21 July 2012

How to Reduce Risk by Designing and Supporting the Best Physical Security Technology Solution

It is clear that a system that aims to improve physical security and reduce risk must cater for today’s challenges and tomorrow’s risks. As a security professional, I often encounter clients with integrated security technology systems that do not measure up to their expectations, or fail to effectively mitigate common risks, or need to be completely replaced at cost due to poor design.

Today’s Security Technology Systems are very technical and installations need to cater for a variety of conditions. Even though it is common practice, organizations should not be solely dependent on the installers of their current systems when contemplating security investments. The following 10 steps towards implementing a cost-effective integrated security system can serve as indicators for you as client when evaluating a new security system or a system upgrade:

1.  Design for Risks
When designing a security system I look to design one that not only meets the customer’sexpectations and requirements, but more importantly, mitigates their risk profile significantly, it is imperative to design to reduce current and future risk. Security systems designed to mitigate or neutralize a particular set of vulnerabilities at a particular point in time, are basically restricted from the outset. A security system designed without conducting a comprehensive physical security risk assessment is doomed to failure once the customer’s risk profile changes - a costly mistake! Therefore, a thorough risk assessment should be done to give the designer a clear indication of the threats and vulnerabilities to be aware of the consequences on the design.

 2. Security System Design as a Project
A security system design must be managed as a project with agreed project deliverables. As such, the project must be initiated, planned and executed according to a formal project plan (including scope of work, project schedule and cost estimation) to manage time, cost and quality effectively. Throughout the project attention must also be given to customer expectation management.  Deliverables of a successful security system design project include:
  • Technical design drawings
  • Technical design specifications
  • Inter-disciplinary coordination
  • Product selection

3. Design for Scalability
Can the design be expanded upon and is it flexible? There is nothing worse than a fixed design system that cannot be extended or adjusted. A scalable security system design should integrate with other systems, be upgradable and comply with the customer’s strategic security plan and current security policy.

 4. Design for Robustness
Robustness refers to the quality of the system’s design and installation workmanship. Poorly installed electrical wiring, fragile network installation, incorrectly placed equipment mountings, poorly shrouded cameras and the like, may cause system failure and/or interruptions for repairs or maintenance. A well-designed security system incorporates robustness as a core consideration to ensure that the installed system copes well with day-to-day handling demands.

 5. Provide for Redundancy
The system design should provide for component failure (redundancy) to ensure that there are other components that can replace it functionally, either internally or through a layered approach.

 6. Manage the Roles and Responsibilities
Role players include the design team, integrators and system product suppliers. The different responsibilities must be clearly defined and understood, for example: Is the installer qualified to install the system? Are the technicians trained? Is there a client owned agreement between client and the installer that is supported by the supplier?   It is imperative to create a process flow where there is an independently constructed technical specification document underwritten by the supplier and integrator.

7. Planned Maintenance
With regards to maintenance, the following questions should be contemplated: Is the system correctly installed to meet manufacturer standards and supplier warranties? Is there a dedicated system maintenance team that is trained to maintain the system? Are there comprehensive maintenance schedules set out in a client owned maintenance agreement that are checked on a regular basis? Is there a technical specification document available that has been agreed to by all parties prior to the commencement of the installation? Does this document accurately reflect what you as the client are paying for? Was there proper testing and demonstrations conducted before the installation? Has there been proper user expectation management in the pre-installation phase? Is the system tested against the current and future requirements and expectations? Can you confirm that that which you paid for is installed?

8. Service and Support
Today’s customers need 24/7/365 access to service and support.  Monitoring systems live from a central command center is just one part of the needs of a security system.  From time to time customers need either in-line or on-site emergency support from their integrator.  Does your integrator offer 4 hour on-site support by a qualified technician at any time of the day or week?  Your service agreement should include this type of response written into the contract.

9. Parts Inventories
Integrated security platforms are complex and integrators must respond to service calls and be available 24x7x365. Contractors must send a fully trained and qualified if applicable Certified Technician and have replacement parts available in the vehicle at the time of arrival to the eligible entities location.  The fully trained and qualified if applicable Certified Technician will be required to perform repairs or diagnosis the problem.  The fully trained and qualified if applicable Certified Technician must have replacement components available including but not limited to boards, power supplies, cameras, hard drives, electrical components and all other parts required to make the equipment work.

10. Training
Integrators must provide significant training to designated customers personnel during the final system testing and start-up phase of the project.  The amount of training required is dependent on the complexity of the equipment purchased or leased by the customer and the ability of the designated personnel to learn from the training and training material.  The integrator and customer shall mutually agree on the duration as well as the location and schedule of the training.  The integrator’s fully trained and qualified if applicable Certified Technician shall conduct and instruct the training.  Training materials: to include but not limited to books, handouts, software, or customized training videos will be provided by the Contractor and will be given to the customer at no additional cost, as agreed upon by the parties.  Additionally the maintenance agreement should also include the option for some regular annual training.  Many customers have regular employee turnover and some ongoing training should be expected.

In conclusion, when comprehensive foresight is applied to plan and manage tomorrow’s risks with today’s technology, clients can indeed reap the benefits of a proper system design with risk planning included, followed by proper implementation and ongoing support.

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...