Category Archives: Church Security

My Church Security – Incident Management / Incident Response

MyChurchSecurity.comIncident Management

The another common starting point of designing and implementing a security department or fraud department is to setup a quick and SIMPLE incident command structure.  Let’s face it, there are too many stories where a incident happens the day after you read this. There is a JPEG version, Mac TouchDraw version of the file and How-To Video.  As I get feedback on the template/checklist, I will be updating it.  May hope is it is SIMPLE and should take no more then a hour or 2 to customize to your organization.

The core use of the template is help your organization/team(s) to establish a usage and SIMPLE incident command structure and basic things for each role to play that can be referenced easily (laminate it).  This is like an evacuation map that you hang on the wall but is needed/used by the people that would be involved in responding to an incident.  This template can be used for a wide variety of incidents, some incident types may have less boxes than others.

The big mistake I hear about in churches/NGOs is the have a “incident procedures/protocols” in a notebook in Pastor Billy Bob’s office.  Problem is….at the start and during an incident, nobody can find Pastor Billy Bob and the key to his office.  This template is NOT a replacement for the book procedures/protocols and training!!  It is SIMPLY DESIGNED to be a fast, avaiable reference.

The basic flow is that Authority and Command & Control moves from left-to-right, top-to-bottom (thus the arrows).  The boxes at the top is a SAMPLE of people/titles/roles that would be your primary command and control people (example: operationally, media, pastorally, etc.). The three rows of boxes at the bottom are EXAMPLE groups/roles/titles of TRAINED people that would be performing a specific and/or small number of duties upon initial notification (row 1), during the incident (row 2), and after the incident (row 3).  Again, you may not have as many rows or columns in your version, but start somewhere.  Even if you draw it on a flip chart or white board to start.  The important thing is the arrows and meaning behind the arrows.

My Church Security – Church Leaders at a Fraud Conference?

I know, not exactly in the “how to design” category but it got me thinking. I have the privilege of attending the Association of Certified Fraud Examiners 25th Annual Fraud Conference next week (2014….ok and in 2015 also) to catch up on some training, new techniques, and interact with some amazing peers. On a sad note, for the ones that are familiar with the ACFE, I understand this will be Dr. Wells’ last conference. His impact on the world and my career is immeasurable. But back to the question, yes, churches should, at a minimum, have wisdom and knowledge of fraud, why because the probability, vulnerability of fraud being committed at your church….is greater then zero, sometimes already happened/happening or is about to. I’m not saying that the senior pastor should attend the conference, but someone in the church leadership / board / or executive pastor-type of role should consider it. If they are unable to attend, they should check out the many (free) webinars that the ACFE has on their site. I have been involved in actual responding to fraud and have identified countless fraud vulnerabilities in churches, it is an important aspect of your overall security plan. Be Blessed.

My Church Security – Why Am I Doing This?

Why Now? Why Am I Doing This Site?

All my wisdom and knowledge came by the grace of my Lord Jesus.  First there is a great need to reform our industry, stop training security and fraud professionals to be unknowingly deceptive, and I think this whole security thing is easy and fun.  It’s kind of like those interesting and talented magicians that “expose” how tricks are done.  Over the years, I have had the honor to visit so many organizations that need SIMPLE help.  Recently I have had the humble honor to get requests from a few church and para-church organizations and I thought I could provide them some ideas and tools they can use immediately without growing frustrated with lay people wanting to make major complex structures.  Oh, and some of this, I just have to get off my chest, its so frustrating sometimes….hehe.  Seriously, my summary goal is to provide simple ideas to people who are in the process of designing/implementing a church security or church safety or church fraud department or churches that have been doing it for 30 years and just need some fresh ideas. I hope you are blessed by the content.

My Church Security – Church Security vs. Church Safety

MCS_Logo_wText_288Church Security vs. Church Safety


One of the most common questions / observations I get from churches just (re)starting their security activities is whether they need a SAFETY program/team/department/policy or a SECURITY program/team/department/policy.  So there are a number of factors to consider when creating BOTH, yes both.

First let’s focus on three basic definitions that I will stick to throughout my blogging, podcasting, speaking, teaching journey:

  • SECURITY – The detection of, prevention of, and response to a crime.
  • SAFETY – The detection of, prevention of, response to an accident.  I call this the “spilled milk” areas
  • SAFE – A level of assurance that a human has related to not being a victim of crime or accident.

So an organization needs to have both a CHURCH SECURITY and CHURCH SAFETY program to increase the level of assurance called “SAFE”.  I am NOT a safety expert though I have a tendancy to spot safety issues when I am doing security.  I don’t have safety checklists, safety policy, safety training, like those that might come from fire departments or OSHA or safety professionals that may be part of your organization.

The main concern that I hear about consistently, is churches don’t want to use the term “security” because of they are concerned that their audience, customer, clients, congregations will question the need for “security”, guns, guards, cameras, etc.  When in reality security is so much more and it helps them be SAFE. Churches also don’t want their security team to think they are law enforcement with authority to do anything and thus think not calling a security team will solve this.  It won’t.

My main concerns are people getting confused about their role and legal aspects.

I was discussing this topic with a church and convinced them that the way they were communicating to the team and other parties was actually deceptive.  Also legally, at least in the state of Texas, there are strict laws and regulations of people PERFORMING THE ROLE of security, REGARDLESS of what they are called or labelled.

Now I am not going to be upset, if a church has a great and robust security program and labels it (document, website, badge, etc. as  “[church name] Safety Team/Program/Policy”.  As long as EVERYONE knows their ROLE/PURPOSE is security per the definition above.  That doesn’t mean they can’t also identify true safety issues, but those issues should be turned over to facilities or other operational teams so as to not distract the security team from their primary security role.

I’m not trying to be technical, just want you to clearly understand where I stand on this topic and how you should communicate and operate.

I will do everything I can to be consistent in these definitions and I hope you will consider these thoughts in your communications. But don’t be surprise if you comment or ask for help with your “safety program” and I ask for clarification.


Be Simply Secure, Simply Designed, Simply Fun in your church security program




My Church Security – If I Had to Start Somewhere….

The Kiddos, please, The Kiddos.

That’s right, not evacuation, not shelter in place, not active shooter, its about the kiddos.  Everything in security at a church is important, but it is not all equally important nor can you do it all, so if you had to start from zero and you haven’t had any significant threats, I recommend you starts with the kids.


High trust, high vulnerability, amazing, and many times untrained (in security response) volunteers..

A number of ideas, in no particular order:

* Background Checks for workers and volunteers

* Mandatory Awareness Training like MinistrySafe

* Mandatory Response Training (shelter, evac, medical)

* Recommended Training (cpr, aed)

* Panic buttons

* “Blue Lights”

* Computerized Check In Systems (w/photo of mom/dad and kid)

* Parental Alert “system” (pagers, text messaging, notice on overhead screens)

* Man trap or in-service door lock downs

* Mandatory drills

* Special Needs Kid awareness

Remember the childrens workers are gifted with KIDS not SECURITY, and “equipping” them doesn’t mean you try to make them security people, that’s not what God gifted, called, or sent them to be.

My Church Security – Security Team Skill Set

Now this probably is more helpful for larger organizations or even corporations vs. potentially alot of my audience, but hopefully give you all something to think about. . I did a little security department design daydreaming today and thought about the question, “Jim, if you had the chance to hire a new person to your security department or are starting from scratch (not talking about zero-based staffing), what skill set would you hire?”

Now the easy answer is, a security person or that missing (technical) skill, but in my years of experience I have rarely had the chance to stop and think about this but I would do it this way now.

I remember a VP of Security and I walking down downtown Tampa’s Franklin Street Mall one day when I was with a small business unit and she asked me, “Jim, what skills set is missing from my organization?”, and at the time, I quickly said “dedicated software development resources”.  Now I focused on not security people that are software developers, but actual dedicated software developers to develop tools for the security people. Big difference.  Security people with software development skills are good security people, but which skill set will be utilized the most?  The security side.  The software development side of them is part of the wisdom / knowledge their would use in their security role.  I have been coding since I started in the technology industry from BASIC to Shell Scripting to a little C to ol’ dBase to some SQL and have a ton of respect for developers, but I only do development with I need to fix a short term problem, far from my primary skill.

So I clean the slate of my imaginary security org chart and started over.  So do I get 3 people or 20 people?  Do I get FTEs?, only employees?, can I outsource? Or let’s assume I have all the security skills (different than capacity) I need…..

How about a Marketing / Sales person for designing those ROI Presos to the execs?

How about a data scientist / DBA data model design work?

How about a analytics / BI person (shameless plug for Tableau) for visualization and dashboard DESIGN help?

How about a finance person for business cases?

How about a software developer for widget tool development?

How about a web / WordPress designer?

How about a project manager (PMP-like)?

How about a training developer for security awareness development and team training management?

How about a customer satisfaction survey / NPS expert?

Now remember, I am going to have to get someone else to help do the interviews outside my staff.

I could go on, but you see my point, sometimes I think, if I had only three headcount and only hired 1 security person and 2 people with the above skillsets, I could “justify” more security people faster.  The alternative is going to the people in the overall organization (e.g. marketing department) and ask/partner/beg for these skills to help you?  Insource to your own organization or tack onto an existing supplier contract.  You may even find there is extra resources on a supplier contract for the skills that wouldn’t cost you anything.

Something to ponder on your next headcount increase or attrition opportunity or even initial design.

For my church audience that has no security skills but want to hire that first one, I will address that in a future post, very specifically.

What skillset would you want next? Post a comment

Be blessed and remember, its all about Simply Secure, Simply Designed, Simply Fun


My Church Security – Security Incident, Help!

Jim, I’m enjoying the blog and other content, but your not going to believe this, we were just starting to implement some security capabilities and we had / have an security incident aka “situation” aka “crisis”. Help quick, please.  As Dave Ramsey says all the time related to his Baby Steps, let’s put the structured design work “on pause”.  Here are some very basic steps to consider, knowing that EVERY “incident” will be different and flow in a different order.


Note: This IS NOT meant to be followed during a life-safety emergency like a active shooter, fire, etc.  Step 1. Call 911, Step 2. Follow 911’s / Law Enforcement’s direction, Step 3. Get everyone safely to safety. Step n….

This is also NOT meant to deal with little Johnny’s boo-boo bandaid “incident”…Step 1. Get (King David) bandaid, Step 2. Implement said bandaid. Step 3. Hug Johnnie, Step 4. Call parent if Johnnie “need my mommy”


1. Personally pray for guidance, wisdom, knowledge, peace, and for both the victim(s) and the suspect(s) and your path.

2. Develop a way to control the flow and documentation of information about the incident to the absolute need to know.  Now I am NOT suggesting any cover-up but I also do NOT believe is “total transparency”, at least not at this stage.

3. Bring together wise council, this may or may not be your board, and have each person ”rate” the level of incident on a scale of say 1-5. So you make sure people are not over or under reacting.

4. Assuming your (apotoslic) elder/deacon board is not a victim or suspect, bring them together, preferably at an offsite location to discuss next steps.  The initial critical pieces to consider: A. When to bring in outside professionals. B. Who/How do we respond to the traditional media AND SOCIAL MEDIA C. Who/How do we respond to staff, congregation, public D. Who/How will we control documentation E. Is there a need for our legal and CPA to be involved? F. – Z.

5. Has a crime been commited or is there a suspision that a crime has been committed?  I pretty strong here, call local or federal law enforcement.  Talk to them about confidentiality and communications.

6. If the security incident is confrontational in nature, determine the best way to physically AND electronically separate all parties involved.

7. Key step and assuming a crime hasn’t been comitted, if you do not have QUALIFIED, perferrably CERTIFIED, and where required by law, LICENSED security investigator and if needed, crisis management expert, get/hire ONE asap.

8. Follow the person(s)’ in step 7 direction, don’t be afraid to ask questions or challenge them, especially if they don’t understand your church’s makeup and CULTURE.

9. Keep praying, keep documenting, keep confidential, keep protecting the victims and suspects until the TRUTH comes out.

10. Upon “closure”, be transparent to your congregation AND the public (is there a difference?) to a degree that is biblical, wise, full of accountability, absolute integrity, and grace.

The #1 cause of security incidents “getting out of hand” is not following step 7 above, this isn’t about hiring me, this is about the disasters I have seen for the DIY incident / crisis / investigation management I have seen over and over.

Now, as mentioned these are BASIC steps and in future discussions we will dive deeper, not only in handling different types of security incidents (Our 2nd or 3rd episode of our podcast will cover one in detail) but also deeper dive in these basic steps.

If you have a question or need advice your current security incident, feel free to contact me through our website @ or

NOTE: I can NOT provide assistance to computer intrusions, “hacks” or cyber crime.


My Church Security – Security = Senior Pastor Highest Priority?

When prioritizing security at a church there are a number of factors to consider when one talks about prioritization including sub-functions, training, budget, team size, team makeup, technology, area of highest concern, etc. One that I think pastors, boards, and lay people need to clearly understand is the priorities of the Senior Pastor as a minister/employee and where security fits. As some of you may know, I have a ministry that privately and publicly honors pastors, supports hurting pastors and teaches lay people why/how to honor pastors. One of the key causes of church challenges is putting too much, including security, on the pastor(s) and not properly honoring them and supporting them. In 2004, my pastor spoke one of the most profound messages for the local church on “What’s My (meaning, his) Job?” and “What Your (meaning me) Job?”. Recently he updated the message and focused on explaining what are his (as a pastor) priorities. 1. Pray, 2. Teach, 3. Appoint, 4. Be a good husband, father.

What? Where is SECURITY? He is right, as a PASTOR / MINISTER, security should not be his/her highest priority, NOW as the “CEO” / President of the business of the church, security should A (not THE) high priority. But using Priority #3 in my pastor’s message, his priority, as a PASTOR, towards security, should be to make sure he/she APPOINTS qualified and called leader(s) to lead the security function.

So if you feel qualified and called to lead or help build your church’s security function then proactively connect with your senior pastor and please don’t expect him/her to be involved day-to-day. Now, keeping him/her informed of the plan and program and gathering his/her input, wisdom, and perspectively is a must.

Enjoy, Share, Secure,


My Church Security – Church Security Plan Template

The core starting point of designing and implementing a security department or fraud department is to “level-set” where you are today with a SIMPLE inventory.  One of my most asked about tools is available FREE on the site.  There is a MS Excel version, Mac Numbers version of the file and How-To Video.  As I get feedback on the template/checklist, I will be updating it.  My hope is it is SIMPLE and should take no more then a hour or 2.

The core use of the template is to have your security focal point (that could be the person in the mirror) start by completing it to the best they can/have knowledge then gather information he/she is not privy to.  The key is to be brutly honest here with yourself.  The initial goal is to get it in a form to take the first DRAFT to the senior leadership.  There may be reviews along the way, but the key to success of baselining the organization is to make sure it is reviewed WITH the elder/deacon/overseers board.  Don’t just forward the (partially) completed template to them via email and say, “hey what do you think”……bad idea. Get in a room face-to-face and be honest.  This is not meant to solve world hunger, its meant to get everyone on the same playing field.

The left side of the template is general functions that MAY or MAY NOT exist or be needed.  The need for each function will be discussed in future blogs.  The top columns are guides to establish your organizations level of knowledge (of the existance or need) and maturity of each area.

Pull the file down and listen/watch my boring video and just get started.  Again don’t worry if you don’t understand a particular technical term, eventually we will get every row completed.

Subscribe to our awesome mailing list to receive our free template