<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=178113&amp;fmt=gif">
Website Security Image

Threat, Risk, and Vulnerability Assessments

Last Updated: 2nd March 2023
Threat, Risk, and Vulnerability Assessments


Fentress Incorporated partners with Major Security Consulting & Design, LLC, to perform security assessments of school systems and educational facilities, public safety facilities, and public and private office buildings to identify security vulnerabilities and provide recommendations for improvement. The Major-Fentress Team has worked seamlessly together on multiple security assessment projects. When combined, we have conducted over 1,700 facility and security assessments nationwide.

Our security assessments have included the following:

  • School Systems (K – 12, universities, public and private)
  • Public Safety Facilities (Police Stations, Fire and Rescue Stations)
  • Courthouses
  • Government Office Buildings
  • Parks and Recreation Facilities
  • Hospitals, Health Facilities, and Elderly Care
  • Housing Complexes
  • Infrastructure Facilities (Water Towers, Electrical Plants)
  • Places of Worship
  • Nonprofit Facilities
  • Private Corporations

Read on for a description of our tested process, including our proprietary SAFE tool,  to determine if an assessment could benefit your organization. 


Pillar Background


Providing a safe and secure facility that can respond to various threats is a primary concern for designers and building owners. While this is fairly straightforward when planning a new facility, many existing facilities were not designed to meet modern security and safety standards. In these instances, an objective security assessment process can help identify critical deficiencies and prioritize solutions to address those deficiencies.

The security assessment should be an independent and systematic evaluation of a facility’s threats, risks, and vulnerabilities. A comprehensive evaluation includes analysis to determine a facility’s physical security and its safety protocols’ effectiveness. By objectively identifying a facility’s physical and operational strengths and weaknesses, recommendations for short-, mid-, and long-term security improvements can be made. Ultimately, a successful security assessment provides owners with a product that will help them prioritize improvements and support budgetary decisions. 


Our goal is to clearly understand the security strengths and challenges within existing facilities and operations, identify improvement opportunities, and support budgetary decisions through prioritized recommendations. 

Verticle security image2


Our team provides security assessments for schools, government facilities, public safety buildings, and law enforcement facilities. Read on for a description of the services we provide for each type of facility.
We Provide School Security Assessments

Safety and security in our nation’s schools is a paramount concern. Our goal is to help schools understand the vulnerabilities and threats they face and provide them with actionable solutions to improve security. We are experienced in conducting assessments for elementary, middle, and high schools, as well as colleges and universities. Please watch the video below for information on our proven school security assessment process. 


We Provide Public Safety and Law Enforcement Facility Assessments

A primary mission of public safety personnel, including law enforcement and fire and rescue personnel is to protect the safety and wellbeing of others. Less thought may be given to protecting the safety and security of public safety personnel in the buildings where they work. Public safety facilities are increasingly becoming targets of large-scale demonstrations, threats, and acts of violence that put the safety of their occupants at risk. 

Our team of CPTED-certified personnel helps protect the security of public safety and law enforcement facilities, including police stations, fire stations, public safety departments, emergency medical services departments, and search and rescue departments. We do this by conducting comprehensive and objective assessments to identify security vulnerabilities and providing actionable data and recommendations to help guide security decisions. We strive to protect those who protect and serve. 

We Provide Government Facility Assessments

With political discord and anti-government sentiment running high across our nation, it is of vital importance to ensure the security of government buildings and the safety of their occupants. We help protect the security of government facilities by conducting comprehensive and objective assessments across a wide range of federal, state, and local government facilities. 

We have completed security assessments in over 1,700 government buildings, including those listed below.

  • Government offices - town halls and government buildings with a multitude of departments
  • Entertainment venues - sports stadiums and facilities, museums, and theaters 
  • Courthouses - federal, state, county, and municipal facilities, including judicial and administrative spaces
  • Public safety and law enforcement - police departments, fire and rescue facilities, forensics mental health facilities, and forensic science facilities
  • Parks and recreational facilities - recreation centers, historic trails, and public parks, including parks dedicated to preserving nature and promoting sports and recreation
  • Schools - elementary, middle, and high schools; special needs facilities; and colleges and universities
  • Utility and industrial facilities - public works, water supply and treatment, reservoirs, and power stations
  • Public transportation facilities - public parking garages and lots and rail facilities
  • Health facilities - hospitals, medical centers, senior facilities, and medical examiner facilities 
  • Financial facilities - banks, credit unions, and financial offices
  • Public housing - public housing facilities and communities, redevelopment and housing authorities facilities 
  • Correctional facilities - detention facilities, prisons, and juvenile facilities

Our assessment team is comprised of CPTED-certified personnel with decades of police experience, a criminal justice educator at the university level, licensed architects, and planners with extensive experience conducting security assessments. Our approach is based on best practices in security and proven security standards. Our process produces actionable data and recommendations to help guide security decisions. 



Security Assessment

The figure below displays our security assessment process and results.


Security process-1

Our comprehensive process is a unique combination of quantitative and qualitative analysis.

Our innovative Security Assessment and Facility Evaluation (SAFE) tool drives the quantitative analysis. We have developed a rigorous and comprehensive process that utilizes the SAFE tool to evaluate and score how well an organization’s physical space and operations meet its security and safety requirements. The SAFE tool contains a wide array of security performance metrics and can be tailored for the unique security requirements of each organization, including:

  • Current operations and operating procedures
  • Protective systems and measures currently in use
  • Crime trends in the local area 
  • Land use plans in the local area
  • Incident reports
  • Other available information related to known threats and intelligence on the safety and security of each facility

We recognize that a security assessment should focus on more than just the building layout, security systems, and policies. Security involves people - at all levels. The qualitative elements of our process include facilitated group sessions and interviews with key personnel at each location. This allows us to gather input on the culture of the building’s occupants and existing security policies and procedures and their effectiveness. The involvement of key stakeholders during these assessments is critical, as individual facilities often vary in how they interpret, implement, and follow security procedures. Therefore, during each site visit, facilitated interviews are held with key staff, including primary tenant representatives, security personnel, facility managers, and other designated personnel, to discuss the unique culture of each facility, system deficiencies, and the operational procedures and practices in place for security. These interviews also allow personnel to provide feedback about security programs and practices that have worked well and areas of need. 

Pillar Background

WJCC-GreyWilliamsburg-James City County Public Schools is happy to recommend Major-Fentress. They have recently (April 2022) completed a Threat, Risk, and Vulnerability Assessment for our 16 schools and three administration buildings. Major-Fentress communicated with us throughout the process from beginning to end. They delivered a product that was very useful to us in our ongoing mission to improve our building safety and security. They identified 70 overall recommendations and improvements ranking them, categorizing them and even including cost estimates to improve those areas. Their use of the SAFE tool and subsequent scores made it very easy to identify schools that needed improvement and those that were already in a pretty good position as far as safety and security is concerned.

The entire process working with Major-Fentress was smooth and seamless, from the bid award to the school board presentation, we could not have asked for a better partner to work with. Mike Jones was in constant communication with myself and others involved in the project, not just about our TRV assessment but with world and local events that may have affected school security. Keith Fentress was very helpful with questions regarding the SAFE tool and scores as questions arose from other key stakeholders in our division along the way.

Again, I am happy to recommend Major-Fentress.

Brian Weaver

Supervisor for Building Security and Services

Williamsburg-James City County Public Schools


SAFE summary screen 3-8-23


The SAFE tool is used by our team of architects and security assessors during the assessment of an existing facility to identify critical deficiencies and calculate a SAFE score for each location. It includes over 200 security-related factors and accompanying performance measures, which can be tailored to assess a specific type of building (or portfolio of buildings) in any location. 

Once tailored to meet an organization’s security assessment goals, this interactive tool provides a consistent and objective set of factors that will be evaluated within each facility. This allows our team to gather the data in a standardized manner efficiently. During a facility assessment, our architects utilize a secure tablet computer to rate individual performance measures, take notes, and document observations. This functionality allows us to record all ratings as the assessment is conducted in real-time. 

The SAFE tool produces an immediate comparable overall score for each facility. It establishes a database that is sortable in various ways to allow an owner to quickly identify critical security needs in one facility or across an entire portfolio. This information can then support prioritizing recommended security improvements at each location. 

Categories and Results

The security factors included in the SAFE score fall into four major categories:

  • Exterior Physical Security – security features of the grounds, property, and exterior of the facility
  • Interior Physical Security - security features of the layout and design of interior spaces
  • Electronic Security – electronic security, including CCTV, duress alarms, etc.
  • Policies and Procedures – existing security policies, procedures, crisis management plans, etc.

The SAFE tool automatically produces an overall assessment score (the SAFE score) on a scale of 0 to 100, with a score of 100 representing ideal facility security within the context of the evaluation criteria. To calculate the score, the SAFE tool incorporates the Analytic Hierarchy Process (AHP), a well-defined mathematical structure for organizing and analyzing complex decisions.  

The figure below depicts a sample output of the SAFE tool results dashboard.  In addition to the overall SAFE score, the results summary includes individual SAFE scores for each of the four key areas noted above. In general, a grade of 90-100 represents a facility that offers optimal security, a grade of 80-89 represents a facility that meets most security standards, a grade of 60-79 represents a facility that is lacking in significant areas of security, and a grade of 60 or lower represents a facility that is in serious need of critical security updates. 

SAFE Dashboard_Town Facility_Re-created
 The baseline data generated by the SAFE tool describe the existing conditions and can be used by owners, building managers, or facility planners to develop and evaluate alternatives to enhance security. For example, using the existing facility SAFE score as a baseline, each potential alternative to improve security can be scored to determine which alternative(s) may yield the greatest security benefit to the overall facility.



CPTED is a holistic and multidisciplinary approach to security and crime prevention that uses architectural design and behavioral science to make a space, site, or area more safe and secure. CPTED places emphasis on designing, planning, and manipulating the built environment to increase the perceived risk of detection and apprehension.  The SAFE tool incorporates factors that are based on the following CPTED principles. 

  • Natural Access Control. Having an obvious difference between public and private/restricted spaces. 
  • Natural Surveillance. Providing clear views and sightlines so potential threats can be seen. 
  • Territoriality. Promoting a sense of “ownership” and community to create a higher awareness in building users of potentially suspicious activity. 
  • Image and Maintenance. Having a building and site that looks well maintained is a less attractive target for unwanted activity. 
  • Legitimate Activity Support. Having a building or site that promotes regular legitimate activity provides safety and security. 

Together these CPTED principles create what is known as a “defensible space.” The CPTED principles are incorporated into developing strategies that mitigate safety and security deficiencies identified by the assessment.



Our security assessment process provides organizations with the following comprehensive set of decision-making tools:

  • SAFE Tool Database with Dashboard: When a security assessment is completed, a database stores the assessment results in a system that displays summary graphics, generates reports, and enables updates. The data can be filtered and managed in a variety of ways. The data are typically displayed in a dashboard form and can be easily used by owners, managers, and planners as a decision-making tool to identify and compare security deficiencies within a single building or across their entire real property portfolio. 
  • Facility Assessment Report with Recommendations. Following the interviews, reviews of policies, and facility assessments, a detailed report that documents the assessment results is produced. Utilizing the objective results generated by the SAFE tool, the report describes each facility’s specific security deficiencies and provides recommendations for facility or policy improvements that mitigate or reduce the risk. Each deficiency and associated improvement strategy is identified by one of three levels based on its urgency of need:

    • Critical - security strategies that should be implemented immediately to address an urgent deficiency 
    • Standard - security strategies that should be implemented in the near future to meet basic security standards
    • Optimal - security strategies that would surpass basic standards

  • Gap Analysis. One of the key benefits of the SAFE tool is that it can be used to score an improvement strategy, so a comparison can be made to determine how well the strategy closes the gap between the existing SAFE score and an ideal security score of 100. Typically, an ideal score is not possible in all facilities given the physical limitations and constraints of buildings; therefore, the goal is to optimize the recommendations so that the score for each location can be increased to its greatest value.  

This analysis, called a “gap analysis,” is illustrated in the figure below, which shows how an improvement strategy can “fill the gap” and increase a facility security score.


  • Cost Estimates. Cost estimates for the improvement strategies are also provided. Depending upon the strategy, these can include the cost of modifying a space, the cost of material and installation of security equipment, and/or the operational costs of the device (i.e. additional manpower, recurring cost, etc.) The costs are typically based on a rough order of magnitude that is reasonable and comparable among similar facilities.
  • Cost-Effectiveness Analysis. If both a gap analysis and cost estimate are completed for an improvement strategy, a cost-effectiveness analysis is also conducted. By dividing the costs into the numerical increase the improvement strategy has on the SAFE score, a cost-effectiveness ratio is created. This quantifiable result allows decision-makers to determine which projects yield the greatest benefit gain (i.e., an increase in the SAFE score) for the most reasonable costs.
  • Prioritization Plan. With budgetary guidance from the building owners, a prioritized project implementation plan will be produced that considers the gap analysis, estimated costs, and cost-effectiveness analysis for all improvement strategies. We work with the building owners to identify improvement strategies that can be combined if cost savings can be realized. The prioritization plan is typically developed as a multi-year strategy based on an estimated yearly budget that will systematically improve security across the portfolio.



Our security assessments provide the information leadership needs to develop a defensible strategy to improve security across their portfolio, including the following:

  • Target Risk Areas. The results produced by the SAFE tool allow decision-makers to understand and target risk areas at a granular level. For example, the SAFE tool can list all facilities with main entrances that are below standard or all facilities that lack intrusion detection systems.
  • Develop a Capital Improvement Plan. The final recommendations and prioritization plan can be used to develop a portfolio-wide capital improvement plan that communicates and justifies the security priorities and multi-year mitigation strategies to elected officials and the public. 
  • Improve Safety and Security Policies. A comprehensive safety and security assessment can reveal the need to draft additional policies or update existing policies to better align with best practices. 
  • Identify Staff Training Needs. The results can help decision-makers identify areas where additional training is needed for building staff and law enforcement partners.