This Week’s Question from Dustin Harward at Lake Forest Church
“I’ve applied for the Nonprofit Security Grant Program (NSGP) multiple times, but each time my application has been rejected. What am I doing wrong?”
Dustin supplied his previous grant applications to Security Connections for review. Here’s what we found that may be contributing factors to the church’s unsuccessful applications.
The Heartbeat of the Application: The Vulnerability Assessment
The vulnerability assessment is the core of the NSGP application. It typically reviews administrative vulnerabilities such as background checks, training, threat assessment teams, and money handling. Additionally, the assessment examines physical security, including doors, locks, windows, and building design. Finally, it looks at security technology, covering access control, surveillance systems, mass notification systems, and other technological solutions. The goal is to identify all vulnerabilities and provide mitigation strategies, forming the basis of your application.
While there is no standard format requirement for a vulnerability assessment, both the Secure Community Network (SCN) and FEMA recommend that it be conducted by an independent security consultant. In my experience helping churches in over 15 states, a professionally completed vulnerability assessment by a highly experienced consultant strengthens applications.
Apart from the grant process, a vulnerability assessment offers great value as a roadmap and project plan for a safer environment. While you can conduct a self-assessment using resources from the Cybersecurity and Infrastructure Security Agency (CISA) website, I encourage investing in a professional assessment to enhance your application.
Clear and Concise Messaging
A key best practice is ensuring your application is clear and concise. Having assisted over 40 nonprofits with this process today, I recommend reverse-engineering your application. This means starting at the end and working backward. One of the final sections of the application is target hardening, where you explain what you need to improve the security of your organization (e.g., access control, cameras, training, emergency plan development).
Start by identifying 2-3 items you need and make sure your narrative is clear and succinct. For example, due to your nonprofit’s views on certain issues you might be a target for extremist attacks. Explain why you are vulnerable: “The church does not have access control, which means that if an extremist were to protest our views, we would be unable to lock our doors to keep people safe.”
Then, outline the consequences: “There could be loss of life, injury, reputational risk to the church, and damage.” Finally, specify your request: “To reduce the risk of an extremist attack, we are seeking $60,000 to install an access control system, enabling us to remotely lock all doors and delay or prevent an attack.”
Reverse-engineering your story makes it clear and succinct from start to finish. It’s a misconception that the State Administrative Agency (SAA) has hours to review your application, they may only have minutes. Ensuring your application is clear, concise, and easy to read helps you stand out.
Following Submission Guidelines
The final piece of best practice is to thoroughly read the guidance on how to submit your application. The SAA can deny your request if the application is incomplete, and they are not required to explain where you fell short. Read all guidance carefully. For example, this year, there was a naming convention for the investment justification, a requirement for a separate mission statement, and email size limits (emails must be less than 25MB).
Dustin don’t be disheartened; it sounds like you are doing all the right things. Follow these best practices and keep applying! We wish you luck!
Do you have a question about church safety, security, or risk management?
Want to ask the security editor a question? Email sosamoh@worshipsecurity.com to get your question answered in one of our weekly program.
