The doors to rooms where cash is kept and strong rooms.
The main unit for the intrusion alarm system must be located in the security control
room or in immediate proximity to reception. In all cases, should an alarm be PROTECTION OBJECTIVES
triggered this must be immediately noticeable and make it possible to intervene
1. The Perimeter Intrusion Detection System (PIDS) shall provide early
right away. This equipment and all of its wiring and cables:
detection of intruders attempting to breach the perimeter wall /
—— Must be totally independent of the fire alarm system and the electromagnetic fencing system.
locking systems
2. Upon detection of intruders, the system shall send visual & audible alarm
—— May be combined with CCTV notifications to the operator in the security control room
3.1.2.2 Windows 3. The Perimeter Intrusion Detection System (PIDS) software shall provide
indicate the alarmed zone on graphical site map, to assist the security
The above-mentioned intrusion alarm system may be accompanied by equipment guards to react & response and minimise damage or theft to the site.
designed to detect any abnormal presence on, or attempted entry via the façades:
—— Anti-intrusion seismic detectors 4. The Perimeter Intrusion Detection System (PIDS) can be installed solely or
combined with other sub-security systems such as Internet Protocol (IP)
—— Presence or movement detectors Video Surveillance to provide full & robust protection for the site perimeter
—— Photocells
Barrier detectors using infrared cells

3.1.2.1 Doors 3.1.2.3 Perimeter Intrusion Detection System (PIDS)
This feature is vital to the establishment’s security as it immediately detects Depending upon the Security Risk Assessment, a Perimeter Intrusion Detection
whenever a door is opened. This is a vital accessory to accompany the CCTV system. System (PIDS) may be required. There are different technologies available which
The following doors must always be equipped with break contacts: can be used based on the sterile zone applications/ double fence layers and site
conditions. Types of PIDS include:
—— The hotel’s final emergency exits;
—— Video Surveillance Video Motion/ Analytics system
—— Staff entrances;
—— Fibre fence-mounted detection system
—— Delivery entrances;
—— Long-range Passive Infra-red (PIR) detectors
—— Access points for security firms collecting cash;
—— Microwave system
—— Access to service rooms, outdoor enclosures or outdoor technical facilities.
—— Buried fibre detection system
—— The car parks’ emergency exits;
—— Buried leaky co-axial cable
—— The doors to rooms where cash is kept and strong rooms.
The main unit for the intrusion alarm system must be located in the security control
room or in immediate proximity to reception. In all cases, should an alarm be 3.1.3 Luggage / Guest / Colleague Screening
triggered this must be immediately noticeable and make it possible to intervene
right away. This equipment and all of its wiring and cables: At a minimum, it is recommended that floor boxes with power and data are
designed at the Hotel entry foyers. This should also be included where a dedicated
—— Must be totally independent of the fire alarm system and the electromagnetic
luggage screening room is provided, and at other strategic locations to allow for
locking systems
screening equipment to be installed if required in the future. This ensures that
—— May be combined with CCTV cables area not run across the floor making the area unsightly and dangerous.
Various technologies can be used to detect a wide range of contraband such as
narcotics, weapons, and dangerous goods.
3.1.2.2 Windows
The above-mentioned intrusion alarm system may be accompanied by equipment

designed to detect any abnormal presence on, or attempted entry via the façades:
—— Anti-intrusion seismic detectors
—— Presence or movement detectors
—— Photocells
Barrier detectors using infrared cells

1. The video surveillance system shall be reliable and efficient in solution to

1. The pedestrian screening systems shall provide the hotel with a facility to achieve the operational requirements.
screen all receivables, hand baggage, parcels and other carried items entering
the site. 2. Unless specified by AccorHotels for a particular project, site or location,
Internet Protocol (IP) video surveillance technology should be used ahead of
analogue systems.
2. The handheld metal detector can be used at pedestrian entry points to assist the
security guard swiftly screen people body, and detect any potential hazardous items 3. It shall be capable of detecting, viewing and recording events with very clear,
such as knife, gun, etc. sharp and high resolution images during day and night.
4. Where low light / Day-Night cameras are not used, sufficient external lighting
3. The baggage x-ray machine should ideally be located at the access points of shall be provided to support the CCTV System.
the facility or key buildings within a pedestrian searching area. 5. The security contractor shall be competent and ensure that the requirements
of the cameras, lighting, viewing, recording and remote monitoring are clearly
understood & achievable
4. The Walk-Through Metal Detector (WTMD) should ideally be positioned
adjacent to the x-ray machine, and have the capability to detect hazardous 6. The CCTV System (shall have its own emergency power.
metal objects with high density carried by the person.
7. The system shall meet local laws, international codes & standards.
3.2 Video Surveillance

Through electronic behaviour control, CCTV systems boost the sense of security in
3.2.1 Purpose of Video Surveillance
the establishment and dissuade those tempted to commit malicious acts. As open
The end purpose of this system must be clearly stated by the hotel management. It
establishments where all kinds of guests mingle, AccorHotels may attract persons
is vital to draw up a clear strategy for the deployment of a solution which genuinely
with malicious intent, making the installation of CCTV systems a must in all of the
meets all requirements.
hotel’s public areas. The installation of cameras must always be the subject of a
dedicated study, which can be carried out by the AccorHotels security department
Generally speaking, the following objectives can be put forward:
or by an outside service provider. The video surveillance system shall always comply
with local laws and regulations. 1. Dissuading ill-intentioned individuals
—— Inform guests that the hotel area is covered by a CCTV system, in accordance
with the applicable legislation.
—— At the entrance to the car park, install a camera in a temperature-controlled

housing mounted on a mast, visible by all clients arriving at the car park entrance.

—— At the hotel entrance, install an LCD-type video monitor in the hall, which
should be visible by all clients entering the building.
3.2.2 Baseline Video Surveillance Specifications
—— Only a single camera should be connected to this monitor, providing a wide-
BASELINE SPECIFICATIONS
angle view of everyone coming in.
1. The video surveillance system will include (a) video cameras, (b) computer
—— Install cameras under secured domes indoors, and in temperature-controlled display screens, (c) network video recorders (NVRs), and (d) relevant cabling to
housings outside. enable live viewing by operators and the automated viewing, recording, and
storage of recorded image data.
2. Reassuring clients
2. The video surveillance system cables linking the system’s separate pieces of
—— The presence of a clearly displayed CCTV system is always a reassuring equipment will be concealed and placed in steel pipes to mitigate the risks of damage
security feature for guests. to cables by inclement environmental conditions, feral animals, and criminals.
3. Checking and monitoring sensitive areas 3. The video surveillance system will be linked to sensor and alarm systems so
that when these systems are activated, cameras automatically focus on the
—— Install a camera with a field of view which covers all of the vehicles and the
areas they cover and network video recorders (NVRs) begin to record at a
guests arriving at the car park entrance.
higher quality level (see the following Sensors and Alarms sections of this part).
—— Install a camera with a field of view which covers clients arriving at the hotel’s 4. External cameras will be encased in tamper resistant housings suitable for the
main access points. environment they are deployed in. These shall be fixed securely to walls to
mitigate the risk of damage.
—— Install a camera which covers areas in which safety risks are identified
5. External cameras will have auto-opening lenses to adjust focus so that images
such as the children’s swimming-pool, fitness centre to allow monitoring
can be clearly viewed and recorded in fluctuating light and dark (lux) levels.
and quick response.
6. All cameras will have colour (rather than black and white) functionality, enable
—— Install a video monitor to be placed on the reception desk or a feed to a
clear viewing and recording in the dark, and have sufficiently high resolution to
mobile terminal to enable the receptionist to monitor and control all of the enable clear viewing and recording of peoples’ identities in all conditions.
site’s cameras easily.
7. Cameras should have the functionality to be remotely operated with pan, tilt,
—— Install a video feed to the manager’s office, displaying all of the hotel’s main and zoom to facilitate the remote viewing and recording of designated areas
entrances and reception. in detail by operators if required. Often, this is not possible, however, due to
prohibitive costs and many cameras tend to be fixed. Nevertheless, all and
4. Identifying people especially fixed cameras should be positioned such that they have overlapping
arcs of view to ensure there are no blind spots.
—— When handed over to the police, recordings stored in accordance with the
conditions authorised by the regulations of the country in question can help 8. Network video recorders (NVRs) should be of high resolution and have time-
lapse functionality.
identify the perpetrators of malicious acts.
9. Network video recorders’ (NVRs) recordings will be stored for a minimum of 30
days before deletion/ recording over.
10. L arge, high resolution screens will be available at premises to facilitate the
effective viewing of multiple camera recordings simultaneously.

3.2.3 Placement of Video Surveillance Cameras 11. Car parks & drop off (indoor and outdoor):
a) Entrances and exits (in some cases there may be requirement to enable
At a minimum, video surveillance cameras shall be positioned to observe vulnerable reading of vehicle license plates and person identification)
spaces/areas to enable the unobtrusive identification of people and their behaviour. b) Pan-Tilt-Zoom (PTZ) and fixed cameras in car parking areas
c) A
t pick-up and drop-off points of (in some cases there may be requirement
Equally, cameras are to be positioned so that their view is not obstructed by
to enable reading of vehicle license plates and person identification)
obstacles. The Hotel will aim to meet the following baseline video surveillance
camera coverage requirements:
12. Service delivery loading and unloading areas
BASELINE CAMERA COVERAGE REQUIREMENTS 13. On roof access points
1. All entrances to the hotel to enable person identification.

a) Entry & Exit gates 14. Public areas – including swimming pool and fitness centre
b) Hotel entrance points
c) Back-of House entrance points
15. Routes taken by Cash-in-Transit personnel and vehicles
2. At the entrances to critical and sensitive rooms/areas.
16. O ther specific locations:
3. Pan-Tilt-Zoom (PTZ) and fixed cameras in the main lobby. a) Cash Safes
b) Safety Deposit Boxes
4. Corridors of the Hotel on each floor. c) General Cashier Office
d) Safety & Security Control Room (SSCR)
5. All reception desks to enable person identification and recognition
e) Alcohol stores
6. At the entrance of:
a) Operations rooms
b) Security control and equipment room
c) IT / Communications server rooms
3.2.4 Camera Field of View
d) Other Back of House rooms in the buildings
The Field of View (FoV) for each camera will vary based on the camera type
7. Installation of Pan-Tilt-Zoom (PTZ) and fixed cameras on the perimeter including lens selection, video imaging sensor/chip, mounting height, lighting, etc.
There are several methodologies utilised for identifying functional requirements for
8. Entrances to staircases each camera. One methodology often employed throughout the UK, Europe, and
the Middle East is BSI EN 50132-7:1996, and the Rotakin Standard, as developed by
9. All emergency exits/doors: Viewed from inside and outside
the UK Home Office. This methodology involves the proportionate sizing of a target
10. A ssembly points in case of emergency (person or vehicle) relative to the recorded image or monitor.

Whilst the Rotakin method is still widely used, it was developed during era of 3.2.5.2 Recording
analogue cameras. Since the introduction of Internet Protocol (IP) cameras, this
method is slightly more difficult to use and so the CCTV industry has focused on The data collected by the video surveillance system is recorded on a digital medium
pixel density in the horizontal dimension (refer to BS EN 62676-4) to achieve the and stored in accordance with the following standards. Hotel’s shall also comply
target operational requirement (Identification, Recognition, Detection, Monitoring, with local legislation requirements. This data must be stored in a dedicated area,
Number Plate Recognition). The term “pixel density” refers to the number of pixels away from the security control centre, this storage area being kept locked, with
representing the object of the operational requirement (ie. the human). access reserved strictly for those persons authorised to this effect. As a baseline,
the following recording standards shall be applied:
For use within a field of view classification system, the minimum shall be:
—— Identification - 120% or 250 pixel/m BASELINE RECORDING REQUIREMENTS
—— Recognition - 50% or 125 pixel/m 1. There shall be a minimum 30 days of recording stored.
—— Detection - 10% or 25 pixel/m
2. Recorded direct to a suitable network storage media. Future expansion of
—— Monitoring - 5% or 12 pixel/m recording shall be allowed for.
—— Number Plate Recognition (NPR) view – 120% or 250 pixel/m 3. Capable of simultaneously streaming multiple video compression standards,
In general, the location of each camera will determine the classification applied, and with a maximum video frame-rate of 30 frames per second (fps).
shall be as follows: 4. Video encoding/compression technology – Capable of transmitting video with
H.264 compression, while also simultaneously transmitting MPEG-4 and/or
—— All Main entrances, exits, main/sub emergency exits (at grade) – Identification.
Motion-JPEG images.
—— Reception desk, lift lobbies, etc. – Recognition.
5. Cameras shall be capable of transmitting various frame-rates, allowing for high
—— All lobbies, internal corridors and general surveillance cameras – Detection. frame-rate live viewing, with comprehensive frame-rate images recorded.
—— Pan-Tilt-Zoon (PTZ) cameras at widest lens angle – Monitoring, or greater. 6. A minimum recording frame rate of 6 frames per second (fps) shall be utilised
—— Vehicles’ entries/exits (for number plate recognition) - NP at a resolution of 4CIF-D1.
7. All entrances to buildings shall be recorded at 25 frames per second (fps).

3.2.5 Video Surveillance Operations 8. All video recordings shall be stored for at least 31 days, and sized to allow for a
25% expansion of video data. Network video storage systems shall be scalable,
3.2.5.1 Monitoring allowing for the addition of storage without the need to procure extensive
hardware and software solutions.
Surveillance monitors should be primarily located in the Safety & Security Control
Room, with selected video surveillance feeds directed to the reception, the security 9. The storage system shall utilise a fault-tolerant recording solution that is based
manager’s office and security gatehouses. on RAID 5 architecture or higher.
10. Depending upon each Hotel, a higher frame rate/resolution shall be utilised for
Where the hotel has a security control room and depending on the level of the specific high-security areas, or as identified by AccorHotels as necessary.
threat, a member of the security staff appointed to view the images recorded by the
11. The video recording solution shall be flexible to allow for Operator adjustment
cameras will be present at all times.
to recording quality, allowing up to 25(PAL) or 30(NTSC) frames per second
recording.

3.3 Security Intercom System 3.4 Panic Alarms

Audio and video security intercom systems can improve end user security for guests The panic alarm is designed to immediately alert the SSCR or an immediate distress call,
and staff, with intercoms typically being used: whether that be a call for help (i.e. visitor toilets) or when staff may be under duress (i.e.
cashiers, reception desk, etc). A panic alarm must be provided in the following locations:
—— Main entrances to the Hotel
—— Reception desk
—— Between key entry points and reception lobbies where deemed necessary
—— Guest services desk
—— At vehicular entrance between barrier control points and the reception /
—— Cash handling areas
Safety & Security Control Room (SSCR)
—— Guest safe deposit room
—— In the car parks
—— Security positions (Static)
—— Between delivery area entrances, receiving office and the reception / SSCR
—— Security interview room
—— Kids club
BASELINE RECORDING REQUIREMENTS —— Bar
—— Spa treatment rooms
1. The intercom system shall consist of a powerful and flexible communication
exchange, designed to provide critical communications and serve a wide range —— Saunas & Jacuzzis
of applications.
—— Gymnasiums
2. It shall be used on the integrated communications platform by using Internet —— Swimming pools (adjacent to lifeguard station)
Protocol (IP) technology to the field device successfully addressing the
development requirements. —— Fully accessible guest rooms and toilets
3. The intercom system will be considered part of the Access Control System
(ACS) allowing visitors, and others who do not have ACS cards, to communicate BASELINE RECORDING REQUIREMENTS
with the Security Control Rooms or other locations, an intercom system will be
installed at designated locations such as main access points. 1. The panic alarm system shall be integrated into the SSCR.
2. The panic alarm Graphical User Interface (GUI) shall display the location of the
activated panic alarm.
4. The system shall consist of a master intercom station which will be placed in
the security control room, and handset/slave intercom anticipated to be placed 3. Activated panic alarms shall only be reset from the SSCR GUI.
in the guardhouses and selected offices. 4. The panic alarm system shall be integrated with the CCTV system, so nearest
cameras will be alerted to areas of generated alarms.
5. A full alarm history shall be provided by the panic alarm system.
6. The panic alarm system will shall have ability to incorporate hand held mobile
wireless alarms.

3.5 Guard Tour System 3.8 Inspection & Maintenance

Guard Tour Systems (GTS) assure Hotel management that security patrols are being All technical security equipment should be regularly inspected by trained, qualified,
conducted, and that key/critical locations have been visited by security personnel. and currently certified Security staff/technicians to ensure its effective operation. A
Some form of tag (Bluetooth, Radio Frequency Identification (RFID), QR code, etc.) repair and preventative maintenance program shall be implemented for all technical
will be located each location/route required to be visited, and the security guard security systems, and repairs shall be made promptly to ensure that the installed
patrolling must make contact with the tag to demonstrate that the location/route systems operate as designed in line with the pre-determined requirements of the
has been visited. The system electronically logs the event (tag contact) onto a maintenance contract.
database. It also provides a real-time alert to the Safety & Security Control Room if a
location/route has been missed. For investigation / internal audit purposes, reports
3.9 Technology Inspections
can be produced.
Regular inspections of security technology installed at AccorHotels shall be
3.6 Security Equipment Rooms conducted quarterly and after a security event by the Security manager, or an
appointed individual by them, to ensure that the equipment is functioning, there is
Premises should have dedicated, secure rooms in which to store security the no damage, and international standards and Best Practice continue to be adhered to.
storage and placement of all the security head-end equipment; these shall include
but not be limited to servers, recorders, storage, active network components and
3.10 Information Security
interface equipment and the dedicated security Uninterruptible Power Supply
(UPS). Where possible, this should be physically and logically separated from all
Information Technology (‘IT’) security and the protection of information, specifically
other IT-based systems. It should be a separate room with walls that extend from
intellectual property must be afforded a very high level of security.
floor to ceiling and that are made of thick concrete. It should have a raised floor to
The following three cornerstones of Information Security form the basis of IT &
aid the cooling of equipment. The locks of the doors should be of a secure standard.
Information Security for Hotels:
1. Confidentiality - Ensuring that unauthorised users cannot access systems or

3.7 Procurement of Security Systems data, and that data cannot be passed out of the system in an inappropriate
manner.
Only authorised security technology providers registered with the authorities
should be contracted to supply, install, operate, and maintain security technology. 2. Integrity - Ensuring that the system handles information correctly, without
Unregistered suppliers may be cheaper, but they may also be unreliable and inappropriate or incorrect modification or deletion.
perhaps even criminal. An official procurement policy for Security technology
3. Availability - Ensuring that the system’s facilities, operating within the
should be defined and adhered to for reasons of good business ethics and Best
designated service level agreements, are available as and when required.
Practice. However, this is usually the responsibility of a Procurement function rather
than the Security function. The Hotel IT Manager is responsible for all aspects of IT & Information Security, and
is responsible for the development, implementation and maintenance of the Hotel
Information Security Policy that shall be implemented.

4. Human Action
4.1 Security Management To help them accomplish these tasks, the hotel managers:
—— May involve their security correspondents or the security and safety department;
4.1.1 Security Manager —— May arrange for themselves and their staff to benefit from the training
programmes organised by the AccorHotels Academy;
Key to ensuring that all security countermeasures are implemented and enforced
is having effective security management at the hotel. The Security Manager shall —— May call in outside experts and service providers approved and listed by
ensure that appropriate resources are available to implement and maintain a cost- AccorHotels;
effective security programme. In order to achieve the Security mission, vision, and —— May benefit from access to the group’s security intranet resources and the
objectives with a risk-cost-benefit strategy and programme management tactics, information made available;
the Security operations should be managed and supervised by a designated
—— Are included in the AccorHotels crisis management system.
function that comprises an established structure consisting of a Security
department with designated roles and responsibilities. Accordingly, a Security
department with clearly defined roles & responsibilities should be established. 4.1.1.2 Hotel Security Assessments
4.1.1.1 Responsibilities The hotel managers must perform and submit an annual security assessment for their
establishment. This assessment should enable them to manage and monitor all areas
The hotel managers are responsible for guaranteeing the security of their for improvement and all key benefits of the security system deployed.
establishment, which includes and is not limited to:
It enables the security correspondents and where necessary the security management
—— Assessing the risks of malicious acts;
department to receive alerts and notifications concerning day-to-day management
—— Drawing up a risk prevention plan, if necessary; issues (outside the scope of crisis situations, which are managed based on a special
—— Ensuring that the hotel staff are sufficiently trained; procedure) concerning security and requiring particular support.
—— Handling external relations; An assessment tool shall be used making it possible to quickly and regularly assess
—— Organising the surveillance and monitoring of their staff, with the help of an the extent to which all of the Group’s hotels are suitably equipped and to decide on
outside company if required; the action plan to be implemented.
—— Applying risk prevention procedures and managing incidents as they arise; Each hotel should have an action plan adapted to the risk assessment and updated
—— Ensuring the feedback of any information concerning incidents occurring. periodically depending on the changing nature of the threat.

Around twenty security-related points are included in the quality audit, and these —— Individual rooms
make it possible to assess the extent to which all of the Group’s hotels are
—— Luggage
suitably equipped.
—— Safety & Security Control Room (SSCR) operations
4.1.1.3 Liaison & Key Relationships
Prior to employment, the security personnel, shall be required to undergo a
successful pre-employment background check. Any security personnel whose
The Hotel must continuously track changes in its environment in order to anticipate
duties may require them to operate a motor vehicle shall possess a valid driver’s
risks, to comply with rules and local customs, to be in a position to deal with any
license and have passed a competency test before being allowed to operate Hotel
unexpected events and to benefit from the necessary assistance.
vehicles. It is the responsibility of the Hotel Security Manager to ensure that all
security personnel are provided with the necessary and required training.
The sharing of information with other hotel operators in the region can be
useful when it comes to assessing the nature and status of the threats facing
4.1.2.1 Contracted Security Companies
the establishment.
Contract security guard force companies that are used to supplement manning
The Hotel (Security) Manager should cultivate an ongoing working relationship
requirements for the Hotel shall be properly licensed in accordance with local
with the authorities and public services in the area: Embassy, Consulate, Town Hall,
laws and shall meet all applicable AccorHotels’ contractual requirements. It is the
Police, Fire Brigade, Medical emergencies, Hospital, Ambulances, Electricity, Gas,
responsibility of the Hotel Security Manager to ensure that the contracted guard
etc., in addition to the other hotel operators, not only those of AccorHotels but also
force understand these requirements and adhere to them.
the other hotel chains.
—— Factors to be taken into account when selecting a contract security company:

4.1.2 Security Staff —— The company’s financial health and the good moral standing of its managers;
The Hotel Security Manager shall determine the nature and scope of the security —— The service provider’s reputation and know-how. The recruitment tests and
team’s duties in order to provide adequate protection for personnel and physical methods used by the service provider.
assets. Minimum duties of the security team include:
—— Assessing security guards: Morality, behaviour, interpersonal skills, rotation of
—— Access Control security guards, etc.;
—— Perimeter —— Knowledge in fields such as first aid, firefighting, evacuation, familiarity with
the electronic systems used in the hotel: video, anti-intrusion system, fire
—— Building
alarm, etc.;
—— Searches
—— Checks carried out on the security guards by the company;
—— Site-wide
—— Attire – Uniform;
—— Building
—— Maintaining a log;

—— Equipment – radio link; updated as necessary on an annual basis, or as operational changes demand.
Targeted instructions are written for different staff members according to their
—— Compliance of the job with the labour laws applicable in the country
duties which should be drawn up and distributed or displayed in order that
in question;
each person is fully aware of the checks and activities that he or she should be
—— Insurance – Cover and guarantees required of the surveillance company. performing before the event.
—— Using the services of a surveillance company: The Hotel Security Manager shall prepare and maintain comprehensive Policies,
—— The term “surveillance and security” includes “human surveillance” activities Procedures and Instructions in accordance with the threat level of their Hotel
used by the hotel chains when looking to perform site surveillance to avoid location. These will be displayed at each area where security guards are present,
any malicious acts. and in the Safety & Security Control Room (SSCR). These will include at a minimum
the roles and responsibility of the guard force personnel, the daily duties to be
Hotel managers wishing to use the services of security guards under a permanent performed, and actions for dealing with security incidents.
annual contract are advised to initially draw up a schedule of conditions and
specifications and to invite the surveillance and security firms listed and approved 4.1.3.1 Displaying Useful Information
by the AccorHotels’ Purchasing Department to take part in a tender.
The emergency numbers should be known by staff and permanently displayed in a
The AccorHotels’ security department will provide support with the choice and clearly visible manner in appropriate areas (reception, security stations, manager’s
implementation of such a solution, whether temporary or permanent. office, maintenance area).
4.1.3 Policies, Procedures and Instructions 4.1.3.2 Records
Clear and concise written documentation is the foundation of smooth security The Hotel will maintain security records for auditing and compliance purposes.
operations; this can come in many forms, but is usually packaged as a set of This will include but not be limited to:
policies and/or procedures. These documents and formulate the mission and vision —— Incidents on site;
of a security program, outlining strategic objectives, while defining operational
guidelines for achieving security goals for the branches: —— Updates to polices or procedures;
Policies are often a short leadership document that are intended to have a —— Updates to Risk ratings;
document life-cycle of approximately 3-5 years, updated along with organisational —— Faults in security equipment.
strategic planning, or long term missions. While minor edits to this document can
be undertaken regularly, the intent of the document is to remain stable.
4.1.4 Operating within the Law
Procedures on the other hand are intended to be a living document, strategically
aligned to the security risk management. This document can be framed in many Security personnel must operate within the law and the limitations placed on their
ways, but is typically an event driven document, outlining the required actions to authority by the law in order to ensure Hotel security guard personnel operate
be taken in the event of a security incident. This document should be reviewed and strictly within the boundaries of the law whilst carrying out their duties.

4.1.4.1 Right to Legitimate Defence The safety and security department can help support the implementation of
targeted training activities.
There may be instances where the use of force is reasonably allowed in self-
defence. The use of force must be justified and the security personnel will be held 4.1.5.2 Drills and Exercises
accountable for his consideration of it. Hotel security personnel must at all times
adhere to the local laws in their personal actions. The Security Manager shall implement drills and exercises annually or as applicable
laws or regulations mandate. These programs enable the Security Manager to
In accordance with local laws only, Hotel security personnel have the right to defend identify any related security deficiencies that may need to be addressed. Annual
themselves, or to defend others but this is strictly only applicable when all elements drills and exercises should be documented to include the date, time, type of
of the local laws are met regarding this. These may include the following conditions: drill and/or exercise conducted, participants, duration, recommendations and
lessons learnt.
—— If the security personnel reasonably believe that he personally faces imminent
danger, or other persons face imminent danger;
4.1.6 Staff Recruitment & Vetting
—— If the security personnel do not have time to contact the Police or other local
authorities to repel the imminent danger;
AccorHotels will conduct the screening and vetting of personnel to a degree equal
—— The security personnel have no other choice of protection and is unable to escape; to, or exceeding, industry standards. Personnel may join the company only after
successful completion of the formal process described in the recruitment and
—— The force used is the minimum necessary to resist an attack.
vetting policy. They are also required to be able to pass those same standards
throughout their service with the company or risk disciplinary action, including
4.1.5 Security Training and Awareness the possibility of dismissal, if ever they fall below the standards set.
4.1.5.1 Training
4.2 Safety & Security Control Room Operations
The hotel staff must be able to handle monitoring and surveillance, to manage
The Safety & Security Control Room (SSCR) is a vital part of the Hotel’s overall
security and to deal with the various foreseeable events, acting appropriately in line
security strategy. The SSCR plays a significant role in ensuring that all guests,
with their duties.
staff, contractors, and visitors are safe whilst working / visiting the Hotel. These
responsibilities include:
Periodical or thematic meetings (i.e.: WATCH, Active Shooting), held each quarter for
example, are organised in order to pass on information and instructions and to hear —— Protection of individuals, including guests, staff, contractors, and visitors.
any comments or suggestions from the parties concerned.
—— Protection of Hotel property and buildings, including building perimeters,
entrances and exits, lobbies and corridors, critical assets.
Special meetings are held whenever the threat level justifies the implementation of
a higher and more stringent level of security measures. —— Patrol of perimeters (internal & external), buildings (internal & external),
critical assets.

SSCR acts as the hub for all Security Activities by monitoring the site live, and Video surveillance monitoring will be conducted in a professional, ethical and
provides the necessary support essential to the daily Security Operations. It acts as cultural manner. Personnel involved in monitoring will be appropriately trained and
the link between Security, Safety, Fire, Police, Civil Defence and all Hotel staff in the supervised in the responsible use of this technology.
case of an emergency.
A Code of Ethical Behaviour is to be developed by the Security Manager, and any
It is the first incident reporting and responding centre for all hotel safety and violations of this may result in disciplinary action consistent with the rules and
security related incidents and emergencies; and may act as the Crisis Management regulations governing Hotel staff.
Centre in case of an emergency.
4.3 Access Control Procedures
It provides command and control support for the Security Manager through the
control of the telephone, radio network, security vehicle movement and key control.
4.3.1 Management of Cards, Keys & Locks
4.2.1 Video Surveillance Monitoring 4.3.1.1 Electronic Access Control System
The Hotel should be subject to continuous surveillance day and night to monitor
When keys, access passes, cards, other proximity devices or biometric data are
both the “security” and “fire safety” aspects:
used to control access, rules for their management need to be defined and strictly
1. Continuous, 24-hour-a-day hotel surveillance: applied. Among other things, these rules include:
a) The surveillance should be handled by a security control room or by —— The procedure for attributing cards and passes in addition to the related rights;
reception staff.
—— The frequency and procedure for drawing up an inventory of the cards and passes;
b) If night surveillance is handled by one person alone, this person should be
—— The procedure to be followed if a card or pass is lost or stolen;
equipped with a system connected to a monitoring centre which provides
warnings and information, and if possible to another neighbouring hotel. —— The storage procedure for non-issued cards and passes;
2. Heightened surveillance at times when the threat is greatest: —— The methods for storing the history files for the access control system and the
correct behaviour to be adopted if any abnormal log entries are detected;
a) At times when a threat is present, the hotel should take additional measures,
using an approved security company. —— Room attendant’s electronic keys must be kept under their care and control at all
times and must not be left on the cart or trolley;
b) The hotel management should make staff aware of the procedures for
reporting and managing incidents. An announcement to clients will also be —— The master electronic key must be kept in a secure place when not in use and a
drawn up. log kept of its use;
c) Staff in contact with guests should be highly vigilant concerning any —— Master electronic keys which can operate the deadbolt or override the privacy
suspicious behaviour or attitudes. feature must be restricted to the General Manager and nominated deputies.

4.3.1.2 Mechanical Keys

4.3.2 Guest Access
The mechanical keys will be stored as part of the Master Key System in an Electronic
4.3.2.1 Guest Room Keys
Key Management System (EKMS), as previously mentioned:
—— All of the keys are stored in a secure location; The management of the “keys” and ongoing checks on bedroom doors should
prevent the risk of theft from the clients’ bedrooms. In order to effectively prevent
—— An initial inventory of the keys is drawn up, including the master keys, with the
any thefts from bedrooms which occur without breaking and entering:
names of their users;
—— The procedure for allocating keys to clients should be scrupulously applied;
—— The presence of all keys, including master keys, is checked against the
initial inventory; —— The security procedures during the cleaning of the bedrooms should be
scrupulously applied;
—— The master key must be kept in a secure plaice when not in use and a log kept of
its use; —— The door surround and door lock provide a high degree of security;
—— Master keys which can operate the deadbolt or override the privacy feature must —— Replacement keys must only be issued to persons registered to that room.
be restricted to the General Manager and nominated deputies. Positive identification must be requested and provided;
—— Guest electronic keys must not be programmed with private guest data that is
4.3.1.3 Magnetic Locks not required for the functioning of the lock.
For magnetic locks: 4.3.2.2 Refusing Admission to Undesirable Clients
—— The encoding system for master key cards is stored in a secure location;
The access control measures and video surveillance make it possible to refuse to
—— The key for dismantling the locks is stored in a secure location; open up to certain people but this may not be enough. Turning away clients can
present problems in as far as we must avoid any form of discrimination and in some
—— An initial inventory of the cards is drawn up, including the master key cards, with cases, face aggressive behaviour.
the names of their users;
The presence of all cards, including master key cards, is checked against the initial Staff at reception should act cautiously and should not hesitate to call the manager
inventory. or even the local authorities if necessary.
4.3.2.3 Left Luggage
—— Ensure that the room is always closed;
—— Never leave a client alone in the room;
—— Assign a numbered ticket to each item of luggage, and issue the counterfoil to
its owner.

4.3.2.4 Storerooms —— When the hotel is open to the exterior (a beach or natural environment with
unenclosed grounds), security guards should be deployed, who will observe and
—— Ensure that the room is always closed; identify any suspect behaviour. The staff should be equipped with radios or
other mobile communication equipment adapted to the site layout and
—— Draw up a list of staff authorised to enter the room.
the terrain.
4.3.2.5 Changing Rooms —— When access is directly via the hotel lobby, electronic doors should be used at
times of high tension and above all security guards should be manning these
—— Ensure that the room is always closed; permanently, with the task of identifying any suspect behaviour.
—— If possible, allocate a locker with a padlock to each staff member having access
to the room. 4.3.3.2 Checking Items Left in the Luggage Room
4.3.3 Security Checks —— The luggage room is kept locked;
—— Only luggage and personal items identified by reception are allowed in there, to
The Hotel should not admit clients who clearly present a risk of malicious acts or the exclusion of any others.
whose behaviour may disturb other guests. At times of heightened threats, the
hotel should check all clients and staff. In all cases, deliverymen and outside service 4.3.3.3 Checking Staff
providers should be subject to security checks.
—— All access measures for employees must be unique;
When the threat level requires this, and based on the information available
—— Each employee will have a pass showing his identity and photo;
at that time, the Hotel must immediately introduce appropriate additional
security measures. —— At a time of heightened threats: Employees are checked (identity and bags)
when they arrive for and leave work.
This involves the use of an outside company approved in advance by the hotel,
providing surveillance services and security guards. 4.3.3.4 Checking Service Delivery Personnel
4.3.3.1 Guest Security Checks (Heightened Threat Level) —— Before the delivery, the supplier should provide the hotel with:
—— The registration number of the vehicle;

—— If the hotel is situated in an enclosed area, it is recommended that only a single-
entry point to be open for clients travelling on foot and that this should be —— The scheduled time of arrival;
placed alongside the vehicular access point. A visual inspection may be enough
—— The identity of the delivery staff – their identity papers will be retained while
according to the circumstances although this can be more stringent if the
deliveries are underway and returned to them when they leave;
situation requires it (bag searches, x-rays).
—— The characteristics of the goods being carried.

4.3.3.5 Checking Outside Service Providers There shall be a provision for a back-up communications system in the event of a
major disruption to, or failure of, the primary system.
Any service provider entering the hotel must be accompanied by a member of the
hotel staff, particularly in the technical areas. The security communications system shall be tested on a daily basis and details
of the test shall be recorded in the Daily Report. Any needed repairs shall be
4.3.3.6 Checking Rooms initiated promptly.
Occupied and unoccupied rooms shall be checked every 24 hours.

4.4.2 Satellite Telephones
4.3.3.7 Additional Procedures to Support Security Checks
Satellite telephones are a mandatory requirement for all hotels.
—— Daily staff briefings;

All Hotels are to be equipped with satellite phones when in a remote location or in
—— Additional staff manning the CCTV systems; high environmental or high political risk areas.
—— Checking vehicles (searching the car boot/trunk);

Other hotels are organised in a way they can have easily access to a satellite
—— Checking underneath the vehicles; phone. Hubs may be set up for a limited number of hotels geographically close
to each other.
—— Access control for guests (accepted subject to reservation, identity check);
—— Surveillance of, and security guards in car parks; Satellite phones must be kept in good operating conditions and tested regularly.
Recommendations on material is issued by corporate safety-security department
—— Outdoor security patrols;
and accessible through intranet website.
—— Security patrols inside the hotel.
4.4.3 Guest room Telephones
4.4 Hotel Telecommunications Systems Telephone calls must not be connected to guest rooms without the hotel employee
verifying with the caller the name of the guest registered to the room. There
4.4.1 Hotel Operations Telephones shall be no ability for external telephones to be able to contact the guest room
telephone directly.
Radio links or other dedicated resources for communication between staff make
it possible to enhance the protection of the establishment and of its employees.
These should always be deployed.
Hotel security personnel shall be provided a means of communication to the

primary vehicle entrance gatehouse, the Safety & Security Control Room (SSCR), and
the Security Manager. This shall be using HF/VHF radio, land-line or mobile phone.

4.5 Emergency Management

Only the appendices should be customised by each hotel, when the APACHE
manual is added to the hotel’s reference documentation.
4.5.1 Crisis Management
It is accompanied by response cards dealing with the management of
The key objectives of a crisis management manual are to limit the impact of a major sensitive situations.
crisis by introducing measures and procedures beforehand at a Group-wide level,
such as: In the event of serious malicious acts being committed, the hotel manager must
contact his superiors and his crisis correspondent as quickly as possible by
—— The definition of the alert sequence: informing the local, regional and/or head
telephone to inform them of the situation.
office managers as soon as possible in order that they may analyse the event
and its potential development into a crisis;
If these are unavailable, he must immediately contact the Group’s on-call crisis
—— The identification of the key players and their replacements, who should team on the following number: 0033 6 09 100 200.
contactable and available at all times when a crisis occurs; the definition of a
common methodology for managing the crisis. 4.5.2 Incident Management
——
It’s important plan in advance to ensure that everyone fulfils their respective roles
Security Incidents are defined as events (planned or unplanned) that immediately
correctly at each decision-making level (Group / Brands / Zone / Region / Country
threaten or actually impact the security of the Hotel’s People (including contractors),
/ Site) to be ready to tackle events rather than needing to ask questions about Assets (including information and business continuity), Environment and Reputation.
organisation, procedures and reporting in a high-pressure situation when an
event occurs. 4.5.2.1 Reporting
With this in mind, the table from the “APACHE” crisis management manual has It is important the contact details of the Hotel Safety & Security Control Room
been circulated to the managers of all of the group’s hotels. This document (SSCR) are displayed at all times around the Hotel. This should be clearly displayed
should enable them to identify the crisis cell members for their particular unit (the on all notice boards at security gate houses, inside buildings and offices, etc.
designated individuals and their replacements), to deploy the crisis management
system and to help them best manage any crisis situation with which they may find The Safety & Security Control Room (SSCR) will be the primary point of contact
themselves confronted. during incidents that will coordinate the relevant response.
Two versions of the crisis management manual have been produced, one for the Premises should have designated members of staff ‘On-call’ (contactable by
hotels, the other for the head offices. This provides an organisational and training telephone) out of working hours who can respond within half-an-hour of being
guide in crisis management. contacted by Security.
If necessary, under the control of the hotel head office’s crisis coordinator, it is The home telephone and GSM numbers of designated staff should be submitted to the
possible to add any information or instructions deemed useful to ensuring that the security control room with a clear call out flow chart and defined incidents that should
manual is perfectly adapted to local circumstances. warrant this. This needs to be reviewed and updated monthly to ensure accuracy.

4.5.2.2 Response Cards

4.6 Major Events
The purpose of the response cards is to propose an action plan to deal with various
The group’s hotels are regularly involved in the organisation and hosting of major
sensitive situations. These cards are the fruit of the work and experience of a
events. The security aspects must be taken into account every time.
number of Group employees.
These events are listed on a provisional calendar centrally managed by the security
—— Some examples of security-related response cards:
department in order to be able to support the operational management teams
—— Sexual assault; ahead of the event and where necessary to implement the necessary monitoring
and intelligence-related measures at the head office.
—— Lost child ;
—— Prostitution – pimping; The specific measures related to the event will be assessed and implemented as a
result of preparatory meetings with the organisations concerned (town hall, Olympic
—— The arrest of a client;
Committee, UEFA, etc.). In the absence of a dedicated organisational committee,
—— The arrest of a staff member; the safety department may issue recommendations and instructions aimed at
improving security for clients, staff and establishments.
—— Death of a client / staff member;
—— Armed robbery; Staff must undergo specific awareness building exercises or even training when the
event presents a particular risk (the G7 summit or political summits).
—— Serious accident befalling a client;
—— Attack against the hotel by armed individuals;

4.7 Hosting High Profile Guests (HPG)
—— Discovery of Improvised Explosive Devices (IEDs);
Hosting high profile guests (HPG) may imply dealing with his/her/their security
—— Bomb Threats to Hotel;
guards and adapting partially the hotel organisation to specific requirements.
—— Civil Unrest;
In any case, the hotel security manager or the person in charge of security in the
—— Kidnap;
hotel will organise a security visit of the hotel and share contact details with the
—— Fire; security leader of the high profile guests (HPG).
—— Flood; The Hotel may hire extra-security personnel or provide additional security systems
—— Natural Disaster; (metal detectors, X-ray machines, video surveillance cameras, etc.) in accordance to
compensate technical weaknesses or strengthen access monitoring.
—— Food Safety.
As for major events, the Hotel will work out a clear agenda and identify specific
measures with the security leader of the high profile guests (HPG) to inform
properly its staff.

4.8 Client Assurance 4.8.3 Guest Welfare
4.8.1 Guest Awareness For each occupied guest room that has not been serviced, contact must be made
with the guests at least once daily. If no contact is made with the guest, the guest
rooms must be visually checked.
Clients must be informed of the hotel’s preventive security measures but above all
of the precautions which they themselves must take to protect their property and
to guarantee their security. The information can be passed on verbally by staff at
reception and better still by means of a concise brochure with pictures.
This brochure, which is very useful, can be bundled with the fire safety instructions.
It will be more effective if it is handed to the client and explained to him at the same
time as he receives his key, rather than being left in the bedroom.
The security information chiefly concerns:
—— Items left in vehicles;
—— The use of safes; Information must be provided in the Guest Directory advising
guests of the availability of safety deposit boxes.
—— Locking the bedroom doors from the inside;
—— The precautions to be taken before opening the door to anyone
—— The existence of a CCTV system.
Within the guest room, security information must be provided in a conspicuous

location in the local language of the country and English.
4.8.2 Guest Privacy

The General Manger must ensure that housekeeping lists which include guest
name information are not left on the room attendant carts/trolleys.
Guest room numbers must not be announced or printed on the outside key packet/
envelope or on electronic keys.

WESTERN EUROPE EASTERN EUROPE NORTH AMERICA SOUTH AMERICA MIDDLE EAST & AFRICA ASIA PACIFIC
SECURITY RISK • ISO 31000 Risk • ANSI/ASIS ORM.1- • HB 167:2006

MANAGEMENT Management 2017: Security – Security Risk
Guidelines-2018 and Resilience in Management
• SABRE - Security Organization and • HB 327:2010 –
Assessment and Their Supply Chains Communicating and
Certification for consulting about risk
Buildings & Built • HB 158:2010 –
Infrastructure Assets Delivering assurance
SD 0229: Issue 1.1-2017 based on ISO
31000:2009 Risk
management –
Principles and
guidelines
SECURITY • CPNI - Integrated • Federal Law of 6 • U.S. General Services • Abu Dhabi Urban • ANZCTC -
PRINCIPLES AND Security; A Public March 2006. № 35-FZ Administration Public Planning Council Australia’s Strategy
PLANNING Realm Design Guide “On Combating Buildings Service Safety and Security for Protecting
for Hostile Vehicle Terrorism”. - The Site Security Planning Manual Crowded Places from
Mitigation - Second Design Guide-2007 (SSPM) v1 2013 Terrorism-2017
Edition-2014 • FEMA 430 - Site and • ANZCTC - Hostile
• NaCTSO - Crowded Urban Design for Vehicle Guidelines For
Places Guidance Security-2007 Crowded Places-2017
v1-2017 • Federal Emergency • Guidelines
• RIBA guidance Management Agency for Enhancing
on designing for (FEMA) 426: reference Building Security in
counterterrorism-2010 manual to mitigate Singapore-2018
• Home Office potential terrorist
Protecting Crowded attacks against
Places: Design and buildings
Technical Issues-2014

NETWORK • BS 7807 - Code • ANSI/TIA/EIA-

SECURITY of Practice for the 569-B Commercial
Design, Installation Building Standard for
and Service of Telecommunications
Integrated Systems Pathways & Spaces
• ISO/IEC 27033 • ANSI/TIA/EIA-
Information 568-B.1, B.2 & B.3
technology Commercial Building
– Security techniques Telecommunications
– Network security Cabling Standard and
• ISO/IEC 11801 all addenda.
Information • TIA-942,
Technology – Generic Telecommunications
Cabling for Customer Infrastructure
Premises Standard for Data
Centres
• J-STD-607-A
Commercial Building
Grounding (Earthing)
and Bonding
Requirements for
Telecommunications.
• ANSI/TIA/EIA-
606-A Administration
Standard for the
Telecommunications
Infrastructure of
Commercial Buildings.
• BICSI –
Telecommunications
Distribution Methods
Manual, latest edition.

VIDEO • BS EN 50132-7: 2012 • GOST R 51558-2008 • UFC 4-021-02NF • Abu Dhabi MCC • AS 4806:2008 –
SURVEILLANCE CCTV Surveillance “equipment and Security Engineering Video Surveillance CCTV suite, which
Systems for Use in systems television. Electronic Security Systems Standards includes
Security Applications General technical Systems, with Change 1 V5.0 – 2017 – AS 4806.1:2006
• BS 7958 – Code requirements and test • Dubai SIRA Law 12 – Closed circuit
of Practice for the methods”. • Qatar Law 9 television
Management and • P 78.36.002-99 / • Kuwait Ministry (CCTV)-Management
Operation of CCTV GUVO the Russian of Interior Security – AS 4806.2:2006
• BS 8495 – Code of Interior Ministry, System General – Closed circuit
television (CCTV)-
Practice for Digital “Selection and use Dept. CCTV
Application guidelines
CCTV recording of television video Security Cameras
– AS 4806.3:2006
systems for the control systems” Requirements for the
– Closed circuit
purpose of image Recommendations Critical infrastructures television (CCTV)-PAL
export to be used as • KSA Ministry signal timings
evidence. of Interior CCTV – AS 4806.4:2008
Security Cameras – Closed circuit
Requirements television (CCTV)-
Remote video
ACCESS CONTROL • BS EN 60839-11-1: • GOST R 51241- • UFC 4-021-02NF

SYSTEM 2013 Alarm & Access 2008 “Systems and Security Engineering
control systems Means of access Electronic Security
for use in security control. Classification. Systems, with Change 1
applications General technical
• BS EN 50486:2008: requirements. Test
Equipment for use in methods.”
audio and video door- • P 78.36.005-99 /
entry system GUVO the Russian
Interior Ministry, “The
selection and use
of control systems
and access control”
Recommendation.
• P 78.36.008-
99 / GUVO the
Russian Interior
Ministry, “Design
and installation of
security systems
and intercoms.”
Recommendations.

INTRUSION • BS EN 50131 - Alarm • GOST 50775-95 • UFC 4-021-02NF • AS/NZS 2201

DETECTION Systems – Intrusion “Alarm systems. Security Engineering suite:2008 – Intruder
Systems General Provisions.” Electronic Security alarm systems suite,
• GOST 50776-95 Systems, with Change 1 which includes:
“Alarm systems. Part 1: • AS/NZS 2201.1:2007
General requirements. Intruder alarm
Section 4: Guidance systems—Client’s
on the design, premises–Design,
installation and installation,
maintenance” commissioning and
• RD 78.146-93 / MIA maintenance
of Russia “Instruction • AS 2201.2:2004
on the technical – Intruder alarm
supervision of the systems–Monitoring
execution of design centers
and installation work • AS 2201.3:1991
on the equipment – Intruder alarm
objects by means of systems—Detection
the security alarm devices for internal
system” use
• AS/NZS 2201.5:2008
– Intruder alarm
systems—Alarm
transmission systems

SCREENING • BSI PAS 97:2012 • The International • HB 328:2009 –

Specification for Council on Radiation Mailroom security
Mail Screening and Protection (ICRP),
Security National Council on
• BS IEC 62709:2014: Radiation Protection
Radiation protection (NCRP) and the
instrumentation. Nuclear Regulatory
Security screening of Commission (NRC)
humans. Measuring • NIJ Guide 600-
the imaging 00: Users guide
performance of X-ray for handheld and
systems. walk-through metal
• BS IEC 62463:2010: detectors.
Radiation protection • ASTM E2520 – 07:
instrumentation. Standard Practice
X-ray systems for the for Verifying
screening of persons Minimum Acceptable
for security and the Performance of Trace
carrying of illicit items. Explosive Detectors.
• ASTM E2677 – 14:
Standard Test Method
for Determining
Limits of Detection
in Explosive Trace
Detectors.

PHYSICAL • BS EN 1300:2013 • RD 78.36.003- • UL 687—Burglary- • AS 4145.2:2008

SECURITY Secure Storage 2002 / MIA of Russia resistant safes – Locksets and
Units. Classification “Engineering and • CSIR Salt Spray hardware for doors
for High Security technical strength. Tested 980289, and windows -
Locks according to Technical means 050036, 050056, Mechanical locksets
their resistance to of protection. T09998 for doors and
unauthorized opening Requirements and • SABS Wire Senility windows in buildings
• EN 14450—Secure design standards Test 2536/YM139 • AS 1725:2003 –
storage units. for the protection of • Heavy Industrial Chain-link fabric
Requirements, objects from fence frame work security fencing and
classifications and criminal attacks” ASTM F1043 groups gates
methods of test for • AS/NZS 3809:1998 –
resistance to burglary. Safes and
Secure safe cabinets strong rooms
• LPS 1175 Loss
Prevention Standards
Issue 7.3
• BS1722—12:2006
Fences – Specification
for steel palisade
fences
• BS1722–14:2006
Fences—Specification
for open mesh steel
panel fences
• BS EN1154:1997
Building hardware
– Controlled door
closing devices.
Requirements and
test methods

HOSTILE VEHICLE • PAS 68:2013 – Impact • UFC 4-022-

MITIGATION Testing Specification 02 Selection and
for Vehicle Security Application of Vehicle
Barriers Barriers-2009
• PAS 69:2013 – • ASTM F2656,
Guidance for the Standard Test Method
selection, installation for Vehicle Crash
and use of vehicle Testing of Perimeter
security barrier Barriers
systems • DoS SD-STD-02.01,
• IWA 14-1:2013 Vehicle Vehicle Crash Testing
security barriers -- of Perimeter Barriers
Part 1: Performance and Gates. Barriers
requirement, vehicle
impact test method
and performance
rating
BLAST AND • BS/EN 1063 Glass • NIJ Standard

BALLISTICS in building. Security 0108.01 Ballistic
glazing. Resistant Protective
• ISO/FDIS 16933 Materials-1985
“Glass in Buildings – • UL 752 Standard
Explosion resistant for Bullet-Resisting
security glazing Equipment
• UFC 3-304-
02 Structures to
resist the effects of
accidental explosions
• UFC 4-023-03
Design of Buildings
to Resist Progressive
Collapse with Change
1
• UFC 4-023-07
Design to Resist
Direct Fire Weapons
Effects

ACCESSIBILITY • UN CRPD – Article 9 UN CRPD – Article 9 • American with • Disability (Access to

Accessibility Accessibility Disabilities Act - 2010 Premises – Buildings)
• European ADA Standards for Standards 2010
Accessibility Act 2017 Accessible Design
• UK Disability
Discrimination Act 1995
FIRE PROTECTION • BS 9999:2017 Fire • RD 25.952-90 / MIA • NFPA 101 Life

safety in the design, of Russia “Automatic Safety Code 2012
management and use sprinkler, fire, security edition, National Fire
of buildings – Code and fire alarm Protection Association
of practice. systems.”
• RD 78.145-93 / MIA of
Russia “systems and
systems security, fire
and burglar and fire
alarm systems. Rules
of production and
acceptance of work.”
• P 78.36.007-99 /
GUVO the Russian
Interior Ministry, “The
selection and use
of fire and security
alarm systems and
means of technical
strength for the
equipment objects.”
Recommendations.
CHEMICAL, • UFC 4-024-01 • ANZCTC - Chemical

BIOLOGICAL, Security Engineering: Weapon Guidelines
RADIOLOGICAL Procedures for for Crowded
(CBR) Designing Airborne Places-2017
Chemical, Biological,
and Radiological
Protection for
Buildings

031 Security Standards - Jun-19

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

031 Security Standards - Jun-19

Uploaded by

Copyright:

Available Formats

Security Standards

GSA General Services Administration NGO Non-Government Organisations

2 Accor Technical Document | Version 0 | June 2019

3 Accor Technical Document | Version 0 | June 2019

4 Accor Technical Document | Version 0 | June 2019

1.7 Security Risk Management ENVIRONMENT

5 Accor Technical Document | Version 0 | June 2019

6 Accor Technical Document | Version 0 | June 2019

—— The siting of head offices and establishments – Analysis of the

7 Accor Technical Document | Version 0 | June 2019

—— T = Technical Equipment This concerns additional technical equipment (video

8 Accor Technical Document | Version 0 | June 2019

—— H = Human Action Regardless of the quality of the construction and equipment,

1.9 Security Planning & Design Zone Definition Security measures

9 Accor Technical Document | Version 0 | June 2019

AACS Automatic Access Control System

SEMI SEMI- KAC Key Access Control

CCTV, Burglar Resistance class as defined in Security Standard

The experienced burglar uses in addition saws, hammers, axe,

The experienced burglar uses in addition powerful electric tools,

10 Accor Technical Document | Version 0 | June 2019

1.9.3 Focus of Security Design Security Focus Areas for Consideration

Food and • Restaurants

11 Accor Technical Document | Version 0 | June 2019

1.9.4 Security Systems 1.9.5 Coordination of Security with Other

12 Accor Technical Document | Version 0 | June 2019

Restrict number of ingress points from public realm

Utilised laminated glazing and rigid glazing

Mitigate events of disproportionate

13 Accor Technical Document | Version 0 | June 2019

1.10 AccorHotels’ “Security” Intranet Resources

The department’s intranet site makes it possible to access security information

The APACHE crisis management system is also online and includes:

1. The Crisis Management manual

2. The emergency response cards

3. The warning cascade diagram

4. The contact details for global crisis management, accessible 24/7

The additional management resources made available to the group’s network

14 Accor Technical Document | Version 0 | June 2019

2. Building PROTECTION OBJECTIVES

1. The wall / fencing system should be deployed to prevent criminal activities,

15 Accor Technical Document | Version 0 | June 2019

16 Accor Technical Document | Version 0 | June 2019

PROTECTION OBJECTIVES PROTECTION OBJECTIVES

10. The systems should be capable of being manually unlocked.

17 Accor Technical Document | Version 0 | June 2019

Pedestrian Entrances & Exits

18 Accor Technical Document | Version 0 | June 2019

2.3 Security by Design 2.3.2 Landscaping & Urban Design

19 Accor Technical Document | Version 0 | June 2019

2.3.4 Adaptability PROTECTION OBJECTIVES

—— Internal partition doors to segregate people and rooms to restrict access to

20 Accor Technical Document | Version 0 | June 2019

Areas Recommended Average Lux 2.5 Signage

Service/Loading Area 100 —— Emergency contact

Emergency Assembly Areas 50

—— Intrusion by ill-intentioned persons (planning violent actions, assaults, or

Securing the site requires measures adapted to each type of hotel:

—— A hotel built in a fenced area

—— A leisure hotel, which is totally open and sometimes located on a seafront.

—— Street-side hotel building

The security plan must be drawn up in coherence with a dedicated security

21 Accor Technical Document | Version 0 | June 2019