RiskUKJune2017
June 2017 www.risk-uk.com Security and Fire Management Securing Built Environments Best Practice Techniques for Designing Out Crime Enterprise Security Risk Management: Strategic Priorities Fire Safety: Observing Standards and The Law Machine Learning: A New Layer of Cyber Defence IFSEC and FIREX International 2017: Solutions Guide
- Page 2 and 3: Hosle Vehicle Migaon • Novel An
- Page 4 and 5: Connect your life to your home and
- Page 6 and 7: “Rise in facility takeovers revea
- Page 8 and 9: Will WannaCry pave the way for futu
- Page 10 and 11: COIE 2017: A Collaborative Approach
- Page 12 and 13: Always a suitable solution with the
- Page 14 and 15: Opinion: Closing the UK’s Technol
- Page 16 and 17: Does Legislative Repeal Fit the Bil
- Page 18 and 19: www.coie.uk.com Cortech Open Innova
- Page 20 and 21: BSIA Briefing Theatre sees ‘The F
- Page 22 and 23: The Built Environment: Can It Reall
- Page 24 and 25: ‘Learning The Business’: ESRM f
- Page 26 and 27: The New Camera Line Mx6 Creates Mor
- Page 28 and 29: Security Regimes for Corporate Data
- Page 31 and 32: June 2017 www.risk-uk.com Security
- Page 33 and 34: Simple & Easy Installation Integrat
- Page 35 and 36: Award winning wireless systems Prem
- Page 37 and 38: FRONTIER PITTS Protecting Your Worl
- Page 39 and 40: The most sophisticated configurable
- Page 41 and 42: M A N UFA CTURER ADDRESSABLE VADS T
- Page 43 and 44: Advertisement Feature are seemingly
- Page 45 and 46: Cybersecurity? Buckle up. At Axis,
- Page 47 and 48: Access Control: Considerations for
- Page 49 and 50: Background Screening of Employees s
- Page 51 and 52: The Changing Face of Security Servi
June 2017<br />
www.risk-uk.com<br />
Security and Fire Management<br />
Securing Built Environments<br />
Best Practice Techniques for Designing Out Crime<br />
Enterprise Security Risk Management: Strategic Priorities<br />
Fire Safety: Observing Standards and The Law<br />
Machine Learning: A New Layer of Cyber Defence<br />
IFSEC and FIREX International 2017: Solutions Guide
Hosle Vehicle Migaon<br />
• Novel An‐Vehicle Wire Rope Fences and An‐Vehicle HVM Bollards<br />
• Aesthec Bollard and Street Furniture Sleeves Available<br />
• Protecng Perimeters, Crical Naonal Infrastructure and Crowded Locaons from Vehicle Borne Aacks<br />
• All tested at MIRA and TRL to BSI PAS 68, IWA 14‐1 or ASTM F2656<br />
• Tested in So Ground to 30, 40 and 50mph<br />
• Quick Installaon and Minimal Maintenance<br />
• ZERO Penetraon and Shallow Embedment<br />
Visit bristorm.com<br />
Email info@bristorm.com<br />
Call +44(0)1902 499400
June 2017<br />
Contents<br />
48 Contractor Screening: Eradicating Blind Spots<br />
Steve Girdler addresses the security management implications<br />
for hiring companies realised by the sharing and gig economies<br />
The UK’s Technology Skills Gap (pp13-14)<br />
5 Editorial Comment<br />
6 News Update<br />
Cifas issues Fraudscape Report. BS 10012:2017 for Personal<br />
Data Protection. Veritas Technologies study on GDPR compliance<br />
8 News Analysis: WannaCry Ransomware Attack<br />
Etienne Greeff assesses both the extent of the damage wrought<br />
by the WannaCry ransomware attack and the future threat posed<br />
10 News Special: Cortech Open Innovation Events<br />
Cortech Developments announces the appointment of Risk UK<br />
as its Official Media Partner for the 2017 COIE Series<br />
13 Opinion: The UK’s Technology Skills Gap<br />
One particular area which John Davies believes should now be<br />
subject to greater scrutiny is the UK’s technology skills gap<br />
16 Opinion: Security’s VERTEX Voice<br />
Peter Webster examines why security guarding companies<br />
should be taking a keen interest in The Great Repeal Bill<br />
19 BSIA Briefing<br />
James Kelly outlines what’s in store at IFSEC International 2017<br />
22 Security in the Built Environment<br />
Can we reduce crime through improved planning and design in<br />
built environments? Jon Roadnight and Tony Townsend think so<br />
51 The Changing Face of Security Services<br />
The future of security uniforms, the role of females in the<br />
security profession and reflections on the Manchester Arena<br />
terrorist attack are all covered in our regular guarding focus<br />
58 The Keys to Successful Security Management<br />
Steve Bumphrey on the need for continual security reviews<br />
60 Fire Safety: Standards and The Law<br />
Don Scott discusses the importance of standards in fire safety<br />
62 Breaches in Fire Compartmentation<br />
Richard Sutton observes key fire compartmentation procedures<br />
64 The Security Institute’s View<br />
Dan Kaszeta and Rachel Carter tackle terrorism insurance issues<br />
66 In The Spotlight: ASIS International UK Chapter<br />
68 FIA Technical Briefing<br />
70 Security Services: Best Practice Casebook<br />
72 Machine Learning and Cyber Defence<br />
74 Training and Career Development<br />
76 Risk in Action<br />
78 Technology in Focus<br />
81 Appointments<br />
The latest people moves in the security and fire business sectors<br />
24 ‘Learning The Business’: ESRM<br />
Godfried Hendriks provides an overview of the philosophy<br />
underpinning Enterprise Security Risk Management<br />
27 CSI for Boardrooms<br />
Jeremy Stimson evaluates the role and importance of digital<br />
forensics in relation to today’s crime investigation teams<br />
31 IFSEC and FIREX International 2017<br />
Wireless security systems, impact testing, voice sounders and<br />
access control feature in our IFSEC and FIREX Solutions Guide<br />
46 Moving With The Times<br />
Access control upgrades for buildings can sometimes be put on<br />
hold, but they shouldn’t be. Tim Northwood duly explains why<br />
84 The Risk UK Directory<br />
ISSN 1740-3480<br />
Risk UK is published monthly by Pro-Activ Publications<br />
Ltd and specifically aimed at security and risk<br />
management, loss prevention, business continuity and<br />
fire safety professionals operating within the UK’s largest<br />
commercial organisations<br />
© Pro-Activ Publications Ltd 2017<br />
All rights reserved. No part of this publication may be<br />
reproduced or transmitted in any form or by any means<br />
electronic or mechanical (including photocopying, recording<br />
or any information storage and retrieval system) without the<br />
prior written permission of the publisher<br />
The views expressed in Risk UK are not necessarily those of<br />
the publisher<br />
Risk UK is currently available for an annual subscription rate of<br />
£78.00 (UK only)<br />
www.risk-uk.com<br />
Risk UK<br />
PO Box 332<br />
Dartford DA1 9FF<br />
Editor Brian Sims BA (Hons) Hon FSyI<br />
Tel: 0208 295 8304 Mob: 07500 606013<br />
e-mail: brian.sims@risk-uk.com<br />
Design and Production Matt Jarvis<br />
Tel: 0208 295 8310 Fax: 0870 429 2015<br />
e-mail: matt.jarvis@proactivpubs.co.uk<br />
Advertisement Director Paul Amura<br />
Tel: 0208 295 8307 Fax: 01322 292295<br />
e-mail: paul.amura@proactivpubs.co.uk<br />
Administration Tracey Beale<br />
Tel: 0208 295 8306 Fax: 01322 292295<br />
e-mail: tracey.beale@proactivpubs.co.uk<br />
Managing Director Mark Quittenton<br />
Chairman Larry O’Leary<br />
Editorial: 0208 295 8304<br />
Advertising: 0208 295 8307<br />
3<br />
www.risk-uk.com
Connect your life to your home<br />
and your security<br />
Texecom Connect set to transform the end user security experience<br />
At IFSEC 2017, the Texecom stand will showcase live demonstrations of Texecom Connect, Texecom’s upcoming smart<br />
connectivity platform, solving security and automation challenges in real-world scenarios.<br />
With Texecom Connect, security installers are able to offer customers a secure system with the additional benefits of automation,<br />
smart management and flexible control, all from the flagship Premier Elite range of control panels.<br />
Texecom products are designed<br />
and manufactured in the UK
Texecom Connect App<br />
New smartphone application for user<br />
automation and control<br />
Texecom Connect SmartCom<br />
Texecom Connect ethernet and<br />
WiFi communicator<br />
Texecom Connect API<br />
Protocol to interface and integrate with<br />
3rd party solutions<br />
Connect with us on Stand G1200<br />
www.texe.com<br />
Sales: +44 (0)1706 220460<br />
Editorial Comment<br />
Sense of Risk<br />
Although most organisations do fully appreciate the value of<br />
adopting an innovative approach to their business, it’s not<br />
always the easiest thing to introduce. That’s not necessarily<br />
because people are openly opposed to the idea. Rather, it’s the<br />
perceived sense of risk that can ultimately scupper a company’s<br />
bold desire to be progressive. Unless an organisation nurtures a<br />
culture that fully embraces innovation, it’s absolutely fair to<br />
suggest the overriding fear of change can be somewhat stifling.<br />
“Senior management needs to believe in the intrinsic value of<br />
innovation and be seen to support initiatives that can make this<br />
a reality,” stated Christine Caunce, managing director at APS<br />
Group Secure Solutions. “Change has to emanate from the top.”<br />
Caunce rightly asserts that, whenever change occurs in an<br />
organisation, there are often bumps in the road. “When those<br />
bumps are struck, individuals who may have been unsettled by<br />
the disruption to ‘business as usual’ will shine a scathing<br />
spotlight on the initiative.” It takes broad-shouldered project<br />
leaders to move past the inevitably ensuing criticism. Again, this<br />
is where the support of senior management is going to be vital.<br />
“In organisations where the culture isn’t fully supportive,”<br />
added Caunce, “individuals will be far more wary of upsetting<br />
the apple cart. Potential bumps in the road that could be viewed<br />
as hurdles are now looked upon as insurmountable barriers.”<br />
It’s clear to see how all of this might impact decision-making in<br />
a tender process. Early discussions focused on innovative ideas<br />
wouldn’t be unusual. For instance, a Marketing Department may<br />
enthusiastically endorse a new digital approach in co-ordination<br />
with traditional printed communications. However, in the later<br />
stages of the process, with the fear of change starting to shape<br />
lines of thinking, enthusiasm for the new approach could wane.<br />
“Innovation is often introduced into companies with the help<br />
and assistance of forward-thinking suppliers,” observed Caunce.<br />
“The challenge for procurement teams is that, when one supplier<br />
is offering an innovative approach and another isn’t, they’re no<br />
longer comparing apples with apples. They’re not able to look at<br />
two similar bids and select the most competitive price.”<br />
Innovation harbours an unknown value. In itself, this creates a<br />
tricky problem for those tasked with delivering cost savings.<br />
Under this scenario, it’s wholly understandable why procurement<br />
will stick to what they know. They can then opine: “Previously,<br />
we were paying Y. Now, we’re paying X.” The gain, then, is clear.<br />
This procurement challenge is the subject of a recent White<br />
Paper entitled ‘Putting a Price on Innovation: The Procurement<br />
Puzzle’. The document reviews the example of Philips and how<br />
its long-term approach to cost savings has helped the business<br />
in successfully building collaborative supplier relationships.<br />
“What’s clear from Philips’ approach,” concluded Caunce, “is<br />
that, when innovation is embraced at the top of a company, the<br />
perceived risk of pursuing these initiatives is lessened for those<br />
individuals occupying lower levels in the company’s structure. To<br />
successfully reduce the sense of risk that emerges along with<br />
innovation, organisations need to address their corporate culture<br />
and put in place systems that actively enable change.”<br />
Brian Sims BA (Hons) Hon FSyI<br />
Editor<br />
December 2012<br />
5<br />
www.risk-uk.com
“Rise in facility takeovers reveals need for<br />
better fraud education” outlines Cifas<br />
Cifas, the UK’s fraud prevention service, has<br />
released a new report detailing the fraud trends<br />
from over 325,000 cases recorded in 2016. The<br />
data from 387 organisations (including many<br />
major UK brands) is one of the most<br />
comprehensive pictures of fraud and fraudulent<br />
attempts made in the UK.<br />
Key findings from the annual Fraudscape<br />
report include the fact that over 325,000<br />
internal and external fraud cases were recorded<br />
in total, which is up from 321,092 (representing<br />
a 1% increase) in the previous year.<br />
Organisations successfully prevented £1.03<br />
billion in fraud losses through non-competitive<br />
data sharing. Identity crimes (ie identity fraud<br />
and facility takeover) remain the biggest threat,<br />
representing 60% of all fraud recorded.<br />
Facility takeovers increased by 45% from<br />
15,497 to 22,525. Over 50% of those takeovers<br />
recorded were enabled over the phone in calls<br />
to Call Centre staff. 88% of identity frauds were<br />
committed online compared to 30% of facility<br />
takeovers occurring in the digital environment.<br />
A facility takeover happens when a fraudster<br />
poses as a genuine customer, gains control of<br />
an existing account and uses it for their own<br />
ends – such as making transactions or ordering<br />
new products or product upgrades. Any account<br />
can be taken over by fraudsters, including bank<br />
accounts and credit cards as well as telephone,<br />
e-mail and other services.<br />
The increase in facility takeover episodes,<br />
and particularly so those committed over the<br />
phone, is a sign that, as security for customer<br />
accounts has increased, criminals have begun<br />
to target individuals instead and attempt to<br />
trick them into revealing their personal details.<br />
Fraudsters will collate personal data and<br />
identify targets in a variety of ways, such as via<br />
data breaches, social media ‘footprints’ and<br />
other open source information. In order to<br />
access the level of detailed information needed<br />
to conduct a successful takeover, fraudsters will<br />
then often contact their victims directly and<br />
manipulate them into revealing yet further<br />
personal data. Once they have enough personal<br />
details, fraudsters go on to call the bank, phone<br />
retailer or service provider armed with the level<br />
of information needed to convince Call Centre<br />
staff that they’re the genuine customer.<br />
Cifas’ CEO Simon Dukes said: “Working<br />
together, organisations prevented £1 billion<br />
worth of fraud last year, but we know that, as<br />
one method of criminality becomes harder for<br />
them to pursue, fraudsters change tactic rather<br />
than stop. We’re now seeing that the advances<br />
made in securing online access to customer<br />
accounts have led to fraudsters targeting the<br />
human being at the end of the phone. Education<br />
here is key. We strongly urge the next<br />
Government to do more to ensure that<br />
individuals know how to avoid the scammers.”<br />
Standard for data protection revised to safeguard personal information<br />
Business standards company the British Standards Institution (BSI) has updated its standard for<br />
data protection. BS 10012:2017 Data Protection – Specification for a Personal Information<br />
Management System was developed to provide Best Practice guidance for those leaders<br />
responsible for the management of personal information.<br />
The revised British Standard is applicable to organisations of all sizes and sectors and specifies<br />
the requirements for them to adopt a personal information management system (PIMS). A PIMS<br />
provides a framework for maintaining and improving compliance with data protection requirements.<br />
In addition, the British Standard is intended to provide clear guidance for internal and external<br />
assessors on assessing compliance with data protection requirements.<br />
Changes from the 2009 version of BS 10012 include a new definition of personal and sensitive<br />
data, restrictions on profiling using personal data and new administrative requirements for data<br />
privacy officers. Data written under a pseudonym is now specifically covered, and there are also<br />
stricter requirements for consent around processing. BS 10012 takes into account a change in the<br />
law to cover data processors.<br />
Implementing BS 10012 will assist many organisations in their adoption of an appropriate<br />
information governance strategy designed to support any immediate and future regulatory, legal,<br />
risk, environmental and operational requirements.<br />
Anne Hayes, head of governance and resilience at the BSI, explained: “BS 10012 will provide<br />
organisations with structured guidance on implementing a common sense strategy that’s<br />
configured to handle personal information as securely as possible.”<br />
6<br />
www.risk-uk.com
News Update<br />
Organisations worldwide fear noncompliance<br />
with GDPR could put<br />
them out of business<br />
The majority of organisations worldwide (86%)<br />
are concerned that any failure to adhere to the<br />
upcoming EU General Data Protection<br />
Regulation (GDPR) could have a major<br />
negative impact on their business.<br />
According to a study carried out by Veritas<br />
Technologies, nearly 20% said they fear that<br />
non-compliance could actually put them out of<br />
business. This concern emanates in the face of<br />
potential fines for non-compliance that will be<br />
as high as €20 million or 4% of annual<br />
turnover (whichever is the greater sum).<br />
Intended to harmonise the governance of<br />
information that relates to individuals<br />
(‘personal data’) across European Union (EU)<br />
Member States, the GDPR requires greater<br />
oversight of where and how personal data –<br />
including credit card, banking and healthcare<br />
information – is stored and transferred and<br />
how access to it is both policed and audited.<br />
Coming into force on 25 May 2018, the<br />
GDPR will not only affect organisations within<br />
the EU, but also extend globally, impacting<br />
any organisation that offers goods or services<br />
to EU residents or monitors their behaviour<br />
(for example by tracking their buying habits).<br />
The study indicates that a substantial 47% of<br />
organisations globally harbour major doubts<br />
that they’ll meet this compliance deadline.<br />
The Veritas GDPR Report 2017 finds that<br />
more than one-in-five (21%) businesses are<br />
very worried about potential lay-offs, fearing<br />
that staff reductions may be an inevitable<br />
outcome as a result of financial penalties<br />
incurred due to GDPR compliance failures.<br />
Organisations are also concerned about the<br />
impact non-compliance could have on their<br />
brand image, especially if and when a<br />
compliance failure is made public, potentially<br />
as a result of the new obligations to notify<br />
data breach occurrences to those parties<br />
immediately affected. Some 19% of those<br />
surveyed fear that negative media or social<br />
coverage could cause their organisation to<br />
lose customers. An additional one-in-ten (12%)<br />
are very concerned that their brand would be<br />
de-valued as a result of negative coverage.<br />
The research highlights that many<br />
organisations appear to be facing serious<br />
challenges in understanding what data they<br />
have, where that data is located and its<br />
relevance to the business – a critical first step<br />
in the GDPR compliance journey.<br />
The Veritas Technologies study reveals that<br />
many of today’s organisations are struggling<br />
to solve these challenges simply because they<br />
lack the proper technology needed to address<br />
compliance regulations.<br />
Criminal Finances Bill receives<br />
Royal Assent to tackle money<br />
laundering and corruption<br />
The Criminal Finances Act 2017 will give law<br />
enforcement agencies and their partners<br />
further capabilities and powers to recover the<br />
proceeds of crime, tackle money laundering,<br />
tax evasion and corruption and combat the<br />
financing of terrorism.<br />
The Act of Parliament creates unexplained<br />
wealth orders which can require those<br />
suspected of serious crime or corruption to<br />
explain the sources of their wealth. It also<br />
introduces new criminal offences for those<br />
corporations who fail to prevent any member<br />
of their staff from facilitating tax evasion.<br />
The Act enables the seizure and forfeiture of<br />
the proceeds of crime and terrorist money<br />
stored in bank accounts and certain personal<br />
or moveable items, provides legal protections<br />
for the sharing of information between<br />
regulated companies and extends the time<br />
period granted to law enforcement agencies<br />
for investigating suspicious transactions.<br />
Also, the Act extends disclosure orders to<br />
cover money laundering and terrorist finance<br />
investigations while at the same time<br />
extending the existing civil recovery regime in<br />
the Proceeds of Crime Act to allow for the<br />
recovery of the proceeds of gross Human<br />
Rights abuses or violations overseas.<br />
James Siswick, partner for risk consulting at<br />
KPMG UK, commented: “In a week when UK<br />
banks begin to show signs of having their<br />
costs under control, another set of compliance<br />
requirements comes along which could expose<br />
them to unlimited fines and reputational<br />
damage. From September, all financial<br />
institutions will be ‘on the hook’ for the<br />
conduct of their staff. This isn’t just a case of<br />
reassessing product offerings and having a<br />
firm word with the Tax Department. The<br />
Criminal Finances Act applies to all business<br />
activity. It could be triggered by the erroneous<br />
treatment of employees’ expenses or missing<br />
VAT on a window cleaning bill. Institutions<br />
now face the task of assessing where their<br />
risks lie and how to implement reasonable<br />
procedures in order to fully manage them.”<br />
Siswick concluded: “While few firms will be<br />
jumping for joy at the prospect of yet more<br />
compliance, the price of ‘getting it wrong’ will<br />
undoubtedly assist in making the UK a leader<br />
in this area and should also act as a driver for<br />
good corporate culture.”<br />
7<br />
www.risk-uk.com
Will WannaCry pave the way for future<br />
ransomware attacks on organisations?<br />
before they can access their files. To avoid<br />
payments being traced or blocked, cyber<br />
criminals have typically used cryptocurrency<br />
platforms such as Altcoin and Bitcoin.<br />
The aptly-named<br />
WannaCry ransomware<br />
attack, which brought<br />
organisations around<br />
the globe to their<br />
knees when it first<br />
appeared on Friday 12<br />
May, is the latest in an<br />
ongoing tidal wave of<br />
ransomware-focused<br />
cyber episodes. In an<br />
exclusive News<br />
Analysis for the<br />
readers of Risk UK,<br />
Etienne Greeff<br />
assesses both the<br />
extent of the damage<br />
wrought and the<br />
future threat posed<br />
The WannaCry ransomware attack was a<br />
worldwide cyber attack perpetrated by the<br />
WannaCry ransomware cryptoworm, itself<br />
deliberately designed to target those<br />
computers running the Microsoft Windows<br />
operating system by encrypting data and<br />
demanding ransom payments.<br />
The initial attack began on Friday 12 May<br />
and, within a single day, was reported to have<br />
infected more than 230,000 computers in over<br />
150 countries. Shortly after the attack began, a<br />
web security researcher who blogs as<br />
‘MalwareTech’ discovered an effective ‘kill<br />
switch’ by registering a domain name found in<br />
the code of the ransomware. This greatly<br />
slowed the spread of the infection, effectively<br />
halting the initial outbreak on Monday 15 May,<br />
but new versions were subsequently detected<br />
that lack the ‘kill switch’.<br />
For those organisations who have felt the full<br />
wrath of the attack and any others presently<br />
storing data on vulnerable software, this should<br />
be deemed as a serious wake-up call. After all,<br />
WannaCry exploits a flaw in vulnerable, end-oflife<br />
versions of Microsoft Windows (most<br />
notably Windows XP and Windows 7). As<br />
stated, to unlock the hijacked data, the<br />
WannaCry hackers have been demanding a<br />
payment worth £230 from infected end users.<br />
Ransomware was the foremost type of<br />
malware in 2016. It works by encrypting – or<br />
‘hijacking’ – files until a ransom is paid. In the<br />
meantime, the end user sees a displayed<br />
message stating that payment is required<br />
Assessing the damage<br />
Many large organisations have already faced<br />
the consequences of vulnerabilities exploited<br />
by WannaCry. Alongside the NHS in the UK,<br />
infected organisations have included Germany’s<br />
main rail company Deutsche Bahn, Spain’s<br />
Telefonica, French car manufacturer Renault, US<br />
logistics company FedEx and thousands of<br />
victims in countries such as Russia, India,<br />
China, the Ukraine and Taiwan. The extent and<br />
scale of the damage caused is very significant.<br />
In China alone, nearly 30,000 organisations<br />
had been attacked by the end of Saturday 14<br />
May. While the attack attracted significant<br />
media coverage in the UK, we didn’t even<br />
feature in the Top 20 list of countries by hosts<br />
infected. The most infected country was the<br />
Russian Federation followed by the Ukraine,<br />
India and Taiwan. A reported 1,000 computers<br />
at the Russian Interior Ministry were infected.<br />
What made the UK so newsworthy was the<br />
real-life impact caused by attacks on hospitals.<br />
The ‘hijack’ of the NHS meant patients had to<br />
be moved, treatments delayed and medical<br />
procedures cancelled. Clearly, this attack is<br />
highly aggressive and has been extremely<br />
effective. Even though cyber security experts<br />
recommend victims don’t pay the attackers,<br />
many have done so to obtain the decryption<br />
key and restore normal operations.<br />
WannaCry propagates using EternalBlue, an<br />
exploit of Windows’ Server Message Block<br />
protocol. Much of the attention and comment<br />
around the event was occasioned by the fact<br />
that the US National Security Agency had<br />
discovered the vulnerability in the past, but<br />
used it to create an exploit for its own offensive<br />
work rather than report it to Microsoft. It was<br />
only when the existence of this vulnerability<br />
was revealed by The Shadow Brokers that<br />
Microsoft became aware of the issue and<br />
issued a ‘critical’ security patch on 14 March,<br />
but many organisations had not yet applied it.<br />
Scaled beyond belief<br />
We know that the WannaCry malware spread<br />
exponentially through a worm-borne<br />
ransomware, but it lacks scale in decryption<br />
8<br />
www.risk-uk.com
News Analysis: WannaCry Ransomware Attack<br />
and sophistication in ransom payment<br />
collections. Simply put, the attackers’ clever<br />
use of code has generated vast scale for<br />
infections, but they’ve shown poor business<br />
acumen for turning ransoms into profit. So,<br />
despite its apparent success, has this attack<br />
actually bitten off more than it can chew?<br />
The WannaCry hackers have left much to be<br />
desired when it comes to the transactional<br />
components for securing the cash. WannaCry’s<br />
decryption process is manual, which effectively<br />
means that someone has to physically provide<br />
the decryption key for literally hundreds of<br />
thousands of ransoms (assuming anyone pays<br />
up, of course). This process is fundamentally at<br />
odds with the scale of the attack. The attackers<br />
simply don’t have the manpower to ‘cash in’.<br />
Second, Bitcoin (which, as stated, is used to<br />
take the ransom payments) is the most visible<br />
and traceable of all the cryptocurrency<br />
platforms (and precisely why we’re beginning to<br />
see ransomware attacks using altcoins such as<br />
Monero and Zcash as the currency of choice).<br />
The motivation behind the attack is unclear.<br />
Our own analysis has led us to believe that the<br />
attack was actually meant for home users. For<br />
example, the malware is targeted at older<br />
versions of Windows operating systems, which<br />
are more commonly in use on home computers.<br />
The inclusion of a ‘kill switch’ is interesting,<br />
too. Typically, Domain Name System-based ‘kill<br />
switches’ are used by virus writers to avoid<br />
detection by sandboxes (a security mechanism<br />
for running typically untested or untrusted<br />
programs in isolation). A sandbox would<br />
answer to all DNS queries and potential<br />
requests to outside sites. Virus writers know<br />
this and so terminate malware when they see<br />
requests answered. This could point to the fact<br />
that the malware was targeted at organisations<br />
not running sandboxes, which would lead<br />
towards the home user.<br />
Combined with the failure to effectively<br />
monetise the operation, this suggests the<br />
intended targets were not corporate<br />
organisations, such as the NHS and Telefonica.<br />
It would seem these organisations found<br />
themselves caught up in collateral damage.<br />
However, they could easily have prevented any<br />
ransomware infection through the adoption of<br />
basic security hygiene in tandem with up-todate<br />
frontline security.<br />
Proactive data defence<br />
Organisations should be taking a front foot<br />
approach to avoid becoming the next in line<br />
and being held hostage. They need to act now.<br />
Make no mistake that the ransomware element<br />
of the malware could easily be swapped for a<br />
“What made the UK so newsworthy was the real-life impact<br />
caused by attacks on hospitals. The ‘hijack’ of the NHS<br />
meant patients had to be moved and treatments delayed”<br />
more destructive command that would wipe the<br />
hard drive of infected machines completely.<br />
New and more innovative ‘strains’ of the<br />
WannaCry malware are expected to emerge so<br />
there’s a pressing need to be ready to weather<br />
the storm.<br />
The impact of WannaCry could have been<br />
significantly suppressed if basic Best Practice<br />
security hygiene had been implemented. The<br />
NHS left itself vulnerable as its computer<br />
systems were dangerously outdated.<br />
Alarmingly, many NHS Trusts still use Windows<br />
XP as their main operating system.<br />
In order to operate a strong security defence,<br />
organisations need consistent ingress and<br />
egress filtering, regular patching and back-ups<br />
of all data. Following these basic steps, security<br />
should then focus on vulnerability testing and<br />
management, improved end user education (to<br />
stop the opening of dangerous links and<br />
attachments), anti-virus endpoint detection and<br />
content filtering.<br />
These are all well-understood practices, of<br />
course, but need to be implemented<br />
consistently in order to break the ransomware<br />
‘kill chain’ and choke this persistent threat.<br />
The future threat<br />
From the attackers’ perspective, WannaCry is a<br />
technical success. They’ve proven their concept<br />
for the worm delivery channel. With the<br />
enormity and global scale achieved, however,<br />
they will rue the day that they failed to convert<br />
this opportunity into cold, hard and real-world<br />
currency. Next time, the affected organisations<br />
involved might not be so lucky.<br />
Moving forward, this will not be the last we<br />
see of large-scale ransomware attacks, or even<br />
of WannaCry itself. Cyber criminals are<br />
innovative and ‘tech savvy’. They’re constantly<br />
looking for new ways in which to infiltrate<br />
computer systems and deliver new payloads.<br />
Easy wins, such as targeting legacy operating<br />
systems, are just the tip of the iceberg.<br />
The techniques for a similar attack will evolve<br />
and grow to become more complex and more<br />
damaging. In the future, we expect to see<br />
game-changers such as new payment platforms<br />
used for ransom, a greater array of target types,<br />
‘Infect-A-Friend’ attacks and Ransomware-as-a-<br />
Service. While the battle versus WannaCry has<br />
certainly started, it has only just begun. More<br />
than 1.3 million systems remain vulnerable.<br />
Etienne Greeff: CTO and<br />
Founder of SecureData<br />
9<br />
www.risk-uk.com
COIE 2017: A Collaborative Approach to<br />
Industry Challenges and Risk Mitigation<br />
overriding desire to listen, understand and act<br />
on all of the feedback imparted.”<br />
Cortech Developments<br />
– the specialist in<br />
mitigating risk in<br />
relation to workplace<br />
safety, security and<br />
building efficiency –<br />
has confirmed the<br />
appointment of Risk<br />
UK as its Official<br />
Media Partner for the<br />
2017 schedule of<br />
Cortech Open<br />
Innovation Events.<br />
Here, Brian Sims<br />
previews the content<br />
on offer for practising<br />
risk and security<br />
management<br />
professionals in<br />
attendance<br />
Bristol Science Centre will host the next<br />
Cortech Open Innovation Event (COIE) on<br />
Tuesday 18 July. This is a Continuing<br />
Professional Development (CPD)-accredited<br />
event with a difference for end users,<br />
consultants and main contractors focusing on<br />
innovative technology and the latest smart<br />
integration techniques for workplace safety,<br />
high security and building efficiency.<br />
Paul Spence, marketing and communications<br />
manager at Cortech Developments, explained:<br />
“Previous COIEs have provided a great platform<br />
for collaborative engagement, discussion and<br />
debate regarding technology, Best Practice and<br />
industry challenges. This backdrop will form an<br />
integral part of the COIE Series throughout the<br />
year as Cortech and our event partners seek to<br />
promote knowledge transfer and added value<br />
for those either managing buildings or involved<br />
in specifying their security requirements.”<br />
The Bristol gathering aims to challenge us all<br />
to think about the way in which we manage<br />
infrastructure and buildings with a view<br />
towards enhanced safety, security,<br />
interoperability and sustainability.<br />
In conversation with Risk UK, Spence added:<br />
“Given that these are CPD-accredited events<br />
involving technology experts, we seek to impart<br />
knowledge and empower building owners,<br />
consultants and main contractors to embrace<br />
new ideas and technology that assists in<br />
mitigating risk. Our cluster groups on the day<br />
bring together a cross-section of the industry to<br />
openly discuss their challenges. It’s our<br />
Empowering delegates<br />
In collaboration with its partner manufacturers,<br />
Cortech Developments provides an environment<br />
for facilitating delegate interaction and<br />
engagement through the aforementioned<br />
organised cluster groups, in addition to the<br />
demonstration of the latest technology.<br />
Commenting on the value of the COIE days,<br />
John Hill (head of operations at Cortech<br />
Developments) said: “The Cortech Open<br />
Innovation Events are always an exciting time<br />
for me. They encourage passionate and open<br />
discussion about the issues that really affect<br />
the market. They’re a fantastic opportunity for<br />
our industry to actually see what’s available<br />
through technology and provide a platform for<br />
us to listen to what the market is telling us and<br />
discover how, through innovation, we can<br />
continue to address industry needs.”<br />
Craig Jackson, physical security advisor at the<br />
DVLA, attended the last COIE of 2016 which<br />
took place in London. He highlighted the value<br />
to be gained in the cluster groups. “Having<br />
attended several similar events during the<br />
course of 2016, I thought I knew what to<br />
expect, but this was different,” urged Jackson.<br />
“In addition to the usual opportunity to keep<br />
abreast of recent innovations in technology, the<br />
event also provided a great platform for<br />
networking with industry peers to both share<br />
common issues and understand individual<br />
concerns across the security industry.”<br />
Glasgow COIE attendee Stephen Fleming,<br />
physical security manager at the State Hospital,<br />
observed: “I’ve attended previous Cortech<br />
events and have always found them to be of<br />
great value. The latest event in Glasgow was no<br />
different as it was well-organised with quality<br />
partners. Each COIE is an excellent networking<br />
opportunity where you have the chance to<br />
discuss the different challenges across the<br />
security industry.”<br />
The cluster groups draw on the opinion and<br />
challenges of a cross-section of our industry<br />
and this provides a particularly relevant lead<br />
into the live demonstration on the day which is<br />
facilitated through the use of software, control<br />
technology and people to address challenges.<br />
The demonstration provides an insight into<br />
how smart integration can assist end users to<br />
10<br />
www.risk-uk.com
News Special: Cortech Open Innovation Events 2017<br />
reduce risk and cost, meet their regulatory<br />
requirements, enhance operational efficiency<br />
and provide greater situational awareness.<br />
Jason Blundell, head of sales at Cortech<br />
Developments, spoke of the importance and<br />
value of the live demonstration to delegates.<br />
“Increasingly, organisations are centralising<br />
their operations and managing technology<br />
across multiple sites and buildings,” outlined<br />
Blundell. “There’s a common need for visibility<br />
and control of multiple systems and equipment.<br />
As part of the demonstration, we highlight the<br />
monitoring and control of technology from<br />
thousands of miles away in practical terms.<br />
Distance is no longer a barrier.”<br />
The live demonstration has been viewed by<br />
previous COIE delegates as an educational and<br />
thought-provoking showpiece. “The experience<br />
was augmented by real-time demonstrations of<br />
the recording and control of security situations<br />
within various applications ranging from fire<br />
detection and CCTV monitoring through to<br />
presence and perimeter detection,” enthused<br />
Derek Follows, technical director at Jacobs UK,<br />
who attended the COIE in Knutsford last year.<br />
“An excellent event that’s invaluable for<br />
contractors, specifiers and clients alike.”<br />
This was a view shared by another Glasgow<br />
COIE delegate, namely Allan Rowan (senior<br />
building services engineer at Pick Everard).<br />
“Attending a Cortech Open Innovation Event is a<br />
fantastic way to keep up-to-date with the latest<br />
thinking and developments across the field and<br />
participate in stimulating exchanges of ideas<br />
and experience. The interactive demonstration<br />
was informative and interesting and afforded an<br />
insight of how new and old systems can be<br />
brought together under a single interface. This<br />
has particular relevance to my profession and<br />
industry in terms of the realisation of not only<br />
energy efficiency, but also the significant<br />
savings to be made in maintenance and the<br />
effective prioritisation of alarm activations.”<br />
Technology experts<br />
Manufacturers confirmed for the forthcoming<br />
COIE in Bristol are Bosch Security Systems<br />
(CCTV), Harper Chalice (PIDs), Paxton (Access<br />
Control) and Stentofon-Zenitel UK (Intercoms).<br />
Each of the manufacturers will be represented<br />
as part of the cluster groups and the live<br />
demonstration, with representatives on hand<br />
throughout the day to offer ‘one-t0-one’<br />
engagement and advice for delegates.<br />
As part of the COIE in Bristol, guest speaker<br />
Steve Pilkington (technical director of Italik)<br />
will address delegates regarding the current<br />
cyber crime landscape. Pilkington’s<br />
presentation will centre on what motivates a<br />
hacker, examples of common threats, detail<br />
around the ten steps to cyber risk management<br />
and a summary of IT security trends.<br />
“Speakers have proven to be a popular and<br />
added value thread to the COIE Series,”<br />
explained Paul Spence. “Cyber security is<br />
becoming a fundamental part of business and<br />
security strategy and we’re absolutely delighted<br />
that Steve is presenting at the event to impart<br />
his considerable knowledge and experience of<br />
this specialist area.”<br />
Spence went on to state: “Steve has over 20<br />
years’ experience of working in IT as a<br />
developer, an infrastructure consultant, a<br />
network/security consultant and more recently<br />
as a network security architect. He has also<br />
been involved in a wide range of projects<br />
involving everything from mobile device-based<br />
Service Management Systems through to<br />
virtualisation projects, network infrastructure<br />
designs and secure architecture.”<br />
Following last year’s COIE in London, Rob<br />
Marshall (security and environment manager at<br />
Cambridge University Press) spoke of the<br />
benefits he gained from the cyber security<br />
presentation given on the day. “Education and<br />
value was obtained through the event’s guest<br />
speaker, James Willison, who delivered a very<br />
interesting, albeit concerning presentation on<br />
the risk of cyber-physical attacks for<br />
businesses. The end result of this has been<br />
closer collaboration with my technology<br />
colleagues to reduce the risk posed to our own<br />
security systems. Furthermore, when we’re<br />
investing in security equipment in the future,<br />
we’ll ensure suppliers provide evidence that<br />
they protect and secure their equipment.”<br />
Bristol COIE itinerary<br />
9.30 am: Arrival and Registration<br />
10.30 am: Welcome from Cortech Developments<br />
10.35 am: Industry Challenges in Focus<br />
10.50 am: Guest Speaker – Steve Pilkington<br />
(Italik) on Cyber Risk Management<br />
11.10 am: Live Software/Hardware<br />
Demonstration<br />
11.50 am: Luncheon<br />
12.15 pm: ‘Meet The Manufacturers’<br />
2.20 pm: Closing Statements<br />
If you’re an end user, security consultant or<br />
main contractor interested in gaining a greater<br />
understanding of smarter interoperability and<br />
the mitigation of risk for workplace safety,<br />
security and building efficiency, join Cortech<br />
and its partners at one of this year’s events.<br />
In 2017, the COIE Series runs as follows:<br />
• COIE Bristol: 18 July 2017<br />
• COIE Glasgow: 26 September 2017<br />
• COIE Knutsford: 7 November 2017<br />
Paul Spence: Marketing and<br />
Communications Manager at<br />
Cortech Developments<br />
*Note that places for each<br />
COIE are limited and will be<br />
allocated on a first come, first<br />
served basis. For more<br />
information and to register<br />
your interest in attendance<br />
visit: www.coie.uk.com<br />
11<br />
www.risk-uk.com
Always a suitable solution<br />
with the DIVAR hybrid<br />
and network recorders<br />
At Bosch, we believe that video surveillance solutions should be as easy to<br />
install as they are to use. It’s the thinking behind our completely new portfolio<br />
of DIVAR hybrid and network recording solutions. Specifically designed for<br />
24/7 operation, they offer the ability to create video surveillance solutions<br />
with professional security features. Solutions that can be tailored to fit the<br />
growing needs of small and medium businesses.<br />
boschsecurity.com
Opinion: Closing the UK’s Technology Skills Gap<br />
Any shortage of technical training and skills<br />
is going to be a significant issue across the<br />
UK’s economy. Given its high reliance on<br />
cutting-edge technology and expertise, the<br />
UK’s security industry has particular reason to<br />
be anxious of either a ‘brain drain’ or any<br />
movement restrictions placed on internationally<br />
sourced talent and resources post-Brexit.<br />
A recent Hays Global Skills Index Survey<br />
suggested that the UK’s skills shortage has<br />
worsened for the fifth consecutive year, with an<br />
8% increase materialising over that period. The<br />
study, which involved no less than 90,000 UK<br />
companies, also served to suggest that one-infour<br />
vacancies is now difficult to fill. That’s a<br />
staggering skills shortage by any definition.<br />
The shortage in skilled technical labour is<br />
even more pronounced when you consider that<br />
unemployment is now at its lowest level for a<br />
decade, meaning there’s an even smaller pool<br />
of potential workers available to be trained in<br />
skills shortage areas.<br />
There’s a train of thought that suggests some<br />
of these skills shortages are limited to very<br />
niche areas and therefore don’t interest many<br />
trainees or concern the majority of business<br />
leaders. However, a skills shortage is always in<br />
response to a specific need: it has to be a<br />
blinkered view that ignores these requirements.<br />
Research published earlier this year by the<br />
Social Market Foundation states that science,<br />
research, engineering and technology jobs will<br />
grow at double the rate of other occupations<br />
between now and 2023. This will see the<br />
creation of 142,000 extra roles in these areas,<br />
with the skills required for such positions<br />
having to be sourced on an urgent footing.<br />
When you look at the technical expertise<br />
needs of the UK’s economy as a whole, there<br />
are really two distinct aspects which demand to<br />
be addressed. First, there’s the quality and<br />
quantity of the potential pipeline of homegrown<br />
talent. Second, there’s the availability of<br />
talent from outside the UK.<br />
In my experience, finding the best technical<br />
expertise from the UK alone in the numbers<br />
required can be quite a challenge. In our<br />
business at the moment, we employ a sizeable<br />
amount of our team from the best of the<br />
international Human Resources market, finding<br />
exactly the right people for key roles.<br />
We also need to fully educate the next<br />
generation of UK security professionals,<br />
ensuring that we can find and nurture the right<br />
talent closer to home in the future.<br />
Taking the right steps<br />
It’s disappointing to witness the current skills<br />
gap as the UK Government started to take the<br />
‘Mind The Gap’: Assessing the<br />
Technology Skills Landscape<br />
With Brexit dominating not only the national media’s<br />
headlines, but also the consciousness of UK plc as a whole,<br />
we’ve most certainly reached an important juncture when it<br />
comes to planning for the future. Given the prospect of the<br />
UK standing alone on the international stage when it comes<br />
to trade and exports, it’s vital that we’re fully prepared for<br />
doing so. One area which John Davies believes should be<br />
subject to greater scrutiny is the technology skills gap<br />
right steps some five-to-seven years ago by<br />
reintroducing the concept of apprenticeships.<br />
We will always need excellent academic<br />
qualifications and trained people, but equally<br />
so it must be recognised that a stint in further<br />
education isn’t beloved by everyone.<br />
Apprenticeships are a superb way of bringing<br />
young and hungry talent into the industry for<br />
‘on the job’ training. This isn’t just about<br />
academic training, either. It also provides a<br />
healthy dose of business experience as well.<br />
That’s something which is perhaps more of a<br />
challenge in traditional academia.<br />
There has also been a lot of talk about ‘T-<br />
Levels’ – Technology Level courses which offer<br />
specific training for modern technology needs.<br />
Indeed, it’s encouraging to see technology<br />
education being promoted in this way and<br />
appealing to those students who wish to build<br />
a solid career in the UK’s technology sector.<br />
In my experience, though, we in the UK are<br />
still somewhat behind our European cousins<br />
when it comes to technology education and<br />
John Davies:<br />
Managing Director of TDSi<br />
13<br />
www.risk-uk.com
Opinion: Closing the UK’s Technology Skills Gap<br />
training. Take Germany, for example, a country<br />
which has traditionally excelled in these areas.<br />
The German education system has focused<br />
heavily on engineering and vocational-based<br />
training programmes which have paid dividends<br />
for its technology sector. The country has also<br />
continued to centre on this for decades,<br />
meaning that it has an excellent pipeline of<br />
trained talent ‘on tap’.<br />
Such an approach would greatly enhance UK<br />
training as well, affording up-and-coming talent<br />
the support it needs to reach its full potential.<br />
UK technology needs<br />
The UK skills gap across all sectors has been<br />
filled over the last few years largely thanks to a<br />
healthy influx of very talented individuals from<br />
across Europe. As a business, we’ve benefited<br />
from this open and vibrant skills market,<br />
supplementing the best of our local UK talent<br />
with that from the European mainland and,<br />
indeed, beyond.<br />
With the Brexit deal now on the horizon, it<br />
can only be hoped that this valuable source of<br />
skilled professionals from Europe will not<br />
simply dry up. At the very least, it’s essential<br />
the UK continues to open its doors to this<br />
expertise until such time that we can reap new<br />
generations of home-grown UK talent, which is<br />
evolving through the education system and<br />
through other training initiatives (with, of<br />
course, apprenticeships being among them).<br />
It’s quite telling that, when you look at some<br />
engineering faculties in UK universities, it’s<br />
often the case 50% or more of their students<br />
emanate from other countries. We have<br />
education facilities that are world-renowned<br />
and something to be proud of, and yet we still<br />
don’t appear to be educating enough engineers<br />
from the UK.<br />
Interestingly, the UK Government recently<br />
announced plans to promote what it terms a<br />
‘Digital Strategy’ to support and underpin UK<br />
businesses that work in this important sector.<br />
This is a move to be applauded. It’s vital to<br />
ensure that a post-Brexit UK is able to compete<br />
fairly on this level.<br />
It’s to be hoped that this approach has a<br />
wider remit than just ‘online’ business.<br />
Interestingly, part of the proposed scheme is<br />
the establishment of a ‘Digital Skills<br />
Partnership’ which will see the Government<br />
work with businesses and other professional<br />
“Apprenticeships are a superb way of bringing young and<br />
hungry talent into the industry for ‘on the job’ training<br />
which also provides a healthy dose of business experience”<br />
organisations to help support and promote the<br />
right skills for UK workers.<br />
Any progress towards closing the skills gap is<br />
encouraging, of course. It’s essential that the<br />
security industry makes its voice heard when it<br />
comes to supporting these initiatives – or any<br />
future ones that may be developed – if there’s a<br />
change in political leadership following this<br />
month’s General Election.<br />
Other ways to help<br />
There are many ways in which to help<br />
encourage students and existing workers to<br />
train in the skills the UK economy needs. One<br />
example is to offer financial incentives by<br />
paying tuition fees or providing other support<br />
for key degree courses to assist an increase in<br />
numbers. This may encourage some students to<br />
take these courses over their less vocational<br />
alternatives. Going forward, establishing more<br />
technical colleges and universities would also<br />
seem to be a sensible approach.<br />
Greater assistance from Government for<br />
businesses providing ‘on the job’ training or<br />
apprenticeships would be useful. This is a<br />
classic win-win situation for everyone involved<br />
and would help industry in filling the gaps that<br />
need to be plugged ‘at the coalface’.<br />
There’s also a need to address the gender<br />
gap in technical education. We simply must<br />
look to encourage more young women into<br />
technical training and roles within the industry.<br />
Sometimes there seems to be a perception that<br />
technical jobs are ‘not for me’. This is<br />
something we all need to tackle and correct,<br />
ensuring that technical career paths are<br />
inclusive and open to all potential talent.<br />
Changes post-Brexit<br />
With the changes that will follow Brexit in<br />
regard to international trading and people<br />
movement, it’s hoped that there will also be<br />
significant evolution in the UK’s education<br />
system to ensure we’re closing the skills gap.<br />
We do possess some of the best educational<br />
establishments in the world and a long history<br />
of innovation and entrepreneurial skills to make<br />
our technology highly commercial.<br />
Undoubtedly, there’s a keen general interest<br />
in technology – just try separating a Millennial<br />
individual from their smart phone – and this<br />
absolutely demands to be nurtured.<br />
Along with apprenticeships and T-Levels, we<br />
have the necessary tools and passion in place<br />
to create the right opportunities. What we need<br />
now is an impetus from UK leaders to help<br />
close the skills gap and ensure that our<br />
economy continues to grow and develop. This<br />
has to be an essential target for all.<br />
14<br />
www.risk-uk.com
INSPIRATION<br />
THROUGH INVALUABLE<br />
DIGITAL INSIGHT<br />
With approaches, systems and<br />
devices constantly changing,<br />
etailers need to be aware of the<br />
latest trends and innovations to<br />
gain significant competitive<br />
advantage from their eCommerce<br />
and mCommerce efforts.<br />
The eTailing Summit offers a day<br />
of meetings and networking with<br />
industry suppliers and peers for<br />
idea gathering, inspirations, tools<br />
and tactics to help transform<br />
strategies in line with the latest<br />
technologies.<br />
11th July 2017<br />
Hilton London Canary Wharf<br />
For further information contact Katie Bullot on:<br />
01992 374049<br />
k.bullot@forumevents.co.uk<br />
@eTailingSummit<br />
ForumEventsLtd<br />
forumevents<br />
MEDIA & INDUSTRY PARTNERS<br />
etailingsummit.co.uk
Does Legislative Repeal Fit the Bill?<br />
mention EU law that will not be part of the UK’s<br />
legal system.<br />
The British Government wants to invoke<br />
controversial powers contained within King<br />
Henry VIII’s Proclamation by the Crown Act of<br />
1539, which also helped to disentangle England<br />
from the continent at that time. These powers<br />
will give ministers and civil servants alike the<br />
authority to wade through vast amounts of EU<br />
legislation and decide which bits to keep, which<br />
to amend and which to repeal in their entirety.<br />
Of particular note here is the fact that<br />
ministers can waive the decisions through<br />
without recourse to the House of Commons.<br />
One of the largest<br />
legislative projects<br />
ever to be undertaken,<br />
the Great Repeal Bill<br />
will ensure that<br />
European law no<br />
longer applies in the<br />
United Kingdom. Here,<br />
Peter Webster<br />
examines why<br />
guarding companies<br />
should be concerned<br />
about the uncertainty<br />
this legislation could<br />
well create for the<br />
security industry<br />
One of the prerequisites of success for any<br />
company in any industry is certainty, but<br />
since the European Union (EU)<br />
Referendum of June 2016, things have been far<br />
from certain here in the UK. Whatever your side<br />
of the argument, Brexit is now going ahead and<br />
the best possible deal must be sought for the<br />
UK and Europe. This is in everyone’s interests.<br />
However, as the Government tiptoes its way<br />
towards extricating the UK from European law<br />
through the Great Repeal Bill, the guarding<br />
sector has every reason to feel nervous.<br />
Back in March, just a day after Article 50 was<br />
invoked, David Davis (Secretary of State for<br />
Exiting the EU) published the Great Repeal Bill,<br />
which will repeal the 1972 European<br />
Communities Act. This Act took Britain into the<br />
EU and meant that European law assumed<br />
precedence over laws passed in the British<br />
Parliament. The repeal process is a gargantuan<br />
task, as there are believed to be 12,000 EU<br />
regulations in force, while Parliament has<br />
passed some 7,900 Statutory Instruments<br />
implementing EU legislation and 186 Acts<br />
incorporating at least a degree of EU influence.<br />
It’s argued that, without the Great Repeal<br />
Bill, when the UK leaves the EU all of these<br />
rules and regulations would no longer have<br />
legal standing in the UK, creating a ‘black hole’<br />
in our statute book. However, technical<br />
problems will arise as EU laws are put on that<br />
statute book. For instance, many EU laws<br />
mention EU institutions in which the UK will no<br />
longer participate after Brexit, or otherwise<br />
Cause for concern<br />
Although David Davis argues that the Great<br />
Repeal Bill will provide “clarity and certainty”<br />
by assuring laws derived from the EU don’t<br />
“change overnight” during the Brexit process,<br />
the precise terms of the UK’s deal with the EU<br />
will remain unknown by the time the Great<br />
Repeal Bill is introduced to Parliament later this<br />
year. These practical considerations make the<br />
alternative – a slow and torturous progression<br />
of Bills through Parliament over many years –<br />
simply impossible and the creation of any deal<br />
with the EU somewhat difficult.<br />
One significant issue with the Great Repeal<br />
Bill is that, despite assurances to the effect that<br />
it will be used correctly, it does hand<br />
considerable power to the Government. As<br />
former Lord Chief Justice Lord Judge said only<br />
last year: “Unless strictly incidental to primary<br />
legislation, every Henry VIII clause and every<br />
vague skeleton Bill is a blow to the sovereignty<br />
of Parliament. Each one is a self-inflicted blow,<br />
with each one boosting the power of the<br />
executive. Is that what we really want?”<br />
These Henry VIII powers effectively eliminate<br />
the checks and balances to which a Bill’s usual<br />
passage through Parliament is subject. Indeed,<br />
Parliament is effectively excluded from the<br />
legislative process, even though Acts of<br />
Parliament themselves may be repealed under<br />
these clauses. Ultimately, nearly half a century<br />
of workers’ rights, Health and Safety laws,<br />
consumer protections, environmental standards<br />
and numerous other factors are now in the<br />
hands of Conservative ministers.<br />
What’s the problem, then? These measures<br />
are needed given the huge demands placed on<br />
the Government by invoking Article 50 and<br />
setting a firm date for the UK to exit the EU. In<br />
principle, of course, the measure is fine. As a<br />
16<br />
www.risk-uk.com
Opinion: Security’s VERTEX Voice<br />
mechanism to transfer any legislation into UK<br />
law the Great Repeal Bill is to be welcomed, but<br />
the Government should be mindful of the need<br />
to ensure that the right balance is struck<br />
between the requirement for scrutiny and the<br />
necessity for speed.<br />
The devil is in the detail. David Davis told Sky<br />
News there are areas of EU law that need to be<br />
“put right”, while also stating that: “There are<br />
lots of parts of EU law of which we approve.”<br />
There’s a perception that UK companies are<br />
constrained by red tape and, while most<br />
businesses will appreciate there being much<br />
less of it, the risk with the powers as granted is<br />
that they allow the Government to alter<br />
legislation according to its own political<br />
agenda. For example, the far right of the<br />
Conservative Party would no doubt welcome<br />
greater deregulation right across the board.<br />
Safe from harm<br />
What does all of this mean for the security<br />
business sector, though? As an industry<br />
employing well over 300,000 licensed<br />
individuals, the security sector needs to be<br />
making its voice heard in Government circles<br />
and ensure that any attempt to amend or<br />
revoke EU regulations as they pass across into<br />
UK law doesn’t do it harm.<br />
Take the Transfer of Undertakings (Protection<br />
of Employment) Regulations – better known as<br />
TUPE – as an example. These are designed to<br />
protect employment rights when employees<br />
transfer from one business to another. If the<br />
Government chose to wipe TUPE from the<br />
statute books the effects could be disastrous.<br />
Every single security guarding company<br />
traditionally ‘TUPEs’ staff from one job to<br />
another at the end of a contract. Removal of<br />
TUPE would give them a potentially massive<br />
redundancy liability at the end of each contract<br />
– one for which they simply wouldn’t have<br />
allowed. This would have huge financial<br />
implications for those in our industry, not to<br />
mention other labour intensive sectors such as<br />
cleaning and catering.<br />
The cynical among us might consider that the<br />
removal of TUPE would allow the Government<br />
to outsource many of its existing functions at<br />
lower cost. If this were to happen, it would be<br />
solely to the benefit of the bigger contractors<br />
(who are seemingly favoured for public sector<br />
tenders on a consistent basis) and simply add<br />
to a more uneven playing field.<br />
Then there’s the potential for industrial<br />
unrest and additional worry for workers created<br />
by an erosion of the rights that they currently<br />
enjoy. We could soon return to the bad old days<br />
wherein any company that pays the lowest<br />
wages wins the contract.<br />
What’s more, by giving the power to change<br />
important rights and protections for workers to<br />
Judges, vital rules to protect workers could be<br />
overturned without Parliament having any say.<br />
This might include areas such as holiday pay<br />
and equal pay, as well as direct and indirect<br />
racial and gender discrimination.<br />
The security industry is highly exposed to<br />
regulatory change and the uncertainty created<br />
by the Great Repeal Bill should be a worry.<br />
On a practical day-to-day level, company<br />
directors have a responsibility to manage and<br />
quantify risk, but the risks here cannot be<br />
quantified at the moment and, as a direct<br />
result, leaves those in such important positions<br />
of leadership pretty vulnerable.<br />
Joined-up thinking<br />
What the security industry can – and must – do<br />
is take action to keep the Government informed<br />
about the dire consequences that might result<br />
from any potential regulatory ‘bonfire’.<br />
One way in which to do this is to consider a<br />
joint initiative with other industries for which<br />
the removal of legislation like TUPE would be a<br />
disaster. Joining forces with others would make<br />
a great deal of sense because, as things stand,<br />
the security industry has no effective lobbying<br />
capability to speak of.<br />
Put simply, if the worse case scenario does<br />
materialise and security guarding companies<br />
end up with millions of pounds’ worth of<br />
financial responsibility unaccounted for, the<br />
sector will wish it had made its voice heard.<br />
Come that particular point in time, though, it<br />
will be far too late in the day.<br />
Peter Webster: Chief Executive<br />
of Corps Security<br />
*The author of Risk UK’s regular<br />
column Security’s VERTEX Voice is<br />
Peter Webster, CEO of Corps<br />
Security. This is the space where<br />
Peter examines current and often<br />
key-critical issues directly<br />
affecting the security industry. The<br />
thoughts and opinions expressed<br />
here are intended to generate<br />
debate among practitioners within<br />
the professional security and risk<br />
management sectors. Whether you<br />
agree or disagree with the views<br />
outlined, or would like to make<br />
comment, do let us know (e-mail:<br />
pwebster@corpssecurity.co.uk or<br />
brian.sims@risk-uk.com)<br />
“As an industry employing well over 300,000 licensed<br />
individuals, the security sector needs to be making its<br />
voice heard in Government circles”<br />
17<br />
www.risk-uk.com
www.coie.uk.com<br />
Cortech Open<br />
Innovation Event<br />
At-Bristol Science Centre, Anchor Road, Harbourside, Bristol<br />
18 July 2017<br />
The Mitigation of Risk for Workplace Safety, High Security<br />
and Building Efficiency<br />
An event with a difference for end users, consultants and main contractors:<br />
Be educated, informed and better equipped to manage evolving building needs<br />
Keep abreast of the latest advances in security, fire and building control technology<br />
See technology in action as part of the live demonstration<br />
Discover the latest smart integration techniques<br />
Discuss industry challenges with fellow security professionals and technology experts<br />
Learn about the 10 steps to cyber risk management<br />
Attending Partners<br />
Cortech<br />
Developments<br />
Media Partner
BSIA Briefing<br />
IFSEC International 2017 will see the return of<br />
the Smart Zone which proved incredibly<br />
popular during its launch last year. The Smart<br />
Zone showcases the capabilities of smart<br />
security technology and features a ‘smart<br />
home’ right in the middle of the exhibition floor,<br />
covering not only home automation devices,<br />
but also the wider Internet of Things, including<br />
smart commercial buildings, smart offices and<br />
connected security systems.<br />
Further, the Borders and Infrastructure Expo<br />
represents a brand new addition to the show<br />
floor this year. This ‘show within a show’<br />
focuses directly on products, solutions and<br />
learning for large-scale security issues such as<br />
border control, Critical National Infrastructure<br />
protection, law enforcement, transport security<br />
and the protection of key strategic assets.<br />
Within the Installer Zone, teams of young<br />
security apprentices will be competing against<br />
each other in a live installation challenge for<br />
the chance to claim a £1,000 prize at the<br />
Security and Fire Excellence Awards in<br />
November. The ever-popular Engineers of<br />
Tomorrow competition returns to IFSEC<br />
International for the nineteenth time and will<br />
see competitors undertake a 90-minute<br />
assessment, working in pairs to install and<br />
commission an intruder alarm system.<br />
IFSEC International is renowned for its<br />
comprehensive education programme, affording<br />
both security buyers and industry practitioners<br />
alike access to key learning and thought<br />
leadership on a wide spectrum of industry<br />
topics. As always, there are several ‘not to be<br />
missed’ presentations within this year’s busy<br />
seminar schedule.<br />
For example, in the Security Management<br />
Theatre on Tuesday 20 June, there’s a<br />
presentation on ‘Innovation in Access Control’<br />
to be delivered by Sandrine Cocks (product<br />
development manager at OPTEX) between noon<br />
and 12.50 pm.<br />
On Wednesday 21 June, the same location<br />
plays host to ‘Body-Worn Video: An<br />
Introduction to BS 8593 – Code of Practice for<br />
the Deployment and Use of Body-Worn Video’.<br />
In the driving seat for this seminar session<br />
(which runs from 10.40 am-11.10 am) is Craig<br />
Swallow, managing director at SoloProtect and<br />
chairman of the BSIA’s Lone Worker Section.<br />
Then, on the final day of the show, the<br />
Trailblazer Apprenticeships will be outlined by<br />
Peter Sherry, interim director general at Skills<br />
for Security. Sherry’s presentation runs from<br />
10.40 am-11.10 pm.<br />
That’s followed in the afternoon by a ‘Meet<br />
and Greet’ with the 50 most influential people<br />
in the fire and security industry. This gathering<br />
The BSIA: Promoting Best<br />
Practice at IFSEC International<br />
Organised by UBM EMEA, IFSEC International returns to<br />
London’s ExCeL between 20-22 June. Event partner the<br />
British Security Industry Association (BSIA) is looking<br />
forward to another successful year for the show. James Kelly<br />
outlines what’s in store for security and risk professionals<br />
is sponsored by the BSIA and scheduled to take<br />
place between 2.30 pm and 3.30 pm.<br />
Borders and Infrastructure<br />
In the Borders and Infrastructure Theatre on<br />
Wednesday 21 June, the Surveillance Camera<br />
Strategy for England and Wales is to be<br />
detailed by Tony Porter QPM LLB, the<br />
Surveillance Camera Commissioner. Porter’s<br />
discourse runs from 10.40 am-11.10 am.<br />
On the afternoon of Thursday 22 June from<br />
1.20 pm-2.10 pm, the Borders and Infrastructure<br />
Theatre hosts a panel debate focusing on the<br />
lessons learned from major event security<br />
(hugely topical given the recent terrorism<br />
episode at the Manchester Arena). This debate<br />
is set to feature Peter Brown, senior consultant<br />
at G4S Risk Consulting.<br />
In the Smart Buildings Theatre on Wednesday<br />
21 June, ‘What is The Internet of Things and<br />
What Opportunities are Available for Fire and<br />
Security Installers?’ is the subject of John Goy’s<br />
talk between 3.00 pm and 3.30 pm. Goy is the<br />
M2M business development director at CSL.<br />
On Wednesday 21 June between 12.30 pm<br />
and 1.00 pm, the popular Tavcom Training<br />
James Kelly: CEO of the British<br />
Security Industry Association<br />
19<br />
www.risk-uk.com
BSIA Briefing<br />
Theatre sees ‘The Future of Open Platforms’<br />
explained by John Davies, managing director at<br />
TDSi and chairman of the BSIA’s Export Council.<br />
On the show floor<br />
As in previous years, the BSIA will have a<br />
substantial presence at IFSEC. The BSIA’s Stand<br />
will feature a Members’ Lounge where<br />
members can entertain clients or network with<br />
other members and industry professionals.<br />
There’s no doubt that IFSEC is the most<br />
important show in which the Association takes<br />
part and the strong partnership we’ve had in<br />
place with UBM for many years now is a clear<br />
indication of how committed we are to the<br />
event. Over the years, IFSEC has provided us<br />
with a platform for engaging with the wider<br />
industry and demonstrating our key values.<br />
BSIA members continue to attend IFSEC<br />
International and 2017 will prove no exception<br />
to that rule. Member companies will be there in<br />
force. Altron (Stand B710) produces CCTV poles,<br />
columns, towers and associated mounting<br />
equipment. The business designs products<br />
specifically for CCTV. At IFSEC 2017, Altron will<br />
be demonstrating its lowering trolley head<br />
CCTV pole, which includes patented features.<br />
These benefit the end user when it comes to<br />
ease of operation and provide enhanced Health<br />
and Safety benefits for operators.<br />
CSL (Stand D1100) will be showcasing CSL<br />
Connected and its new CSL Routers. CSL<br />
Connected combines Critical Connectivity with<br />
the chosen alarm panel and the added option<br />
of an end user App, such that security<br />
managers can control their alarms from their<br />
phone. There will be demonstrations of CCTV<br />
over mobile in real-time with connectivity<br />
provided by the CSL Routers. Visitors can also<br />
access CSL’s latest kit including security<br />
installer favourites DigiAir and GradeShift.<br />
Elmdene International is exhibiting on Stand<br />
F1150 and showcasing a variety of new products<br />
including a range of power supplies carefully<br />
designed to house some of the most common<br />
door controllers. With different power options<br />
and enclosure sizes available, this new access<br />
control range offers the security professional a<br />
choice of PSUs for a variety of applications.<br />
The PoE UltraPod, a PoE product that can<br />
power and control multiple doors using a single<br />
Ethernet cable, is going to be on display. The<br />
company will also be showcasing the PoE<br />
“IFSEC International is renowned for its comprehensive<br />
education programme, affording both security buyers and<br />
industry practitioners alike access to key learning”<br />
MiniPod, a PoE+ powered device that provides<br />
four hours of back-up power for critical PoE<br />
cameras. In the event of a mains drop out, the<br />
MiniPod enables continuous recording from<br />
high security cameras.<br />
Knight Fire and Security Products will be<br />
having meetings at various stands across IFSEC<br />
and also making good use of the BSIA<br />
Members’ Lounge. This year, the business is<br />
pleased to announce that the SEISMO<br />
ADVANCE unit meets the new CENELEC<br />
publication of EN 50131-2-8:2016, as it includes<br />
four selectable fault output resistors which can<br />
be configured in a triple EOL configuration.<br />
Knight Fire and Security Products will be<br />
promoting this solution throughout IFSEC 2017.<br />
Night vision solutions<br />
Nocturna (Stand F1700) is part of the awardwinning<br />
IRNV Group specialising in innovative<br />
infrared night vision products. The company<br />
provides hardware and support to security,<br />
military and blue light partners worldwide.<br />
Nocturna’s solutions are also used by<br />
Government and civilian search and rescue<br />
organisations, increasing search capabilities at<br />
night, enhancing the successful early detection<br />
of individuals lost or injured in low visibility<br />
scenarios and ultimately saving lives as well as<br />
boosting survival rates in hostile environments.<br />
Skyguard (located on Stand M200 in Safety<br />
and Health Expo) has recently launched a new<br />
version of its Windows Mobile smart phone app<br />
which connects to the ‘SmartButton’ Bluetooth<br />
panic button accessory.<br />
The company will be demonstrating its range<br />
of dedicated devices and smart phone apps, all<br />
of them certified to BS 8484:2016. For those<br />
clients who place an order as a result of<br />
meeting Skyguard at the Safety and Health<br />
Expo, the company will be offering the first<br />
month’s service subscription free of charge.<br />
Lone worker safety provider SoloProtect<br />
(Stand L170 in Safety and Health Expo) will be<br />
co-locating with personal safety charity The<br />
Suzy Lamplugh Trust in close proximity to the<br />
Lone Worker Education Theatre.<br />
SoloProtect is set to showcase its full range<br />
of lone worker solutions. The company provides<br />
a combination of discreet technology combined<br />
with in-house, 24/7, EN 50518-approved Alarm<br />
Receiving Centre support.<br />
TDSi (Stand A1250/B1250) is highlighting its<br />
GARDiS software and hardware solution, which<br />
offers all the benefits of a highly secure webbased<br />
application. GARDiS is easily adaptable<br />
for an increased workload, provides easier<br />
maintenance and installation, is more secure<br />
and accessible from anywhere (on any device).<br />
20<br />
www.risk-uk.com
Specialist<br />
Security<br />
Products<br />
for Professionals<br />
Tried & tested products that<br />
deliver what they promise.<br />
Roller Barrier the nonaggressive anticlimb product<br />
that protects your perimeter and flat roofs against<br />
climbers without the risk of causing impalement injury<br />
...other stock products include;<br />
l Search Mirrors<br />
l Security Screws<br />
l Metal Detectors<br />
l Random Search<br />
Selectors<br />
l Safety & Security Mirrors<br />
l Window Security Bars<br />
l Safety Products<br />
l Bird Free the Safe &<br />
Instant Bird Deterrent<br />
...and there are hundreds more to choose from<br />
Proven products<br />
Free expert advice<br />
Risk Free No Quibble<br />
Money Back Guarantee<br />
With hundreds of Security and Safety products<br />
available for next day delivery,<br />
...whatever your needs we’d love to help,<br />
see “Roller Barrier” and our full product range at:<br />
www.insightsecurity.com<br />
Units 1&2 Cliffe Industrial Estate<br />
Lewes, East Sussex, BN8 6JL<br />
tel: 01273 475500
The Built Environment: Can It Really<br />
Be Designed to Reduce Acts of Crime?<br />
Criminologists,<br />
sociologists,<br />
psychologists and<br />
many others will<br />
doubtless continue to<br />
develop our<br />
understanding of<br />
crime and its myriad<br />
effects on society. One<br />
aspect for keen<br />
consideration is<br />
whether or not it’s<br />
actually possible to<br />
reduce crime simply<br />
through the improved<br />
planning and design<br />
of our built<br />
environment. Here, Jon<br />
Roadnight and Tony<br />
Townsend look for<br />
some answers<br />
Jon Roadnight:<br />
Director at CornerStone GRG<br />
22<br />
www.risk-uk.com<br />
Most cultures function within a set of rules<br />
developed to manage and effect the<br />
behaviour of society. Where behaviour is<br />
deemed unacceptable or anti-social, these<br />
rules are often communicated as ‘laws’ and the<br />
concept of ‘crime’ is necessarily introduced.<br />
Historically, the desire to prevent crime<br />
tended to focus upon the pressure that could<br />
be exerted by local communities on those who<br />
might behave in a way that would be<br />
detrimental to either a member of a given<br />
community or the community as a whole.<br />
Punishment has also been used as a method of<br />
dissuading would-be offenders that their<br />
planned criminal activity isn’t worth the<br />
consequences should they be caught.<br />
When we consider crime reduction in the<br />
built environment, the latter refers to our manmade<br />
surroundings including buildings,<br />
transport systems, parks and open spaces<br />
where society resides and goes about its daily<br />
life. It’s the new office block, as well as the outof-town<br />
shopping centre, the airport, the High<br />
Street or a stretch of green space.<br />
The built environment is important. Studies<br />
conducted over many years have determined<br />
that it can influence how human occupants<br />
behave. This is vital because that infers a<br />
potentially negative impact as well as the<br />
possible beneficial effects.<br />
In the 1950s and 1960s there was a growing<br />
appreciation that good architectural design and<br />
town planning could create better places in<br />
which to live and work. In 1971, criminologist Dr<br />
C Ray Jeffery published his book ‘Crime<br />
Prevention Through Environmental Design’. A<br />
year later, architect Oscar Newman introduced<br />
his own volume entitled ‘Defensible Space:<br />
Crime Prevention Through Urban Design’.<br />
Newman subsequently refined his defensible<br />
space approach with further multi-disciplinary<br />
aspects and named the concept ‘Crime<br />
Prevention Through Environmental Design’, the<br />
term which he credited Jeffery for initiating.<br />
Crime Prevention Through Environmental<br />
Design (CPTED) continued to evolve through<br />
the 1980s with criminologist Tim Crowe –<br />
among others – developing Newman’s original<br />
concepts. By 2004, CPTED was commonly<br />
understood to refer to the Newman/Crowe<br />
model. Although CPTED emerged from the<br />
States, recognition is due that it has actively<br />
influenced many other crime prevention models<br />
throughout the world.<br />
In the UK, the police service introduced<br />
Secured by Design in 1989. This is the title for a<br />
group of projects centred on the design and<br />
security of dwellings, commercial premises and<br />
car parks. It supports the principle of ‘designing<br />
out crime’ with a focus on physical security and<br />
processes to deliver crime reduction.<br />
What is CPTED?<br />
In essence, CPTED is a proactive crime<br />
prevention methodology that seeks to influence<br />
the decisions of a potential offender prior to<br />
them perpetrating a criminal act with the<br />
intention of reducing levels of crime to the<br />
benefit of the local community and society as a<br />
whole. It focuses on tactical design and the<br />
effective use of the built environment to reduce<br />
both crime and, indeed, the fear of crime.<br />
CPTED draws on a common sense approach<br />
and helps in developing a heightened sense of<br />
awareness of how the built environment might<br />
be used to enhance the community, as well as<br />
how it may be used for nefarious purposes.<br />
Having assessed a broad range of factors,<br />
better architectural and planning decisions can<br />
then be made that positively influence how a<br />
space is used.<br />
Modern CPTED incorporates five key<br />
elements: natural access control, natural<br />
surveillance, territorial reinforcement,<br />
maintenance and image improvement and<br />
activity support. Let’s look at each in turn.<br />
Natural access control limits the opportunity<br />
for crime by taking steps to clearly differentiate<br />
between public and private space. With the<br />
strategic locating of points of entry and egress,<br />
the use of security fencing, lighting design and<br />
landscaping, it’s possible to control the flow of<br />
pedestrian and vehicular movement, thereby<br />
naturally controlling access.<br />
It’s essential to understand the potential<br />
users of a space, as this will enable the<br />
designer to identify areas of conflict. An area<br />
where the elderly or infirm are expected to<br />
navigate past a busy office entrance with a<br />
large open area outside that might be attractive<br />
to skateboarders is bound to experience some<br />
level of user conflict. By introducing suitable<br />
landscaping that breaks up the open space,<br />
adding vegetation or installing structures and
Security Design in the Built Environment<br />
artefacts, users can be directed, creating<br />
segregated paths with appropriate signage and<br />
lighting to make the area less attractive to the<br />
skateboarders, while offering other users a<br />
more defined route to gain entry and exit.<br />
By subtly channelling pedestrians, it’s<br />
possible to make behaviour more predictable.<br />
This predictability can inform design decisions<br />
from the outset, often reducing the need for<br />
additional physical security measures to be<br />
applied. The end result is a more natural<br />
aesthetic and lower cost of delivery.<br />
Natural surveillance<br />
Natural surveillance raises the perceived risk of<br />
attempting criminal or anti-social behaviour by<br />
improving visibility of potential offenders for<br />
the general public. Natural surveillance occurs<br />
by ensuring that activities and people are not<br />
obstructed in such a way that visibility of the<br />
space and its users are maximised. This sense<br />
of openness adds to a potential offender’s<br />
feeling of increased scrutiny. The perceived<br />
increase in risk can be extended by an apparent<br />
lack of viable and covert escape routes.<br />
Lighting can play a significant role in<br />
achieving natural surveillance. Effective, welldesigned<br />
lighting schemes can provide choices<br />
for the people using the space during the hours<br />
of darkness and will again act to deter – or at<br />
the very least displace – potential offenders.<br />
Natural surveillance objectives can be<br />
boosted with the use of overt CCTV. The choice<br />
of camera type and location of devices can play<br />
a critical role in its effectiveness. When used<br />
appropriately, CCTV becomes a useful<br />
enhancement to natural surveillance.<br />
Territorial reinforcement assists in controlling<br />
how a space is used by increasing the definition<br />
of that space. An environment with a clearly<br />
delineated private space can be used to<br />
generate stakeholders. Stakeholders have an<br />
increased sense of ‘investment’, even if that’s<br />
only at an emotional level, and are then more<br />
likely to challenge intruders.<br />
The sense of ‘owned’ space creates an<br />
environment wherein ‘strangers’ stand out and<br />
are more easily identified. By using many of the<br />
measures relevant to natural access control and<br />
surveillance to express a stakeholding and<br />
delineate public, semi-public and private space,<br />
natural territorial reinforcement occurs.<br />
Sense of value and pride<br />
Many studies from around the world have<br />
identified the need to maintain an environment<br />
that encourages a sense of value and pride. The<br />
‘Broken Window Theory’ indicates that a<br />
building left with a broken window, even for<br />
only a short period of time, encourages vandals<br />
to break other windows.<br />
Before long, every window in the building has<br />
been broken and that building becomes derelict<br />
and attracts further anti-social and criminal<br />
behaviour. If left unchecked, the surrounding<br />
neighbourhood could well be sucked into a<br />
spiral of decay that requires significant<br />
investment and activity to arrest.<br />
By maintaining the appearance that there’s a<br />
good level of ‘stakeholder’ engagement, which<br />
can be achieved by ensuring that low level<br />
maintenance tasks are addressed, anti-social<br />
behaviour and crime fails to take hold and the<br />
community as a whole will benefit.<br />
Activity support is achieved by ensuring that<br />
the use of a space is defined such that, should<br />
a different activity take place via the use of<br />
natural surveillance, the risk of detection – and<br />
particularly so if that activity is anti-social or<br />
criminal – increases. By fitting signs in an area,<br />
local residents become more aware of what’s<br />
happening in this space. Should other activities<br />
take place, it’s more likely to register in the<br />
minds of the local community and, if the<br />
individuals within are invested as stakeholders,<br />
they’re more likely to take action to stop it.<br />
CPTED will be most effective as part of an<br />
holistic security strategy wherein engagement<br />
begins at the earliest possible stage. For those<br />
familiar with the RIBA work stages, this<br />
certainly means no later than Stage 1, although<br />
engagement will likely last through to Stage 4.<br />
Tony Townsend: Senior<br />
Technical Consultant and<br />
CPTED Certified Practitioner<br />
at CornerStone GRG<br />
“Modern CPTED incorporates five key elements: natural<br />
access control, natural surveillance, territorial reinforcement,<br />
maintenance and image improvement and activity support”<br />
23<br />
www.risk-uk.com
‘Learning The Business’: ESRM for<br />
Practising Security Professionals<br />
Last November, ASIS<br />
International – the<br />
largest global<br />
organisation for<br />
security management<br />
professionals with 242<br />
chapters and 35,000<br />
members worldwide –<br />
pinpointed Enterprise<br />
Security Risk<br />
Management as a<br />
global strategic<br />
priority for the<br />
organisation. Godfried<br />
Hendriks examines the<br />
philosophy and the<br />
management system<br />
underpinning this<br />
train of thought<br />
24<br />
www.risk-uk.com<br />
ASIS International’s involvement in<br />
Enterprise Security Risk Management<br />
(ESRM) can be traced back to 2005 with<br />
the creation of the Alliance for Enterprise<br />
Security Risk Management (AESRM) in tandem<br />
with the Information Systems Audit and Control<br />
Association (ISACA) and the Information<br />
Systems Security Association (ISSA).<br />
The AESRM was specifically designed to<br />
bring both Board and executive level attention<br />
to critical security-related issues and the need<br />
for a comprehensive approach to protect the<br />
enterprise. Subsequently, the AESRM produced<br />
several White Papers and other helpful<br />
documents, while ASIS has since covered ESRM<br />
in scores of articles, seminar sessions,<br />
presentations and courses. That said, the topic<br />
was never treated as a strategic priority for the<br />
organisation until last November.<br />
Both a philosophy and a management<br />
system, ESRM uses globally established risk<br />
management principles to help security<br />
professionals manage the varied security risks<br />
facing their organisations. By making ESRM a<br />
strategic objective, ASIS International is<br />
looking to shift the profession from a siloed<br />
approach for security management towards a<br />
more collaborative process.<br />
David Davis CPP, the president of ASIS in<br />
2016 and this year’s chairman of the Board, has<br />
stated: “Today’s threats are increasingly more<br />
sophisticated, targeting organisations in myriad<br />
ways. Also, the rapidly evolving business and<br />
compliance landscape requires a somewhat<br />
more holistic and strategic approach towards<br />
managing organisational risk. As the only<br />
global professional association representing<br />
the spectrum of security, ASIS International is<br />
uniquely positioned to lead this effort.”<br />
ESRM covers not only traditional security<br />
issues such as loss prevention and terrorism,<br />
but also a broad array of topics (among them<br />
brand protection, business continuity, corporate<br />
espionage, cyber security, information security,<br />
resilience and white collar crime). It requires<br />
practitioners to continuously assess the full<br />
scope of security risks posed to their<br />
organisation, as well as within the enterprise’s<br />
complete portfolio of assets. The end goal is to<br />
effectively and efficiently manage the<br />
protection of an organisation’s enterprise-wide<br />
assets, thereby enabling the business to<br />
advance its mission with strong purpose.<br />
Another principle of ESRM is the focus on the<br />
business, its goals and objectives and the<br />
relationships security professionals must<br />
establish to successfully integrate ESRM within<br />
their organisations. Working through the<br />
phases of an ESRM programme requires greater<br />
collaboration across an organisation. The<br />
process also relies on the security professional<br />
‘learning their business’ and understanding the<br />
many different types of assets an organisation<br />
has within its span of control.<br />
By embracing an ESRM mindset, security and<br />
risk managers will become more effective<br />
professionals and, indeed, more valuable<br />
members of their host organisations.<br />
ESRM Commission<br />
To lead the initiative, the Board of Directors at<br />
ASIS International established a two-year<br />
ESRM Commission headed by Dave Tyson CPP,<br />
president of ASIS International in 2015 and<br />
founder of CISO Insights. Tyson has reiterated<br />
that, while ASIS has been involved in ESRM for<br />
several years, it has never committed to driving<br />
the approach in this manner or emphasising its<br />
vital importance to the work ASIS’ myriad<br />
members transact on a daily basis.<br />
Tyson explained: “The ESRM Commission will<br />
develop a framework to integrate ESRM into all<br />
ASIS education, White Papers, research and<br />
other professional offerings. We believe the end<br />
result will be a more empowered membership,
Enterprise Security Risk Management<br />
safer enterprises, a more strategic approach<br />
towards risk and a far more cost-effective<br />
security function.”<br />
Serving alongside Tyson on the Commission<br />
are Brian Allen CPP, Raymond O’Hara CPP<br />
(executive vice-president at AS Solutions),<br />
John Turey CPP (senior director at TE<br />
Connectivity), John Petruzzi Junior CPP (vicepresident<br />
of integrated security solutions at<br />
G4S in North America) and Volker Wagner<br />
(senior vice-president for Deutsche Telekom).<br />
The Commission quickly received substantial<br />
input and feedback and is already laying out its<br />
strategy. One of its first steps was to create a<br />
dedicated committee focused on research. This<br />
team has begun work on a maturity model<br />
which will help security professionals evaluate<br />
their programmes on the ESRM spectrum.<br />
The maturity model adapts the Capability<br />
Maturity Model Integration process, identifying<br />
five levels of ESRM maturity within a given<br />
organisation. Security professionals will be able<br />
to ask a series of questions regarding ESRM<br />
principles and practices and then rate their<br />
responses. These ratings are key when it comes<br />
to documenting the present state of ESRM<br />
within an organisation, and offer insight into<br />
activities that security professionals can<br />
observe in a bid to improve the state of ESRM.<br />
The Research Committee is working to<br />
develop the first set of ESRM tools before ASIS<br />
International’s Annual Seminar and Exhibits,<br />
which takes place between 25-28 September in<br />
Dallas. The timeline is what might be termed<br />
‘aggressive’, but the Commission believes<br />
developing this type of material for the annual<br />
seminar is vitally important for members.<br />
The working team progressing this material<br />
includes Rachelle Loyear and Tim McCreight<br />
CPP (director of strategic alliances at Above<br />
Security – A Hitachi Group Company), who’s a<br />
member of ASIS International’s Board of<br />
Directors. The small working team will be<br />
augmented by additional members as the<br />
workload increases with time.<br />
Strategic mindset<br />
Future projects will focus on creating material<br />
that security professionals can use in their<br />
organisations to develop a more strategic<br />
mindset for identifying and assessing risks<br />
right across the enterprise. This material will<br />
link to the education and awareness activities<br />
already underway.<br />
ASIS International has begun infusing ESRM<br />
into its programmes. Back in March, ASIS held<br />
‘ASIS Europe 2017 – From Risk to Resilience’ in<br />
Milan. ‘Securing Today’s Connected Enterprise’<br />
was the event’s theme and the two-day<br />
“Working through the phases of an Enterprise Security Risk<br />
Management programme requires greater collaboration<br />
across an organisation. The process also relies on the<br />
security professional ‘learning their business’”<br />
programme brought together CSOs, CISOs and<br />
their team members to assess and address<br />
complex cyber-physical risks. No less than 700<br />
registrants from 48 countries made for an<br />
impressive crowd of both established and<br />
aspiring security leaders with many global<br />
enterprises represented.<br />
Axel Petri (senior vice-president of group<br />
security governance at Deutsche Telekom), who<br />
gave a detailed presentation at ASIS Europe<br />
2017, noted: “With the boundaries between the<br />
physical and the virtual worlds now rapidly<br />
disappearing, how threats are labelled is no<br />
longer relevant (if it was relevant at all). You<br />
just need to know how to stop them.”<br />
Discussions on cyber-physical risks drew<br />
attention to the need for ESRM’s holistic<br />
approach. As Eduard Emde CPP (who has been<br />
named conference chairman for ASIS Europe<br />
2018, which runs in The Hague from 18-20 April)<br />
duly reflected in the closing session: “We find<br />
ourselves faced with questions of ownership,<br />
responsibility and liability. While much debate<br />
has centred on technology risk, we’ve also been<br />
reminded that we cannot forget much more<br />
familiar foes. We were reminded how much risk<br />
stems from the human factor, whether through<br />
ignorance or by malicious intent.”<br />
Additional ESRM-related work by ASIS<br />
International includes offering nearly half a<br />
dozen ESRM sessions as part of the education<br />
line-up at the aforementioned ASIS<br />
International 63rd Annual Seminar and Exhibits.<br />
The first session, entitled ‘IT Security for<br />
Physical Security Professionals in Plain<br />
English’, will be delivered by members of the<br />
ESRM Commission as a pre-seminar session.<br />
It’s designed to enable non-IT security<br />
professionals to understand the challenges and<br />
language of IT security and then be able to go<br />
back to their organisations with the confidence<br />
needed to understand information security<br />
issues and threats and apply their learning.<br />
There have also been multiple articles in the<br />
ASIS journal Security Management, including<br />
the December 2016 front cover story ‘Metrics<br />
and the Maturity Mindset’, in addition to<br />
several well-attended webinars to help explain<br />
the concepts and lay the foundations for the<br />
work to come. Aside from this, the White Paper<br />
‘ESRM: An Holistic Approach to Security’ is the<br />
very heart of the Society’s ESRM initiative.<br />
Godfried Hendriks BSc MBA<br />
CPP RSE: Global Management<br />
and Security Consultant and a<br />
Member of ASIS<br />
International’s Global Board of<br />
Directors<br />
25<br />
www.risk-uk.com
The New Camera Line Mx6 Creates More Possibilities.<br />
More Images, in All Light Conditions, in Every Standard<br />
More Intelligence Is on the Way<br />
The new Mx6 6MP camera system from MOBOTIX offers increased performance.<br />
A frame rate that is up to twice as fast than that of other cameras allows it to capture<br />
quick movements even better and simultaneously deliver sharp images in MxPEG,<br />
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6<br />
camera line is faster, more flexible and higher-performing, opening up new application<br />
and integration opportunities for to you to meet all requirements.<br />
MOBOTIX AG • Langmeil, Germany • www.mobotix.com
Security Regimes for Corporate Data and Investigations<br />
As a ‘scene-setter’ for any discourse on<br />
criminal forensics, there’s arguably none<br />
better than the following quote taken from<br />
the Institute of Criminology at the University of<br />
Cambridge: “Legal academics and Judges have<br />
expressed that the undefined version of beyond<br />
reasonable doubt (‘the defendant is presumed<br />
innocent unless the prosecution has proved<br />
guilt beyond a reasonable doubt’) is difficult for<br />
jurors to understand. As a result, several<br />
jurisdictions in the Anglo-American legal<br />
system have proposed other wordings with a<br />
view to aiding jurors’ understanding. In England<br />
and Wales, for instance, the Legal Studies<br />
Board advocates the wording: ‘The defendant is<br />
presumed innocent unless the prosecution has<br />
proven guilt beyond a reasonable doubt. Proof<br />
beyond reasonable doubt is proof that makes<br />
you sure of the defendant’s guilt’.”<br />
Those working in the law enforcement world<br />
often find themselves faced with the<br />
impossible. A crime has been committed and<br />
there are no obvious clues as to whom the<br />
culprit might be. All of the initial indicators –<br />
recorded CCTV footage and statements from<br />
witnesses, for example – are either not<br />
available or result in little progress being made,<br />
while the offender has disappeared without a<br />
trace. Or so it would seem.<br />
This is where the forensics team steps in,<br />
using the latest technology to scrutinise every<br />
aspect of the crime scene for the tiniest pieces<br />
of information that could, after some analysis,<br />
yield a vital clue. An object that’s out of place, a<br />
tiny thread of material or the smallest mark can<br />
all be easily overlooked. However, these<br />
fragments are often the most important parts of<br />
any crime scene: minute pieces of a jigsaw<br />
puzzle that, when complete, could signpost the<br />
investigators straight to the solution.<br />
All of this may seem obvious – after all, most<br />
of us have seen CSI on the TV – but what’s less<br />
obvious is that this principle has a wider<br />
application in the world of business.<br />
For the average large or multinational<br />
company, day-to-day operations are a complex<br />
web of moving parts taking place over a great<br />
many countries or even continents. Each<br />
organisation’s chief risk officer (or their<br />
equivalent) needs a supreme oversight as to<br />
the strategic and reputational health of every<br />
aspect of operations. When things do go wrong,<br />
they need to be able to pinpoint, understand<br />
and mitigate the threat on a swift footing.<br />
The problem for most businesses is that the<br />
threat is highly unlikely to emerge from one<br />
visibly obvious place. After all, how many times<br />
do members of the police service find a neatly<br />
sealed envelope containing a full letter of<br />
CSI for Boardrooms<br />
Thanks to the ongoing development of forensic technology,<br />
the rapid identification, analysis and presentation of key<br />
evidence in criminal cases has enabled what might be termed<br />
a step change in the efficiency of investigation teams, be<br />
they resident in Government, the police service or the<br />
corporate sphere. Here, Jeremy Stimson evaluates the role<br />
and importance of digital forensics<br />
confession at the scene of a crime? Instead,<br />
business risk is far more likely to manifest itself<br />
as a multitude of emergent issues and<br />
whispered signals emanating from both inside<br />
and outside of the company: clues that are<br />
largely imperceptible to the untrained ear or<br />
eye, but potentially devastating to a business.<br />
It’s important for chief risk officers to channel<br />
their ‘inner Sherlock Holmes’ in a bold bid to<br />
uncover these often covert early warning signs.<br />
Painting by numbers<br />
The key to gaining a true and complete picture<br />
of an organisation’s risk profile lies in the vast<br />
quantities of data produced every minute and<br />
every hour, not only by the business itself, but<br />
also more broadly by society in general.<br />
The explosion in online media outlets and<br />
social media channels over these last few years<br />
means that businesses are now contending<br />
with an expansive digital operating<br />
environment that they need to understand,<br />
quantify and analyse.<br />
There are a plethora of signs available within<br />
this data that can be interrogated to help<br />
detect the most prominent and also subtle risks<br />
Jeremy Stimson: Chief<br />
Technology Officer at Polecat<br />
27<br />
www.risk-uk.com
Security Regimes for Corporate Data and Investigations<br />
faced by a business, ranging from factors such<br />
as social media conversations about a newlylaunched<br />
product through to office morale, or<br />
even slight abnormalities seen to be occurring<br />
in the pattern of financial transactions.<br />
Due to their ability to be overlooked, these<br />
smaller ‘hints’ hidden away in unstructured<br />
data can often be missed as signs of pending<br />
danger. Indeed, many of the most substantial<br />
threats and reputational risks to business do<br />
not strike overnight. Rather, they’re the<br />
consequence of a range of decisions and<br />
behaviours – both internal and external to the<br />
company – that escalate over time.<br />
The ability to interrogate apparently smaller<br />
risks as signals of a mounting and potentially<br />
systemic problem is essential when it comes to<br />
enabling the early intervention and mitigation<br />
of operational and reputational damage.<br />
The risk fingerprint<br />
Truly understanding a business’ risk profile in<br />
minute detail extends far beyond just<br />
recognising unhealthy signs in its operational<br />
structure. Indeed, one of the many benefits of<br />
Big Data analysis is that it enables risk officers<br />
to interrogate data sets in real-time – and, if<br />
necessary, multiple times – every day.<br />
Analysing this data using specialist<br />
algorithms can serve to map a company’s<br />
individual risk fingerprint and highlight<br />
potential threats. The end results can also help<br />
in working against institutionalised bias and<br />
any potential corporate unwillingness to<br />
recognise evidence of problems by providing<br />
hard objective data and measures of divergence<br />
from the parameters of a healthy risk profile.<br />
Once a business is aware of its own<br />
fingerprint, it can also benchmark this against<br />
other companies exhibiting a similar risk DNA.<br />
If such benchmarking shows that an individual<br />
company is more exposed than its peers, such<br />
evidence can then help inform and prompt the<br />
C-Suite to take swift action.<br />
Despite their importance, continually<br />
monitoring for these small shreds of<br />
information is a colossal job – especially so<br />
when the process is being conducted across an<br />
international organisation – and one that<br />
usually falls within the remit of the risk,<br />
reputation or compliance officer. This is where<br />
developments in risk and reputation profiling<br />
technology become extremely useful in refining<br />
“Businesses can use technology to understand and calibrate<br />
what a healthy landscape looks like in order to identify<br />
divergences and provide alerts relating to pending risks”<br />
our ability to identify potential and emerging<br />
risks at scale – across geographies, languages<br />
and cultures and in real-time.<br />
Businesses can use technology to<br />
understand and calibrate what a healthy<br />
landscape looks like in order to identify<br />
divergences and, in turn, provide alerts relating<br />
to pending risks and areas of ill-health. In doing<br />
so, such anomalies and discrepancies may be<br />
immediately identified and investigated.<br />
Huge leaps forward in the sophistication of<br />
Artificial Intelligence mean that businesses can<br />
now automatically scan oceans of data and<br />
derive intelligent insights that might have<br />
traditionally taken a team of consultants days<br />
or far longer to do so. In this sense, chief risk<br />
and compliance officers can now hand much of<br />
their detective work over to technology, which<br />
will effortlessly map trends, inter-relationships<br />
and patterns in the data as well as building<br />
models designed to quantify and calibrate<br />
corporate risk and reputation exposure.<br />
Deep learning technology<br />
The advancement of deep learning technology<br />
enables these models to be constantly refined<br />
by ‘learning algorithms’, allowing the digital<br />
detective to become sharper and more precise<br />
every hour. Importantly, leveraging technology<br />
in this way also allows the business to quickly<br />
and easily compare its profile and exposure<br />
against its peers, different sectors,<br />
stakeholders, topics, geographies and time.<br />
This is essentially what’s taking place when a<br />
business builds an image of what ‘healthy’<br />
looks like for that organisation. The technology<br />
creates a picture of what the landscape should<br />
look like and, in those instances where reality<br />
fails to correspond with the ideal state, it<br />
provides an automated ‘trip wire’ that alerts the<br />
chief risk officer, enabling them to draw<br />
attention to the issue and take action with a<br />
view towards mitigating the threat.<br />
Forensics experts refuse to leave any stone<br />
unturned when assessing a crime scene, and it<br />
must be said that it’s largely thanks to their<br />
diligence and ability to see the bigger picture<br />
that some of the most complex cases in history<br />
have been solved.<br />
By applying the same rigour and<br />
attentiveness to the corporate data of their own<br />
organisation, as well as broader data produced<br />
by news outlets and social media, all chief risk,<br />
reputation and compliance officers can become<br />
the designated ‘forensics expert’ within their<br />
own organisations, threading together the<br />
patterns and clues that will actively expose<br />
hidden threats and help in preventing any<br />
incident – or indeed crime – before it happens.<br />
28<br />
www.risk-uk.com
“<br />
MY PASSION IS<br />
MAKING SURE EVERY<br />
PRODUCT MEETS OUR<br />
HIGH STANDARDS<br />
”<br />
Keith Gay, Production Manager, 32 years with Jacksons<br />
OUR PASSION<br />
IS YOUR SECURITY<br />
With the design, manufacturing and<br />
logistics expertise to deliver some<br />
of the largest and most complex<br />
perimeter security projects in the<br />
UK and Europe, our team is ready to<br />
support your project, large or small.<br />
www.jacksons-fencing.co.uk
June 2017<br />
www.risk-uk.com<br />
Security and Fire Management<br />
Showtime at ExCeL London<br />
IFSEC and FIREX International 2017 in the Spotlight<br />
Security and Fire Safety Solutions Guide for End Users<br />
Wireless Security Systems in Commercial Premises<br />
Counter-Terrorism: A Guide to Impact Testing<br />
Broadcasting Lockdown Messages: Best Practice
IFSEC and FIREX International 2017: Solutions Guide<br />
Going Wireless in Commercial Premises<br />
Wireless technology is<br />
an essential part of<br />
most modern<br />
solutions and, as a<br />
result, end users are<br />
not simply requesting<br />
it, but rather expect it<br />
from any high-tech<br />
system. Given<br />
advances in the<br />
quality and<br />
performance of<br />
wireless security<br />
systems, the demons<br />
of the past do appear<br />
to have been well and<br />
truly laid to rest, but is<br />
that really the case?<br />
Texecom addresses<br />
this issue<br />
In the electronic security sector, wireless<br />
devices have become commonplace and with<br />
good reason. Gone are the days of<br />
frustratingly intermittent connections, poor<br />
product performance and questionable<br />
reliability. With advancements in modern<br />
wireless chipset technology, electronic security<br />
manufacturers have all the tools needed to<br />
deliver robust and stable wireless solutions.<br />
Battery-powered security devices offer<br />
obvious advantages over their hard-wired<br />
counterparts. With speed of installation<br />
dramatically improved, greater freedom on<br />
product positioning, avoidance of damage to<br />
property, minimum disruption to the property<br />
owner, reduction of copper wiring and further<br />
advantages when upgrading or refurbishing, it’s<br />
clear to see why wireless is one of the security<br />
industry’s fastest-growing market segments.<br />
Despite being more expensive than wired<br />
equipment, wireless systems were initially<br />
developed for residential applications where<br />
the performance requirements were less<br />
demanding. The same cannot be said for<br />
commercial applications, such as factories,<br />
schools, offices and retail spaces. Here, the<br />
expectation of performance placed on<br />
electronic security equipment is far greater<br />
than in residential installations. The<br />
environments are harsher, the number of<br />
devices and the size of area requiring<br />
protection is greater and the risk – and<br />
potential cost – of a security incident is<br />
significantly higher.<br />
Here, even the latest standard wireless<br />
devices can suffer from adverse performance<br />
issues. For instance, commercial premises can<br />
be large in size and constructed from materials<br />
whereby radio signals are substantially<br />
reduced. These factors limit the available<br />
coverage from a standard wireless solution.<br />
Also, with only one wireless signalling path<br />
available, typical wireless devices are<br />
susceptible to being ‘cut-off’ if there are<br />
changes to the building infrastructure. Even<br />
something as simple as the addition of a metal<br />
filing cabinet could cause signalling disruption.<br />
In order to professionally verify the<br />
positioning and reliability of wireless<br />
communications, it’s Best Practice to perform a<br />
site survey. This usually requires the site to be<br />
evaluated by diagnostic equipment in order to<br />
determine the suitability for wireless devices –<br />
defeating the intent of wireless being quicker<br />
and simpler to install.<br />
Next generation systems<br />
For reliable wireless systems in commercial<br />
applications, a combination of intelligent<br />
system design and specification of higher-grade<br />
products is required. With careful selection and<br />
consideration, wireless systems are providing<br />
key benefits even in harsher environments.<br />
Hybrid systems: Combining quality wire-free<br />
equipment with established hard-wired<br />
products creates a ‘Best of Both Worlds’<br />
scenario. Where cabling access is difficult to<br />
deploy, or where the wireless performance is<br />
less challenging, the benefits of wire-free<br />
technology can be used. Where the wireless<br />
performance is too demanding, or the particular<br />
device requirements are not available in<br />
wireless form, hard-wired products are<br />
specified instead.<br />
Powered repeaters: To overcome the range<br />
limitations of point-to-point wireless<br />
communications, many manufacturers offer<br />
systems that employ powered repeaters. As<br />
their name suggests, powered repeaters are<br />
powered devices that receive wireless<br />
communications from wireless devices and<br />
repeat the information to the control panel,<br />
usually across a wired network. By using<br />
multiple powered repeaters the wireless<br />
coverage is increased, as well as the overall<br />
number of wireless devices.<br />
Mesh network technology: Mesh network<br />
technology is where each individual batterypowered<br />
wireless device is capable of acting as<br />
a repeater, receiving and repeating wireless<br />
transmissions from other devices. In this<br />
scenario, the size, scalability and range of the<br />
entire wireless security system are all extended<br />
as wireless signalling is no longer restricted by<br />
point-to-point communications.<br />
By having every single device in a system<br />
capable of re-transmitting wireless<br />
communications, there are significant<br />
improvements to be derived in reliability, even<br />
when compared to using powered repeaters.<br />
Additional detail around the key issues that need to be considered when it comes to the next<br />
generation of wireless security solutions may be accessed at IFSEC International 2017. Make sure<br />
you visit Texecom on Stand G1200<br />
32<br />
www.risk-uk.com
Simple & Easy Installation<br />
Integrated Security - Access Control<br />
Inception is an integrated access<br />
control and security alarm system with<br />
a design edge that sets it apart from the pack.<br />
Featuring built in web based software, the Inception<br />
system is simple to access using a web browser on a<br />
Computer, Tablet or Smartphone.<br />
With a step by step commissioning guide and outstanding user interface,<br />
Inception is easy to install and very easy to operate.<br />
For more information, visit www.innerrange.com/inception.<br />
There you will find installation guides and videos to help you<br />
get the most out of your Inception system.<br />
IN<br />
DESIGNED<br />
A U ST R A<br />
R<br />
LIA<br />
Security<br />
Alarm<br />
Access<br />
Control<br />
Automation<br />
No Software<br />
Required<br />
Multiple<br />
Devices<br />
Easy Setup<br />
with Checklist<br />
Prompting<br />
Send IP Alarms via<br />
the Multipath-IP<br />
Network<br />
Visit www.innerrange.com or call 0845 470 5000 for further information
IFSEC and FIREX International 2017: Solutions Guide<br />
In the UK, and indeed<br />
the rest of the world,<br />
the threat posed by<br />
terrorism is constantly<br />
changing in nature,<br />
meaning that the<br />
operators of<br />
vulnerable sites need<br />
to be continually<br />
assessing the risk.<br />
One method of<br />
terrorist activity is<br />
vehicle borne attacks<br />
through suicide<br />
missions or ramraiding.<br />
As Frontier<br />
Pitts explains, site<br />
managers need to<br />
protect their assets –<br />
including both<br />
buildings and people –<br />
from such attacks<br />
Guide to Impact Testing<br />
When they attack, terrorists will use the<br />
element of surprise to achieve maximum<br />
casualties. As we’ve seen with the<br />
recent incidents in Manchester and London,<br />
crowded places (such as major events,<br />
shopping centres, commercial hubs, hotels and<br />
restaurants, pubs and clubs and visitor<br />
attractions) are particularly vulnerable.<br />
A vehicle borne improvised explosive device<br />
(VBIED) is an explosive device placed in a<br />
vehicle such as a goods van, a truck or a car<br />
and then detonated at a target location.<br />
Commonly used as a ‘weapon of terrorism’,<br />
they normally kill the occupants of the vehicle<br />
(ie suicide bombers) and those near the blast<br />
site, while also damaging buildings. Vehicle<br />
bombs act as their own delivery mechanism<br />
and can carry a relatively large amount of<br />
explosives without attracting suspicion.<br />
If your site is deemed to be at risk, the Centre<br />
for the Protection of National Infrastructure<br />
(CPNI) can offer further advice and access to<br />
the Catalogue of Impact-Tested Vehicle Security<br />
Barriers (CITVSB). The CITVSB contains<br />
information on all of the IWA14 and British<br />
Standards Institution (BSI) PAS 68 impacttested<br />
products that the CPNI has evaluated.<br />
In addition, each police force across the UK<br />
has a number of Counter-Terrorism Security<br />
Advisors (CTSAs) employed and deployed by<br />
the National Counter-Terrorism Security Office.<br />
Working alongside the CPNI, the CTSAs can visit<br />
sites and offer non-biased advice. A Scoping<br />
Document will provide the client with all of the<br />
relevant questions to ascertain their site’s<br />
security needs and operational requirements.<br />
Once completed, this Scoping Document can be<br />
issued to vehicle security barrier manufacturers<br />
to obtain comparable quotations.<br />
Layered security<br />
One solution is a layered security approach<br />
(also known as an ‘onion’ approach). This<br />
provides the facility with layers of security and<br />
protection around an asset which will detect,<br />
deter, delay and deny any attack.<br />
Another option is ‘Interlock Security’. An<br />
‘Interlock’ system – or ‘Sally Port’ and ‘Tiger<br />
Trap’ as it’s also known – provides the site with<br />
a secure containment area to check incoming or<br />
outgoing vehicles. The traffic throughput for an<br />
interlock includes vehicles entering the first<br />
section control point and, once in, this set of<br />
barriers will close. If the vehicle is authorised to<br />
proceed subsequent to security checks, the<br />
second control point will then open and allow<br />
entry to site. At no point during the cycle will<br />
both sets of vehicle security barriers be in the<br />
open position. Only when the first set of<br />
barriers is fully secured in the closed position<br />
will the second set open.<br />
A third option would be LPS 1175 security.<br />
The standards for the protection of building<br />
fabrics and external perimeters are set by the<br />
Loss Prevention Certification Board (LPCB). LPS<br />
1175 covers the ‘Requirements and Testing<br />
Procedures for the LPCB Approval and Listing of<br />
Intruder-Resistant Building Components,<br />
Security Enclosures and Free-Standing<br />
Barriers’. Products tested and approved to this<br />
standard are widely recognised by Government<br />
agencies and Data Centres as being an effective<br />
means of protecting both people and assets.<br />
The BSI’s PAS 68 is the latest Publicly<br />
Available Specification for vehicle security<br />
barriers. It has become the UK’s standard and<br />
the security industry’s benchmark for Hostile<br />
Vehicle Mitigation equipment, and is the<br />
specification against which perimeter security<br />
equipment is tested as part of the ongoing<br />
research to prevent VBIED-style attacks.<br />
PAS 69 complements this specification by<br />
providing guidance on the installation of the<br />
tested product. The ratings and specifications<br />
illustrate the different levels of PAS 68.<br />
Frontier Pitts will be at IFSEC International 2017 on Stand E1700. Talk to the company’s<br />
representatives at ExCeL and discover all of the key points you need to know about building,<br />
people and asset protection<br />
34<br />
www.risk-uk.com
Award winning wireless systems<br />
Premier Elite systems offer a complete range of commercial grade, expandable, communicating control<br />
panels featuring integration compatibility with leading access control, CCTV, home automation and managed<br />
alarm-signaling providers. Each Premier Elite control panel shares the same programming platform and peripheral<br />
devices, ensuring instant product familiarity across the range.<br />
Ricochet® enabled wireless devices receive and repeat wireless transmissions from other devices. The size, scalability<br />
and range of the entire system are extended as wireless signalling is not limited by point-to-point communications.<br />
Mesh<br />
Network<br />
Superior<br />
Range<br />
Self<br />
Healing<br />
Bi-<br />
Directional<br />
Signal<br />
Encryption<br />
Commission<br />
Mode<br />
Visit us:<br />
Stand G1200
IFSEC and FIREX International 2017: Solutions Guide<br />
It’s a regrettable fact<br />
that there’s an<br />
emerging need for<br />
members of the public<br />
and building users in<br />
general to be informed<br />
swiftly and<br />
unambiguously of the<br />
need to stay put<br />
during an emergency<br />
scenario and remain<br />
where they are to<br />
ensure their safety. As<br />
Vimpex duly explains,<br />
this scenario has<br />
become known as a<br />
‘lockdown’<br />
Broadcasting Lockdown Messages<br />
This need has been highlighted during the<br />
recent terror attacks in London where staff<br />
in numerous restaurants and bars and even<br />
three major hospitals were proactive in locking<br />
their doors to deny entry by marauding<br />
terrorists. These actions are likely to have<br />
prevented injuries and the loss of life.<br />
Safety in such situations could be further<br />
improved by the broadcasting of a clearly<br />
audible and unambiguous ‘lockdown’ message<br />
via the building’s existing fire alarm system.<br />
The technology for providing such an early<br />
warning isn’t new, it must be said, with its<br />
application relying on existing and familiar fire<br />
alarm system architecture.<br />
For its part, though, the use of voiceenhanced<br />
fire alarm sounders to broadcast<br />
‘lockdown’ messages is a novel approach.<br />
Thankfully, products with a pre-recorded<br />
‘lockdown’ voice message are easily interfaced<br />
with both addressable and conventional fire<br />
alarm systems and can be configured to use<br />
existing sounder circuits to power voice<br />
sounders. This allows staff to activate<br />
‘lockdown’ and other safety messages via panic<br />
buttons or other manual means.<br />
Episodes of panic<br />
In situations of panic, pre-recorded messages<br />
are often more effective than live broadcasts. A<br />
pre-recorded message is unemotional,<br />
consistent and unambiguous, whereas in a high<br />
pressure situation non-trained staff<br />
broadcasting via a live PA microphone could<br />
work to increase panic rather than allay it.<br />
Any risk of the announcer being attacked is<br />
also removed and the message can be<br />
configured to broadcast continuously while<br />
members of staff and customers alike work to<br />
make the environment as secure as possible<br />
and seek safe refuge.<br />
Voice-enhanced sounders use existing fire<br />
alarm bell circuits, meaning that upgrading any<br />
fire system to incorporate ‘lockdown’ alarm<br />
messages is simple. Voice sounders can be prerecorded<br />
with up to seven messages so the fire<br />
system can be used not only for ‘lockdown’<br />
alarms, but also for delivering standard ‘fire<br />
alarm/evacuation’ messages, ‘all clear’<br />
announcements and ‘test messages’. Certain<br />
solutions draw similar levels of current to<br />
standard conventional electronic sounders so<br />
power supply issues shouldn’t be an issue.<br />
Another advantage of using the building’s<br />
existing sounder circuits is that audibility tests<br />
carried out during the original fire alarm survey<br />
and system commissioning process should give<br />
confidence as to the intelligibility and audibility<br />
of the voice sounders. Where voice sounders<br />
are installed in those areas frequented by<br />
overseas tourists, for example, multi-language<br />
settings may be specified.<br />
Case Study: London Underground<br />
An excellent example of where voice sounders<br />
have been an effective and efficient alternative<br />
to traditional live speech for many years now is<br />
on the London Underground where all streetlevel<br />
stations have ‘fire-cryer’ voice sounders<br />
installed to broadcast the renowned ‘Inspector<br />
Sands’ message.<br />
If it’s the case that the call to the coded<br />
message isn’t answered within a predetermined<br />
time period then the system<br />
defaults to an evacuation message. Such an<br />
approach could be adopted in bars and<br />
restaurants where, instead of defaulting to an<br />
evacuation message, a coded alert could<br />
cascade to a ‘lockdown’ message if necessary.<br />
This would mean an automatic escalation from,<br />
say, coded alert to ‘lockdown’ resulting from<br />
just one single human input to the system.<br />
Just like warning signals used in conjunction<br />
with smoke curtains, the system may be<br />
integrated to ensure that any fire doors held<br />
open with door holding devices could<br />
automatically swing closed and, ultimately,<br />
automatically lock via integration with the<br />
building’s access control system.<br />
Elaborate and complex integration<br />
Needless to say, such an elaborate and complex<br />
integration of ‘lockdown’ procedure, the fire<br />
system and the security system would need a<br />
fair degree of detailed consideration in order to<br />
ensure that high pressure and high risk<br />
environments don’t actively worsen a situation<br />
or otherwise serve to prevent security forces or<br />
other Emergency Services professionals from<br />
gaining access to the building.<br />
Vimpex is exhibiting at FIREX International 2017. Further detail on the key areas of fire detection,<br />
fire alarm and emergency evacuation solutions will be available on Stand D143<br />
36<br />
www.risk-uk.com
FRONTIER PITTS<br />
Protecting Your World<br />
www.frontierpitts.com +44 (0)1293 422800<br />
SECURITY AND<br />
HOSTILE VEHICLE MITIGATION<br />
STAND E1700<br />
GATES BARRIERS BLOCKERS BOLLARDS PEDESTRIAN
IFSEC and FIREX International 2017: Solutions Guide<br />
The news headlines<br />
are bringing us more<br />
frequent reports of<br />
terror attacks and<br />
corporate theft –<br />
occurring both on and<br />
offline – so security is<br />
never far from any of<br />
our minds. As Inner<br />
Range Europe duly<br />
observes, every<br />
organisation – no<br />
matter its size or the<br />
sector in which it’s<br />
resident – depends<br />
upon wholly robust<br />
security systems to<br />
defend itself against a<br />
more sophisticated<br />
type of intruder<br />
A New Era of Security<br />
For those sites in sectors such as defence,<br />
healthcare, education and Government, the<br />
requirement for watertight security is<br />
amplified significantly. Any hub of valuable<br />
information – such as a Data Centre – or<br />
facilities housing high-value or high-risk<br />
products has always had to consider how to<br />
mitigate the risk of theft or attack, but their<br />
protection now depends on the constant<br />
evolution of systems in alignment with the everchanging<br />
tactics of criminal groups.<br />
In 2017, security systems need to rise to the<br />
challenge and deliver smarter solutions to<br />
mitigate this growing and omnipresent threat.<br />
Systems that provide an end-to-end, fullyencrypted<br />
solution to 128 bit with Mac<br />
authentication offer organisations the ability to<br />
add an additional layer of protection. Data<br />
encryption ensures secure LAN communications<br />
at all times, while continuous monitoring<br />
detects any fault or attempted module<br />
substitution. Put simply, when security takes<br />
precedence over all other factors, the highest<br />
grade of security system isn’t optional.<br />
Not all created equal<br />
Most security systems in the UK should<br />
conform to European Standards in the BS EN<br />
50131 series, but that doesn’t make them<br />
equal. All components of the system are graded<br />
and the overall grade measured by how<br />
resilient the alarm system is to attacks by<br />
intruders and other outside influences.<br />
Lower-graded systems can be vulnerable to<br />
fairly low-tech attacks. Indeed, even Grade 3<br />
systems may be compromised using specialist<br />
knowledge that’s often shared online.<br />
Without end-to-end encryption, it’s possible<br />
that, through sophisticated attacks, criminals<br />
could compromise or overcome your security<br />
system. Having a highly encrypted and robust<br />
system in place offering features such as<br />
substitution detection will deliver an added<br />
layer of protection for the host organisation.<br />
We advise all organisations to conduct a risk<br />
assessment of their current security system to<br />
ensure it’s fit for purpose. If the chances of an<br />
attack materialising are ‘Likely’ or ‘Very Likely’<br />
and the consequences are going to be either<br />
‘Major’ or ‘Catastrophic’ (or may be<br />
‘Catastrophic’ regardless of the likelihood of an<br />
attack) then you have no option but to prioritise<br />
investment in a system that delivers end-to-end<br />
encryption to 128 bit with Mac authentication.<br />
Access control<br />
Within the public sector, an NHS Hospital Trust<br />
is a good example of a facility where an attack<br />
is ‘Likely’ or ‘Very Likely’ and the consequences<br />
would be ‘Major’ or even ‘Catastrophic’. Along<br />
with the vital importance of safeguarding<br />
patients, staff and visitors, trustees have the<br />
additional responsibility of locking down all<br />
areas housing high-value assets, confidential<br />
files and prescription drugs. If the hospital’s<br />
security system can be tampered with or<br />
compromised, people and assets could then be<br />
left vulnerable to criminal activity.<br />
Some Data Centres have taken extreme<br />
measures to deliver ultra-secure hosting for<br />
customers requiring the highest level of<br />
protection for their data. Rather than choosing<br />
city locations such as London, companies have<br />
opted to relocate, purchasing facilities like<br />
redundant nuclear bunkers located in out-oftown<br />
‘secret’ locations. They’re reinforced with<br />
blast-proof, solid steel walls. However, without<br />
an end-to-end data encryption for their security<br />
system, facilities are potentially still leaving<br />
themselves open to attack.<br />
Quite simply, there’s no other approach for<br />
buildings and facilities such as Data Centres<br />
and research labs other than to take a proactive<br />
rather than a reactive stance when it comes to<br />
their security strategy.<br />
Inner Range Europe is exhibiting at IFSEC International 2017. For all the latest detail and<br />
information on web-powered security solutions for your business visit Stand E1400<br />
38<br />
www.risk-uk.com
The most sophisticated configurable<br />
water leak detection system available<br />
<br />
Protect your assets from the greatest risk to<br />
buildings and managed systems: Water.<br />
The only way to mitigate the risk of water damage is to continuously monitor for water<br />
leaks. The risk assessment of water damage and the installation of Water Leak Detection<br />
Systems are increasingly being recommended by commercial insurers and is often a<br />
requirement for full cover.<br />
Hydrosense systems deliver a new standard in water leak detection. Unlike other<br />
systems, Hydrosense is fully customisable and configurable allowing connection to<br />
Building Management Systems (BMS) and a wealth of other vital supporting systems.<br />
Hydrosense continuously monitors for water leaks protecting a company’s building and<br />
assets year in year out.<br />
Contact Us Today!<br />
vimpex.co.uk<br />
sales@vimpex.co.uk<br />
01702 216 99
IFSEC and FIREX International 2017: Show Preview<br />
C-TEC will once again<br />
be exhibiting at FIREX<br />
International,<br />
Europe’s largest fire<br />
safety show. Centre<br />
stage on this occasion<br />
will be CAST, the<br />
company’s<br />
“revolutionary” ownprotocol<br />
fire alarm and<br />
detection system<br />
C-TEC set to showcase CAST<br />
Created to meet the demand for powerful<br />
yet cost-effective addressable fire systems,<br />
CAST panels are designed to integrate<br />
seamlessly with an extensive range of C-TECmanufactured<br />
fire detectors, sounders, Call<br />
Points and interfaces.<br />
Other innovations to look out for at ExCeL<br />
include C-TEC’s high-performance range of<br />
EN54-23 certified VADs and an advanced series<br />
of hybrid digital power supplies.<br />
Andy Green, C-TEC’s marketing manager,<br />
informed Risk UK: “FIREX is a superb platform<br />
for new innovations. We’re looking forward to<br />
exhibiting some very exciting products,<br />
particularly our CAST addressable system that’s<br />
now in operation at multiple BETA sites and<br />
very close to full release.”<br />
Distribution deal<br />
C-TEC’s sister company, SigNET, has been<br />
appointed as the exclusive UK distributor of<br />
RCF’s innovative new range of EN54-16 and<br />
EN54-24 certified digital voice alarm systems.<br />
Two solutions are available: the DXT 3000<br />
and the DXT 9000. Designed for wall mounting,<br />
the DXT 3000 is an intelligent ‘plug-and-play’<br />
voice alarm solution for small to medium-sized<br />
projects where EN54-16 compliance is required.<br />
Ideal for supermarkets, schools, offices and<br />
more, the DXT 3000 represents a practical<br />
solution for integrating music and PA with a<br />
voice-only emergency evacuation system.<br />
The DXT 9000 is a medium-to-large range of<br />
configurable EN54-16 compliant voice alarm<br />
solutions. Versatile and completely scaleable,<br />
it’s suitable for a host of applications ranging<br />
from schools and hotels through to large<br />
campuses with multiple buildings.<br />
With C-TEC’s assistance, SigNET – recognised<br />
as one of the UK’s leading manufacturers of<br />
audio life-safety equipment – will concentrate<br />
on promoting its products to companies<br />
operating within the fire and security sectors.<br />
For more information contact SigNET direct<br />
on (telephone) 0844 800 1625 or alternatively<br />
visit the website: www.signet-ac.co.uk<br />
• C-TEC is currently hosting a series of free<br />
educational CPD events across the UK. To check<br />
dates and availability visit www.c-tec.com or<br />
contact the company’s Marketing Department<br />
on (telephone) +44 (0)1942 322744
M A N UFA CTURER<br />
ADDRESSABLE VADS TO BE HAD!<br />
C-TEC’s addressable visual alarm devices & sounders are here!<br />
Introducing C-TEC’s new range of UK-manufactured addressable visual alarm devices and sounders. Fully<br />
compatible with our XFP & ZFP range of XP95/Discovery fire panels, Base, Hi-Output and Compact variants are<br />
available, all certified to the relevant parts of EN54 parts 3, 23 and 17.<br />
G140<br />
C-3-8 Base VAD<br />
c/w 96dB(A) Sounder<br />
• C-3-8 light distribution<br />
• Ideal for mounting under<br />
fire detectors in corridors, etc.<br />
• Sounder, VAD-only and Voice<br />
Sounder variants also available<br />
Hi-Output W-2.4-8.2 Wall VAD<br />
c/w 103dB(A) Sounder<br />
• W-2.4-8.2 light distribution<br />
• 14mA alarm current @24V DC<br />
• IP33C rated<br />
• VAD-only and Voice Sounder<br />
variants also available<br />
Compact C-3-8 Ceiling<br />
VAD c/w 91dB(A) Sounder<br />
• C-3-8 light distribution<br />
• 14mA alarm current @24VDC<br />
• IP21C rated<br />
• Sounder, VAD-only and Voice<br />
Sounder variants also available<br />
VAD SYSTEM<br />
DESIGN GUIDE<br />
NOW AVAILABLE<br />
CALL +44 (0)1942 322744<br />
FOR A COPY<br />
+44 (0)1942 322744 sales@c-tec.co.uk<br />
You’re safe with C-TEC<br />
www.c-tec.com<br />
0359-CPR-00446<br />
A PROUD BRITISH
Advertisement Feature<br />
Converged Security Management:<br />
Key to Mitigating Cyber Security Risks<br />
The global challenge of extracting the<br />
maximum benefit from Internet of Things<br />
(IoT) technology while also balancing<br />
security concerns in business is complex. On<br />
that basis, Axis Communications has<br />
commissioned a detailed White Paper on the<br />
subject from James Willison, the founder of<br />
Unified Security and vice-chairman of the ASIS<br />
European Convergence/Enterprise Security Risk<br />
Management Committee.<br />
The IoT revolution is, in short, the resulting<br />
combination of several related changes. These<br />
changes include a reduction in component<br />
prices, global mobile device adoption, greater<br />
levels of connectivity through telecoms<br />
infrastructure and the rise of Application<br />
Programming Interfaces (or APIs) designed to<br />
take advantage of the latest innovations.<br />
As innovation occurs in the consumer<br />
technology market with ‘smart’ devices, these<br />
new technologies are increasingly being<br />
employed within a business environment.<br />
Today, it’s evident that any unsecured<br />
physical security devices can be accessed<br />
through the Internet from any number of<br />
endpoints. Vulnerable devices are now easily<br />
searchable through the online vulnerability<br />
search engine Shodan, for example.<br />
In September last year, we encountered the<br />
first-ever co-ordinated attack using unsecured<br />
IoT technology and encompassing CCTV and<br />
Digital Video Recorder (DVR) devices.<br />
Naturally, the consumer market harbours a<br />
significantly different set of requirements and<br />
specifications when it comes to product<br />
security. As a result of a breach, the worst that<br />
can happen is the loss of an individual’s bank<br />
details or personal information. Given this<br />
relatively low level of perceived risk, to date<br />
security hasn’t been a key consideration.<br />
As IoT technology increasingly enters the<br />
business landscape, and with networked<br />
security solutions now the staple of an effective<br />
and modern security infrastructure, the<br />
technologies employed are often not ‘Secure By<br />
Design’. Should a business be hacked, the<br />
ramifications are far greater than the loss of<br />
individual sets of personal data.<br />
In truth, a business risks the loss of groups<br />
of files ranging from employee records through<br />
to financial and customer data. This could<br />
ultimately expose it to various levels of fines<br />
with particularly severe consequences under<br />
the upcoming European Union General Data<br />
Protection Regulation (GDPR), which comes<br />
into force in May 2018.<br />
Rising concerns<br />
IoT adoption is rapidly transforming the global<br />
business landscape. As organisations witness<br />
the ease of connectivity demonstrated in the<br />
consumer sphere, their first instinct is to use<br />
technology for business benefit, often without<br />
fully appreciating the risks present behind<br />
unsecured devices. As this infrastructure is<br />
integrated within commercial environments,<br />
however, the differing framework requirements<br />
between business and consumer technology<br />
become a significant challenge in terms of the<br />
areas of compliance, data security and even the<br />
overall cyber security of systems.<br />
In meeting the challenges posed by this<br />
convergence, we must first consider supply<br />
chains. This includes the importance of third<br />
party suppliers and the security of the end<br />
products they duly provide.<br />
An under-reported stakeholder within the IoT<br />
security puzzle, for example, is third party<br />
libraries. These organisations often contribute<br />
upwards of 80% or more of the total product<br />
code and, therefore, have a significant stake in<br />
ensuring that products are secured.<br />
While under the GDPR supply chains are not<br />
liable for the fines of end users, the case can<br />
indeed be made for rolling the financial<br />
obligation downhill should Best Practice be met<br />
and demonstrated. As a large number of OEMs<br />
Steve Kenny discusses<br />
the scope of a new<br />
White Paper that<br />
focuses on the global<br />
framework<br />
underpinning the rise<br />
of Internet of Things<br />
technology, why third<br />
parties must ensure<br />
‘Secure By Design’<br />
principles are met and,<br />
indeed, why the<br />
convergence of IT and<br />
Security Departments<br />
absolutely demands<br />
an holistic approach to<br />
ensure success
Advertisement Feature<br />
are seemingly not securing their devices, those<br />
challenging the status quo stand out from the<br />
majority and are leading the charge for<br />
industry-wide standards to ensure the basic<br />
security of IoT devices.<br />
Initiating convergence<br />
Technology and the physical devices sold by<br />
vendors are converging on the corporate<br />
network. While businesses are often<br />
enthusiastic to implement the latest<br />
technology, it’s not always as secure as<br />
members of the security team require it to be.<br />
It’s crucial that all new physical security<br />
systems are considered with input from the<br />
company’s cyber security team or specialist.<br />
According to the Department of Homeland<br />
Security in the States, the rapid growth in the<br />
IoT has meant that: “This interconnectedness<br />
of devices introduces cyber-physical<br />
technologies that connect cyber systems to<br />
physical systems, thereby removing the barrier<br />
between the cyber and physical worlds, but the<br />
greater connectivity also expands the potential<br />
attack surface for malicious actors.”<br />
As the cyber security threat continues to rise,<br />
both in terms of the potential damage which<br />
can arise from a breach and the number of<br />
attacks which may be propagated, a shift in<br />
business priority is being witnessed. Until<br />
recently, most risk management strategies were<br />
exclusively undertaken in siloes, with<br />
Information and IT Security Departments<br />
responsible for cyber security and physical<br />
security specialists holding overall<br />
responsibility for the physical element.<br />
In meeting the challenges posed by the<br />
integration of unsecured devices, we’re seeing<br />
an increasing convergence between IT and<br />
Security Departments, with obligations often<br />
blurring and becoming analogous. Businesses<br />
have now begun to integrate the practice of<br />
converged security management with a multidisciplinary<br />
security team identifying and<br />
responding to the cyber and physical security<br />
threats faced by the host organisation.<br />
Redefining the landscape<br />
As the security landscape changes, so too must<br />
the practices of industry professionals resident<br />
within it. Organisations now have a pressing<br />
responsibility to employ due diligence when<br />
identifying and purchasing new security<br />
technology. In point of fact, no longer is it<br />
sufficient to merely assume that security<br />
products are secure by their very nature.<br />
The IoT landscape increasingly favours<br />
unfinished, unsecure technology with a race to<br />
push products to market as soon as possible –<br />
a key reason behind the success of the Mirai<br />
botnet. In complying with regulations,<br />
achieving Best Practice and ensuring overall<br />
security, industry professionals now have the<br />
perfect opportunity to redefine the B2B<br />
procurement landscape.<br />
As businesses begin to insist on the security<br />
of products used to gain commercial<br />
advantage, the supply chain will soon follow.<br />
Integrated solutions at IFSEC 2017<br />
On the Axis Communications Stand (E1000) at<br />
IFSEC International 2017, visitors will be able to<br />
experience a world of IoT security solutions,<br />
writes marketing manager Dominic Jones.<br />
All of the latest innovations will be<br />
showcased, including a new radar detector that<br />
offers the opportunity to greatly reduce false<br />
alarms. The D2050-VE radar detector gives an<br />
exact position of a moving object and can<br />
deliver information such as the distance to an<br />
object as well as angle of movement and speed.<br />
In addition, this solution allows for visual<br />
identification together with a camera.<br />
The radar detector minimises false alarms<br />
triggered by bad weather or insects and is<br />
therefore a perfect complement to an end<br />
user’s outdoor surveillance system even during<br />
the hours of darkness.<br />
In partnership with HID, Axis<br />
Communications will be showcasing the first<br />
integrated open IP-based mobile access control<br />
solution. Visitors will also see how integrating<br />
Axis’ speaker, camera and access control<br />
solutions can offer practical and robust answers<br />
to the real world challenges faced by<br />
businesses. Of course, Axis Communications<br />
will also be demonstrating its partnership work<br />
in the sphere of cyber protection.<br />
Steve Kenny: Business<br />
Development Manager<br />
(Architecture and Engineering)<br />
at Axis Communications
Advertisement Feature<br />
Mitigating The Outsider Threat:<br />
How Data Centres Can Ensure GDPR Compliance<br />
The future of business is taking place in the<br />
cloud. Cloud products will reportedly<br />
represent 30% of Microsoft’s revenue by<br />
2018, while in Q4 2016, Amazon Web Services<br />
generated $3.53 billion in revenue (up 47%<br />
from the previous year). As the use of cloud<br />
technology increases, it follows that so too<br />
does our reliance on the infrastructure<br />
supporting this growth – Data Centres.<br />
In addition to their primary task of providing<br />
managed access to cloud services and data,<br />
Data Centres are increasingly required to<br />
protect customer data (a key aspect of which is<br />
demonstrating the security of that data and<br />
processes through compliance reporting).<br />
Data Centres invariably hold a wealth of<br />
sensitive user data (and particularly so within<br />
co-location sites) which they don’t own. As the<br />
number of cyber attacks rise, resources are<br />
increasingly reallocated to defend against the<br />
cyber threat, often leaving physical security as<br />
an afterthought. In real terms, this means that,<br />
when an engineer is called out, security and<br />
verification can often be limited to a single<br />
phone call to check their identity, resulting in<br />
significant vulnerability to outsider threats.<br />
Within Data Centres, continual uptime and<br />
data security are key – particularly in light of<br />
the upcoming EU General Data Protection<br />
Regulation (GDPR). The GDPR stipulates that a<br />
fine of 4% of annual group turnover (or €20<br />
million, whichever is the higher figure) is to be<br />
paid in the event of proven non-compliance.<br />
With the GDPR set to come into force in May<br />
next year, any outdated security practices will<br />
simply no longer suffice.<br />
Meeting GDPR requirements<br />
Currently, only 15.7% of firms in the UK and the<br />
US are in the advanced planning stages of<br />
GDPR compliance. 74% now believe that their<br />
organisations are vulnerable to insider threats,<br />
with 68% fearing breaches caused by insider<br />
negligence. It’s clear that, to attain compliance<br />
with the GDPR and reduce the impact of the<br />
‘human factor’ (often the weakest link in a<br />
security chain), physical security must be<br />
deployed in tandem with cyber measures.<br />
Ensuring the security of Data Centres<br />
requires a dedicated approach combining<br />
cyber security efforts with effective physical<br />
security and access control solutions. In<br />
meeting this challenge, any ‘smart’ physical<br />
security technology must also now be cybersecure.<br />
This requirement highlights the<br />
pressing need for Data Centre specialists to<br />
communicate with dedicated security<br />
professionals familiar with both the potential<br />
of the technology on offer and the best<br />
methods of integrating and installing it with<br />
security very much in mind.<br />
The strategies underlying a compliant<br />
approach are remarkably simple, combining<br />
common sense with existing technology. In the<br />
first instance, we can move beyond visitor<br />
management at a distance (such as phone call<br />
verification). Instead, once a stakeholder<br />
within a Data Centre judges that an engineer,<br />
for example, is required on site, they issue an<br />
‘invitation’ to their employer. This invitation is<br />
then received and actioned by said employer<br />
and can be used as an access credential –<br />
either as a printed code or one issued by the<br />
organiser for action within a mobile device.<br />
In practice, this supplies one factor of<br />
authentication before the engineer has even<br />
arrived on site, providing due proof that<br />
potential risk has been noted and assessed<br />
and that steps are in place to manage it.<br />
Once the engineer appears at the Data<br />
Centre, the code can then be presented to the<br />
perimeter access control solution – either to an<br />
IP camera or a Network Door Station.<br />
If a given Data Centre can demonstrate<br />
compliance, showcasing records of any visitor<br />
to a site and proving an audit trail, this will<br />
undoubtedly increase the attractiveness of its<br />
service offer to potential customers.<br />
John Allen examines<br />
why Data Centres, the<br />
very mainstay of ‘The<br />
Information Age’,<br />
require robust physical<br />
security<br />
considerations to<br />
ensure that EU GDPR<br />
challenges are met<br />
John Allen: Business<br />
Development Manager<br />
(Access Control) at Axis<br />
Communications
Cybersecurity?<br />
Buckle up.<br />
At Axis, we do everything we can to mitigate the risks of cyber attack. We have 100% focus on<br />
cybersecurity. We build protection right into your network camera solutions. And we work hard to make<br />
it easy for you to play your part. But we really can’t do it without you.<br />
Because cyber protection is a lot like the seatbelt in your car. It won’t keep you safe unless you use it.<br />
Learn Visit more about axis.com/about-axis/cybersecurity Axis’ quality assurance work<br />
at axis.com/quality and find out how to stay protected!
Despite the growing<br />
need for smarter<br />
security systems in a<br />
rapidly changing<br />
landscape of risk,<br />
upgrades of access<br />
control for buildings<br />
can sometimes be put<br />
on the backburner.<br />
Often, once<br />
organisations have<br />
invested in a system<br />
that works for them<br />
and meets their<br />
perceived business<br />
needs, it can be many<br />
years before an<br />
upgrade is considered.<br />
Is that the right<br />
approach to adopt?<br />
Tim Northwood<br />
investigates<br />
Moving With The Times<br />
Some organisations might ask themselves if<br />
they really need to upgrade their access<br />
control system when what they already<br />
have in place appears to do the basic tasks at<br />
hand well enough, but contemplate for a<br />
moment everything for which we now use our<br />
smart phones. This usually includes managing<br />
diaries, online banking, airport check-ins,<br />
navigating new places, tracking personal<br />
fitness and even switching on the heating.<br />
Arguably, we could function in our<br />
professional and personal lives without a smart<br />
phone. However, wouldn’t continuing to use an<br />
old model of mobile phone from the pre-smart<br />
phone era – or a ‘dumb phone’ as they’ve come<br />
to be known – seem like a step backwards (or<br />
at least leave us standing still) once we<br />
consider the time, cost and efficiency savings<br />
from which we could benefit by upgrading?<br />
We opt for smart phone upgrades because<br />
it’s the full range of mobile device functionality<br />
that allows us to live our lives with less stress<br />
and more ease (and much greater success). In<br />
essence, the new breed of integrated access<br />
control and security systems deliver time, effort<br />
and cost efficiencies in a similar way (and you<br />
can even manage some elements of newer<br />
access control systems via your smart phone).<br />
If we readily upgrade our mobile phones –<br />
among other technology – why do some of us<br />
still settle for limited functionality when it<br />
comes to evolving our integrated security and<br />
access control systems? The stakes are<br />
certainly higher. Now that we’re living in an age<br />
of greater risk posed by cyber and terror<br />
attacks, concerns about security and access<br />
control will be front and centre for those<br />
organisations of critical importance to the<br />
national infrastructure, such as those in the<br />
medical, defence, Government and educational<br />
sectors, not to mention Data Centres, research<br />
laboratories and financial institutions.<br />
Security system developers and<br />
manufacturers are meeting this evolving<br />
requirement head-on with the provision of even<br />
more robust access control systems, but tighter<br />
security aimed at threat prevention isn’t the<br />
only motivation for introducing an upgraded<br />
integrated security and access control system.<br />
There’s a commercial one, too, and that’s<br />
something all businesses are considering in the<br />
currently tough economic climate.<br />
Key players in a variety of successful<br />
organisations are asking how their investment<br />
in access control can help to keep them safe<br />
and secure, but also how it can assist them to<br />
stay ahead of their competitors. With CCTV,<br />
people want to know how they can use their<br />
cameras for more than just basic surveillance.<br />
They want to use them for risk assessment,<br />
analysis of trends and much more besides.<br />
Business intelligence<br />
Emerging to meet this need are systems with<br />
highly-integrated security, access control and<br />
building automation functionality. Features<br />
such as 24-hour unmanned access help in<br />
meeting Health and Safety requirements at<br />
lower costs. Intelligent integration with subsystems<br />
such as CCTV, biometrics, lighting, air<br />
conditioning, intercom solutions and fire safety<br />
makes for reduced bills as well as offering<br />
greater protection.<br />
Central and remote building and security<br />
management from a single user interface helps<br />
in managing multiple locations on a 24/7/365<br />
basis using iOS and Android Apps.<br />
Your chosen access control system might<br />
operate satisfactorily, but is it enabling your<br />
organisation to be the best and the safest it can<br />
be? There’s so much valuable insight and<br />
business intelligence that may be gained from<br />
using newer solutions. Organisations can glean<br />
better insight into how visitors and staff access<br />
and use facilities, in turn building a profile that<br />
may be used to track staff, visitor and asset<br />
movements for safety, security and the<br />
optimum performance of the business.<br />
If upgrading your access control system isn’t<br />
a current priority, is this due to budget<br />
constraints or is it simply a case of: “If it’s not<br />
46<br />
www.risk-uk.com
Access Control: Considerations for System Upgrades<br />
broken, why should we fix it?” Here’s a little<br />
detail about some of the functionality you could<br />
be missing out on if your access control system<br />
is five-to-ten years old:<br />
• Web interface and mobile device management<br />
of your access control security system gives<br />
your administrators secure access to the<br />
interface via any Internet-enabled device<br />
(including smart phones and tablets), allowing<br />
them to respond quickly to alerts and events<br />
even when they’re off-site or away from the<br />
Security Control Room<br />
• User-friendly interactive interface: Easy-touse<br />
interactive schematics of all your buildings<br />
and facilities simplify access control<br />
management and control. If you need to lock a<br />
specific door, for example, you can do so from<br />
the comfort of your Security Control Room or<br />
even via a secure smart phone or by dint of<br />
some other mobile device<br />
• Advanced integration possibilities: Given the<br />
ability to integrate your access control system<br />
with many other business and building<br />
management solutions, the possibilities are<br />
endless. For example, you can manage visitor<br />
arrivals with automated, intelligent lift control<br />
and use ANPR to co-ordinate car parking<br />
• Capability to support vulnerable sites: If your<br />
organisation is of critical importance to the<br />
national infrastructure or the risk from a major<br />
security attack or terror incident is high, having<br />
a fully-integrated access control and security<br />
system in place will be vital. This includes realtime<br />
access to CCTV, as well as the ability to<br />
lock down doors and buildings to protect<br />
people and assets and better control a situation<br />
• Smart cards: Now, your access control card<br />
enables staff and visitors to gain entrance to<br />
authorised areas of your facilities and can have<br />
multiple other uses such as cashless vending,<br />
locker control and ID. Given their ability to<br />
integrate with HR management programmes,<br />
systems can be streamlined to reduce the<br />
duplication of work<br />
• Multi-drop RS 485-based smart card readers<br />
that employ 128 bit AES encryption from the<br />
card through to the door module afford a far<br />
superior level of security<br />
• Highest levels of security: When security<br />
takes precedence over all other factors, the<br />
highest grade of security system isn’t optional.<br />
Systems that provide an end-to-end, fullyencrypted<br />
solution to 128 bit with Mac<br />
authentication offer organisations the ability to<br />
add an additional layer of protection. Data<br />
encryption ensures secure LAN communications<br />
at all times, while continuous monitoring will<br />
actively serve to detect any fault or attempted<br />
module substitution<br />
Scale up or downsize?<br />
If your access control system is over ten years<br />
old, as well as the above features you may also<br />
not be benefiting from:<br />
• Access control and building management<br />
locally, nationally and globally: Having the<br />
ability to manage access control and security<br />
for multiple buildings, regardless of their<br />
location, will allow you to better use your<br />
security team resource. If your organisation is<br />
located in one area, but has, over the years,<br />
acquired additional buildings with different<br />
access control and security systems, the<br />
company would benefit from having the ability<br />
to manage and control the entire estate from<br />
just one system<br />
• The ability to scale up or downsize if required:<br />
Access control systems are now built with<br />
flexibility in mind. They allow for rapid<br />
upscaling in times of prosperity and expansion.<br />
There’s a realisation that, due to consolidation<br />
or industry changes, the number of facilities an<br />
organisation may manage could also reduce<br />
over time. It’s important to know that your<br />
chosen solution can adapt to your needs<br />
• Integration capabilities: Forward-thinking<br />
integrated access control systems will work<br />
cohesively with leading brands, continually<br />
adding the latest and most popular<br />
technologies to their partner list, from the<br />
basics such as CCTV through to building<br />
management systems involving heating,<br />
lighting and air conditioning solutions<br />
• A management system that can ‘talk’ to<br />
business systems already in use: A major<br />
concern for your organisation, along with the<br />
invesment in an access control system, may be<br />
about how many of your other security<br />
solutions will be made redundant following an<br />
updgrade? You might be surprised to learn that<br />
much of your current infrastructure could still<br />
be used, bringing a higher return on existing<br />
investments and reducing costs<br />
Going beyond protection<br />
Given a summary of benefits that vast, surely<br />
this provides much food for thought for any<br />
business with access control regimes in place?<br />
Many of you may not have been aware of the<br />
scope of capability now offered by today’s<br />
integrated security and access control systems.<br />
Even if you were, perhaps you’re now beginning<br />
to think about them in a new light.<br />
Tim Northwood:<br />
General Manager of Inner<br />
Range Europe<br />
“Your chosen access control system might operate<br />
satisfactorily, but is it really enabling your organisation to<br />
be the best and the safest it can possibly be?”<br />
47<br />
www.risk-uk.com
Contractor Screening Procedures:<br />
Eradicating the ‘Blind Spots’<br />
Traditional business models are under fire as organisations<br />
increasingly seek ways in which to extend their workforce<br />
beyond the humble ‘employee’. Initiatives like the sharing<br />
and gig economies are rising in popularity because they<br />
allow companies to meet short-term capacity needs and<br />
enable them to operate more flexibly. Steve Girdler addresses<br />
the security management implications for hiring companies<br />
Professional services firm PwC predicts a<br />
significant leap in the proportion of<br />
contractors making up our workforces by<br />
2022. While the move towards an extended<br />
workforce comprising vendors and contractors<br />
presents businesses with a great opportunity to<br />
enhance and diversify their skills base, it can<br />
also open the door to new forms of risk.<br />
Unless those risks are understood and<br />
mitigated from the start, the repercussions of a<br />
bad hire can be very long-term indeed, even if<br />
the worker’s contract isn’t. Any new or existing<br />
employee has the potential to expose a<br />
company to risk. Remember that a given chain<br />
is only as strong as its weakest link.<br />
Companies that provide access to<br />
confidential customer information, Intellectual<br />
“It’s simply not enough to solely rely on recruitment agencies<br />
or suppliers of temporary workers to have performed the<br />
bespoke checks that fit in with the needs of a business”<br />
Property and financial information in particular<br />
need to extend the same level of attention to<br />
screening vendors and contractors as they<br />
would do for permanent members of staff – a<br />
challenge that goes way beyond Best Practice<br />
and enters into the realm of compliance.<br />
However, our own 2017 Employee Screening<br />
Benchmarking Report finds that less than half<br />
(42%, in fact) of EMEA companies we<br />
questioned actually screen non-employees<br />
such as independent contractors, temporary<br />
workers and volunteers. Furthermore, a quarter<br />
(ie 24%) relax their screening process for the<br />
extended workforce. By not checking third<br />
parties who come into contact with their<br />
business, companies risk both their reputation<br />
and profitability. It’s time they closed the gap.<br />
Spotting the red flags<br />
A truly robust recruitment process requires the<br />
background screening of all candidates,<br />
including those in the extended workforce. It<br />
should form an integral part of a company’s<br />
business continuity and risk management<br />
strategy. It should not be viewed as an ‘added<br />
extra’, but instead as a necessity designed to<br />
ensure the security of the business.<br />
While there might be the temptation to limit<br />
investment in short-term workers, filling<br />
temporary gaps should still require employers<br />
to follow set risk management procedures<br />
during the recruitment process.<br />
Therefore, organisations need to plan ahead<br />
in order to spot where the gaps may arise in<br />
their workforce, identifying regular ‘crunch<br />
times’ and keeping on top of the trends that<br />
affect hiring needs. Only with in-depth planning<br />
can the needs of the company be met in a<br />
secure and efficient way.<br />
The amount of screening for applicants<br />
should be matched to the level of risk they<br />
pose. For instance, those trusted with sensitive<br />
information or privileged access to company<br />
systems are the ones on whom most attention<br />
ought to be focused.<br />
The process of screening promotes a safe<br />
working environment, builds integrity among<br />
employees and helps to ensure the credentials<br />
of the most skilled and experienced talent<br />
available. By screening both permanent and<br />
temporary workers as a standard part of the<br />
recruitment process, employees can make a<br />
48<br />
www.risk-uk.com
Background Screening of Employees<br />
safe assumption that the colleagues whom<br />
they’re working alongside are who they say<br />
they are and duly qualified for their role.<br />
It’s simply not enough to solely rely on<br />
recruitment agencies or suppliers of temporary<br />
workers to have performed the bespoke checks<br />
that fit in with the individual needs of a<br />
business. Instead, companies must build time<br />
into the recruitment process to identify any<br />
inconsistencies and, in doing so, uncover the<br />
potential risks a business could face before<br />
they’re realised.<br />
While of course it can be tempting to cut<br />
down the time it takes to hire by reducing or<br />
otherwise avoiding the screening of employees,<br />
it’s crucial to ensure every member of the team<br />
is able to live up to their CV and share the<br />
organisation’s values all the while.<br />
Maintain brand integrity<br />
A company’s reputation is often either built or<br />
burned by the behavior of its employees. The<br />
rise of sites such as Twitter, Trustpilot and<br />
TripAdvisor means that every experience a<br />
customer has with a brand can be shared with<br />
members of the public. That being so, a<br />
positive outcome is now arguably more<br />
important than ever before. When it comes to<br />
the extended workforce, every employee must<br />
be aware of the standards of behaviour and<br />
conduct expected of them in the working<br />
environment no matter their contract length.<br />
Even if someone’s brought in to a company as<br />
a stop-gap measure, businesses need to be<br />
able to trust such employees to work in line<br />
with the existing brand expectations.<br />
Timeframes for recruitment and training may be<br />
reduced, but on balance the importance of<br />
ensuring such employees are willing and able<br />
to fulfill obligations they take on has priority.<br />
Fraudulent activity can have severe<br />
consequences for businesses, meaning that the<br />
definition and subsequent implementation of<br />
preventative policies and procedures is<br />
paramount. Our research found that most<br />
business leaders (84% of those surveyed)<br />
perceive their greatest risk to be external, but<br />
Kroll’s Annual Fraud Report for 2016 found that<br />
most fraud incidents (81%) involve at least one<br />
insider. In that study, six out of every ten<br />
respondents who worked for companies that<br />
suffered from fraud identified a combination of<br />
perpetrators that included current and former<br />
employees and third parties. Almost half (49%)<br />
said that incidents involved all three groups.<br />
Junior staff were cited as key perpetrators in<br />
two-fifths (39%) of all fraud cases, closely<br />
followed by senior or middle management<br />
(30%) and freelance or temporary employees<br />
(27%). Former employees were also<br />
responsible for 27% of reported incidents.<br />
Overall, 44% of respondents reported that<br />
insiders were the primary perpetrators of a<br />
cyber incident, with former employees the most<br />
frequent source of risk (20%) compared to 14%<br />
citing freelance or temporary employees and<br />
10% focusing on permanent employees. Adding<br />
agents or intermediaries to this ‘insider’ group<br />
as quasi-employees increases the proportion of<br />
executives indicating insiders as the primary<br />
perpetrators to a majority 57%.<br />
Over half of all respondents (56%) to the<br />
Kroll study explained that insiders were the key<br />
perpetrators of security incidents, with former<br />
employees (at 23%) the most common of these.<br />
Putting the right security measures and IT<br />
systems in place is vital in terms of protecting<br />
businesses from outsiders, but the evidence<br />
shows that the greatest risk is actually from<br />
within. Serious and credible threats from<br />
external sources such as cyber crime attract a<br />
lot of attention and are much feared, but the<br />
few major instances that reach the mainstream<br />
media can be a smokescreen for the more<br />
realistic threat posed by internal weak spots.<br />
Companies need to plan for this threat with the<br />
same energy that they do external risks.<br />
Background screening can be a critical tool in<br />
the prevention of legal challenges. A lack of<br />
effective screening may open businesses up to<br />
avoidable compliance issues such as those<br />
surrounding the UK Bribery Act or the<br />
forthcoming EU General Data Protection<br />
Regulation (GDPR).<br />
The implementation of the GDPR next May is<br />
one of the most significant developments in<br />
data protection that the EU has seen, with the<br />
UK expected to adhere to the regulations<br />
before its exit of the EU. The GDPR will improve<br />
individuals’ rights over how their data is being<br />
used by businesses. With fines that could<br />
stretch well into the millions, this has to be a<br />
priority for all companies.<br />
Steve Girdler: Managing<br />
Director (EMEA) at HireRight<br />
49<br />
www.risk-uk.com
16 - 17 October<br />
Whittlebury Hall Hotel & Spa,<br />
Northamptonshire<br />
Limited Places Remain<br />
This October, the Total Security Summit<br />
will be celebrating it’s 20th anniversary.<br />
Meet with the most experienced<br />
suppliers, learn from industry gurus and<br />
connect with peers over the course of this<br />
two-day Summit.<br />
For more information on our remaining<br />
delegate and supplier invitations, please<br />
contact Nick Stannard today on<br />
01992 374092 or email<br />
n.stannard@forumevents.co.uk<br />
totalsecuritysummit.co.uk<br />
@TSSummit<br />
#TSSummit
The Changing Face of Security Services: Security Uniforms<br />
What’s The Future Role<br />
of Uniforms in Security?<br />
In a recent series of exclusive articles for Risk UK, Peter Drew Contracts’<br />
Tim Drew has examined the provision of managed uniform services (Risk<br />
UK, December 2016, pp32-33) and how to successfully switch uniform<br />
suppliers and therefore realise the full benefits available from the supply<br />
chain (Risk UK, March 2017, pp35-36). Now, the emphasis turns towards<br />
the future of uniforms and their use in the security business sector<br />
The security landscape and, indeed, the<br />
security business sector itself is<br />
undoubtedly changing and, not<br />
surprisingly, these changes are having an<br />
impact on the clothing used and the services<br />
offered by today’s myriad solution providers.<br />
In order to clarify the position as it stands,<br />
we need to briefly look back at the role of<br />
security personnel and how this has both<br />
evolved and developed to produce the breed of<br />
security officer that we now witness looking<br />
after buildings as well as the assets and people<br />
within them on a daily basis.<br />
Traditionally, the security officer was tasked<br />
with protecting physical assets such as<br />
factories and industrial estates. Often, that<br />
officer was employed in-house in what might<br />
best be termed a ‘gate-guarding’ duty and, in<br />
fairness, the role harboured a somewhat<br />
limited range of tasks. In days of old,<br />
communication equipment was often no more<br />
sophisticated than a landline telephone.<br />
As far as uniforms were concerned, the look<br />
of the practising security officer wasn’t driven<br />
by image, but rather by simple practicality and<br />
‘recognition’ of the role being performed on<br />
site. Corporate branding was non-existent. A<br />
standard badge stating ‘Security’ and<br />
something of a military influence was pretty<br />
much all that was required to meet the need.<br />
This type of security role still exists in small<br />
numbers and, it must be said, isn’t without<br />
merit in some specialist or traditional<br />
environments. However, if we move forward to<br />
today’s fully-integrated security services<br />
provision so beloved by many practitioners, the<br />
contrast becomes immediately apparent.<br />
Array of services<br />
Security now encompasses an extensive range<br />
of both complex and specialist services.<br />
Leading security providers are closing the gaps<br />
between disparate security requirements and<br />
offering integrated, flexible and added value<br />
services for their client base. This is different to<br />
– and, arguably, offers much more than –<br />
standard facilities management. The services<br />
now on offer are targeted specifically at<br />
security and attuned to the safety of the<br />
customer and/or members of the general public<br />
rather than simply the maintenance of the<br />
facility that’s being safeguarded.<br />
These added value services have a direct<br />
effect on the skills and activities of the security<br />
officers present on a given customer’s site and,<br />
as a consequence, the equipment and<br />
protective clothing that will be required by<br />
them. We’re now witnessing the development of<br />
the modern security officer: a multi-skilled,<br />
multi-tasking multi-role occupied by a highlytrained<br />
and assiduous individual.<br />
Training for today’s security personnel can<br />
take in excess of 12 months and represents a<br />
considerable investment by a front line security<br />
services provider. Remember, too, that the<br />
security officer is only one part of a complex<br />
and robust security solution which may also<br />
encompass active manned CCTV, mobile<br />
patrols, first response medical assistance,<br />
firefighting and major incident management.<br />
For each of these services, it follows that a<br />
different uniform will be required.<br />
Manning a reception service within a prestige<br />
office in a major city is no longer simply a ‘Meet<br />
and Greet’ and issue a pass-style security<br />
function. Security staff may now be tasked with<br />
building evacuation, co-ordination with<br />
members of the Emergency Services or even<br />
the management of what’s an ongoing terrorist<br />
threat (the level of that threat posed to the UK<br />
mainland is currently set at ‘Severe’ by the Joint<br />
Terrorism Analysis Centre).<br />
Put simply, the security officer of today must<br />
change from a stance of ‘hiding in plain sight’<br />
to be recognised as a person of influence and a<br />
conduit of information in an emergency<br />
scenario by both members of the public and,<br />
indeed, the Emergency Services.<br />
Tim Drew: Managing Director<br />
of Peter Drew Contracts<br />
51<br />
www.risk-uk.com
The Changing Face of Security Services: Security Uniforms<br />
Requirement for PPE<br />
Specialist uniforms are issued that may only be<br />
used for a few moments in an incident, but<br />
these will be every bit as important as the daily<br />
wardrobe. Mobile officers supported by CCTV<br />
protecting public places may require PPE to<br />
handle needles or, in some of the more extreme<br />
cases, could well be issued with covert or overt<br />
stab protection.<br />
Large Government facilities and universities<br />
are typical examples of locations where the<br />
modern day security officer is now being<br />
deployed. Integrating mobile patrols, static<br />
guards, physical security, CCTV and first<br />
response offers benefits for the purchasing<br />
client in terms of both enhanced security and<br />
reduced cost.<br />
Security companies are now training their<br />
officers in fire protection techniques (with a<br />
view to helping reduce the potential outbreak<br />
of fire) and in fire-fighting small fires to allow<br />
safe evacuation, at the same time deploying<br />
small fire engines and fire-fighting equipment<br />
as part of a complete protection service.<br />
Response times to an alarm can now be as little<br />
as two minutes.<br />
In a true one-stop operation, sniffer dogs<br />
may be deployed for firearms or drugs<br />
detection. The use of these dogs is increasing<br />
in public areas and venues. The dogs need to<br />
be identified and they too have a uniform,<br />
including dog boots and dog goggles.<br />
Even the event security sector – which, in<br />
general, has been characterised by the<br />
employment of temporary personnel and the<br />
issuing of low value uniforms – is now changing<br />
rapidly. Classic suits are often worn in<br />
customer-facing positions, with the switch<br />
made to corporate-branded and highly visible<br />
clothing for crowd management duties.<br />
Different vibrant colours can indicate<br />
different roles and, in what’s a new<br />
development, LEDs may be built into garments<br />
as a method for informing members of the<br />
public of a developing scenario.<br />
The multi-role security officer can offer the<br />
client excellent value through improved public<br />
protection combined with a reduction in<br />
insurance premiums. All of the tasks involved<br />
require a complex issue of different pieces of<br />
clothing across different wardrobes. Managed<br />
uniform providers simply must be prepared to<br />
meet the requirements of the modern multi-role<br />
security officer of today. Large ranges of<br />
specialist equipment, garments and footwear<br />
are going to be required.<br />
Complex and diverse<br />
Gone are the days when the uniform supplier<br />
was simply a tailor or the maker of clothing.<br />
The security uniform is now complex and<br />
diverse and requires the co-ordination of a<br />
range of specialist providers in order to<br />
complete the requirement.<br />
In addition, this must be coupled with<br />
systems that can control the supply chain as<br />
well as simplify the ordering and monitoring of<br />
the life of uniforms and PPE.<br />
Will the modern day security officer<br />
described here become the standard for<br />
security? Given recent events, it’s abundantly<br />
clear that officers with diverse skill sets are a<br />
huge advantage when it comes to dealing with<br />
a severe threat. There will always be room in<br />
the industry for officers of all levels, but the<br />
specialist security officer is a welcome growth<br />
area and one which suppliers to the industry –<br />
and notably uniform providers – must either<br />
invest in or be left behind.<br />
Ordering systems should be developed that<br />
can handle the ordering and tracking of<br />
multiple garment requests. New and adaptable<br />
IT systems capable of being reconfigured to<br />
customers’ requirements are essential to the<br />
process. Software capable of predicting current<br />
and future uniform requirements will be created<br />
to manage the issue and re-issue of uniforms<br />
and PPE. These systems should project both<br />
the future requirements by quantity and the<br />
overall cost, in turn allowing the security<br />
provider to budget ahead.<br />
Managed IT services<br />
Managed uniform providers should be prepared<br />
to work with security companies to closely<br />
integrate payroll systems and enable live<br />
reporting. This will reduce the need for rekeying<br />
staff information.<br />
For their part, managed IT services can be<br />
supported on mobile devices and made<br />
available to every concern, from the smallest<br />
right through to the largest security company.<br />
The good news for all of us is that it looks<br />
like the uniformed multi-skilled security officer<br />
is very much here to stay. The world will be a<br />
far safer place because of them.<br />
“Integrating mobile patrols, static guards, physical security, CCTV and<br />
first response offers benefits for the purchasing client in terms of both<br />
enhanced security and reduced cost”<br />
52<br />
www.risk-uk.com
We go the extra mile.<br />
Axis Security – supporting customers every step of the way.<br />
• Our employees – are highly trained, valued and rewarded<br />
• Our proactive management approach – ensures service is continually improving<br />
• Our intelligent technology – ensures open lines of communication and transparency<br />
• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards<br />
T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk
The Changing Face of Security Services: Officer Profiles<br />
Women in Security<br />
How do women view themselves within the security business<br />
sector? How are they perceived by their male colleagues (of<br />
all levels) and how do members of the public look upon<br />
female security officers? Paula Mathers reports on the<br />
extremely interesting results of a recent study<br />
As part of the senior management team at<br />
Coverguard Services, it’s one of my tasks<br />
to ensure we employ a wide demographic<br />
of staff and are giving everyone a fair and equal<br />
chance at employment regardless of their race,<br />
ethnicity, age, level of ability or gender.<br />
There are statistics which show what<br />
percentage of females we need to employ in<br />
order to provide evidence that we’re an equal<br />
opportunities employer, and a great number of<br />
companies actually state within their equal<br />
opportunities policies what percentage of<br />
women they will hire as a minimum.<br />
The Office for National Statistics reports that<br />
female students obtain higher GCSE and degree<br />
results than males, which could mean that<br />
women are less likely to enter physical<br />
employment – such as security – and more<br />
disposed to take on roles reliant to a somewhat<br />
greater extent upon academic skills.<br />
There are more males in senior roles within<br />
business, medicine and academia, which<br />
should balance out the equation. Maybe the<br />
answer is that males are more open to the kind<br />
of employment they enter than women, with<br />
females being rather more particular about the<br />
kind of role for which they would apply.<br />
Within the cyber security industry, it’s found<br />
that only 11% of staff are female.<br />
Moral dilemma for employers<br />
In March, the House of Commons reported that<br />
women are expected to make up at least 25%<br />
of company Board members in the business<br />
sector. This leaves employers with a moral<br />
dilemma if they wish to adhere to that goal.<br />
In order to comply with the required<br />
statistics, are we expected to employ or<br />
promote female staff members over their male<br />
counterparts regardless of their level of<br />
experience or ability to do the job? For some<br />
companies, this may be the only way in which<br />
it’s possible to conform with these figures.<br />
We set up a study to see how females<br />
perceive themselves within the security<br />
industry, how they’re viewed by their male<br />
colleagues (of all levels) and how the general<br />
public looks upon female security officers.<br />
The findings suggest that (the majority of)<br />
women perceive themselves as being better at<br />
their security role than their male counterparts.<br />
They feel they have more compassion, are able<br />
to diffuse a situation quicker and easier and are<br />
faster to react to potential trouble, reading<br />
signs of unrest on a swifter footing than their<br />
male colleagues.<br />
When assessing how male security personnel<br />
perceive their female colleagues, significant<br />
differences were found between what people<br />
were prepared to say in public and what they<br />
wished to disclose in private. The majority of<br />
males were actually unsure of how to treat a<br />
female security officer. For some, the belief is<br />
very strongly embedded that females are only<br />
in the role so that someone can “check the<br />
girls’ toilets” or “make up the diversity<br />
numbers”. In a public forum, those same male<br />
officers claimed that they saw female security<br />
personnel to be just as good as the males.<br />
The public’s view of females in security is<br />
very different and seems to depend directly on<br />
looks. The more attractive female officer makes<br />
members of the public wary with comments<br />
such as “Is she strong enough to break up a<br />
fight?” and “How is she going to stop any<br />
trouble?” being the norm. The perceived to be<br />
less attractive females are considered along the<br />
same lines as male security officers, with little<br />
or no questioning of their abilities.<br />
Despite employing the best person for the<br />
job within our company regardless of gender<br />
bias, we have what seems to be a much higher<br />
percentage of female staff than other security<br />
businesses. Over 30% of our licensed staff, in<br />
fact, are female. Last year, we enjoyed an influx<br />
of only female candidates turning up for our<br />
scheduled interviews and, what’s more, they<br />
excelled in all interview areas.<br />
This puts us at a great advantage. It may<br />
possibly be due to our family-friendly policies<br />
and stringent lone working procedures, or it<br />
might be down to the types of clients whom we<br />
choose to serve. Whatever it is, it’s working.<br />
Paula Mathers:<br />
Assistant Director of<br />
Coverguard Services<br />
“In March, the House of Commons reported that women are expected to<br />
make up at least 25% of company Board members in the business<br />
sector. This leaves employers with a moral dilemma”<br />
54<br />
www.risk-uk.com
Tel: 08707 508070 Fax: 08707 508066<br />
Risk UK Offer<br />
Uniforms@PeterDrew would like to offer<br />
all Risk UK readers, SIA licensed companies,<br />
FM companies and end users of security<br />
services the following -<br />
• Free samples on a sale or return basis<br />
• Free artwork and design setup<br />
• Free dedicated buying portal<br />
• Discounted contract prices<br />
• Committed customer sales support<br />
• Same day dispatch, next day delivery<br />
• Branded stock holding available<br />
• <br />
To take advantage of this offer or for more<br />
information contact uniforms@peterdrew.com<br />
or call 08707 508070<br />
Website: www.peterdrew.com<br />
Twitter: @UniformSecurity<br />
Facebook: facebook.com/<br />
PeterDrewCorporateClothing
The Changing Face of Security Services: Counter-Terrorism<br />
Peter Webster:<br />
CEO of Corps Security<br />
Peter Webster looks<br />
back on the tragic<br />
terrorist attack that<br />
took place at<br />
Manchester Arena on<br />
Monday 22 May and<br />
what it means for<br />
practising security<br />
professionals<br />
Reflecting on Manchester<br />
The full horror of what happened in<br />
Manchester last month is still sinking in. At<br />
the time of writing there were 22 dead and<br />
over 60 injured in the wake of a suicide bomber<br />
walking into Manchester Arena following a<br />
concert by Ariana Grande and initiating the<br />
worst terror attack in the UK since the 7 July<br />
2005 suicide bombings in central London.<br />
Watching footage filmed inside the building<br />
after the bomb was detonated and seeing<br />
images of injured children and young people<br />
outside the venue filled me full of sadness,<br />
anger and a sense of determination that those<br />
perpetrating such acts must be defeated.<br />
This episode also highlighted the important<br />
job our security services do in preventing more<br />
of these types of incidents. While every terrorist<br />
attack that’s successful is one too many, lots<br />
more are prevented. We must all be vigilant in<br />
order to help in stopping future atrocities.<br />
It’s also important to recognise the role my<br />
industry colleagues played in the immediate<br />
aftermath in terms of helping the injured and<br />
working with the Emergency Services. I’m sure<br />
that, faced with a similar situation, security<br />
officers from up and down the country would<br />
have acted in the same calm and professional<br />
manner. Security personnel deal with serious<br />
situations each and every day and their actions<br />
usually go unrecognised. Put simply, far greater<br />
respect needs to be afforded to those who<br />
perform security-related tasks.<br />
It goes without saying that security<br />
professionals must be on high alert to the<br />
potential impact of threats posed to the people,<br />
property and assets they protect and review<br />
their contingency plans where necessary.<br />
Furthermore, in order to stand the best<br />
chance of spotting terrorists, the public must<br />
also play its part by reporting any suspicious<br />
behaviour. The National Police Chiefs’ Council<br />
needs to do more to promote the advice offered<br />
in its ‘Run, Hide, Tell’ policy.<br />
The attack on Manchester has sent<br />
shockwaves around the world and is a clear<br />
indicator of the type of havoc that those with<br />
malicious intent can wreak upon our lives as<br />
they try to undermine our values and what we<br />
stand for. Sadly, I don’t believe that we’ve seen<br />
the last of this type of despicable activity.<br />
Vigilance is our key strength and we must<br />
use it in full support of our security services.
Access Control: The Keys to Successful<br />
Security Management Regimes<br />
Given the increasingly<br />
high-profile status of<br />
potential risks in this<br />
day and age, Steve<br />
Bumphrey outlines<br />
why it’s not surprising<br />
that more and more<br />
specialist sectors –<br />
including the<br />
Emergency Services<br />
sector and custodial<br />
operations – are<br />
reviewing their<br />
security posture from<br />
the basics through to<br />
the highest levels<br />
Let’s begin with a quote from the Global<br />
Access Control Security Market Research<br />
Report 2017: “The need for electronic<br />
access control has grown in the wake of threats<br />
becoming increasingly complex. The threats<br />
posed to both members of the public and<br />
private properties are coming from across the<br />
border and their own citizens. The electronic<br />
access control market includes management<br />
and authentication systems as well as intruder<br />
alarm and perimeter security systems as they<br />
monitor and prevent malicious activities.”<br />
At its simplest, access control has always<br />
been concerned with doors and buildings.<br />
Increasingly, we now look towards protecting<br />
three elements: people, equipment and data or<br />
information (particularly since the latter has<br />
featured so significantly on recent crime<br />
statistics reports issued by the police).<br />
In an era when there are increasingly<br />
sophisticated and complex control systems<br />
available, it’s very easy to lose sight of the<br />
basics. In “times of plenty” there were the<br />
budgets available to invest in advanced<br />
systems. What it comes down to, and notably in<br />
today’s more uncertain times, is that every<br />
investment is likely to be scrutinised far more<br />
closely. That being so, it’s essential to build a<br />
strong security case right from the ground up.<br />
Most people understand the ‘make it<br />
difficult’ part. After all, that’s what security is<br />
designed to do, but they often forget the times<br />
when you also need to make it very easy for<br />
people to move through doors.<br />
For example, in the case of fire or other<br />
emergency evacuation scenarios, or at sporting<br />
facilities, transport hubs or entertainment<br />
venues when you have to move thousands of<br />
people through an area in a very short space of<br />
time, enabling them to move swiftly through<br />
entrances and exits is absolutely vital.<br />
Further, added focus is afforded by the need<br />
to remember the requirements of the Disability<br />
Discrimination Act (ie to provide equal access<br />
to services and products and make openings<br />
easy and accessible for all).<br />
This is where accounting for the basics and<br />
having a clear audit control on keys (and any<br />
form of credential or access control) among<br />
members of staff – both temporary and<br />
permanent – can prove absolutely essential.<br />
Effective key and equipment management<br />
ensures a completely secure solution, right<br />
from door entry through to the filing cabinets,<br />
COSHH cupboards and, critically, for personnel<br />
in sectors such as the Emergency Services.<br />
Audit control<br />
It’s understandable that most individuals focus<br />
their security planning on trying to prevent<br />
entry to or exit from a building. There’s a<br />
bewildering array of choices when it comes to<br />
locking and access systems but, taking a step<br />
back from all of this, it’s important to be able to<br />
account for all keys that are still functioning<br />
and manage staff and visitor access control<br />
credentials efficiently from one platform.<br />
You can have the most sophisticated,<br />
Internet-enabled, biometric access-controlled<br />
scanning system in the world in place, but if the<br />
credentials are not allocated to authorised<br />
personnel then security will be swiftly<br />
breached. Considering keys on their own, they<br />
may not be a high value item to replace, but<br />
when you think about what those keys are<br />
controlling, it could well be the most precious<br />
equipment (often in terms of data stored as<br />
opposed to its monetary value).<br />
58<br />
www.risk-uk.com
Access Control: Electronic and Physical Key Management<br />
If such keys fall into the wrong hands, not<br />
only is it an expensive process to change all the<br />
compromised locks, but it’s also potentially<br />
breaching security and creating a vulnerable<br />
environment. Adding to the concerns over<br />
physical key management, the ease of both<br />
the instruction and ability to copy keys – not<br />
only in High Street stores, but also by referring<br />
to social media influences – also serves to<br />
again leave keys, equipment, businesses and<br />
public sector organisations exposed.<br />
Simply put, basic keys are equally easy,<br />
simple and inexpensive to copy and, in doing<br />
so, the building administrator or security officer<br />
instantly loses control of the security situation.<br />
Traditionally, the solution is to introduce a<br />
key control system, whereby keys are<br />
‘managed’ by a particular department holding<br />
‘keys on hooks’ (sometimes in a metal cabinet)<br />
and keeping a manual record of any keys that<br />
are distributed or loaned out. The more<br />
sophisticated solution for managing this<br />
scenario is to use an electronic key cabinet that<br />
monitors who has used each key and when it<br />
was allocated and also restricts who has access<br />
to the keys themselves.<br />
If a key ever goes missing or a compromise<br />
situation occurs, a full audit trail exists showing<br />
who has had access and which keys have been<br />
taken. It’s quite amazing how quickly keys are<br />
returned when end users know they’re both<br />
accountable and traceable. In this scenario,<br />
perhaps what’s less well known is the level of<br />
cost, resource and efficiency savings to be<br />
realised in being able to immediately account<br />
for keys and access rights at any one time.<br />
Software-controlled systems can turn<br />
traditional keys into intelligent ones by setting<br />
curfews for their return and triggering alarm<br />
events if they’re not brought back to base by a<br />
certain time.<br />
Looking at the evidence<br />
Despite the Government stating crime figures<br />
have continued to fall, given the ongoing<br />
impact of policing budget cuts it’s very much<br />
the case that the necessity to carefully manage<br />
costs in the emergency sector is still required.<br />
Hertfordshire Police is a good example. A key<br />
management system has helped supervisors<br />
know how and when vehicles are being used.<br />
They have the ability to determine who can<br />
access the keys to particular vehicles and<br />
when, record and report on mileage driven<br />
during the periods keys are out, capture data<br />
on any reported defects or damage to enable<br />
appropriate decisions to be made and timely<br />
actions taken and also decide which vehicles<br />
individual officers can and cannot drive.<br />
“Software-controlled systems can turn traditional keys into<br />
intelligent ones by setting curfews for their return and<br />
triggering alarm events if they’re not brought back to base<br />
by a specified time”<br />
From a Duty of Care perspective this provides<br />
control. The force is able to ensure officers<br />
cannot take out a vehicle when they’re not<br />
authorised to drive or for which they haven’t<br />
received proper training. Further, it helps to<br />
maintain the cars so that, when used in an<br />
emergency, officers can be confident their<br />
vehicles are always in perfect working order.<br />
Thames Valley and Northamptonshire Police<br />
is one force that has taken steps to implement<br />
electronic and intelligent physical management<br />
of equipment to ensure a more efficient service<br />
can be provided for its community. The force<br />
has safeguarded equipment such as radio<br />
terminals using an intelligent locker system to<br />
deliver better security and management.<br />
With over 5,000 airwave radios in use across<br />
the Thames Valley force at any given time, it’s<br />
essential that replacements are made available<br />
day or night and quickly. Replacements are held<br />
in 29 locations across the region. Officers<br />
needing a spare or replacement radio simply<br />
access the electronically-operated locker<br />
system by making a telephone call to a 24/7<br />
Help Desk using a dedicated adjacent<br />
telephone. The Help Desk operator will then<br />
check the identity of the officer and remotely<br />
unlock the electronic locker to allow access to a<br />
replacement unit and then enters the details<br />
into the bespoke database.<br />
In addition to the electronic lockers<br />
containing replacements for standard airwave<br />
radios and accessories, the force has also<br />
introduced a new range of lockers for securing<br />
radios used on selected special operations by a<br />
small number of highly-trained officers. For<br />
these special operations radios, RFID tagging is<br />
incorporated to identify each radio, recording<br />
when a terminal is removed from one of the<br />
cabinets and by whom. In turn, this provides<br />
powerful management information.<br />
Age of uncertainty<br />
In an age of security uncertainty, while action is<br />
being discussed in terms of ways in which to<br />
better protect our communities, it’s clear every<br />
item of expenditure is under scrutiny. There’s a<br />
defined requirement to consider a cost-effective<br />
and pragmatic approach right across the board.<br />
These factors alter the dynamics of security<br />
planning – and, indeed, effective access control<br />
– for designers and specifiers alike.<br />
Steve Bumphrey:<br />
Sales Director for Traka<br />
59<br />
www.risk-uk.com
Fire Safety: Standards and The Law<br />
The UK’s fire industry<br />
faces new challenges<br />
as the density of<br />
occupation increases<br />
alongside the<br />
developing complexity<br />
of buildings in which<br />
people live and work.<br />
Furthermore, growing<br />
end user demands are<br />
heightening the<br />
urgency to introduce<br />
governance on fire<br />
equipment and fire<br />
safety solutions.<br />
Against this backdrop,<br />
Don Scott discusses<br />
the importance of fire<br />
safety standards<br />
60<br />
www.risk-uk.com<br />
According to the Home Office’s fire statistics<br />
for Great Britain, there were 22,000 fires in<br />
commercial buildings between April 2013<br />
and March the following year. In 64% of those<br />
premises with installed detectors, the<br />
technology failed to operate due to – among<br />
other reasons – the poor positioning of<br />
equipment, incorrect installation and/or the<br />
incompatibility of fire technologies. Many of<br />
these issues would be resolved if unskilled,<br />
untrained technicians were prevented from<br />
installing or servicing vital fire safety systems.<br />
Recognition that the legislation for fire safety<br />
needed to be simplified resulted in the<br />
Regulatory Reform (Fire Safety) Order 2005 in<br />
England and Wales, with separate legislation<br />
introduced for Scotland in 2006 and Northern<br />
Ireland in 2010. The Order is designed to<br />
provide a minimum fire safety standard for<br />
commercial premises and designates the<br />
Responsible Person. That individual is required<br />
to perform certain fire safety duties which<br />
include carrying out a fire risk assessment,<br />
producing a fire safety policy, developing safety<br />
procedures, undertaking staff training,<br />
implementing fire drills and providing and<br />
maintaining a clear means of escape.<br />
The Responsible Person is the individual with<br />
control of a workplace. However, in the case of<br />
a prosecution for an offence under the Order, a<br />
director or manager could face criminal charges<br />
with consequential prison sentences and/or<br />
fines if they’re the nominated Responsible<br />
Person. To date, there have been 223<br />
prosecutions of Responsible Persons in 2017,<br />
which represents a 14% increase on last year.<br />
Fires need three elements to burn: a source<br />
of ignition (heat), a source of fuel (materials<br />
that burn) and oxygen. Employers, building<br />
owners and occupiers must carry out a fire<br />
safety risk assessment and keep it updated.<br />
This fire safety risk assessment should identify<br />
potential sources of ignition, substances that<br />
may burn and those personnel who may be at<br />
risk. Based on the findings, employers must<br />
then ensure that adequate and appropriate fire<br />
safety measures are in place to minimise the<br />
risk of injury or loss of life.<br />
The Fire Safety (Employees’ Capabilities)<br />
Regulations place a responsibility on employers<br />
to consider the capabilities of their employees<br />
as regards Health and Safety when entrusting<br />
them with fire safety-related tasks. Such tasks<br />
include carrying out fire risk assessments and<br />
being a nominated fire warden or marshal.<br />
Employers need to ensure their employees have<br />
the requisite training, skills and experience in<br />
place for their delegated tasks.<br />
In supporting the Regulatory Reform (Fire<br />
Safety) Order, the Department for Communities<br />
and Local Government (DCLG) has published a<br />
number of guidance documents to assist<br />
employers in meeting their responsibilities.<br />
Impact of false alarms<br />
Under the Government’s Localism Act (ratified<br />
in February 2012), Fire and Rescue Authorities<br />
have the right to charge for attendance at false<br />
fire alarm episodes caused by malfunctioning<br />
or poorly installed detection systems. An<br />
example is the London Fire Brigade who<br />
introduced a stringent rule to charge<br />
organisations if they have more than nine false<br />
alarm call-outs at their premies in a given year.<br />
The legislation was brought in to encourage<br />
UK businesses to regularly maintain their fire<br />
alarms and reduce the cost and time lost by<br />
Fire and Rescue Services due to attending<br />
unwanted fire alarm signals (ie false alarms<br />
that are passed to the Fire and Rescue Service<br />
for action). The maintenance of fire alarm<br />
systems forms part of fire risk assessments and<br />
is the remit of the Responsible Person.<br />
According to the Fire Industry Association<br />
(FIA), false alarms generated from remotely<br />
monitored fire detection and fire alarm systems<br />
cost businesses and Fire and Rescue Services<br />
an estimated £1 billion per annum in the UK. In<br />
2014-2015, unwanted fire alarms caused by
Evaluating Fire Safety Standards<br />
equipment accounted for two-thirds of all false<br />
alarms, amounting to a total of 143,500. This<br />
DCLG figure is slightly lower than for the<br />
previous year, but it’s still unacceptably high.<br />
Fire detection systems shouldn’t cause<br />
unwanted alarms. If an organisation suffers<br />
from excessive occurrences of false fire alarms,<br />
the root cause is either poor technology or poor<br />
service and maintenance support, both of<br />
which are addressable issues.<br />
The effect that false alarms have on business<br />
continuity is immense. Lost working hours and<br />
the upheaval of evacuating premises adds up to<br />
significant financial loss. Even a short<br />
evacuation would cost a large supermarket in<br />
excess of £20,000, an airport £35,000 and a<br />
London Underground station something in the<br />
region of £53,000.<br />
False alarm call-outs not only impact host<br />
organisations themselves in terms of loss of<br />
earnings and loss of reputation, but are also a<br />
public safety issue. When alarms go off<br />
repeatedly, there’s a tendency for people to<br />
disregard them and, in the case of a real fire<br />
scenario, complacency could further endanger<br />
lives. Today’s technology helps in addressing<br />
this issue. It really is a false economy to install<br />
fire detection systems that place members of<br />
the public and organisations at risk.<br />
EN 16763 under evaluation<br />
Following five years of planning, the EN 16763<br />
‘Services for Fire Safety and Security Systems’<br />
Standard places the focus on service delivery.<br />
Every aspect is included from planning through<br />
to design, commissioning, installation and final<br />
handover. Importantly, this new standard spells<br />
out the expected level of service at each<br />
individual stage, bringing a new benchmark of<br />
quality to the fore in the fire sector.<br />
Furthermore, this standard also aims to<br />
improve the quality of service delivery by<br />
specifying the level of competence, knowledge<br />
and understanding required of a company and<br />
the individuals employed within.<br />
The Regulatory Reform (Fire Safety) Order<br />
2005 states that an individual delivering a<br />
service must be ‘competent’. However, this is<br />
merely defined as ‘a person who has sufficient<br />
training and experience or knowledge and other<br />
qualities to enable them to properly implement<br />
the measures referred to in the Order’. EN<br />
16763 aims to create a uniform benchmark for<br />
service provision across the fire industry,<br />
subsequently improving levels of education and<br />
experience and increasing professionalism.<br />
The FIA and a number of companies across<br />
the sector have supported the creation of this<br />
new standard and service providers will be<br />
expected to comply. There may be a move to<br />
write the standard into the BAFE and LPCB<br />
certification schemes over time. As has been<br />
widely publicised, the FIA will soon be<br />
delivering accredited courses to providers,<br />
offering a recognised qualification that meets<br />
the requirement of the new standard.<br />
Selecting suppliers<br />
When end users are seeking fire safety solution<br />
providers, it’s vital that they select companies<br />
wholly committed to interpreting customer<br />
specifications, ensuring the relevant legislation<br />
and British Standards are met and considering<br />
the impact on Health and Safety and the<br />
environment. This will require full compliance<br />
with the relevant BS, EN and LPCB documents.<br />
For fire detection systems, adherence to LPS<br />
1014 and BAFE SP201 is important as this very<br />
much predetermines the right approach to<br />
design and design management. All operational<br />
staff from sales through to engineering and into<br />
management should be fully-trained (by way of<br />
an accredited course) on all parts of BS 5839.<br />
This is the Code of Practice that prescribes the<br />
manner in which fire detection and fire alarm<br />
systems are designed, installed, commissioned<br />
and serviced here in the UK.<br />
Caution needs to be observed regarding fire<br />
detection equipment which is covered by BS EN<br />
54-2. End users cannot solely rely on the CE<br />
Mark. They also need to check the Declaration<br />
of Performance to ensure the equipment fulfills<br />
specification requirements. A fire alarm panel<br />
may be approved to BS EN 54-2, but this<br />
product standard does allow for options with<br />
requirements. An example would be two fire<br />
alarm panels, both approved, but one including<br />
coincidence detection Type A and the other<br />
coincidence detection Type B. This information<br />
will appear in the Declaration of Performance.<br />
It’s vital that the correct one is chosen in order<br />
to meet the specification and not simply the<br />
requirements listed in BS EN 54-2.<br />
Fire safety standards and regulations are<br />
designed to save lives and protect both people<br />
and property. For their part, business owners<br />
must take a responsible approach to the Health<br />
and Safety of all personnel on their premises.<br />
Likewise, solution providers within the fire<br />
industry should be wholly focused on the<br />
delivery of intelligent technology.<br />
Don Scott: Fire Engineering<br />
Consultant at Siemens<br />
Building Technologies<br />
“If an organisation suffers from excessive occurrences of<br />
false fire alarms, the root cause is either poor technology<br />
or poor service and maintenance support, both of which<br />
are addressable issues”<br />
61<br />
www.risk-uk.com
Breached Fire Compartmentation in<br />
Buildings: Reducing The Risk<br />
Back in 2007, Building<br />
Regulations Approved<br />
Document B was<br />
introduced and<br />
required that buildings<br />
be sub-divided into a<br />
number of discreet<br />
compartments or cells<br />
by dint of construction<br />
materials being used<br />
to prevent the<br />
passage of fire from<br />
one cell to another for<br />
a given period of time.<br />
Richard Sutton<br />
focuses on fire<br />
compartmentation and<br />
how regular fire risk<br />
assessments can help<br />
to reduce risk and<br />
prevent breaches<br />
Compartmentation was introduced to<br />
contain fires, based on the fact that large<br />
fires are more dangerous to occupants,<br />
members of the Fire and Rescue Service and<br />
people located nearby. Fire compartmentation<br />
is also effective in limiting damage to a building<br />
and its contents and is an important factor in<br />
reducing the risk of fire spread.<br />
Designed to protect ‘means of escape’ routes<br />
from a building, compartmentation is<br />
particularly important where there’s minimal<br />
fire separation other than the means of escape,<br />
for example in a simple office building served<br />
by a single flight of stairs. In this instance, the<br />
floor area may be open plan with no partitions.<br />
However, the stairs should be enclosed by fire<br />
walls (and fire doors) to ensure that a fire<br />
within any part of the accommodation cannot<br />
pass through to the stairway.<br />
Spaces that connect fire compartments, such<br />
as stairways and service shafts, are described<br />
as ‘protected shafts’ and play a vital role in<br />
restricting fire spread between compartments.<br />
Larger buildings have greater reliance on fire<br />
compartmentation. In high rise residential<br />
structures, each flat is generally treated as its<br />
own ‘cell’. Fire spread from one cell to another<br />
shouldn’t occur. Depending on the size of the<br />
flat, additional fire separation is often included<br />
to protect the occupants’ means of escape.<br />
Regular, in-depth fire risk assessments are<br />
essential for ensuring the integrity of fire<br />
compartmentation. Often, such risk<br />
assessments don’t extend to inspections being<br />
made above ceilings (or below floors) to ensure<br />
that the fire compartmentation hasn’t been<br />
breached. This could be an expensive mistake<br />
that badly affects the fire safety of a building.<br />
Fire compartmentation should be assessed<br />
and reasonable endeavours made to at least<br />
sample fire stopping in areas where there’s<br />
obvious potential for penetration. The reason is<br />
that smoke travels quickly (at between 15 and<br />
90 metres per minute, in fact). Studies have<br />
shown that 67% of fire-related deaths are<br />
through smoke inhalation, while 44% of those<br />
deaths involve people who were not in the<br />
room from where the fire originated.<br />
Material alterations<br />
Due to the age of many public and private<br />
sector buildings, there will have been various<br />
alterations to building fabric and layout during<br />
their lifetime. It’s good practice to carry out a<br />
pre-works survey if any refurbishment is<br />
planned to ensure that penetrations in firerated<br />
constructions are identified, assessed<br />
and managed (therefore keeping track of any<br />
material alterations that do take place).<br />
It may be the case that records of any<br />
breaches in compartmentation and control over<br />
many aspects of fire protection may be limited.<br />
Plans could be out-of-date and not truly reflect<br />
the building as it stands today. In order to<br />
establish the current condition of the building –<br />
and, specifically, the compartmentation – an indepth<br />
survey should be conducted. This must<br />
provide a detailed record of the location and<br />
condition of compartmentation, take note of<br />
penetrations and outline remediation works.<br />
This can form the basis of a ‘working<br />
document’ that may be used alongside costing<br />
exercises and planning for remediation works.<br />
Such an approach can help focus available<br />
resources on areas of high importance, as well<br />
as providing a comprehensive tracking system<br />
to record where upgrade works have been<br />
carried out as well as detailing future works<br />
that may otherwise be overlooked.<br />
Recently, we were called in to conduct risk<br />
inspection and remediation works on the fire<br />
compartmentation across a number of<br />
62<br />
www.risk-uk.com
Building Regulations Approved Document B and Fire Risk Assessments<br />
buildings in the North West. Following these<br />
inspections, our team found that the fire<br />
compartmentation to these buildings had been<br />
breached and was no longer providing an<br />
effective fire barrier. The breaches were mainly<br />
occurring above ceiling level or within littleused<br />
cupboards and risers which were hidden<br />
from normal view.<br />
On further analysis, we found that there were<br />
three main causes for the breaches. First, it was<br />
revealed that fire stopping hadn’t been<br />
completed correctly at the initial installation.<br />
These buildings had been constructed within<br />
the last decade, so fire compartmentation was<br />
part of the Building Regulations at this time.<br />
Second, repair and maintenance activities had<br />
been carried out since the building was<br />
occupied, but without adequate fire stopping.<br />
Finally, parts of the building had been<br />
remodelled and refurbished, but again without<br />
adequate fire stopping.<br />
Detailed analysis: the procedure<br />
Our detailed survey of the fire<br />
compartmentation and fire breaches was<br />
carried out at weekends and overnight using a<br />
smart phone-enabled survey system. Each<br />
penetration was marked with a QR code and<br />
unique identification number and<br />
photographed for future reference. Building<br />
layout drawings were also marked with every<br />
penetration, which included instances of the<br />
wrong fire stopping material being used.<br />
Our FIRAS-accredited team was then<br />
appointed to complete the works to make all<br />
compartmentation fire safe. Each time we made<br />
safe a fire penetration it was captured on our<br />
survey system and photographed. After all the<br />
works were completed, the client was supplied<br />
with comprehensive reports detailing all of the<br />
works, materials used and drawings.<br />
In these cases, the building owners can be<br />
assured that the fire compartmentation system<br />
will operate to the required specification, which<br />
includes giving occupants a certain number of<br />
minutes in which to escape.<br />
If installed correctly, fire separation solutions<br />
do harbour an enviable success rate. That said,<br />
breaches through compartment walls, floors<br />
and ceilings can cause smoke, gases and fire to<br />
spread through escape routes to other parts of<br />
a building. As well as allowing fire spread, it<br />
also hinders the Fire and Rescue Services’<br />
operations and can place firefighters at an<br />
increased risk.<br />
Breaches in compartmentation are often<br />
down to a lack of control over external<br />
contractors when carrying out works. Building<br />
owners and facilities managers should make<br />
“It’s good practice to carry out a pre-works survey if any<br />
refurbishments are planned to ensure that penetrations in firerated<br />
constructions are identified, assessed and managed”<br />
sure that contractors are aware of the<br />
importance that passive fire protection plays<br />
and that they need to ensure any breaches are<br />
adequately catered for in an appropriate<br />
manner. Training may also have to be given to<br />
persons carrying out fire risk assessments to<br />
ensure there’s sufficient knowledge in terms of<br />
the location and type of fire compartmentation,<br />
its function and the importance of maintaining<br />
it to achieve the expected level of fire<br />
resistance. Alternatively, a good way of<br />
reducing any risk is to bring in an external<br />
company to take care of fire risk assessments.<br />
Good fire safety design requires a<br />
combination of passive (compartmentation and<br />
sub-compartmentation by fire and smoke<br />
barriers) and active (automatic fire detection<br />
and fire suppression systems) fire safety<br />
systems, in addition to sound building<br />
management that fully understands and<br />
delivers on the building’s fire strategy.<br />
Strategies need to be driven from the top and<br />
backed by sufficient training to ensure those<br />
who commission refurbishments and the<br />
contractors that carry out the works are fully<br />
aware of and understand fire compartmentation<br />
and the implications for breaching this during<br />
refurbishment tasks. Failure to do this could<br />
lead to seriously increased levels of risk within<br />
a building and direct contravention of the<br />
Regulatory Reform (Fire Safety) Order 2005.<br />
Risk of fire spread<br />
One tragic case in recent times is that of<br />
Lakanal House, where fire compartmentation<br />
had been breached and inadequate fire<br />
provision was unearthed. Within 30 minutes of<br />
the first 999 call, the fire had spread<br />
throughout the block of flats in London with a<br />
speed and ferocity that baffled firefighters.<br />
One of the contributory factors to the quick<br />
fire spread was said to be a failure to adhere to<br />
fire guidelines in respect of compartmentation<br />
during refurbishment works. This would have<br />
been picked up by a thorough fire risk<br />
assessment. The escape routes, including an<br />
internal staircase, were found to be<br />
inadequately compartmented, which meant<br />
that fire travelled from the flats to the corridors,<br />
preventing occupants from being able to make<br />
a quick exit. This high-profile case highlights<br />
that fire compartmentation needs to be<br />
regularly inspected and all breaches remedied.<br />
Richard Sutton:<br />
General Manager at Horbury<br />
Property Services<br />
63<br />
www.risk-uk.com
Chemical and Biological Terrorism:<br />
Should We Insure The Risk?<br />
When conversations<br />
turn towards terrorism<br />
risks and<br />
‘insurability’,<br />
chemical and<br />
biological incidents<br />
rank among the most<br />
feared of all episodes.<br />
Even at the level of<br />
terrorism reinsurance<br />
pools on the global<br />
stage, there tends to<br />
be a marked variation<br />
in the degree of cover<br />
provided for such<br />
events. Dan Kaszeta<br />
and Rachel Carter<br />
examine a rather<br />
complex issue<br />
*The Security Institute is the<br />
UK’s largest membership<br />
organisation for security<br />
professionals. For more<br />
information visit the website:<br />
www.security-institute.org<br />
Traditionally, there are only a limited<br />
number of Lloyd’s syndicates who provide<br />
cover for chemical and biological terrorism.<br />
Lloyd’s requires a series of scenarios on which<br />
to base decisions and, in the development and<br />
modelling effort to make these Lloyd’s<br />
scenarios, the industry has traditionally cited<br />
the most extreme and, it must be said,<br />
relatively improbable situations.<br />
The key questions for the insurance industry<br />
are ‘What is the relative risk?’ and ‘What’s the<br />
probability of the risk materialising?’ (always<br />
bearing in mind that, where chemical and<br />
biological terrorism’s concerned, there are few<br />
event precedents to assist with the<br />
underwriting process).<br />
Is it most appropriate to continue the status<br />
quo practice of looking at the exceptionally<br />
difficult and resource-intensive ‘doomsday<br />
scenarios’? Alternatively, could we begin to<br />
collaborate with experts from the military and<br />
others within the chemical and biological<br />
industries to discern the realistic realm of<br />
probability given the costs, the likely outcome<br />
of an attack, the resources required and the<br />
chances of such a plot being foiled?<br />
Obviously, the insurance industry must<br />
remain conservative to ensure sufficient capital<br />
reserves that cover against potential losses.<br />
However, looking at the reality and the risks<br />
associated with chemical and biological<br />
terrorism, this unearths an area where existing<br />
insurers could expand traditional terrorism<br />
offerings. Should the commercial insurance<br />
industry take more of this risk, particularly so<br />
in a ‘soft’ market environment where this<br />
opportunity provides a potential additional<br />
revenue stream?<br />
If we start to recalibrate our models to<br />
become more reflective of reality then we need<br />
to begin using realistic information from<br />
security officials and others who understand<br />
the mechanisms by which an attack can be<br />
carried out, discern the quantities of the<br />
chemicals (or biological agents) required and<br />
their propensity to kill or harm others.<br />
Closer interaction with the security services,<br />
the military and other chemical specialists will<br />
help gauge greater understanding of the threat<br />
posed. From an insurer’s viewpoint, what would<br />
the cost of a recovery effort look like and might<br />
business interruption insurance expenditure be<br />
likely? This may also whet the appetite of<br />
alternative capital suppliers who could be<br />
looking to diversify portfolios in an area where<br />
there are presently few commercial insurers<br />
writing cover.<br />
Addressing the myths<br />
Back in March, the Journal of Terrorism and<br />
Cyber Insurance ran an industry seminar<br />
designed to educate the insurance industry on<br />
the reality of chemical and biological terrorism<br />
and how each chemical or biological agent<br />
could be used in a potential attack. The<br />
seminar was designed to dispel some of the<br />
myths and scaremongering such that insurers<br />
could then develop a more informed knowledge<br />
base upon which to underwrite the risk.<br />
One of the challenges is that there’s<br />
insufficient data on attacks of this nature, while<br />
that which does exist isn’t co-ordinated. There<br />
are few experts who understand chemical and<br />
biological risks and even less insurers who’ve<br />
engaged these individuals to assist with<br />
scenario design. On the data side, the industry<br />
should start to develop data based on a variety<br />
of capabilities, terrorist events and other<br />
attacks which could then be translated into a<br />
chemical or terrorist attack.<br />
In the interim, and viewing the risk at a more<br />
technical level, there’s potential for the number<br />
of offerings to increase and, therefore, for the<br />
64<br />
www.risk-uk.com
The Security Institute’s View<br />
penetration of these risks within the<br />
commercial insurance market to increase.<br />
The myths associated with chemical and<br />
biological terrorism are not merely due to fear<br />
or conservatism within the insurance sector.<br />
Hollywood and modern social media have much<br />
to blame for the circulation of half-truths,<br />
misnomers and urban legends. Further,<br />
conspiracy theories prey on ignorance and<br />
misperception, making matters even worse. As<br />
one of the key effects of terrorism is, by<br />
definition, terror, there’s much that can be done<br />
in mitigation of the threat. That being so, let’s<br />
address some of the misconceptions.<br />
The first generation of chemical weapons<br />
were true gases: chlorine and phosgene. The<br />
Hollywood chemical attack of a wall of purple<br />
fog chasing people down the street makes for<br />
good drama, but it’s inaccurate. ‘Poison gas’<br />
and ‘Gas warfare’ became enshrined in the<br />
public lexicon. However, most chemical warfare<br />
agents introduced since 1917 are not gases at<br />
normal temperatures. Most are liquids, albeit<br />
with varying degrees of volatility (ie the<br />
propensity to evaporate). Even so-called<br />
‘Mustard Gas’ isn’t really that: its real name is<br />
Sulfur Mustard and, in truth, it’s a liquid.<br />
It’s also important to remember that, even<br />
when they’re in vapour form, the majority of<br />
chemical warfare agents (and all the biological<br />
ones in aerosol form) are heavier than air. This<br />
is also useful for context in terms of assessing<br />
the risks to insurers. From an insurance<br />
perspective, there’s less appeal in the use of<br />
such chemical agents because there’s no<br />
associated spectacle which can then be shown<br />
to the media as a spectacle of the terror event.<br />
Without any shocking visual display, it’s<br />
unlikely that there will be the pull towards such<br />
methodologies for perpetrating terror attacks.<br />
‘One drop can kill’<br />
Journalists are keen to use phrases like ‘only a<br />
milligram of X will kill someone’, but these<br />
statements reveal a fundamental gap between<br />
theoretical toxicology and the practical<br />
mechanics of dispersing chemical or biological<br />
weapons. Chemical and biological weapons are<br />
highly dependent on a wide variety of variables<br />
such as weather and their mechanical design.<br />
They rely not just on chemistry and biology, but<br />
also on physics. Gases, vapours, aerosols,<br />
liquids, solids and microbes all need some way<br />
of accessing the human body (the ‘route of<br />
exposure’ in technical speak). There’s simply no<br />
defying either physics or logic.<br />
In theory, it only takes 50 mg of Sarin in a<br />
cubic meter of air to kill. In all likelihood, an<br />
air-dropped bomb which occurred in April this<br />
year containing perhaps 90 kg of Sarin<br />
managed to kill 70 to 100 people. In 2013,<br />
something like 800-1,000 kg of Sarin killed in<br />
the region of 1,400 individuals (counts vary) in<br />
Ghouta, Syria. These incidents serve to<br />
illustrate the gap between theory and practice.<br />
It’s easy to slip into apocalyptic metaphors<br />
when discussing this strain of terrorism and<br />
then for apocalyptic insurance scenarios to be<br />
developed. However, doing so works as a force<br />
multiplier for bad people attempting to do bad<br />
things. To date, the majority of terrorism<br />
incidents in this field have been hoaxes<br />
involving innocuous substances.<br />
Although competent professionals can sit<br />
down and calculate horrific outcomes, these<br />
scenarios represent the rare worse case<br />
development and do little to help us<br />
understand the threat or, in the context of<br />
insurance, the probability of occurrence and a<br />
loss materialising. Likely scenarios tend to have<br />
mediocre and inefficient employment.<br />
Incremental use<br />
One thing that’s usually overlooked in<br />
commentary on chemical and biological<br />
weapons is the likelihood of incremental use.<br />
For the insurance industry, this information is<br />
key as it’s one of the critical factors which need<br />
to be taken into account when underwriting<br />
chemical and biological terrorism insurance<br />
products and setting appropriate limits, event<br />
sub-limits and capital allocation and pricing the<br />
risks in an adequate manner.<br />
Historically, chemical and biological weapons<br />
that are actually effective at causing<br />
widespread impact are the result of both the<br />
accumulation of large quantities of chemical<br />
and biological warfare materials and extensive<br />
testing and development efforts. Fine-tuning<br />
the physical mechanisms for dissemination of<br />
these materials in a form that will cause harm<br />
(and without destroying the materials in the<br />
process) turns out to require mastery of many<br />
variables. Even the large nation states had to<br />
resort to much trial and error to gradually arrive<br />
at weapon designs that worked in practice.<br />
Terrorist groups are not likely to commit to<br />
testing regimes to fine-tune a device, and<br />
neither are they necessarily going to patiently<br />
accumulate large quantities of it if, in doing so,<br />
they expend scarce resources and greatly<br />
increase the likelihood of their discovery.<br />
Dan Kaszeta:<br />
Managing Director at<br />
Strongpoint Security<br />
Rachel Carter PhD (Candidate)<br />
BA (Hons) LLB (Hons) MSyI:<br />
Managing Director of Carter<br />
Insurance Innovations and<br />
Manager and Co-Founder of<br />
the Journal of Terrorism and<br />
Cyber Insurance<br />
“There are few experts who understand chemical and<br />
biological risks and even less insurers who’ve engaged<br />
these individuals to assist with scenario design”<br />
65<br />
www.risk-uk.com
People Power: The Benefits of Security<br />
Awareness and Vigilance Programmes<br />
Security awareness<br />
and vigilance<br />
programmes help to<br />
support and better<br />
enable other security<br />
applications to<br />
function, be they<br />
physical, technical or<br />
operational in nature.<br />
As Andy Davis<br />
explains, they’re not a<br />
substitute for those<br />
other measures, but<br />
rather an enhancer<br />
and an enabler of<br />
them to be more<br />
effective in their<br />
management of risk<br />
and asset protection<br />
Andy Davis MSc CSyP FSyI CPP:<br />
Managing Director at Trident<br />
Manor, a Member of the ASIS<br />
UK Committee and a Member of<br />
the ASIS International Cultural<br />
Properties Council<br />
Friday 12 May reinforced the power that<br />
people wield in both attempting to destroy<br />
and protect organisations. The release of<br />
the WannaCry ransomware crippled the UK’s<br />
National Health Service (NHS), causing the<br />
cancellation of operations and appointments<br />
and costing millions of pounds to rectify<br />
systems. It wasn’t just the UK or the NHS that<br />
was impacted, either, with reports suggesting<br />
that over 100,000 organisations and upwards of<br />
200,000 individuals in over 150 countries were<br />
also badly affected.<br />
This problem was ‘human created’: the<br />
ransomware was scripted in the first instance<br />
before being intentionally released. It was then<br />
‘human activated’ by people opening e-mail<br />
attachments and spreading it across networks.<br />
WannaCry was also ‘human defeated’ thanks to<br />
the efforts of a 22 year-old ‘ethical hacker’ from<br />
the South West of England.<br />
At the highest levels, vulnerabilities were<br />
identified – and exploited – by the National<br />
Security Agency. Opportunities to manage and<br />
mitigate the risks were not taken, and although<br />
Microsoft did issue warnings, was it simply a<br />
case of too little too late? Could more have<br />
been done – and particularly so at the<br />
organisational level – to better educate<br />
workforces about the risks that exist and the<br />
part they can play in managing them?<br />
The answer is a resounding ‘Yes’ and, while<br />
we cannot remove all risks, what we can do is<br />
manage and mitigate them by adopting a<br />
sensible, structured and organisation-wide<br />
approach. Part of this should involve the<br />
proactive use of security risk management<br />
awareness and vigilance programmes.<br />
A security awareness and vigilance<br />
programme is simply a means of educating and<br />
training a workforce, a group of employees or<br />
specific individuals about existing or<br />
anticipated security risks that can affect the<br />
business and the steps needed to manage<br />
them. The programme should be risk-based and<br />
organisation specific. An American company<br />
that I recently visited required its programme to<br />
include advice on ‘Active Shooters’ and supply<br />
chain theft. A UK-based charity operating in<br />
Africa would have different priorities, including<br />
the need for awareness on personal security.<br />
A security awareness and vigilance<br />
programme doesn’t have to be labelled as such,<br />
but it should be a ‘whole of life’ commitment<br />
and a continuous process. Just having an<br />
induction process in isolation is a good start,<br />
but the benefits will be minimised unless it’s<br />
followed up and constantly reviewed. If risks<br />
are not static, why should the process of<br />
educating an organisation about them be so?<br />
Based on wider needs<br />
A security awareness and vigilance programme<br />
must work collaboratively across the<br />
organisation and be based on wider needs than<br />
just traditional theft, loss and injury scenarios.<br />
An example would be the use and control of<br />
illegal drugs in the workplace. This may be a<br />
Human Resources-centric responsibility, but it<br />
also affects Health and Safety, operations and,<br />
of course, security. Therefore, by ensuring that<br />
a collective message is being delivered, the<br />
programme is supporting other disciplines in<br />
protecting organisational assets.<br />
Any awareness programme must be<br />
proactive. In essence, it should be a part of the<br />
organisational culture and be a feature from<br />
induction to departure from the organisation<br />
and from the Boardroom to the office, shop or<br />
factory floor. A security awareness programme<br />
must be the storyboard and media/messaging<br />
outlet for all security matters.<br />
During any risk management process where<br />
incident types are identified, the awareness<br />
programme should be used as a means of<br />
highlighting the risks and providing guidance<br />
on their management as well as organisational<br />
expectations. When used proactively, the<br />
programme can provide confirmation of risks<br />
that exist and, indeed, their extent, which in<br />
many cases would otherwise go unreported.<br />
An instance of this was in an office-based<br />
scenario where several petty thefts occurred<br />
from desks. The information was shared with<br />
the workforce with an intention of preventing<br />
further incidents, increasing vigilance and<br />
providing a means of communicating concerns<br />
or reporting suspicions.<br />
Due to the alert, other incidents were<br />
reported which enabled an analysis of the data<br />
to be undertaken and a timeline identified. This<br />
enabled physical and procedural measures to<br />
be introduced, the frequency of offences to be<br />
reduced and offenders to be identified and<br />
dealt with in the appropriate fashion.<br />
66<br />
www.risk-uk.com
In the Spotlight: ASIS International UK Chapter<br />
How a security awareness and vigilance<br />
programme is delivered will depend on the host<br />
organisation and the resources it’s able to<br />
allocate. In line with a proactive approach, and<br />
being a part of the organisational culture, initial<br />
exposure to the programme should be during<br />
induction to the business. Only by reaching out<br />
at these early stages and continuing<br />
throughout the whole life of organisational<br />
engagement will security awareness and<br />
vigilance become an accepted part of the<br />
organisation’s culture.<br />
There’s a wide range of delivery methods that<br />
can be adopted for the induction process which<br />
may include being integrated into a wider<br />
organisational package, face-to-face briefings<br />
with a member of the security team or even the<br />
introduction of e-Learning packages.<br />
Following on from the induction process, the<br />
information sharing can be in the form of<br />
briefings, security alerts and bulletins, posters<br />
and means of visual notification, workshops<br />
and videos that are organisation and riskspecific<br />
(ie focusing on areas such as access<br />
control and travel management).<br />
What about the content?<br />
As has already been mentioned, the programme<br />
should be organisation specific and risk-based.<br />
Also, it should work collaboratively with other<br />
teams within the organisation. Therefore,<br />
agreeing the scope and remit – even where<br />
overlap exists – is an important part of<br />
establishing the programme’s content.<br />
Once established, the content can include<br />
advice (general in nature) and guidance (more<br />
specific and work/task-related) on a wide range<br />
of subjects including personal security (advice),<br />
access control (guidance), travel security<br />
(advice), workplace violence (guidance),<br />
substance abuse (advice and guidance), office<br />
security (advice and guidance) and emergency<br />
actions (advice and guidance). The list is<br />
literally endless and, inevitably, will vary from<br />
one organisation to the next.<br />
A correctly developed security awareness and<br />
vigilance programme should create a culture of<br />
acceptance that security is everybody’s<br />
responsibility and emphasise that everyone has<br />
a part to play in protecting themselves and the<br />
business from security risks. When used<br />
proactively, such a programme creates levels of<br />
trust between the workforce and those within<br />
dedicated security roles.<br />
The end result is that simple tasks can be<br />
shared, instead of everything being the sole<br />
remit of the security team. Examples here<br />
include reporting suspicious activities and the<br />
malfunction of protective measures (ie security<br />
lights not working, breaks in perimeter fencing<br />
lines and internal thefts).<br />
A correctly used awareness and vigilance<br />
programme can improve welfare, limit exposure<br />
to activities that could result in negligence<br />
claims and increase productivity. While there’s a<br />
cost associated with the introduction and<br />
maintenance of such a programme, it’s far less<br />
than the introduction of technical solutions<br />
and, in many cases, more effective.<br />
Two examples clearly illustrate the benefits.<br />
In one instance, a senior member of a<br />
management team was in an international<br />
airport and duped into leaving his bag alone<br />
while helping a couple. The bag was stolen<br />
along with his wallet, passport and visas,<br />
laptop, access cards and passwords.<br />
As a result, the individual involved was out of<br />
action for three weeks, with possible data<br />
breaches and delays to the project. There were<br />
additional costs associated with sending items<br />
to him and the reissuing of documentation as<br />
well as other staff disruption.<br />
In the other scenario, an executive received a<br />
location-specific briefing that outlined the<br />
crime issues in the areas he was transiting,<br />
Thanks to an advanced briefing, the executive<br />
was aware and identified many of the indicators<br />
that had been previously outlined. When he<br />
was approached by third parties, he could deal<br />
confidently with the situation in front of him.<br />
“During any risk management process where incident<br />
types are identified, the awareness programme should be<br />
used as a means of highlighting the risks and providing<br />
guidance on their management”<br />
67<br />
www.risk-uk.com
In conjunction with<br />
the all-new Fire<br />
Industry Association<br />
(FIA) Awarding<br />
Organisation, the FIA<br />
is releasing not one,<br />
but four new formal<br />
qualifications in fire<br />
detection and alarm<br />
systems. These<br />
qualifications will be<br />
officially launched<br />
during FIREX<br />
International, which<br />
runs at London’s<br />
ExCeL from 20-22<br />
June. Ian Gurling<br />
fleshes out the detail<br />
Ian Gurling: Manager of the<br />
Fire Industry Association’s<br />
Awarding Organisation<br />
Fire Detection and Alarm Systems:<br />
Appraising The New Qualifications<br />
There will be a range of seminars and<br />
workshops running at FIREX International<br />
to help delegates and visitors understand<br />
more about what’s actually involved, as well as<br />
a large FIA networking area where it will be<br />
possible to meet with FIA staff and ask<br />
questions on a one-to-one basis, but ahead of<br />
focusing on the actual content of the new<br />
qualifications, what exactly is the Fire Industry<br />
Association Awarding Organisation?<br />
Essentially, it’s a nationally regulated<br />
organisation that’s quality assured on an<br />
external basis by Ofqual, the QIW and the CCEA<br />
specifically for the purpose of setting<br />
qualifications. The same regulators are<br />
responsible for the standards adhered to by the<br />
awarding bodies of GCSEs, A-Levels and<br />
vocational qualifications studied through<br />
schools and colleges nationwide.<br />
Therefore, learners and business owners<br />
looking to embark on the new educational<br />
pathway can be assured of the quality mark of<br />
the new qualifications and that those<br />
qualifications on offer are validated and<br />
properly approved with the relevant<br />
Government-authorised bodies.<br />
To get the qualifications off the ground, we<br />
started off by gaining recognition for the FIA<br />
with the regulators to be an awarding body – an<br />
Awarding Organisation, as they call us – and<br />
set up a new company within the FIA. The<br />
regulators wanted us to establish the business<br />
outside of the FIA with its own offices, but we<br />
managed to persuade them – by proving our<br />
integrity and via corporate governance – that<br />
we could do this within the organisation and<br />
still have a training arm as well.<br />
As for the qualifications themselves, the Fire<br />
Industry Association Awarding Organisation has<br />
developed separate qualifications for the job<br />
roles of installer, maintainer, designer and<br />
commissioner of fire detection and alarm<br />
systems. Each qualification is comprised of four<br />
units, all of which must have a pass recorded<br />
against them in order for the qualification to<br />
have been achieved by the learner.<br />
Common aspects of fire safety<br />
The first element is a Foundation Unit covering<br />
the common aspects of fire safety across all<br />
four roles including legislation and guidance,<br />
technology and how they relate to each other.<br />
We’ve also tailored the qualifications to account<br />
for regional variations so if you’re in Ireland, for<br />
example, we include IS 3218 etc for the various<br />
standards and requirements.<br />
Once a given individual has completed the<br />
Foundation Unit they can address the others in<br />
any order they wish. We have a Health and<br />
Safety Unit and an Environmental Unit. In the<br />
latter, we’re covering the environmental impact<br />
of a fire alarm system. For example, how to<br />
transport and handle ionisation detector heads<br />
and how to handle gaseous systems if an<br />
individual is working on them in any way.<br />
We also have the role-specific Advanced Unit<br />
for the ‘design, install, maintain and<br />
commission’ procedures. As stated, once all<br />
four units have a pass recorded against them,<br />
the qualification has been attained.<br />
What level of detail do the qualifications go<br />
into and what sort of technical content can be<br />
expected? The qualifications call for an in-depth<br />
technical knowledge, so it’s not just a simple<br />
matter of knowing what BS 5839 or IS 3218 (or<br />
any other number of standards on the syllabus<br />
for the qualifications) actually say. Technicians<br />
will have to be able to apply that knowledge.<br />
Understanding and interpretation will be<br />
absolutely key.<br />
The qualifications also explore many other<br />
areas such as legislation and the different<br />
technologies involved in a fire detection and<br />
alarm system. How does a point detector work?<br />
How does a beam detector or an aspirating<br />
detector function? What are the effects of a<br />
sound alarm system? What about the difference<br />
between bells and sounders? As for voice<br />
alarms, how do they operate?<br />
Depth of knowledge is going to be involved in<br />
the qualifications. The implications of a system<br />
as it’s attached to the fabric of a building are<br />
essential. How does it affect passive protection<br />
(fire stopping)? How does it affect and/or how<br />
is it affected by evacuation strategies? All of<br />
that is brought out in the new qualifications.<br />
Level of thought needed<br />
The difference here is that technicians will be<br />
able to develop professionally much further<br />
than before, simply because of the level of<br />
thinking required for the qualification. No<br />
longer will they simply be able to perform the<br />
various tasks that they need to carry out.<br />
Rather, they’ll now be able to use their<br />
knowledge of standards and legislation to know<br />
68<br />
www.risk-uk.com
FIA Technical Briefing: Formal Qualifications for the Fire Sector<br />
why certain things need to be done in a certain<br />
way. No longer is it a case of knowing what to<br />
do. It’s 2017. Now, it’s all about knowing why<br />
you’re doing it.<br />
The important thing to note here is that the<br />
study required for the qualifications is much<br />
wider. The examinations are set externally by<br />
the Awarding Organisation, so it will be<br />
impossible to ‘teach to the test’, meaning that<br />
candidates undertaking an examination must<br />
really have absorbed the knowledge and<br />
understanding in order to pass.<br />
Unlike during any other form of training<br />
where assessments are simply a test, the<br />
qualification examinations are a much more<br />
formal process. The benefit here is clear: a<br />
formal examination means that candidates<br />
must demonstrate not just that they can ‘parrot<br />
out’ the information they’ve been given ad<br />
nauseum, but also be able to analyse, apply<br />
and answer the examination questions<br />
correctly. Hopefully, this will mean that<br />
technicians are able to do the same once<br />
they’re out working in the field, using their new<br />
knowledge and deeper understanding to<br />
analyse and solve problems on a surer footing.<br />
We’ve developed a system whereby the<br />
formal examination is going to be conducted<br />
electronically. Learners will be provided with a<br />
tablet and they’re going to be asked to log-in to<br />
their own assessment paper online. That<br />
assessment paper will then be conducted live<br />
and the learner will receive a pass/fail result at<br />
the end of the process. That pass/fail result is<br />
provisional only on possible necessity that we<br />
need to investigate the conduct of the<br />
examination, in which case learners will be<br />
notified. Otherwise, after a two-week period,<br />
the test result is then duly confirmed.<br />
If the readers of Risk UK are wondering about<br />
other forms of training currently available from<br />
the FIA, and whether they’re still relevant, be in<br />
no doubt that this training will absolutely still<br />
be as beneficial to technicians resident in the<br />
fire industry as it ever was. The existing FIA<br />
units are incredibly valuable. They serve the<br />
industry very well indeed and remain just as<br />
relevant and current as they’ve ever done.<br />
‘Qualified technicians’<br />
Technicians undertaking current FIA training<br />
courses will still gain indispensable knowledge<br />
that will help them on the road to success.<br />
While they might receive a certificate of<br />
completion, that alone doesn’t make them<br />
‘qualified technicians’.<br />
This is a phrase that’s bandied around a lot<br />
within the fire industry, but as from the launch<br />
of the new qualifications, only those that have<br />
actually undertaken the qualifications and<br />
passed them successfully will be able to use<br />
the above moniker as a badge of proficiency<br />
and professionalism.<br />
Current FIA training courses remain popular<br />
due to their high level of technical knowledge<br />
and recognition within the industry among<br />
employers and technicians right across the<br />
board. The standard to be achieved is high and<br />
well respected, but the new qualifications go<br />
one step further, increasing the amount of<br />
content delivered and the degree of time spent<br />
in the classroom to develop levels of both<br />
knowledge and technical understanding.<br />
From now on, a higher bar has been set for<br />
the industry in a determined bid to increase the<br />
levels of professionalism throughout.<br />
“The examinations are set externally by the Awarding Organisation, so it<br />
will be impossible to ‘teach to the test’, meaning that candidates<br />
undertaking an exam must really have absorbed the knowledge to pass”<br />
69<br />
www.risk-uk.com
Engaging Times for Security Guarding<br />
solution providers deliver the support that<br />
officers require, both in terms of their training<br />
and development and when it comes to a<br />
simple sense of ‘belonging’?<br />
There’s a real danger here that firms are<br />
simply ‘ticking a box’ to satisfy procurement<br />
requirements without having any real capability<br />
(ie finance) to deliver on a genuine employee<br />
engagement/security officer welfare strategy.<br />
The scale of the problem shouldn’t be<br />
underestimated. Over the last three years or so,<br />
we’ve interviewed more than 200 officers<br />
across 20 different service providers and the<br />
end results of those discussions are, to say the<br />
very least, somewhat alarming.<br />
In today’s fast-moving<br />
and ever-changing<br />
business landscape,<br />
there’s a clear and<br />
present danger that<br />
security companies<br />
are simply ‘ticking the<br />
box’ to satisfy client<br />
procurement<br />
requirements without<br />
having any real<br />
capability (ie<br />
financing) to deliver<br />
on a genuine<br />
employee<br />
engagement/security<br />
officer welfare<br />
strategy. Steve<br />
Kennedy examines the<br />
overriding importance<br />
of attention to detail<br />
when it comes to<br />
personnel support<br />
Given the ever-increasing security threats<br />
that now pervade our world, it’s perhaps<br />
no surprise to learn that the private<br />
security industry has experienced<br />
unprecedented growth of late, in turn<br />
highlighting the need for qualified and reliable<br />
security personnel. High staff turnover rates,<br />
though, threaten to undermine the quality of<br />
the service being delivered on the ground.<br />
It’s no secret that the security guarding<br />
industry is under mounting pressure. Service<br />
providers are increasingly expected to do more<br />
with less. Their officers are stretched, expected<br />
to take on further responsibility and play an<br />
even greater role in liaising with the police and<br />
other agencies to keep people – and, by<br />
extension, the country – safe from that evergrowing<br />
list of threats.<br />
Whether such officers are properly equipped<br />
to manage this responsibility that has been<br />
thrust upon them is debatable. The ‘night<br />
watchman’ of old has had to evolve into a multidisciplined,<br />
multi-talented officer whose role<br />
now extends far beyond the front door.<br />
‘Security’ is only one part of their remit. Today,<br />
they’re expected to take responsibility for Front<br />
of House, the Post Room, general facilities and<br />
Health and Safety. They’re also expected to be<br />
motivated and engaged. On that basis, they<br />
should be justly remunerated, recognised and<br />
rewarded for the job they do on a daily basis.<br />
Herein lies the problem, though. How do you<br />
keep security officers motivated and engaged<br />
against a background of falling margins and an<br />
unseemly ‘race to the bottom’? When budgets<br />
are slashed, and only small single digit margins<br />
can be achieved, how might security guarding<br />
Disengaged officers<br />
Most of those security officers feel completely<br />
disengaged from their employer. They feel they<br />
work for the client rather than their employer as<br />
they have more direct day-to-day contact with<br />
the former. On the one hand, this may be seen<br />
as a positive. Officers feel ‘integrated’ and an<br />
essential part of the client’s workforce.<br />
The reality of the situation, however, is that<br />
officers can often go several months without<br />
any direct contact from their actual employer’s<br />
management team. The end result is a sense of<br />
isolation from their employer.<br />
When officers are spoken to by a member of<br />
the management team, it can be little more<br />
than a casual ‘How are you doing?’, a phrase<br />
used in passing and in no way intended as an<br />
invitation to hold a more detailed interview or<br />
for an appraisal to take place.<br />
Sometimes, the security officer has no more<br />
opportunity than to answer ‘OK’ and the<br />
‘interview’ is complete. This doesn’t make for a<br />
successful security officer engagement<br />
programme, nor can it be considered an<br />
appraisal (which are often offered by service<br />
providers as part of the tender process). In<br />
reality, those appraisals are rarely delivered.<br />
Out-of-hours mobile supervisor visits are<br />
another service offered as an alternative means<br />
of officer engagement, but for many repeatedly<br />
fall short in terms of their fundamental task.<br />
While looking good on paper and in theory, in<br />
practice a mobile supervisor typically only<br />
engages with a single member of a team, most<br />
usually the shift supervisor.<br />
More often than not, these visits result in<br />
security officers feeling that they’re being<br />
‘checked on’ instead of them being involved in<br />
any kind of meaningful interaction.<br />
70<br />
www.risk-uk.com
Security Services: Best Practice Casebook<br />
Poor communication<br />
In our experience, officers are more likely to<br />
open up to an auditor or third party<br />
representative than they would members of<br />
their own management team for fear of being<br />
reprimanded or, worse still, losing their job.<br />
This, too, is primarily a by-product of poor<br />
communication and inadequate engagement.<br />
As direct communication is scarce, officers<br />
begin to lose faith in their employer. They listen<br />
to rumour and hearsay, and are rarely given the<br />
full picture of how a company is performing in<br />
the real world. This is in no way conducive to a<br />
healthy working relationship.<br />
Another factor impacting the wider security<br />
officer engagement piece is the trend towards<br />
e-Learning. Whereas e-Learning undoubtedly<br />
has a significant role to play in keeping officers<br />
up-to-date with new ways of thinking, toolkits<br />
and training, etc, it’s now being delivered<br />
almost entirely at the expense of any personal<br />
interaction that would be experienced in the<br />
traditional classroom-style environment.<br />
Contract managers play an essential role in<br />
the management and motivation of their teams.<br />
Within the tenders we’ve seen, suppliers will<br />
state that each contract manager will look after<br />
12-to-15 sites (on average). However, the reality<br />
is that they can be looking after more than<br />
twice and sometimes three times that number,<br />
managing upwards of 30 clients at any one<br />
time. As such, they’re so overextended that<br />
they simply don’t have the time or the<br />
opportunity to offer meaningful engagement for<br />
each officer under their charge.<br />
This isn’t to suggest, it should be stressed,<br />
that contract managers are in any way<br />
meaningfully or purposefully negligent in their<br />
duties. Once again, it’s a factor of time and<br />
money. Their role is so demanding that they’re<br />
often dealing with the day-to-day, ongoing<br />
issues around pay, uniforms, discipline and<br />
other Human Resources-focused matters rather<br />
than engaging with their officers over welfare.<br />
Among those contract managers with whom<br />
we’ve spoken, the majority confess that officer<br />
engagement is a ‘tick in the box’ exercise<br />
designed to satisfy a tender’s criteria. It’s not,<br />
as it should be, an opportunity for conducting<br />
formal appraisals and staff development.<br />
Missed opportunity<br />
Why should service providers care about officer<br />
engagement? Put simply, those security officers<br />
who are engaged feel valued not just by the<br />
company for whom they work, but also by the<br />
industry as a whole. In an age where we’re<br />
asking security officers to do more, they need<br />
to be recognised.<br />
An engaged officer is a happy officer, and a<br />
contented workforce delivers a better ‘product’<br />
for the client base. It’s no coincidence that<br />
those sites scoring the highest marks in terms<br />
of end user customer satisfaction also score<br />
highest when it comes to officer engagement.<br />
Formal officer engagement programmes<br />
foster greater loyalty among teams. They help<br />
in terms of recruiting the better employees and<br />
prevent churn, enabling suppliers to retain their<br />
officers for longer, while protecting their longerterm<br />
investment in training and development.<br />
Clients include officer engagement as a vital<br />
part of a given tender. That, at least in part, is<br />
undoubtedly driven to help satisfy their moral<br />
obligations to employee welfare. Whatever their<br />
motivations, they must surely understand that<br />
such a desire comes at a cost?<br />
Resourceful business sector<br />
The security guarding sector is nothing if not<br />
resourceful. It has met every challenge that has<br />
been thrown its way and, what’s more, it must<br />
continue to do so. Technology can certainly play<br />
a role in optimising time and reducing<br />
operational costs, while also helping to deliver<br />
the desired outcomes in terms of reducing staff<br />
turnover, increasing productivity and delivering<br />
a better service for end user customers.<br />
At the end of the day, investing in officer<br />
engagement should never be seen as a cost<br />
that can easily be cut, but rather as one that’s<br />
an investment designed to deliver real value.<br />
Steve Kennedy: Managing<br />
Director of Officer Connect<br />
“Among those contract managers with whom we’ve<br />
spoken, the majority confess that officer engagement is a<br />
‘tick in the box’ exercise designed to satisfy a tender’s<br />
criteria rather than an opportunity for formal appraisals”<br />
71<br />
www.risk-uk.com
Taking Cyber Protection to the Extreme<br />
Cyber security risks<br />
are evolving quickly.<br />
Conventional security<br />
methods are not<br />
keeping up, with data<br />
breaches rife as<br />
attackers gain the<br />
upper hand. Now, a<br />
technology is finally<br />
coming of age that<br />
could help risk<br />
managers redress the<br />
imbalance. As Barry<br />
Scott discovers,<br />
machine learning<br />
promises to make<br />
context-aware<br />
decisions about<br />
system access in realtime,<br />
subsequently<br />
closing the window on<br />
today’s data thieves<br />
Cyber security teams must think differently<br />
about corporate threats. Why? Standard<br />
methods are not working. For many years,<br />
companies have relied on passwords to protect<br />
their valuable employee accounts, but each<br />
year, news headlines and breach statistics<br />
show that they’re not up to scratch. Companies<br />
are haemorrhaging login credentials thanks to<br />
threats such as phishing, malware keyboard<br />
loggers and social engineering.<br />
Forrester Research’s recent cyber security<br />
report, entitled ‘Stop the Breach’, reveals some<br />
shocking figures. Two-thirds of organisations<br />
have suffered an average of five security<br />
breaches or more over the last two years, with<br />
identities and passwords the most likely<br />
elements to be affected during a compromise.<br />
57% of survey respondents highlighted these<br />
as the primary targets. Hackers compromised<br />
more than a billion identities in 2016 alone.<br />
IT teams can harden operating systems, lock<br />
down access ports, encrypt data and segment<br />
networks, but a compromised employee<br />
account will still be a gateway to corporate<br />
systems. For enterprises, even a single account<br />
breach can be devastating.<br />
Any privileges granted to a stolen account<br />
are then available to an attacker. An intruder<br />
with a stolen account can burrow their way into<br />
systems and gain access to other kinds of<br />
information that are also at risk (customer<br />
records and Intellectual Property among them).<br />
IAM: a key tool<br />
Identity and access management (IAM) has<br />
been a key tool in managing these risks.<br />
Companies with a mature IAM strategy use<br />
solutions that document employee identities<br />
and access credentials, but also segment<br />
access privileges.<br />
An IAM system will ensure that an employee<br />
account can only access the data and<br />
applications that the specific role allows. This<br />
helps to mitigate the damage that a stolen<br />
account owned by a low-level employee can do.<br />
Nevertheless, any compromised account is<br />
still a risk: the more privileged the stolen<br />
account, the higher the risk involved. It only<br />
takes a single session with a privileged account<br />
to steal sensitive data or wire funds to an<br />
offshore bank account. An employee may not<br />
even realise that they’ve been compromised<br />
until such time that it’s too late.<br />
Security teams can configure policies in IAM<br />
systems to reduce the risk of compromise. They<br />
may stipulate that a senior manager’s account<br />
can only be used on the local area network, for<br />
example. In practice, though, this can prove to<br />
be rather restrictive.<br />
C-Suite executives often require enhanced<br />
access to resources while on the road. Senior<br />
executives and mid-level managers are also<br />
increasingly mobile, which can make their<br />
access patterns more erratic and unpredictable.<br />
This creates problems for security teams tasked<br />
with preventing unauthorised access to<br />
systems. It isn’t plausible to grant account<br />
access only under a narrow set of conditions.<br />
Executives don’t work that way anymore.<br />
Managing risk in real-time<br />
Artificial Intelligence (AI) promises to solve<br />
some of these problems by adding another<br />
layer of defence that adapts to access<br />
conditions in real-time. Effective AI has been a<br />
Holy Grail for years, but success here<br />
somewhat limited, largely thanks to a lack of<br />
computing power. More recently, however,<br />
advances in computing power and academic<br />
research have prompted a renaissance in a<br />
specific branch of AI, namely machine learning.<br />
In the last couple of years, machine learning<br />
has permeated various areas of technology.<br />
Companies use it for everything from image<br />
recognition through to intrusion detection due<br />
to its unique computational properties.<br />
Traditional computer programs use explicit<br />
linear rules to achieve precise results. An<br />
72<br />
www.risk-uk.com
Machine Learning: A New Layer of Cyber Defence<br />
access control program, for instance, might<br />
reason: “If Bob tries to access his account, only<br />
grant him access if he’s on the LAN.”<br />
If Bob books a business trip to Florida, he<br />
might need access to some applications, but<br />
not others. Traditionally, he would have to call<br />
the security team and warn them of his<br />
forthcoming change in behaviour. The team<br />
would then have to create a new rule granting<br />
access under those conditions.<br />
When Bob travels to a customer site in<br />
Toronto, the access rules may differ, offering<br />
him new collections of applications and<br />
requiring a different level of authentication. The<br />
situation quickly becomes unworkable for both<br />
employees and security professionals,<br />
especially so when the rules may vary for<br />
employees with different roles.<br />
Machine learning algorithms circumvent this<br />
problem by reducing the reliance on explicit<br />
policies, instead adapting themselves based on<br />
historical data. They mine specific data points<br />
over time to produce a condensed statistical<br />
model. This model then provides a baseline of<br />
known and acceptable characteristics.<br />
Security applications<br />
A machine learning-based IAM system is nondeterministic.<br />
The statistical model it uses<br />
returns a probability score based on how<br />
someone’s trying to access the system. This<br />
probability model means that it doesn’t simply<br />
have to deny access in unexpected conditions,<br />
but can impose different levels of<br />
authentication challenge and grant different<br />
privileges solely based on the level of risk it<br />
identifies at the time.<br />
Machine learning is used in many areas,<br />
ranging from image recognition through to<br />
natural language processing. Innovative<br />
companies are also finding new applications in<br />
areas such as security.<br />
Just as machine learning algorithms can<br />
statistically determine whether a picture is of a<br />
car, or whether someone just said the phrase<br />
“OK, Google”, they can also determine whether<br />
an individual’s behaviour is out of the ordinary<br />
when trying to log into a company system. All<br />
they need is the data to work on.<br />
A machine learning algorithm takes its<br />
historical data from IAM systems, using it to<br />
generate a statistical model which will help it to<br />
understand what constitutes normal behaviour.<br />
For machine learning to support dynamic,<br />
real-time IAM, it needs several data types.<br />
Access location is one. Access time is another.<br />
It should also know who’s requesting access,<br />
along with what applications or other corporate<br />
computing resources they’re requesting.<br />
“A machine learning-based IAM system is nondeterministic.<br />
The statistical model it actively uses returns<br />
a probability score that’s based on how someone’s trying<br />
to access the system”<br />
The type of device that an employee uses to<br />
access a system can help to hone the statistical<br />
model. If historical data shows that they always<br />
access the HR system from a Windows 10 PC<br />
inside the network, a machine learning model<br />
would notice if they suddenly seem to be using<br />
a Linux box in Estonia.<br />
Security and convenience<br />
Using machine learning in this way brings<br />
several benefits to an existing IAM deployment.<br />
The first and most obvious lies in more<br />
individual access requests that are more secure<br />
as they operate in real-time. A stolen account<br />
can be blocked before its legitimate user even<br />
realises that they’ve been compromised.<br />
Artificially-intelligent IAM is also more<br />
convenient for end users because it eliminates<br />
the need for cumbersome ‘hoop jumping’ by<br />
low-risk employees. A high-level executive who<br />
always accesses systems under different<br />
conditions may frequently need to authenticate<br />
themselves using a separately-sent SMS code.<br />
Conversely, an employee consistently accessing<br />
their account under predictable conditions may<br />
never need to worry about additional<br />
authentication requirements.<br />
This decreases the ‘security fatigue’<br />
associated with constant, heavy-handed<br />
compliance warnings, multi-factor<br />
authentication and other security controls.<br />
Employees who don’t have to deal with them<br />
are far less likely to put the system at risk by<br />
attempting to circumvent them.<br />
Machine learning systems can also reduce<br />
the workload for cyber security teams by<br />
simplifying policies. Instead of creating and<br />
managing a constellation of rules,<br />
administrators can use a reduced set of static<br />
conditions, complemented by the dynamicallyadapting<br />
machine learning model. Reducing<br />
complexity makes human error less likely and<br />
frees up members of the security team to<br />
concentrate on strategic goals.<br />
When combined with a well-designed IAM<br />
system, a machine learning algorithm can<br />
increase visibility across the entire base of user<br />
accounts by automatically documenting its realtime<br />
decisions. It can flag incidents where<br />
account risk has been escalated or an account<br />
blocked altogether. This creates useful data for<br />
security incident and event management.<br />
Barry Scott:<br />
CTO (EMEA) at Centrify<br />
73<br />
www.risk-uk.com
‘Licence-Linked Qualifications Used<br />
in the Private Security Industry’ (Part Two)<br />
Ofqual’s recent report<br />
entitled ‘Licence-<br />
Linked Qualifications<br />
Used in the Private<br />
Security Industry’<br />
focuses on the actions<br />
that the qualifications<br />
Regulator for England<br />
and Wales has taken<br />
in order to address<br />
concerns around<br />
potential malpractice<br />
and fraud in the<br />
private security sector.<br />
Here, in the second<br />
instalment of a threepart<br />
series of articles<br />
exclusive to Risk UK,<br />
Stuart Galloway<br />
continues a detailed<br />
review of the contents<br />
Some commentators – myself among them –<br />
would seriously question the learner<br />
engagement for the various Security<br />
Industry Authority (SIA) licence-linked courses.<br />
Is there really effective and realistic<br />
Information, Advice and Guidance (IAG)<br />
provided to the majority of those entering the<br />
sector? Particularly in the employability space,<br />
it seems to me it’s very much a ‘bums on seats’<br />
attitude that’s being adopted to attract learners<br />
and obtain Government funding with no real<br />
prospect of employment at the end.<br />
So much so, in fact, that I’m aware of stories<br />
suggesting that several training providers have<br />
allegedly engaged a number of individuals on<br />
their SIA courses knowing full well there wasn’t<br />
a chance of these individuals gaining<br />
employment in the sector for myriad reasons<br />
(including their criminal record, reliability and<br />
attitude, etc). Until this changes, the security<br />
sector will always attract poorer candidates.<br />
Do training providers really give structured<br />
IAG? I’m sure there are many who do, but my<br />
suspicion is that the majority do not. Why? It’s<br />
simply because they see the pound signs.<br />
There’s also a feeling that some don’t actually<br />
know how to administer structured IAG.<br />
All risk models should be based on a volumebased<br />
approach. The more courses delivered<br />
the greater the risk, thus creating the need to<br />
carry out more announced and unannounced<br />
external quality assurance visits. Likewise, new<br />
centres should be considered high risk from the<br />
outset until such time that a percentage of<br />
announced and unannounced visits have taken<br />
place at the premises. As a guide, I would<br />
suggest in the region of at least 20% of courses<br />
delivered should be visited. This figure would<br />
gradually reduce to 10% through positive<br />
external quality assurance visitations.<br />
Similarly, if a centre hasn’t delivered any<br />
courses in a three-month rolling period then<br />
appropriate sanctions should be applied, with<br />
the ultimate sanction occurring at the ninemonth<br />
period (that sanction being notice of<br />
approval withdrawal due to lack of delivery).<br />
This will discourage centres from ‘approval<br />
bagging’ across awarding organisations and,<br />
indeed, increase controls accordingly. There are<br />
seemingly a number of centres not visited from<br />
one year to another. Surely this cannot be right<br />
in any shape or form?<br />
Meeting the criteria<br />
As a rough order of magnitude, my belief is that<br />
between 30% and 40% of centres approved for<br />
delivery of the SIA’s licence-linked<br />
qualifications either shouldn’t have been<br />
approved in the first place or indeed should no<br />
longer be approved. I also believe that there’s a<br />
similar percentage of those teaching in the<br />
sector who don’t meet the criteria laid down by<br />
the SIA in relation to occupational experience.<br />
Here’s a question for you: ‘How can any<br />
Awarding Organisation offer free approval for<br />
SIA-related qualifications given that there’s<br />
clearly a considerable direct cost required?’ It<br />
certainly beats me as to how they can do this<br />
for an indefinite period.<br />
Whose responsibility is that? One thing for<br />
sure is that it isn’t the SIA’s. That responsibility<br />
lies fairly and squarely with the Awarding<br />
Organisations. I struggle to understand how a<br />
tutor can be approved by one Awarding<br />
Organisation, yet not obtain approval from<br />
another. The one refusing approval will no<br />
doubt cite that they have higher quality<br />
measures in place than others, but in the real<br />
world what’s the difference?<br />
Similarly, there are without doubt numerous<br />
centres, directors, owners, principles and tutors<br />
out there that have had their centre approval or<br />
tutor approval to deliver removed by an<br />
Awarding Organisation, but for some reason<br />
74<br />
www.risk-uk.com
Training and Career Development<br />
unbeknown to me they’re then approved by<br />
another Awarding Organisation. This alone<br />
demonstrates there’s little or no communication<br />
between Awarding Organisations, and that<br />
possibly all that some Awarding Organisations<br />
are interested in is commercial gain.<br />
Before anyone jumps on the bandwagon of<br />
mitigating circumstances for approvals being<br />
removed, my focus here is on the risk-based<br />
approach which, on the surface at least, doesn’t<br />
appear to exist.<br />
If Awarding Organisations rigidly applied the<br />
SIA’s requirements for tutor approval, I’m sure<br />
that you would see a reduction in tutors and a<br />
possible increase in the quality of provision.<br />
You need only look back to the 2012 Olympic<br />
Games in London and the Bridging The Gap<br />
programme when it appeared that almost every<br />
Tom, Dick and Harry was approved despite, in<br />
some cases, having either very limited<br />
experience or having actually never worked in<br />
the sector at all.<br />
Standards too low<br />
Standards remain too low in the sector. The<br />
industry still suffers massively from a lack of<br />
investment in training and staff development,<br />
but in putting on my rose-tinted glasses, I hope<br />
that the latter will improve with the recent<br />
introduction of the Apprenticeship Levy.<br />
If I compare training standards from now to<br />
those in the pre-SIA days then I have to admit<br />
it’s night and day even at the bottom of the<br />
scale. However, this doesn’t detract from the<br />
fact that we should always be seeking to<br />
improve provision and always strive for the<br />
best. I’m not sure that others think the same as<br />
myself here given that I’ve carried out market<br />
research and seen SIA courses being advertised<br />
from as little as £99.00.<br />
Without going into the statistics cited in<br />
Ofqual’s report in too much depth, they do<br />
make me wonder in relation to their accuracy.<br />
Page 9 indicates that nine certificates were<br />
bestowed for the Level 2 Award in Cash and<br />
Valuables in Transit between January 2015 and<br />
June last year, a figure that does surprise me.<br />
More interesting, perhaps, are the<br />
achievement rates for qualifications. Why are<br />
they not published by Awarding Organisations?<br />
Is there anything to hide here? I might be living<br />
in a parallel universe on this one, but I cannot<br />
think of any rational reason not to publish<br />
achievement rates. This would provide us with a<br />
truer picture in relation to those entering or<br />
attempting to enter the sector at the point of<br />
pre-licence application.<br />
The Ofqual report and, indeed, the SIA’s<br />
licence figures (which, at the time of writing,<br />
“How can any Awarding Organisation offer free approval<br />
for Security Industry Authority-related qualifications given<br />
that there’s clearly a considerable direct cost involved?”<br />
hadn’t been updated on the Regulator’s website<br />
since June last year) further highlight to me that<br />
there needs to be a radical overhaul of the<br />
training provision including course design and<br />
development and centre and staff approval. In<br />
no way does the training provided show the<br />
occupational competency of individuals.<br />
Without demeaning its importance, it comes<br />
across as a mere knowledge entry requirement.<br />
Raising expectations<br />
There are those who would herald having SIA<br />
licences for trainers. However, I would view this<br />
as a step too far simply because, as things<br />
stand, there’s not the scope for doing so within<br />
the Private Security Industry Act together with<br />
the fact that we should, in some ways,<br />
encourage self-regulation. Indeed, if quality<br />
assured correctly with a standardised approach<br />
by the Awarding Organisations, there’s no need<br />
to licence the training sector.<br />
Most certainly, though, there’s a requirement<br />
for a national database of approved tutors.<br />
Such a database could act as a quality mark for<br />
Awarding Organisations, employers and<br />
training providers alike.<br />
It’s interesting to witness the emergence of<br />
the Security Training Authority thanks to the<br />
effervescent Bob Betts and a register of trainers<br />
within the sector. Registration will be through<br />
application and confirmation of relevant<br />
experience and Continuing Professional<br />
Development (CPD) with a modest annual fee of<br />
£30 and confirmation of continuing CPD. This<br />
register can act as a central point for<br />
employers, training providers and, indeed, both<br />
the SIA and the Awarding Organisations.<br />
We should be moving towards a single<br />
security qualifications body harbouring the<br />
specialism of security and security-related<br />
courses. The body I have in mind would become<br />
the sector skills body/council for the industry<br />
and replace Skills for Security.<br />
That body would be a not-for-profit<br />
organisation and work in clear partnership with<br />
the SIA for the overall betterment of the<br />
industry, with any financial surpluses generated<br />
being reinvested in R&D to ensure continuous<br />
improvement. I see that new body being selffunded<br />
once established. Initial funding could<br />
potentially come from the SIA licence fee. After<br />
all, why shouldn’t the Regulator actively<br />
support skills and career development?<br />
Stuart Galloway Cert Ed MSET<br />
Dip RSA: Senior Associate at<br />
WSG Associates<br />
75<br />
www.risk-uk.com
Risk in Action<br />
Amthal Fire & Security checks in at St Michael’s Manor Hotel<br />
Security is a top priority for the safety of staff and guests alike at the luxurious<br />
privately-owned St Michael’s Manor Hotel, which is based close to the heart of<br />
St Albans in Hertfordshire. Recently, the management team decided on the<br />
installation of a fire alarm system designed to offer automatic detection on all<br />
escape routes within the building.<br />
Brought in to address this bespoke project, Amthal Fire & Security assumed<br />
maintenance and control of the system covering all the facilities of the stately<br />
hotel, in turn offering all necessary support and service requirements (including<br />
the ability to provide a priority response on a 24/7/365 basis).<br />
Richard Marrett, general manager at St Michael’s Manor Hotel, told Risk UK:<br />
“Even more important than a sense of comfort and style, the quality of our<br />
welcome or, indeed, our renowned level of service, when they stay with us we<br />
make sure our hotel guests feel as safe and secure as they do in their own<br />
home. It enables them to truly settle and enjoy the whole experience.”<br />
Marrett continued: “At St Michael’s Manor Hotel, we take this responsibility<br />
so seriously that it’s at the core of our Duty of Care to staff and guests. With the<br />
help of Amthal Fire & Security, we believe we not only achieve the latest<br />
industry standards, but are also safe in the knowledge that, should an incident<br />
occur, it will be resolved as quickly and efficiently as possible.”<br />
Paul Rosenthal, sales director at Amthal Fire & Security, responded: “Any<br />
security measures taken in<br />
hotels must be discreet. It’s<br />
absolutely essential to strike<br />
the right balance between<br />
safety and intrusiveness.<br />
What St Michael’s Manor<br />
Hotel demonstrates is that,<br />
while modern technology<br />
plays a critical role, equally<br />
important is the<br />
maintenance of any systems<br />
installed to ensure they<br />
continue to operate at an<br />
optimum level at all times.”<br />
BNP Paribas Real Estate contract<br />
wins for new London properties<br />
celebrated by Axis Security<br />
Axis Security has successfully mobilised a team<br />
of security officers for BNP Paribas Real Estate<br />
in order to provide security guarding services at<br />
two new London properties. A specialist<br />
division of the financial services group BNP<br />
Paribas, BNP Paribas Real Estate has appointed<br />
Axis Security to look after the security at both<br />
Salters Hall and The Monument Building.<br />
Axis Security was awarded the contracts<br />
following two separate competitive tenders<br />
wherein the company was able to demonstrate<br />
that it would be the right trusted partner.<br />
A Grade II-listed Livery Hall and office<br />
building next to a fragment of the old London<br />
Wall, Salters Hall is home to The Salters’<br />
Company. In recent times, the building has<br />
undergone a complete refurbishment,<br />
extension and ‘reinvention’.<br />
At Salters Hall, the priority for any security<br />
officer functioning on site is to act as a tenant<br />
liaison and work with the facilities manager,<br />
undergoing the extra training necessary for the<br />
correct operation of the on-site security<br />
solutions (including access control systems).<br />
Eaton fire alarm system provides<br />
first class protection for University<br />
of Liverpool students<br />
Eaton has delivered a fire alarm system to<br />
protect students residing in prestigious<br />
university accommodation in Liverpool. The<br />
power management company supported EFT<br />
Systems in providing equipment for Ablett<br />
House, named in honour of the late Liverpool<br />
and Everton footballer Gary Ablett.<br />
The centrally-located Ablett House scheme<br />
is The Student Housing Company’s latest<br />
development in Liverpool. Completed in just<br />
12 months, the bespoke 12-storey, 396-bed<br />
building has been designed to provide<br />
students in Liverpool with a relaxing<br />
environment in which to live and study.<br />
Mindful of the disruption and cost<br />
implications that can arise from frequent false<br />
alarms in student accommodation, The<br />
Student Housing Company specified a<br />
bespoke fire alarm solution with a<br />
sophisticated range of cause-and-effect<br />
programming to ensure fast and accurate<br />
detection of any suspected fire.<br />
To meet the project’s detection and alarm<br />
requirements, EFT installed four of Eaton’s<br />
CF3000 intelligent and addressable control<br />
panels at the student accommodation.<br />
“The CF3000 panels harbour sophisticated<br />
levels of functionality and are simple to<br />
operate, which is precisely why we<br />
recommended them to EFT,” explained Mike<br />
Slater, sales account manager at Eaton, in<br />
conversation with Risk UK.<br />
76<br />
www.risk-uk.com
Risk in Action<br />
Evolution determines to keep<br />
heart of Royal Infirmary of<br />
Edinburgh ticking<br />
Evolution, the integrated security and fire<br />
solutions business, is helping to improve the<br />
security of patients, visitors and staff at one<br />
of Scotland’s largest teaching hospitals<br />
thanks to the installation of sophisticated<br />
fibre optic-based access control technology.<br />
Evolution has been working with the team<br />
at the Royal Infirmary of Edinburgh (RIE), a<br />
major acute teaching hospital, to upgrade<br />
the cabling infrastructure to fibre optic as a<br />
more reliable way of ensuring access for the<br />
hospital’s thousands of pass holders.<br />
The new card-based access system has<br />
now been installed to manage some 227<br />
doors throughout the RIE, further improving<br />
the hospital’s security and reducing the need<br />
for (and the cost of) unnecessary<br />
maintenance. The cards are proximity<br />
readers and used at controlled doors, while<br />
each card also contains a photograph plus<br />
name and department details, thereby acting<br />
as proof of identity.<br />
Scott Lawson, operations manager at RIE,<br />
commented: “The system has to manage the<br />
access demands of a 10,000-strong footfall<br />
that the hospital experiences on a daily<br />
basis. It has proven to perform consistently<br />
well right across the entire estate.”<br />
The RIE plays host to over 4,000<br />
employees as well as 400 students from the<br />
University of Edinburgh and receives<br />
upwards of 115,000 patients each year at its<br />
A&E Department alone.<br />
Along with system reliability, the hospital<br />
also demanded flexibility, both in terms of<br />
the system itself and its installation.<br />
“The hospital regularly sees changes of<br />
purpose for buildings and so requirements<br />
for access can alter substantially,” explained<br />
Lawson. “With the new system, any changes<br />
can be quickly and easily accommodated.<br />
The Evolution system allows operators to<br />
programme and dispense new passes from<br />
an easy-to-use portal.”<br />
Talking to Risk UK, John Baillie (area sales<br />
manager at Evolution) explained: “It was<br />
essential for the hospital to remain open<br />
throughout the installation period and with<br />
minimum disruption to daily operations. That<br />
being so, we worked closely with each<br />
department to support their specific needs.”<br />
Charity for the homeless selects Delta Security’s Master Key<br />
Suite access control solution<br />
A highly-secure Master Key Suite system<br />
installed by CCTV and access control<br />
specialist Delta Security is helping to<br />
protect residents within properties<br />
managed by Brick By Brick, the Londonbased<br />
charity that provides permanent<br />
and temporary housing for people with<br />
homeless status.<br />
The Evva EPS Master Key Suite system<br />
provides Brick By Brick’s housing<br />
managers with one key that can be used<br />
to open all flats within its Old Kent Road,<br />
Queen’s Road and Trafalgar Avenue<br />
properties. The six-pin security keys<br />
cannot be copied. Each may be identified and tracked with a unique coding,<br />
while only Delta Security can provide any necessary replacements.<br />
The properties have been fitted with individual locks to replace a dual<br />
locking system. Isabelle Gravenstein, general manager at Brick By Brick,<br />
believes this is a solution far better suited to residents. “Residents now only<br />
require one key for their properties. The doors have a ‘roll-on’ locking system<br />
whereby they don’t lock when the door closes. Rather, they’re required to be<br />
locked upon leaving the property. Both enhancements have significantly<br />
reduced the number of occasions where residents lock themselves out.”<br />
Gravenstein stated that the system is also extremely beneficial for housing<br />
managers. “All housing managers now carry one key and can access any<br />
property should the need arise while making a site visit,” observed<br />
Gravenstein. “Also, the process of tracking other housing managers’ use of the<br />
keys is now far less complicated. This has significantly improved the efficiency<br />
with which members of staff are able to perform their roles.”<br />
World Heritage Site boosted<br />
by Advanced fire protection<br />
Durham Cathedral, the 1,000 yearold<br />
World Heritage Site and one of<br />
Britain’s most visited buildings, is<br />
now protected by intelligent fire<br />
panels courtesy of Advanced.<br />
Founded in 1093 and the final<br />
resting place of St Cuthbert, Durham<br />
Cathedral remains the seat of the Bishop of Durham (the fourth most senior<br />
cleric in the Church of England). As well as being the home of the Magna Carta,<br />
the famous building and its environs have also featured in numerous<br />
Hollywood films, among them the Harry Potter series.<br />
The Advanced MxPro panels specified for Durham Cathedral were supplied by<br />
Custom Advanced Systems and installed by Expert Fire Solutions. The fire<br />
system covers the entire complex, including the new ‘Open Treasure’ exhibition<br />
that affords the public access to previously unseen parts of the Cathedral. The<br />
system comprises two MxPro 5 panels linked by fault-tolerant network cards<br />
and supplemented by a remote display terminal.<br />
Jo Hughes, property and facilities manager at Durham Cathedral, outlined:<br />
“Durham Cathedral has played a prominent role in the history of the North<br />
East. Both the building itself and its priceless artefacts deserve the best<br />
possible protection. After working closely with the installation team, we<br />
concluded that Advanced’s panels offered the right combination of quality,<br />
reliability and functionality required for this vital installation.”<br />
77<br />
www.risk-uk.com
Technology in Focus<br />
End users urged to “Try before you buy”<br />
with EyeLynx portable radar system<br />
A security software expert has created a portable system<br />
designed to instantly demonstrate the range of its latest<br />
radar unit which is able to identify ‘predatory’ vehicles at<br />
distances of up to 700 metres.<br />
EyeLynx has designed a mobile pack fitted with its EPR-<br />
500 radar and Pharos PTZ camera on top of a tripod and<br />
challenged security professionals to book a free demo to<br />
prove it can detect potential intruders up to a quarter of a<br />
mile away – and drones at distances of 80 metres.<br />
The free demo has been initiated so that EyeLynx can<br />
show site operators ‘live, in-the-field’ (and in their own environment) the EPR-<br />
500’s ability to detect security threats early as well as the capability of EyeLynx<br />
software to control CCTV autonomously and zoom in to collect evidence and<br />
then send it to manned patrols or Security Control Rooms.<br />
EyeLynx’s CEO Jay Patel explained to Risk UK: “We built this pack so that we<br />
can visit your site, get in your car and drive to the most remote location, set up<br />
the radar within minutes using a hammer, some batteries and a camera and<br />
then demonstrate the extraordinary range of this powerful solution.”<br />
www.eyelynx.com<br />
Edesix introduces X-100 and X-<br />
200 Series body-worn cameras<br />
Edesix has announced the launch of new<br />
head and torso-mounted cameras,<br />
designated the X-100 and the X-200.<br />
The X-100 is a side-mountable tactical<br />
head camera, ideal for use on headwear (as<br />
currently deployed by police firearms<br />
divisions). It offers the automatic rotation of<br />
footage, meaning that it can be worn on<br />
either side of the head without requiring<br />
user configuration to rotate any footage.<br />
For its part, the X-200 is a torsomountable<br />
camera for use on uniform vests,<br />
tactical body armour or all-weather clothing.<br />
These models are capable of capturing<br />
1080p video at 30 fps or simultaneously<br />
recording and streaming at 720p. Both<br />
accessories are easy to operate.<br />
www.edesix.com<br />
ATG Access boldly determines to “revolutionise the<br />
protection of people in crowded places”<br />
In a volatile and changing threat environment which has seen a rise in<br />
extremism and altering attack targets, it’s fundamental that protective<br />
measures are used to secure both Critical National Infrastructure and crowded<br />
places within the public realm. The latter is a more recent target for extremists<br />
and one which is more difficult to protect due to the sporadic nature of attacks.<br />
It has always been recognised that terrorists could employ the vehicle itself<br />
as a weapon. The recent high-profile attacks conducted on the Prom D’Angalis<br />
in Nice, the Christmas Market in Berlin and at Westminster Bridge in London<br />
have reminded us all of this possibility and highlighted that temporary events<br />
or tourist areas provide high densities of people often with little physical<br />
protection from vehicle attack.<br />
While explosive devices used in historical attacks are difficult to construct<br />
and deploy, vehicles are readily available and require no special or unusual<br />
skills to use them as effective weapons. This has changed the face of terror<br />
attacks and altered the target from being infrastructure to infrastructure and<br />
crowded places within the public realm.<br />
When it comes to an event or a seasonal tourist attraction, protective<br />
measures for individuals within the public realm are normally required on a<br />
temporary basis. Existing measures are effective but can be heavy, slow to<br />
deploy, difficult to store and cumbersome to both transport and remove.<br />
With this in mind, ATG Access has launched not one or two but three new and<br />
“revolutionary” temporary protection devices. The new product launches aim to<br />
provide the security industry and<br />
its end users with a more flexible<br />
solution which is easy to store,<br />
quick to deploy and operationally<br />
far easier to work with.<br />
The three different innovations<br />
provide the industry with options<br />
for various site-based scenarios.<br />
www.atgaccess.com<br />
Control your future “in an instant”<br />
with SPC Connect from Vanderbilt<br />
Vanderbilt SPC has always provided its myriad<br />
customers with future-proof, high-performance<br />
technologies specifically designed to deliver<br />
advanced functionality. With SPC Connect, the<br />
business continues that legacy.<br />
The latest development from Vanderbilt is a<br />
hosted cloud-based solution designed<br />
specifically for the monitoring, management<br />
and maintenance of SPC panels remotely from<br />
any location. End users can download the SPC<br />
Connect App free of charge.<br />
www.vanderbiltindustries.com<br />
78<br />
www.risk-uk.com
Technology in Focus<br />
Axis Communications<br />
launches explosion-protected<br />
cameras for deployment in sensitive<br />
industrial projects<br />
Axis Communications has announced the<br />
introduction of three new explosion-protected<br />
cameras for use in sensitive industrial areas:<br />
the XF40-Q2901 explosion-protected<br />
temperature alarm camera, the XF60-Q2901<br />
explosion-protected temperature alarm camera<br />
and the XP40-Q1942 explosion-protected PT<br />
thermal network camera.<br />
“Industrial plant operators have a<br />
tremendously difficult task in front of them,”<br />
explained Martina Lundh, global product<br />
manager for thermal and explosion-protected<br />
cameras at Axis Communications. “They need<br />
to ensure efficiency and continuity in largescale<br />
critical industrial processes while also<br />
meeting all Health and Safety and<br />
environmental regulations across multiple<br />
locations and, often, huge areas. Our new<br />
cameras deliver critical real-time information,<br />
allowing for immediate incident response which<br />
can prove to be a life-saving benefit.”<br />
Typical industrial applications for the fixed<br />
XF40-Q2901/XF60-Q2901 explosion-protected<br />
temperature alarm cameras include control of<br />
equipment temperatures, the detection of leaks<br />
in pipes, fire detection and the monitoring of<br />
equipment and perimeter protection.<br />
www.axis.com<br />
Traka locks intelligent solutions<br />
into Safety and Health Expo 2017 at<br />
London’s ExCeL<br />
Traka is attending the Safety and Health Expo<br />
event (which takes place at London’s ExCeL<br />
from 20-22 June) specifically to showcase how<br />
its latest intelligent key and equipment<br />
management solutions can enforce process<br />
and ensure compliance with the very highest<br />
Health and Safety standards.<br />
On Stand N200, the specialist in intelligent<br />
key cabinets and locker systems will<br />
demonstrate how it can help organisations<br />
fulfil Health and Safety requirements and<br />
implement superior management control from<br />
pre-operational safety checks right through to<br />
loading management.<br />
Fault reporting, integrated alcohol testing<br />
and machine start controlled access to forklift<br />
trucks and fleet management (making sure<br />
Novigo voice alarm system<br />
talks to its public<br />
Studies reveal that many people<br />
don’t know how to react to<br />
conventional alarms such as bells<br />
or sirens. Some assume that it’s a<br />
test or a false alarm, while others<br />
remain confused and, ultimately,<br />
unsure of exactly what to do.<br />
An essential element of ensuring<br />
life safety is the ability to manage<br />
phased and orderly evacuation in<br />
the event of an emergency. The<br />
Novigo voice alarm system from<br />
Siemens not only delivers high<br />
performance messaging across multi-level,<br />
multi-occupancy estates, but also operates<br />
as an advanced PA system.<br />
Novigo delivers comprehensive messages<br />
about the nature of the incident and the<br />
appropriate action to take using clear<br />
language, minimising the potential for panic<br />
or confusion. It’s highly scaleable and<br />
exceeds relevant British and European<br />
Standards. The solution is fully-configurable<br />
with the capacity to extend to 4,000 network<br />
nodes. It can be divided into zones to ensure<br />
appropriate messaging across particular<br />
areas and is capable of integration with third<br />
party systems via a program interface.<br />
Novigo’s advanced audio facility offers<br />
studio sound quality and significant storage<br />
capacity for automatic and live messaging as<br />
well as multiple background music files.<br />
www.siemens.com<br />
only qualified staff can operate<br />
them) are just some of the<br />
processes available where<br />
Traka can help to maintain<br />
strict adherence to audit<br />
control using the latest<br />
intelligent key management.<br />
Traka’s representatives will<br />
also be available to discuss<br />
tailored customer solutions<br />
(including PDAs, scanners and<br />
expensive radio equipment).<br />
Steve Bumphrey, sales director at Traka, told<br />
Risk UK: “Our ambition at the event is to<br />
demonstrate how key and equipment<br />
management is not only essential for<br />
achieving compliance requirements, but also<br />
show how it can create a more efficient<br />
business operation with full audit capability to<br />
ensure staff are accountable and traceable.”<br />
www.traka.com<br />
79<br />
www.risk-uk.com
Security and Fire Management<br />
BE SMART!<br />
Read Risk UK Magazine on<br />
your tablet or smartphone<br />
using the FREE app
Appointments<br />
Bob Forsyth<br />
After 30 years of diligent<br />
service at Kings Security<br />
Systems, including three<br />
years since PrimeKings<br />
became the majority<br />
shareholder in the<br />
Bradford-based business,<br />
Anthony King has decided<br />
that it’s now time to leave<br />
the company. At the same juncture, it has been<br />
announced that Bob Forsyth is joining the firm<br />
in the role of CEO.<br />
Forsyth brings extensive business services<br />
experience from his former role at Mitie, where<br />
he transformed the security division from a<br />
manpower-led operation to become a wideranging<br />
technology business. Across an eightyear<br />
period as managing director of Mitie Total<br />
Security Management, Forsyth grew the<br />
division’s revenues to over £300 million, such<br />
that it became the second largest security<br />
company in the UK with a strategy of<br />
differentiation and technology advancement<br />
through a focus on risk and integrated service<br />
delivery for a wide range of sectors.<br />
Speaking about this development, Geoff<br />
Zeidler (chairman of Kings Security) told Risk<br />
UK: “The Board would like to pay tribute to<br />
Anthony for all that he has achieved in building<br />
the business and wish him well for the future.<br />
Bob has a broad market knowledge and a<br />
fantastic track record of delivering profitable<br />
growth. The Board looks forward to working<br />
with him and the executive team.”<br />
Commenting on his new role, Bob Forsyth<br />
enthused: “Kings Security has a tremendous<br />
market position and a reputation for passionate<br />
people who deliver great service. Together with<br />
the financial support of PrimeKings, this creates<br />
a tremendous opportunity.”<br />
Dianne Gettinby<br />
The National Security Inspectorate (NSI) has<br />
announced the appointment of Dianne<br />
Gettinby as head of marketing<br />
communications with immediate effect.<br />
Responsible for delivering the NSI’s strategic<br />
plan of marketing and communications,<br />
Gettinby will optimise the use of all media to<br />
build brand recognition, value and loyalty.<br />
Prior to joining the NSI, Gettinby spent five<br />
years at the British Dental Industry<br />
Association with overall responsibility for the<br />
development and implementation of the<br />
Association’s myriad marketing and research<br />
activities, including that focused on the UK’s<br />
largest dental exhibition.<br />
Appointments<br />
Risk UK keeps you up-to-date with all the latest people<br />
moves in the security, fire, IT and Government sectors<br />
Stephen Lampett<br />
The British Security Industry Association (BSIA)<br />
has appointed Stephen Lampett to the position<br />
of technical manager following two successful<br />
years as the Association’s technical officer.<br />
The announcement follows on from the<br />
resignation of Paul Phillips, who left the BSIA at<br />
the end of May to pursue a new role within the<br />
security industry.<br />
With over 20 years’ security experience,<br />
Lampett’s background includes several roles at<br />
ADT Fire and Security in various different areas<br />
of electronic fire and security, including quality<br />
management, environmental management,<br />
Health and Safety and technical projects.<br />
Prior to beginning his role at the BSIA,<br />
Lampett worked as a QEHS consultant in the<br />
manufacturing and construction industries.<br />
David Wilkinson, the BSIA’s director of<br />
technical services, commented: “I’m very<br />
pleased to announce that Stephen has accepted<br />
the position of technical manager and will<br />
succeed Paul Phillips in the post from 1 June. I<br />
wish Paul well in this next step in his career,<br />
and I would also like to take this opportunity to<br />
thank him for the significant contributions that<br />
he has made to the BSIA’s success over the past<br />
eight years.”<br />
Wilkinson added: “Over the coming weeks<br />
we’ll be recruiting to replace Stephen in the role<br />
of technical officer to ensure that the Technical<br />
Department remains at full strength in order to<br />
meet the complex needs of our members.”<br />
Previously, Gettinby worked at IHG in<br />
various marketing management roles based<br />
within the EMEA region.<br />
Gettinby is the proud holder of an MSc in<br />
International Marketing from Strathclyde<br />
University and a member of the Chartered<br />
Institute of Marketing.<br />
On Gettinby’s appointment, NSI CEO Richard<br />
Jenkins commented: “As we look to the future,<br />
Dianne’s appointment reflects the strength of<br />
our ongoing commitment to ensuring that<br />
we’re delivering the highest standards for our<br />
wide and diverse audience. I’m confident that<br />
Dianne’s experience will be a great asset as we<br />
continue to build our brand.”<br />
Gettinby informed Risk UK: “I’m delighted to<br />
be appointed in this role.”<br />
81<br />
www.risk-uk.com
Appointments<br />
Graham Allison<br />
Cardinal Security, the provider of “dynamic and<br />
innovative” security solutions, has announced a new<br />
high-profile appointment to its senior management team<br />
in the form of Graham Allison. A well-known and<br />
respected industry figure, 47 year-old Allison will serve as<br />
the company’s commercial director with a view to<br />
positioning the business as the “first choice” security<br />
services provider.<br />
Allison has served in the security industry for more<br />
than 20 years now and joins Cardinal Security from Sentinel Group Security,<br />
where he was chief operating officer for over three years.<br />
Prior to that, Allison worked as retail relationships director for Mitie plc’s<br />
dedicated security operation and, having also enjoyed roles at Securitas<br />
Security Services and Reliance Security Services, he brings extensive<br />
knowledge of the commercial and retail sectors to his new role.<br />
Allison will now promote the advantages of using Cardinal Security’s<br />
specialist services to organisations right across the country and focus on the<br />
development of new opportunities. Allison is also going to play a key function<br />
in supporting the Cardinal Training Academy, which will perform a vital role in<br />
attracting new entrants to the industry via an apprenticeship scheme.<br />
Eyal Assa<br />
Siklu, the specialist in<br />
millimeter wave radio<br />
solutions for safe and<br />
smart city projects, has<br />
announced the<br />
appointment of Eyal Assa<br />
as the company’s new<br />
CEO. Assa is a veteran<br />
executive with over 20<br />
years of leadership experience gained in the<br />
telecommunications industry.<br />
Siklu is a particularly strong participant in<br />
the fast-growing 5G fixed wireless access<br />
market. For its part, 5G fixed wireless access is<br />
a major telecommunications infrastructure<br />
upgrade and the first step on the way towards<br />
ubiquitous 5G speeds.<br />
Assa’s extensive experience of leading<br />
growth-focused projects in the<br />
telecommunications sector makes him uniquely<br />
qualified to lead Siklu in the growing market for<br />
millimeter wave radio solutions.<br />
“Eyal understands what drives success in the<br />
telecoms industry,” explained Siklu’s chairman<br />
Izik Kirshenbaum.<br />
Assa most recently served in the role of vicepresident<br />
of global sales at Amdocs. Prior to<br />
that, he held leadership positions at Ceragon,<br />
including remits focused on OEM and business<br />
development. Prior to his time at Ceragon, Assa<br />
was vice-president of R&D at Seabridge.<br />
“At Siklu, I’ve joined an innovative and highly<br />
competent team that has consistently delivered<br />
cutting-edge millimeter wave wireless solutions<br />
to capture a leading market position,” stated<br />
Assa in conversation with Risk UK.<br />
Peter Jones<br />
Peter Jones has joined<br />
NG Bailey (the UK’s<br />
largest independent<br />
engineering, IT and<br />
facilities services<br />
business) as managing<br />
director of its specialist<br />
IT Services division<br />
following the<br />
announcement of current managing director<br />
Bob Dunnett’s retirement at the end of May.<br />
Jones is reporting directly to NG Bailey’s CEO<br />
David Hurcomb and leads the division which<br />
specialises in the design, supply, installation,<br />
management and maintenance of voice, data<br />
and structured cabling solutions to contracting,<br />
enterprise and public sector clients alike.<br />
Jones joins NG Bailey from G4S where he<br />
held the role of managing director for facilities<br />
management in the UK and Ireland. Jones has<br />
also previously held senior leadership positions<br />
at both CBRE and Carillion.<br />
David Hurcomb explained: “Bob has done a<br />
great job and we wish him a long and happy<br />
retirement. I look forward to working with Peter<br />
on continuing the development of the division<br />
and the growth of all our services businesses.”<br />
Pete Hancox<br />
Specialist security<br />
provider Allegion has<br />
appointed Pete Hancox<br />
as commercial leader of<br />
its UK and Ireland<br />
businesses to build and<br />
lead strategic<br />
partnerships in<br />
specification. He’ll also<br />
be in charge of commercial activity in Ireland.<br />
Hancox joins Allegion UK in Birmingham<br />
from his recent role as client services<br />
director for HP Doors, but he’s no stranger to<br />
the business, having been part of the<br />
Ingersoll Rand security group for almost nine<br />
years prior to his appointment with HP<br />
Doors. Allegion formed as a result of the<br />
spin-off of Ingersoll Rand’s commercial and<br />
residential security business back in 2013.<br />
It’s widely recognised in the industry that<br />
door hardware is becoming more<br />
sophisticated as electronics and mechanical<br />
hardware merge. Allegion will now seek to<br />
educate customers on the benefits new<br />
technology brings and how to incorporate it<br />
within long-term commercial properties.<br />
Hancox said: “I look forward to creating<br />
new opportunities and strengthening<br />
relationships with our existing partners.”<br />
82<br />
www.risk-uk.com
20 - 22 JUNE 2017 EXCEL LONDON, UK<br />
New exhibition within<br />
IFSEC International 2017<br />
AT BORDERS & INFRASTRUCTURE EXPO YOU WILL BENEFIT FROM:<br />
• Access a VIP Meeting Service<br />
<br />
live product demonstration and testing area<br />
BRE Global<br />
Networking Lounge<br />
<br />
• See the latest UAVs at The Drone Zone.<br />
<br />
<br />
against them
Best Value Security Products from Insight Security<br />
www.insight-security.com Tel: +44 (0)1273 475500<br />
...and<br />
lots<br />
more<br />
Computer<br />
Security<br />
Anti-Climb Paints<br />
& Barriers<br />
Metal Detectors<br />
(inc. Walkthru)<br />
Security, Search<br />
& Safety Mirrors<br />
Security Screws &<br />
Fastenings<br />
Padlocks, Hasps<br />
& Security Chains<br />
Key Safes & Key<br />
Control Products<br />
Traffic Flow &<br />
Management<br />
see our<br />
website<br />
ACCESS CONTROL<br />
KERI SYSTEMS UK LTD<br />
Tel: + 44 (0) 1763 273 243<br />
Fax: + 44 (0) 1763 274 106<br />
Email: sales@kerisystems.co.uk<br />
www.kerisystems.co.uk<br />
ACCESS CONTROL<br />
ACCESS CONTROL<br />
ACT<br />
ACT – Ireland, Unit C1, South City Business Park,<br />
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100<br />
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,<br />
Warrington, WA3 7GB. Tel: +44 161 236 9488<br />
sales@act.eu www.act.eu<br />
ACCESS CONTROL – BARRIERS, GATES, CCTV<br />
ABSOLUTE ACCESS<br />
Aberford Road, Leeds, LS15 4EF<br />
Tel: 01132 813511<br />
E: richard.samwell@absoluteaccess.co.uk<br />
www.absoluteaccess.co.uk<br />
Access Control, Automatic Gates, Barriers, Blockers, CCTV<br />
ACCESS CONTROL<br />
COVA SECURITY GATES LTD<br />
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards<br />
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68<br />
Tel: 01293 553888 Fax: 01293 611007<br />
Email: sales@covasecuritygates.com<br />
Web: www.covasecuritygates.com<br />
ACCESS CONTROL & DOOR HARDWARE<br />
ALPRO ARCHITECTURAL HARDWARE<br />
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,<br />
Waterproof Keypads, Door Closers, Deadlocks plus many more<br />
T: 01202 676262 Fax: 01202 680101<br />
E: info@alpro.co.uk<br />
Web: www.alpro.co.uk<br />
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES<br />
HTC PARKING AND SECURITY LIMITED<br />
St. James’ Bus. Centre, Wilderspool Causeway,<br />
Warrington Cheshire WA4 6PS<br />
Tel 01925 552740 M: 07969 650 394<br />
info@htcparkingandsecurity.co.uk<br />
www.htcparkingandsecurity.co.uk<br />
ACCESS CONTROL<br />
INTEGRATED DESIGN LIMITED<br />
Integrated Design Limited, Feltham Point,<br />
Air Park Way, Feltham, Middlesex. TW13 7EQ<br />
Tel: +44 (0) 208 890 5550<br />
sales@idl.co.uk<br />
www.fastlane-turnstiles.com<br />
ACCESS CONTROL<br />
SECURE ACCESS TECHNOLOGY LIMITED<br />
Authorised Dealer<br />
Tel: 0845 1 300 855 Fax: 0845 1 300 866<br />
Email: info@secure-access.co.uk<br />
Website: www.secure-access.co.uk<br />
ACCESS CONTROL MANUFACTURER<br />
NORTECH CONTROL SYSTEMS LTD.<br />
Nortech House, William Brown Close<br />
Llantarnam Park, Cwmbran NP44 3AB<br />
Tel: 01633 485533<br />
Email: sales@nortechcontrol.com<br />
www.nortechcontrol.com<br />
Custom Designed Equipment<br />
• Indicator Panels<br />
• Complex Door Interlocking<br />
• Sequence Control<br />
• Door Status Systems<br />
• Panic Alarms<br />
<br />
• Bespoke Products<br />
www.hoyles.com<br />
sales@hoyles.com<br />
Tel: +44 (0)1744 886600<br />
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES<br />
UKB INTERNATIONAL LTD<br />
Planet Place, Newcastle upon Tyne<br />
Tyne and Wear NE12 6RD<br />
Tel: 0845 643 2122<br />
Email: sales@ukbinternational.com<br />
Web: www.ukbinternational.com<br />
Hoyles are the UK’s leading supplier of<br />
custom designed equipment for the<br />
security and access control industry.<br />
From simple indicator panels to<br />
complex door interlock systems.<br />
BUSINESS CONTINUITY<br />
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT<br />
VANDERBILT INTERNATIONAL (UK) LTD<br />
Suite 7, Castlegate Business Park<br />
Caldicot, South Wales NP26 5AD UK<br />
Main: +44 (0) 2036 300 670<br />
email: info.uk@vanderbiltindustries.com<br />
web: www.vanderbiltindustries.com<br />
BUSINESS CONTINUITY MANAGEMENT<br />
CONTINUITY FORUM<br />
Creating Continuity ....... Building Resilience<br />
A not-for-profit organisation providing help and support<br />
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845<br />
Email: membership@continuityforum.org<br />
Web: www.continuityforum.org<br />
www.insight-security.com Tel: +44 (0)1273 475500
CCTV<br />
CONTROL ROOM & MONITORING SERVICES<br />
CCTV<br />
Rapid Deployment Digital IP High Resolution CCTV<br />
40 hour battery, Solar, Wind Turbine and Thermal Imaging<br />
Wired or wireless communication fixed IP<br />
CE Certified<br />
Modicam Europe, 5 Station Road, Shepreth,<br />
Cambridgeshire SG8 6PZ<br />
www.modicam.com sales@modicameurope.com<br />
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS<br />
ALTRON COMMUNICATIONS EQUIPMENT LTD<br />
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ<br />
Tel: +44 (0) 1269 831431<br />
Email: cctvsales@altron.co.uk<br />
Web: www.altron.co.uk<br />
ADVANCED MONITORING SERVICES<br />
EUROTECH MONITORING SERVICES LTD.<br />
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring<br />
• Vehicle Tracking • Message Handling<br />
• Help Desk Facilities • Keyholding/Alarm Response<br />
Tel: 0208 889 0475 Fax: 0208 889 6679<br />
E-MAIL eurotech@eurotechmonitoring.net<br />
Web: www.eurotechmonitoring.net<br />
DISTRIBUTORS<br />
CCTV<br />
G-TEC<br />
Gtec House, 35-37 Whitton Dene<br />
Hounslow, Middlesex TW3 2JN<br />
Tel: 0208 898 9500<br />
www.gtecsecurity.co.uk<br />
sales@gtecsecurity.co.uk<br />
CCTV/IP SOLUTIONS<br />
DALLMEIER UK LTD<br />
3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH<br />
Tel: +44 (0) 117 303 9 303<br />
Fax: +44 (0) 117 303 9 302<br />
Email: dallmeieruk@dallmeier.com<br />
SPECIALISTS IN HD CCTV<br />
MaxxOne<br />
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.maxxone.com<br />
sales@onlinesecurityproducts.co.uk<br />
www.onlinesecurityproducts.co.uk<br />
AWARD-WINNING, LEADING GLOBAL WHOLESALE<br />
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.<br />
ADI GLOBAL DISTRIBUTION<br />
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company<br />
also offers an internal technical support team, dedicated field support engineers along with a suite of<br />
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified<br />
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online<br />
account, installers can order up to 7pm for next day delivery.<br />
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk<br />
CCTV & IP SECURITY SOLUTIONS<br />
PANASONIC SYSTEM COMMUNICATIONS COMPANY<br />
EUROPE<br />
Panasonic House, Willoughby Road<br />
Bracknell, Berkshire RG12 8FP UK<br />
Tel: 0207 0226530<br />
Email: info@business.panasonic.co.uk<br />
WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS,<br />
PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.<br />
MAYFLEX<br />
Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ<br />
Tel: 0800 881 5199<br />
Email: securitysales@mayflex.com<br />
Web: www.mayflex.com<br />
COMMUNICATIONS & TRANSMISSION EQUIPMENT<br />
KBC NETWORKS LTD.<br />
Barham Court, Teston, Maidstone, Kent ME18 5BZ<br />
www.kbcnetworks.com<br />
Phone: 01622 618787<br />
Fax: 020 7100 8147<br />
Email: emeasales@kbcnetworks.com<br />
DIGITAL IP CCTV<br />
SESYS LTD<br />
High resolution ATEX certified cameras, rapid deployment<br />
cameras and fixed IP CCTV surveillance solutions available with<br />
wired or wireless communications.<br />
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG<br />
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333<br />
Email: info@sesys.co.uk www.sesys.co.uk<br />
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS<br />
CONTROL AND INTRUDER DETECTION SOLUTIONS<br />
NORBAIN SD LTD<br />
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP<br />
Tel: 0118 912 5000 Fax: 0118 912 5001<br />
www.norbain.com<br />
Email: info@norbain.com<br />
CCTV SPECIALISTS<br />
PLETTAC SECURITY LTD<br />
Unit 39 Sir Frank Whittle Business Centre,<br />
Great Central Way, Rugby, Warwickshire CV21 3XH<br />
Tel: 01788 567811 Fax: 01788 544 549<br />
Email: jackie@plettac.co.uk<br />
www.plettac.co.uk<br />
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION<br />
SATSECURE<br />
Hikivision & MaxxOne (logos) Authorised Dealer<br />
Unit A10 Pear Mill, Lower Bredbury,<br />
Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.satsecure.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
EMPLOYMENT<br />
FIRE AND SECURITY INDUSTRY RECRUITMENT<br />
SECURITY VACANCIES<br />
www.securityvacancies.com<br />
Telephone: 01420 525260<br />
INTEGRATED SECURITY SOLUTIONS<br />
INNER RANGE EUROPE LTD<br />
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,<br />
Reading, Berkshire RG74GB, United Kingdom<br />
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001<br />
Email: ireurope@innerrange.co.uk<br />
www.innerrange.com<br />
PERIMETER PROTECTION<br />
IDENTIFICATION<br />
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS<br />
GJD MANUFACTURING LTD<br />
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX<br />
Tel: + 44 (0) 1706 363998<br />
Fax: + 44 (0) 1706 363991<br />
Email: info@gjd.co.uk<br />
www.gjd.co.uk<br />
COMPLETE SOLUTIONS FOR IDENTIFICATION<br />
DATABAC GROUP LIMITED<br />
1 The Ashway Centre, Elm Crescent,<br />
Kingston upon Thames, Surrey KT2 6HH<br />
Tel: +44 (0)20 8546 9826<br />
Fax:+44 (0)20 8547 1026<br />
enquiries@databac.com<br />
PERIMETER PROTECTION<br />
GPS PERIMETER SYSTEMS LTD<br />
14 Low Farm Place, Moulton Park<br />
Northampton, NN3 6HY UK<br />
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097<br />
E-mail: info@gpsperimeter.co.uk<br />
Web site: www.gpsperimeter.co.uk<br />
POWER<br />
INDUSTRY ORGANISATIONS<br />
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY<br />
BRITISH SECURITY INDUSTRY ASSOCIATION<br />
Tel: 0845 389 3889<br />
Email: info@bsia.co.uk<br />
Website: www.bsia.co.uk<br />
Twitter: @thebsia<br />
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY<br />
SSAIB<br />
7-11 Earsdon Road, West Monkseaton<br />
Whitley Bay, Tyne & Wear<br />
NE25 9SX<br />
Tel: 0191 2963242<br />
Web: www.ssaib.org<br />
INTEGRATED SECURITY SOLUTIONS<br />
POWER SUPPLIES – DC SWITCH MODE AND AC<br />
DYCON LTD<br />
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER<br />
Tel: 01443 471900 Fax: 01443 479 374<br />
Email: sales@dyconpower.com<br />
www.dyconpower.com<br />
STANDBY POWER<br />
UPS SYSTEMS PLC<br />
Herongate, Hungerford, Berkshire RG17 0YU<br />
Tel: 01488 680500<br />
sales@upssystems.co.uk<br />
www.upssystems.co.uk<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
ADEPT POWER SOLUTIONS LTD<br />
Adept House, 65 South Way, Walworth Business Park<br />
Andover, Hants SP10 5AF<br />
Tel: 01264 351415 Fax: 01264 351217<br />
Web: www.adeptpower.co.uk<br />
E-mail: sales@adeptpower.co.uk<br />
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS<br />
HONEYWELL SECURITY AND FIRE<br />
Tel: +44 (0) 844 8000 235<br />
E-mail: securitysales@honeywell.com<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
UNINTERRUPTIBLE POWER SUPPLIES LTD<br />
Woodgate, Bartley Wood Business Park<br />
Hook, Hampshire RG27 9XA<br />
Tel: 01256 386700 5152 e-mail:<br />
sales@upspower.co.uk<br />
www.upspower.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
SECURITY<br />
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS<br />
INSIGHT SECURITY<br />
Units 1 & 2 Cliffe Industrial Estate<br />
Lewes, East Sussex BN8 6JL<br />
Tel: 01273 475500<br />
Email:info@insight-security.com<br />
www.insight-security.com<br />
CASH & VALUABLES IN TRANSIT<br />
CONTRACT SECURITY SERVICES LTD<br />
Challenger House, 125 Gunnersbury Lane, London W3 8LH<br />
Tel: 020 8752 0160 Fax: 020 8992 9536<br />
E: info@contractsecurity.co.uk<br />
E: sales@contractsecurity.co.uk<br />
Web: www.contractsecurity.co.uk<br />
QUALITY SECURITY AND SUPPORT SERVICES<br />
CONSTANT SECURITY SERVICES<br />
Cliff Street, Rotherham, South Yorkshire S64 9HU<br />
Tel: 0845 330 4400<br />
Email: contact@constant-services.com<br />
www.constant-services.com<br />
ONLINE SECURITY SUPERMARKET<br />
EBUYELECTRICAL.COM<br />
Lincoln House,<br />
Malcolm Street<br />
Derby DE23 8LT<br />
Tel: 0871 208 1187<br />
www.ebuyelectrical.com<br />
LIFE SAFETY EQUIPMENT<br />
C-TEC<br />
Challenge Way, Martland Park,<br />
Wigan WN5 OLD United Kingdom<br />
Tel: +44 (0) 1942 322744<br />
Fax: +44 (0) 1942 829867<br />
Website: www.c-tec.com<br />
PERIMETER SECURITY<br />
TAKEX EUROPE LTD<br />
Aviary Court, Wade Road, Basingstoke<br />
Hampshire RG24 8PE<br />
Tel: +44 (0) 1256 475555<br />
Fax: +44 (0) 1256 466268<br />
Email: sales@takex.com<br />
Web: www.takex.com<br />
FENCING SPECIALISTS<br />
J B CORRIE & CO LTD<br />
Frenchmans Road<br />
Petersfield, Hampshire GU32 3AP<br />
Tel: 01730 237100<br />
Fax: 01730 264915<br />
email: fencing@jbcorrie.co.uk<br />
INTRUSION DETECTION AND PERIMETER PROTECTION<br />
OPTEX (EUROPE) LTD<br />
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre<br />
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B<br />
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ<br />
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311<br />
Email: sales@optex-europe.com<br />
www.optex-europe.com<br />
SECURITY EQUIPMENT<br />
PYRONIX LIMITED<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY.<br />
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042<br />
www.facebook.com/Pyronix<br />
www.linkedin.com/company/pyronix www.twitter.com/pyronix<br />
SECURITY SYSTEMS<br />
BOSCH SECURITY SYSTEMS LTD<br />
PO Box 750, Uxbridge, Middlesex UB9 5ZJ<br />
Tel: 0330 1239979<br />
E-mail: uk.securitysystems@bosch.com<br />
Web: uk.boschsecurity.com<br />
INTRUDER AND FIRE PRODUCTS<br />
CQR SECURITY<br />
125 Pasture road, Moreton, Wirral UK CH46 4 TH<br />
Tel: 0151 606 1000<br />
Fax: 0151 606 1122<br />
Email: andyw@cqr.co.uk<br />
www.cqr.co.uk<br />
SECURITY EQUIPMENT<br />
CASTLE<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY<br />
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042<br />
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity<br />
www.twitter.com/castlesecurity<br />
SECURE CONNECTIVITY PROVIDERS<br />
CSL<br />
T: +44 (0)1895 474 474<br />
sales@csldual.com<br />
@CSLDualCom<br />
www.csldual.com<br />
SECURITY PRODUCTS<br />
EATON<br />
Eaton is one of the world’s leading manufacturers of security equipment<br />
its Scantronic and Menvier product lines are suitable for all types of<br />
commercial and residential installations.<br />
Tel: 01594 545 400 Email: securitysales@eaton.com<br />
Web: www.uk.eaton.com Twitter: @securityTP<br />
INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS<br />
RISCO GROUP<br />
Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton,<br />
Manchester, M24 2SS<br />
Tel: 0161 655 5500 Fax: 0161 655 5501<br />
Email: sales@riscogroup.co.uk<br />
Web: www.riscogroup.com/uk<br />
SECURITY SYSTEMS<br />
VICON INDUSTRIES LTD.<br />
Brunel Way, Fareham<br />
Hampshire, PO15 5TX<br />
United Kingdom<br />
www.vicon.com<br />
www.insight-security.com Tel: +44 (0)1273 475500
R<br />
EasyIP 3.0<br />
H.265+<br />
SIMPLE AND POWERFUL<br />
THE EASIER JOURNEY TO<br />
BETTER SECURITY<br />
EasyIP 3.0 SERIES<br />
- Up to 4K ultra-HD, advanced H.265+ encoding<br />
- Darkfighter ultra-low illumination technology<br />
- Efficient VCA functions<br />
- Easy to install, setup, and manage<br />
- Budget-friendly and powerful<br />
Hikvision UK & Ireland<br />
4 The Square, Stockley Park,<br />
Uxbridge, UB11 1ET<br />
Tel: 01628 902140<br />
sales.uk@hikvision.com<br />
support.uk@hikvision.com<br />
www.hikvision.co.uk