Warm welcome at church entrance

Building a Safer Environment

Jeff KearnanChurch Security

Essential Planning Steps for Public-Facing Organizations

Public-facing organizations carry an inherent responsibility for the safety of every person who walks through their doors. Whether the setting is a retail storefront, a community nonprofit, a clinic, a school, or a house of worship, patrons rightfully expect that leadership has taken reasonable steps to identify hazards, plan for emergencies, and prepare staff to act when seconds matter.

A credible safety and security program is not built on equipment or signage alone. It is built through a deliberate planning process that aligns governance, mission, policy, training, and documentation. The steps below outline the essential foundation every public-facing organization should establish in order to demonstrate due diligence and provide a genuinely safer environment for the patrons it serves.

Warm welcome at church entrance

1. Build a Mission-Driven (or Ministry-Driven) Volunteer Program

For most public-facing organizations, paid security personnel are not feasible across every operating hour, location, or program. A trained volunteer team, recruited and developed in alignment with the organization’s mission, fills that gap with people who already know the culture, the patrons, and the values of the organization.

In a faith-based setting, this is often called a safety ministry. In a secular organization, it functions as a service team or safety committee. Either way, the program should be deliberately built to support mission and culture, not to operate adjacent to them.

A mission-driven program offers several advantages. Volunteers chosen from within the community are easier to vet for character, attendance, and judgment. They view safety as a service to the people they already serve. Their visible, calm presence reinforces the welcoming environment that public-facing organizations rely on, and their training prepares them to act decisively when something goes wrong.

Faith-based note: Houses of worship should consider how the safety ministry reflects the congregation’s theology of hospitality, sanctuary, and the protection of the vulnerable. Aligning the program to scripture and mission helps build congregational support and volunteer commitment.

2. Establish Governing Board Oversight, Accountability, and Policy Adoption

Safety and security are governance functions, not afterthoughts. The board of directors, vestry, council, or other governing body holds the legal duty of care for the organization. It is the body that adopts policy, sets risk tolerance, and confirms that resources are aligned with the safety strategy.

Boards should formally adopt the safety plan, document that adoption in board minutes, and review the plan on a defined cadence. Annual review is typical, with interim updates after any significant incident, change in operations, or change in regulation. Board oversight is also the mechanism through which leadership demonstrates that the safety program is more than the personal initiative of a single staff member or volunteer.

Insurance carriers, regulators, and plaintiffs’ counsel all look first at governance. A board that has read, questioned, and adopted the plan is a board exercising its fiduciary responsibility. A board that has not is a board exposed to claims of negligent oversight.

3. Conduct a Formal Risk Assessment

Every safety plan should rest on a formal, documented risk assessment. The assessment identifies the hazards and threats reasonably foreseeable for the organization’s location, population, operating hours, and activities, and it surfaces the vulnerabilities and operational realities that shape how the organization can respond.

A useful risk assessment examines, at a minimum:

  • Physical security of the facility, including entry points, sightlines, lighting, locks, alarms, and cameras
  • Medical emergencies and the population most likely to experience them
  • Fire, severe weather, and other natural hazards
  • Active threat scenarios, including domestic disputes, disgruntled individuals, and targeted violence
  • Cyber and information security risks tied to operations
  • Special events, large gatherings, and high-traffic periods
  • Operational realities such as staffing levels, volunteer availability, and local first responder response times

The output of the assessment should be a written report that drives the rest of the planning process. Without it, policies and training have no defensible foundation.

Faith-based note: Houses of worship should review free planning resources made available by the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency for faith-based organizations, and incorporate findings from those resources into the local risk assessment.

4. Add Safety and Security as a Standing Agenda Item

Boards govern through their agendas. When safety and security appear only when something has gone wrong, the program drifts. Adding safety and security as a standing item on every board meeting agenda ensures that:

  • Incidents and near-misses are reviewed in a timely manner
  • Training status, drill outcomes, and policy updates are visible to leadership
  • Resource and budget needs are surfaced consistently
  • Documentation of board attention is created month over month, providing a clear record of governance

This single procedural change is one of the most cost-effective improvements an organization can make to its safety posture.

5. Develop Role-Specific Policies and Procedures

A plan that everyone owns is a plan that no one owns. Policies and procedures should be written for each specific role inside the organization, including senior leadership, facility staff, ushers or greeters, hospitality teams, childcare or youth workers, medical responders, and the safety or security team itself.

Each role’s documentation should clearly define:

  • Responsibilities: what this role is expected to do during normal operations and during defined emergencies
  • Authority: what decisions this role is empowered to make without escalation, and what must be escalated
  • Limitations: what this role must not do, including any restrictions on use of force, medical intervention, weapons handling, or interaction with law enforcement

Defining authority and limitations with the same care given to responsibilities is what protects both patrons and personnel from the predictable failures that occur when roles are unclear under stress.

6. Provide Training That Directly Supports the Policies

Training should never be generic. It should be designed to teach the specific actions and decisions that the organization’s policies require. If the policy says ushers will direct patrons to a designated rally point during a fire alarm, the training must walk ushers through that route, that decision tree, and the handoff to first responders.

Effective programs typically combine:

  • Foundational orientation for every staff member and volunteer
  • Role-specific training keyed to each policy
  • Scenario-based exercises and tabletop drills
  • Periodic refreshers, with frequency determined by risk and personnel turnover

Training also must keep pace with policy. When a policy is updated, the corresponding training is updated and re-delivered. Otherwise, the organization is operating two plans: the one that is written and the one that is practiced.

7. Document All Training for Legal Discovery, Audit, and Insurance Review

Training that is not documented effectively did not happen. Records should be kept in a manner that withstands scrutiny from courts, auditors, and insurance carriers. A defensible training record typically includes:

  • Date, time, and location of the training session
  • Topic, learning objectives, and the curriculum or lesson plan used
  • Name and credentials of the instructor
  • Roster of attendees with signatures or verified electronic acknowledgment
  • Any assessment results, certifications issued, or competencies demonstrated
  • Materials distributed and the version of the policy referenced

These records should be retained according to a written retention schedule and stored in a secure, accessible system. In litigation, the absence of documentation is often more damaging than any single error in execution.

8. Vet the Draft Plan Through Stakeholders

Before adoption, the draft plan should be circulated to and reviewed by every party whose participation matters when the plan is activated. This vetting process strengthens the plan, builds buy-in, and exposes assumptions that look reasonable on paper but fail in practice.

Recommended reviewers include:

  • The governing board, and any safety or risk committee it has designated
  • Senior staff and program leaders
  • Key volunteer leaders, including the head of the safety team
  • The organization’s insurance carrier or risk advisor
  • Local first responders, including police, fire, and emergency medical services
  • Legal counsel
  • Any landlord, property manager, or co-tenant whose operations are affected

First responder review is particularly valuable. Local agencies can confirm response times, identify staging considerations, and catch incompatibilities between the plan and how those agencies actually operate.

9. Promulgate, Adopt, and Implement the Final Plan

The final step closes the loop. After incorporating feedback from the vetting cycle, the plan is formally adopted by the governing board and then promulgated across the organization through:

  • Written communication to all staff and volunteers
  • A signed acknowledgment from each person assigned a role under the plan
  • Posted summaries, evacuation maps, and quick-reference cards where appropriate
  • Integration of plan elements into onboarding, recurring training, and drill schedules
  • A defined review cycle and a named owner accountable for keeping the plan current

Implementation is not a single event. It is the ongoing discipline of teaching, drilling, updating, and documenting that turns a written plan into an organizational capability.

Closing

Safety and security planning is not a product an organization can purchase. It is a process leadership must own. Done well, it protects patrons, supports the mission, satisfies the duty of care, and demonstrates the kind of professionalism that insurers, regulators, and the communities served all expect.

Kearnan Consulting Group, LLC and Church Security Solutions partner with public-facing organizations and houses of worship through every phase of this process, from initial risk assessment through final adoption and ongoing program management.

Published by Kearnan Consulting Group, LLC in collaboration with Church Security Solutions.