Security isn't a door, a lock, a guard, an alarm, or a gun. It's a state of mind, a philosophy, and a strategy that says the people for whom you're responsible will not only be safe from a variety of threats, but that they'll also feel safe.

Businesses and other organizations often think of security as a discrete element of their operations, but it's actually something that should be woven through every aspect and shared by every manager and employee. Everyone should be familiar with the security measures that are in place and what's expected of them. That's especially true in an era when we see extensive coverage of workplace shootings and other violence.

If your company hasn’t yet established a concerted plan for security, one way to begin is by thinking of the various elements of security as tools. A well-stocked security toolkit for your organization should include the following items:

Security Assessment. Before you can improve security, you need to know where you stand. Invite a professional consultant or local law enforcement to walk through your facility, identify potential vulnerabilities, and make recommendations.

Policy. A security plan works only if top management makes it a priority. Having those in charge create formal standards for every aspect of security is an important starting point. The policy explain the reasons behind security, everyone’s responsibility, and the steps to take when something goes wrong.

Threat Assessment Team. Assemble a team from your organization and local law enforcement. Give them your security assessment and ask them to identify potential threats. Keep them on call so that if some kind of security breach occurs, they can determine what steps should be taken.

Background Checks. Don’t hire anyone if you don’t know everything about them. Most criminals and sex offenders don’t disclose their past. A thorough background check that looks into everywhere where they’ve lived or worked may uncover valid reasons to keep them off your team. (It’s also smart to recheck current employees periodically.)

Visitor Management. You can be welcoming, but that doesn’t mean you have to let everyone in your facilities whenever they want. A visitor management system can keep people who shouldn’t be there away. It can also give you an instant check of who is in your facility in the event of an emergency. A good visitor management policy also ensures that visitors are never able to roam through your facility unsupervised.

Anonymous Reporting. Back in elementary school, we learned that it’s not nice to “tell on” people, but that’s not conducive for safety. You can set up anonymous text, email, or voicemail systems so employees can express concerns about other employees without being identified. Ideally, their concerns will be unfounded -- but you may also discover a problem before it turns into a crisis.

Integrated Communication. When an emergency occurs, chaos and confusion often replace communication when it’s needed most. Make sure you have the equipment and processes in place so decision-makers can communicate clearly. That should include your community’s first responders, too.

Training. The better your people understand security, the less you leave to chance. In addition to ensuring that your team is familiar with the policy, provide training that’s appropriate for the activities your organization undertakes. For example, if your team members travel frequently, make sure they know how to protect themselves on the road. Every organization should also provide training about domestic violence awareness, so employees can recognize when there’s a problem and so the entire team knows how to protect victims.

Hardware/Construction/Renovations. If there are areas of your facilities that create vulnerabilities, make improvements to reduce the risk. That may include everything from a card-based entry system for doors, to remodeling lobbies so that visitors cannot pass the front desk unless they’re buzzed in, to a camera system, to putting a staffed guard station in your parking lot. It may also include cybersecurity. There’s no single answer that’s right for every organization. You have to make your choices based upon the vulnerabilities your assessment identifies.

Most of what I’ve detailed here focuses on prevention, which is the most practical approach. After all, it’s invariably better to keep a security event from occurring in the first place than being forced to respond to it after the fact. Still, your security toolkit should also address what actions you’ll take in the event that your security is breached. Ideally, you’ll never need to use those steps, but it’s better to think them through beforehand.

Mike McCarty is CEO of Danville-based Safe Hiring Solutions.