What GAO Found
The Federal Protective Service continues to face challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In September 2013, for example, GAO reported that providing training for active shooter scenarios and screening access to federal facilities poses a challenge for FPS. According to officials at five guard companies, their contract guards have not received training on how to respond during incidents involving an active shooter. Without ensuring that all guards receive training on how to respond to active-shooter incidents at federal facilities, FPS has limited assurance that its guards are prepared for this threat. Similarly, an official from one of FPS's contract guard companies stated that 133 (about 38 percent) of its approximately 350 guards have never received screener training. As a result, guards deployed to federal facilities may be using x-ray and magnetometer equipment that they are not qualified to use raising questions about their ability to fulfill a primary responsibility of screening access control points at federal facilities. GAO was unable to determine the extent to which FPS's guards have received active-shooter response and screener training, in part, because FPS lacks a comprehensive and reliable system for guard oversight. GAO also found that FPS continues to lack effective management controls to ensure its guards have met its training and certification requirements. For instance, although FPS agreed with GAO's 2012 recommendations that it develop a comprehensive and reliable system for managing information on guards' training, certifications, and qualifications, it still does not have such a system. Additionally, 23 percent of the 276 contract guard files GAO reviewed did not have required training and certification documentation. For example, some files were missing items such as documentation of screener training, CPR certifications, and firearms qualifications.
Assessing risk at federal facilities remains a challenge for FPS. GAO found in 2012 that federal agencies pay FPS millions of dollars to assess risk at their facilities, but FPS is not assessing risks in a manner consistent with federal standards. In March 2014, GAO found that this is still a challenge for FPS and several other agencies. The Interagency Security Committee's (ISC) Risk Management Process for Federal Facilities standard requires federal agencies to develop risk assessment methodologies that, among other things, assess the threat, vulnerability, and consequence to undesirable events. Risk assessments help decision-makers identify and evaluate security risks and implement protective measures. Instead of conducting risk assessments, FPS uses an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST) to assess federal facilities until it develops a longer-term solution. However, MIST does not assess consequence (the level, duration, and nature of potential loss resulting from an undesirable event). Three of the four risk assessment experts GAO spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. Thus, FPS has limited knowledge of the risks facing about 9,600 federal facilities around the country. FPS officials stated that consequence information in MIST was not part of the original design, but they are exploring ways to incorporate it.
Why GAO Did This Study
Recent incidents at federal facilities demonstrate their continued vulnerability to attacks or other acts of violence. As part of the Department of Homeland Security (DHS), FPS is responsible for protecting federal employees and visitors in approximately 9,600 federal facilities under the control and custody the General Services Administration (GSA). To help accomplish its mission, FPS conducts facility security assessments and has approximately 13,500 contract security guards deployed to federal facilities. FPS charges fees for its security services to federal tenant agencies.
This testimony discusses challenges FPS faces in (1) ensuring contract security guards deployed to federal facilities are properly trained and certified and (2) conducting risk assessments at federal facilities. It is based on GAO reports issued from 2009 through 2014 on FPS's contract guard and risk assessment programs. To perform this work, GAO reviewed FPS and guard company data and interviewed officials about oversight of guards. GAO compared FPS's and eight federal agencies' risk assessment methodologies to ISC standards that federal agencies must use. GAO selected these agencies based on their missions and types of facilities. GAO also interviewed agency officials and 4 risk management experts about risk assessments.
Since fiscal year 2010, GAO has made 31 recommendations to improve FPS's contract guard and risk assessment processes, of which 6 were implemented, 10 are in process, and 15 have not been implemented.