From Martyn’s Law to Emergency Planning – Crowd Management is Key! by Rob Kennedy

As security professionals we spend a great deal of time and effort into ensuring the physical protection systems we design provide a suitable delay to intruders. This delay should be longer than the combined detection and response time to enable the interception of intruders. If this delay is not sufficient, we have a vulnerability. Naturally most of our attention is focused on ‘keeping people out’, but do we spend as much time and consideration preparing plans that ensure evacuation/invacuation during emergency situations is not just adequate, but also safe?

Many physical security professionals also study cyber and information security to enable an overview, and rightly so. Crowd science on the other hand is often forgotten about at best, ignored at worst. Considering that many security managers are responsible for buildings or venues that hold thousands of people, some shopping centres for example hold more people inside them at weekends than most Premier League football grounds, crowd science/management should surely be a subject that security professionals also study.  

The science of crowd management is often taught in isolation of general security studies. When considering as a security manager you could be deemed negligent for failing to execute your duty of care under Health and Safety legislation should a crowd related incident occur, it would be wise to expand your knowledge in this area. The term ‘reasonably foreseeable’ is used within Health and Safety when dealing with risk. If incidents are deemed as reasonably foreseeable by a competent person using freely available information and not addressed, you could be classed as negligent in a court of law. This in my opinion provides a valid argument for crowd science to be one of the core competencies of security management.

Competency with regards to crowd management in my opinion also dovetails with counter-terrorism planning. Run, Hide, Tell is the recommended action during marauding terrorist incidents, the beauty of this is its simplicity. However, most corporate buildings only rehearse the required fire drill, whilst this practising of an evacuation is a close relation, does it really prepare us, or more importantly provide us with learning to tweak plans prior to an actual attack. Most issues with crowd management involve trying to push too many people though, or into a smaller space. Think about how difficult it would be to get a large number of people through a fire exit, a bottleneck would occur. In a fire this could prove to be lethal, during a marauding terrorist attack, this would provide an attractive target.

As security professionals we can enhance our capability by learning from the events sector. Crowd management takes into consideration (amongst other aspects of crowd safety) the amount of people within a given space and the amount of fire exits/escape routes to determine a safe evacuation time. When applied to Run, Hide, Tell this would determine if running is viable, if a safe room/citadel (invacuation) is more appropriate or if both apply.

The possible introduction of Martyn’s Law detailed in issue 5 of TPSO requires a combination of physical security risk mitigation and crowd management. The five component parts of Martyn’s law are detailed below:

  1. A requirement that certain sections of the community, spaces and places engage with freely available counter-terrorism advice.
  2. A requirement for those places to conduct vulnerability of their operating places and spaces.
  3. A plan for those places to have a mitigation plan for the risks created by the vulnerabilities.
  4. A requirement for those places to have a counter-terrorism plan (reflecting Guide-Shelter-Communicate)
  5. A requirement for local authorities to plan for the threat of terrorism.

Part 4 undoubtedly links crowd management and physical security detailed further by the concept of:

  • Guide– direct people toward the most appropriate location (e.g. invacuation, evacuation, hide).
  • Shelter– understand how the place or space might be able to be locked down and used to shelter people within it for several hours.
  • Communicate– have a means of communicating effectively and promptly with users of the place or space and have staff capable of giving clear instructions.

It is a fair assumption that security managers working within environments where evacuation/invacuation may be required would be advised to gain a level of competence in crowd management. This would enable ‘reasonably foreseeable’ risk to be identified and mitigated. The event security sector already has a training pathway that develops individuals based on the National Occupational Standards taking individuals from entry level (Level 2) to supervisors (Level 3) and managers (Level 4), leading to post graduate qualifications. Crowd management is already designated as a science, something that the wider security industry is still to achieve. Therefore, until this subject is classed as a core security competency, cross pollination and study should be encouraged to develop competencies.


Professor Keith Still has spent decades analysing the factors involved in crowd related incidents, categorising these factors as:

  1. Design related incident- a miscalculation of crowd flow and or capacity (e.g. Hillsborough)
  2. Information related incident- an external influence that influences crowd behaviour that causes an incident/accident (e.g. false reports of gunshots at Oxford St on Black Friday)
  3. Management related incidents- where one or more decisions causes an incident.

Professor Still developed the DIM-ICE matrix to enable the control of the influences on crowd behaviour by assessing Design, Information and Management (DIM) requirements during Ingress, Circulation and Egress (ICE). The DIM-ICE model is applied to both normal and emergency circumstances and can be found here:

When DIM-ICE is correlated with the routes, areas, movement and profile (RAMP) of the crowd at an event, a security plan can be produced to mitigate risk. I can testify this works as I have used it during numerous operations, applying this across venues, festivals, stadiums and towns (Skipton, during the Tour de France). Like most good models, it is simple to use and enables a step by step approach to identify and therefore mitigate risk in crowded places.

The advantage security managers have over event security professionals should not be underrated. Most event security specialists will never have the ability to test their emergency plans until they are needed. Compare this with a building security manager who does have the ability to test emergency plans on a regular basis, enabling the possibility to learn from each test and refine those plans. This testing enables capability, based on competency and muscle memory to enhance security and safety.

Regardless of the need, be it for the safe planning of events or planning evacuation/invacuation during emergencies, there is a requirement for security managers to develop competency with regards to this subject. Crowd management has its place in most security operations, not just in the events sector. Applying DIM-ICE operationally will enhance safety and enable the identification of risk during the planning stages. Resilience comes from good planning, applying DIM-ICE is a step in the right direction.

Rob Kennedy BA(Hons), MSc, CSyP, MSyI, TechIOSH

Interior of an office with modern furniture

A motivated and determined Chartered Security Professional (CSyP) who holds a Masters in Security & Risk Management from the University of Leicester. Rob is both a Security Advisor and Training & Development Manager with SecuriGroup, an engaged member of the Security Institute, and a growing voice in the UK physical security industry