RiskUKJune2017

June 2017
www.risk-uk.com
Security and Fire Management
Securing Built Environments
Best Practice Techniques for Designing Out Crime
Enterprise Security Risk Management: Strategic Priorities
Fire Safety: Observing Standards and The Law
Machine Learning: A New Layer of Cyber Defence
IFSEC and FIREX International 2017: Solutions Guide

Hosle Vehicle Migaon
• Novel An‐Vehicle Wire Rope Fences and An‐Vehicle HVM Bollards
• Aesthec Bollard and Street Furniture Sleeves Available
• Protecng Perimeters, Crical Naonal Infrastructure and Crowded Locaons from Vehicle Borne Aacks
• All tested at MIRA and TRL to BSI PAS 68, IWA 14‐1 or ASTM F2656
• Tested in So Ground to 30, 40 and 50mph
• Quick Installaon and Minimal Maintenance
• ZERO Penetraon and Shallow Embedment
Visit bristorm.com
Email info@bristorm.com
Call +44(0)1902 499400

June 2017
Contents
48 Contractor Screening: Eradicating Blind Spots
Steve Girdler addresses the security management implications
for hiring companies realised by the sharing and gig economies
The UK’s Technology Skills Gap (pp13-14)
5 Editorial Comment
6 News Update
Cifas issues Fraudscape Report. BS 10012:2017 for Personal
Data Protection. Veritas Technologies study on GDPR compliance
8 News Analysis: WannaCry Ransomware Attack
Etienne Greeff assesses both the extent of the damage wrought
by the WannaCry ransomware attack and the future threat posed
10 News Special: Cortech Open Innovation Events
Cortech Developments announces the appointment of Risk UK
as its Official Media Partner for the 2017 COIE Series
13 Opinion: The UK’s Technology Skills Gap
One particular area which John Davies believes should now be
subject to greater scrutiny is the UK’s technology skills gap
16 Opinion: Security’s VERTEX Voice
Peter Webster examines why security guarding companies
should be taking a keen interest in The Great Repeal Bill
19 BSIA Briefing
James Kelly outlines what’s in store at IFSEC International 2017
22 Security in the Built Environment
Can we reduce crime through improved planning and design in
built environments? Jon Roadnight and Tony Townsend think so
51 The Changing Face of Security Services
The future of security uniforms, the role of females in the
security profession and reflections on the Manchester Arena
terrorist attack are all covered in our regular guarding focus
58 The Keys to Successful Security Management
Steve Bumphrey on the need for continual security reviews
60 Fire Safety: Standards and The Law
Don Scott discusses the importance of standards in fire safety
62 Breaches in Fire Compartmentation
Richard Sutton observes key fire compartmentation procedures
64 The Security Institute’s View
Dan Kaszeta and Rachel Carter tackle terrorism insurance issues
66 In The Spotlight: ASIS International UK Chapter
68 FIA Technical Briefing
70 Security Services: Best Practice Casebook
72 Machine Learning and Cyber Defence
74 Training and Career Development
76 Risk in Action
78 Technology in Focus
81 Appointments
The latest people moves in the security and fire business sectors
24 ‘Learning The Business’: ESRM
Godfried Hendriks provides an overview of the philosophy
underpinning Enterprise Security Risk Management
27 CSI for Boardrooms
Jeremy Stimson evaluates the role and importance of digital
forensics in relation to today’s crime investigation teams
31 IFSEC and FIREX International 2017
Wireless security systems, impact testing, voice sounders and
access control feature in our IFSEC and FIREX Solutions Guide
46 Moving With The Times
Access control upgrades for buildings can sometimes be put on
hold, but they shouldn’t be. Tim Northwood duly explains why
84 The Risk UK Directory
ISSN 1740-3480
Risk UK is published monthly by Pro-Activ Publications
Ltd and specifically aimed at security and risk
management, loss prevention, business continuity and
fire safety professionals operating within the UK’s largest
commercial organisations
© Pro-Activ Publications Ltd 2017
All rights reserved. No part of this publication may be
reproduced or transmitted in any form or by any means
electronic or mechanical (including photocopying, recording
or any information storage and retrieval system) without the
prior written permission of the publisher
The views expressed in Risk UK are not necessarily those of
the publisher
Risk UK is currently available for an annual subscription rate of
£78.00 (UK only)
www.risk-uk.com
Risk UK
PO Box 332
Dartford DA1 9FF
Editor Brian Sims BA (Hons) Hon FSyI
Tel: 0208 295 8304 Mob: 07500 606013
e-mail: brian.sims@risk-uk.com
Design and Production Matt Jarvis
Tel: 0208 295 8310 Fax: 0870 429 2015
e-mail: matt.jarvis@proactivpubs.co.uk
Advertisement Director Paul Amura
Tel: 0208 295 8307 Fax: 01322 292295
e-mail: paul.amura@proactivpubs.co.uk
Administration Tracey Beale
Tel: 0208 295 8306 Fax: 01322 292295
e-mail: tracey.beale@proactivpubs.co.uk
Managing Director Mark Quittenton
Chairman Larry O’Leary
Editorial: 0208 295 8304
Advertising: 0208 295 8307
3
www.risk-uk.com

Connect your life to your home
and your security
Texecom Connect set to transform the end user security experience
At IFSEC 2017, the Texecom stand will showcase live demonstrations of Texecom Connect, Texecom’s upcoming smart
connectivity platform, solving security and automation challenges in real-world scenarios.
With Texecom Connect, security installers are able to offer customers a secure system with the additional benefits of automation,
smart management and flexible control, all from the flagship Premier Elite range of control panels.
Texecom products are designed
and manufactured in the UK

Texecom Connect App
New smartphone application for user
automation and control
Texecom Connect SmartCom
Texecom Connect ethernet and
WiFi communicator
Texecom Connect API
Protocol to interface and integrate with
3rd party solutions
Connect with us on Stand G1200
www.texe.com
Sales: +44 (0)1706 220460
Editorial Comment
Sense of Risk
Although most organisations do fully appreciate the value of
adopting an innovative approach to their business, it’s not
always the easiest thing to introduce. That’s not necessarily
because people are openly opposed to the idea. Rather, it’s the
perceived sense of risk that can ultimately scupper a company’s
bold desire to be progressive. Unless an organisation nurtures a
culture that fully embraces innovation, it’s absolutely fair to
suggest the overriding fear of change can be somewhat stifling.
“Senior management needs to believe in the intrinsic value of
innovation and be seen to support initiatives that can make this
a reality,” stated Christine Caunce, managing director at APS
Group Secure Solutions. “Change has to emanate from the top.”
Caunce rightly asserts that, whenever change occurs in an
organisation, there are often bumps in the road. “When those
bumps are struck, individuals who may have been unsettled by
the disruption to ‘business as usual’ will shine a scathing
spotlight on the initiative.” It takes broad-shouldered project
leaders to move past the inevitably ensuing criticism. Again, this
is where the support of senior management is going to be vital.
“In organisations where the culture isn’t fully supportive,”
added Caunce, “individuals will be far more wary of upsetting
the apple cart. Potential bumps in the road that could be viewed
as hurdles are now looked upon as insurmountable barriers.”
It’s clear to see how all of this might impact decision-making in
a tender process. Early discussions focused on innovative ideas
wouldn’t be unusual. For instance, a Marketing Department may
enthusiastically endorse a new digital approach in co-ordination
with traditional printed communications. However, in the later
stages of the process, with the fear of change starting to shape
lines of thinking, enthusiasm for the new approach could wane.
“Innovation is often introduced into companies with the help
and assistance of forward-thinking suppliers,” observed Caunce.
“The challenge for procurement teams is that, when one supplier
is offering an innovative approach and another isn’t, they’re no
longer comparing apples with apples. They’re not able to look at
two similar bids and select the most competitive price.”
Innovation harbours an unknown value. In itself, this creates a
tricky problem for those tasked with delivering cost savings.
Under this scenario, it’s wholly understandable why procurement
will stick to what they know. They can then opine: “Previously,
we were paying Y. Now, we’re paying X.” The gain, then, is clear.
This procurement challenge is the subject of a recent White
Paper entitled ‘Putting a Price on Innovation: The Procurement
Puzzle’. The document reviews the example of Philips and how
its long-term approach to cost savings has helped the business
in successfully building collaborative supplier relationships.
“What’s clear from Philips’ approach,” concluded Caunce, “is
that, when innovation is embraced at the top of a company, the
perceived risk of pursuing these initiatives is lessened for those
individuals occupying lower levels in the company’s structure. To
successfully reduce the sense of risk that emerges along with
innovation, organisations need to address their corporate culture
and put in place systems that actively enable change.”
Brian Sims BA (Hons) Hon FSyI
Editor
December 2012
5
www.risk-uk.com

“Rise in facility takeovers reveals need for
better fraud education” outlines Cifas
Cifas, the UK’s fraud prevention service, has
released a new report detailing the fraud trends
from over 325,000 cases recorded in 2016. The
data from 387 organisations (including many
major UK brands) is one of the most
comprehensive pictures of fraud and fraudulent
attempts made in the UK.
Key findings from the annual Fraudscape
report include the fact that over 325,000
internal and external fraud cases were recorded
in total, which is up from 321,092 (representing
a 1% increase) in the previous year.
Organisations successfully prevented £1.03
billion in fraud losses through non-competitive
data sharing. Identity crimes (ie identity fraud
and facility takeover) remain the biggest threat,
representing 60% of all fraud recorded.
Facility takeovers increased by 45% from
15,497 to 22,525. Over 50% of those takeovers
recorded were enabled over the phone in calls
to Call Centre staff. 88% of identity frauds were
committed online compared to 30% of facility
takeovers occurring in the digital environment.
A facility takeover happens when a fraudster
poses as a genuine customer, gains control of
an existing account and uses it for their own
ends – such as making transactions or ordering
new products or product upgrades. Any account
can be taken over by fraudsters, including bank
accounts and credit cards as well as telephone,
e-mail and other services.
The increase in facility takeover episodes,
and particularly so those committed over the
phone, is a sign that, as security for customer
accounts has increased, criminals have begun
to target individuals instead and attempt to
trick them into revealing their personal details.
Fraudsters will collate personal data and
identify targets in a variety of ways, such as via
data breaches, social media ‘footprints’ and
other open source information. In order to
access the level of detailed information needed
to conduct a successful takeover, fraudsters will
then often contact their victims directly and
manipulate them into revealing yet further
personal data. Once they have enough personal
details, fraudsters go on to call the bank, phone
retailer or service provider armed with the level
of information needed to convince Call Centre
staff that they’re the genuine customer.
Cifas’ CEO Simon Dukes said: “Working
together, organisations prevented £1 billion
worth of fraud last year, but we know that, as
one method of criminality becomes harder for
them to pursue, fraudsters change tactic rather
than stop. We’re now seeing that the advances
made in securing online access to customer
accounts have led to fraudsters targeting the
human being at the end of the phone. Education
here is key. We strongly urge the next
Government to do more to ensure that
individuals know how to avoid the scammers.”
Standard for data protection revised to safeguard personal information
Business standards company the British Standards Institution (BSI) has updated its standard for
data protection. BS 10012:2017 Data Protection – Specification for a Personal Information
Management System was developed to provide Best Practice guidance for those leaders
responsible for the management of personal information.
The revised British Standard is applicable to organisations of all sizes and sectors and specifies
the requirements for them to adopt a personal information management system (PIMS). A PIMS
provides a framework for maintaining and improving compliance with data protection requirements.
In addition, the British Standard is intended to provide clear guidance for internal and external
assessors on assessing compliance with data protection requirements.
Changes from the 2009 version of BS 10012 include a new definition of personal and sensitive
data, restrictions on profiling using personal data and new administrative requirements for data
privacy officers. Data written under a pseudonym is now specifically covered, and there are also
stricter requirements for consent around processing. BS 10012 takes into account a change in the
law to cover data processors.
Implementing BS 10012 will assist many organisations in their adoption of an appropriate
information governance strategy designed to support any immediate and future regulatory, legal,
risk, environmental and operational requirements.
Anne Hayes, head of governance and resilience at the BSI, explained: “BS 10012 will provide
organisations with structured guidance on implementing a common sense strategy that’s
configured to handle personal information as securely as possible.”
6
www.risk-uk.com

News Update
Organisations worldwide fear noncompliance
with GDPR could put
them out of business
The majority of organisations worldwide (86%)
are concerned that any failure to adhere to the
upcoming EU General Data Protection
Regulation (GDPR) could have a major
negative impact on their business.
According to a study carried out by Veritas
Technologies, nearly 20% said they fear that
non-compliance could actually put them out of
business. This concern emanates in the face of
potential fines for non-compliance that will be
as high as €20 million or 4% of annual
turnover (whichever is the greater sum).
Intended to harmonise the governance of
information that relates to individuals
(‘personal data’) across European Union (EU)
Member States, the GDPR requires greater
oversight of where and how personal data –
including credit card, banking and healthcare
information – is stored and transferred and
how access to it is both policed and audited.
Coming into force on 25 May 2018, the
GDPR will not only affect organisations within
the EU, but also extend globally, impacting
any organisation that offers goods or services
to EU residents or monitors their behaviour
(for example by tracking their buying habits).
The study indicates that a substantial 47% of
organisations globally harbour major doubts
that they’ll meet this compliance deadline.
The Veritas GDPR Report 2017 finds that
more than one-in-five (21%) businesses are
very worried about potential lay-offs, fearing
that staff reductions may be an inevitable
outcome as a result of financial penalties
incurred due to GDPR compliance failures.
Organisations are also concerned about the
impact non-compliance could have on their
brand image, especially if and when a
compliance failure is made public, potentially
as a result of the new obligations to notify
data breach occurrences to those parties
immediately affected. Some 19% of those
surveyed fear that negative media or social
coverage could cause their organisation to
lose customers. An additional one-in-ten (12%)
are very concerned that their brand would be
de-valued as a result of negative coverage.
The research highlights that many
organisations appear to be facing serious
challenges in understanding what data they
have, where that data is located and its
relevance to the business – a critical first step
in the GDPR compliance journey.
The Veritas Technologies study reveals that
many of today’s organisations are struggling
to solve these challenges simply because they
lack the proper technology needed to address
compliance regulations.
Criminal Finances Bill receives
Royal Assent to tackle money
laundering and corruption
The Criminal Finances Act 2017 will give law
enforcement agencies and their partners
further capabilities and powers to recover the
proceeds of crime, tackle money laundering,
tax evasion and corruption and combat the
financing of terrorism.
The Act of Parliament creates unexplained
wealth orders which can require those
suspected of serious crime or corruption to
explain the sources of their wealth. It also
introduces new criminal offences for those
corporations who fail to prevent any member
of their staff from facilitating tax evasion.
The Act enables the seizure and forfeiture of
the proceeds of crime and terrorist money
stored in bank accounts and certain personal
or moveable items, provides legal protections
for the sharing of information between
regulated companies and extends the time
period granted to law enforcement agencies
for investigating suspicious transactions.
Also, the Act extends disclosure orders to
cover money laundering and terrorist finance
investigations while at the same time
extending the existing civil recovery regime in
the Proceeds of Crime Act to allow for the
recovery of the proceeds of gross Human
Rights abuses or violations overseas.
James Siswick, partner for risk consulting at
KPMG UK, commented: “In a week when UK
banks begin to show signs of having their
costs under control, another set of compliance
requirements comes along which could expose
them to unlimited fines and reputational
damage. From September, all financial
institutions will be ‘on the hook’ for the
conduct of their staff. This isn’t just a case of
reassessing product offerings and having a
firm word with the Tax Department. The
Criminal Finances Act applies to all business
activity. It could be triggered by the erroneous
treatment of employees’ expenses or missing
VAT on a window cleaning bill. Institutions
now face the task of assessing where their
risks lie and how to implement reasonable
procedures in order to fully manage them.”
Siswick concluded: “While few firms will be
jumping for joy at the prospect of yet more
compliance, the price of ‘getting it wrong’ will
undoubtedly assist in making the UK a leader
in this area and should also act as a driver for
good corporate culture.”
7
www.risk-uk.com

Will WannaCry pave the way for future
ransomware attacks on organisations?
before they can access their files. To avoid
payments being traced or blocked, cyber
criminals have typically used cryptocurrency
platforms such as Altcoin and Bitcoin.
The aptly-named
WannaCry ransomware
attack, which brought
organisations around
the globe to their
knees when it first
appeared on Friday 12
May, is the latest in an
ongoing tidal wave of
ransomware-focused
cyber episodes. In an
exclusive News
Analysis for the
readers of Risk UK,
Etienne Greeff
assesses both the
extent of the damage
wrought and the
future threat posed
The WannaCry ransomware attack was a
worldwide cyber attack perpetrated by the
WannaCry ransomware cryptoworm, itself
deliberately designed to target those
computers running the Microsoft Windows
operating system by encrypting data and
demanding ransom payments.
The initial attack began on Friday 12 May
and, within a single day, was reported to have
infected more than 230,000 computers in over
150 countries. Shortly after the attack began, a
web security researcher who blogs as
‘MalwareTech’ discovered an effective ‘kill
switch’ by registering a domain name found in
the code of the ransomware. This greatly
slowed the spread of the infection, effectively
halting the initial outbreak on Monday 15 May,
but new versions were subsequently detected
that lack the ‘kill switch’.
For those organisations who have felt the full
wrath of the attack and any others presently
storing data on vulnerable software, this should
be deemed as a serious wake-up call. After all,
WannaCry exploits a flaw in vulnerable, end-oflife
versions of Microsoft Windows (most
notably Windows XP and Windows 7). As
stated, to unlock the hijacked data, the
WannaCry hackers have been demanding a
payment worth £230 from infected end users.
Ransomware was the foremost type of
malware in 2016. It works by encrypting – or
‘hijacking’ – files until a ransom is paid. In the
meantime, the end user sees a displayed
message stating that payment is required
Assessing the damage
Many large organisations have already faced
the consequences of vulnerabilities exploited
by WannaCry. Alongside the NHS in the UK,
infected organisations have included Germany’s
main rail company Deutsche Bahn, Spain’s
Telefonica, French car manufacturer Renault, US
logistics company FedEx and thousands of
victims in countries such as Russia, India,
China, the Ukraine and Taiwan. The extent and
scale of the damage caused is very significant.
In China alone, nearly 30,000 organisations
had been attacked by the end of Saturday 14
May. While the attack attracted significant
media coverage in the UK, we didn’t even
feature in the Top 20 list of countries by hosts
infected. The most infected country was the
Russian Federation followed by the Ukraine,
India and Taiwan. A reported 1,000 computers
at the Russian Interior Ministry were infected.
What made the UK so newsworthy was the
real-life impact caused by attacks on hospitals.
The ‘hijack’ of the NHS meant patients had to
be moved, treatments delayed and medical
procedures cancelled. Clearly, this attack is
highly aggressive and has been extremely
effective. Even though cyber security experts
recommend victims don’t pay the attackers,
many have done so to obtain the decryption
key and restore normal operations.
WannaCry propagates using EternalBlue, an
exploit of Windows’ Server Message Block
protocol. Much of the attention and comment
around the event was occasioned by the fact
that the US National Security Agency had
discovered the vulnerability in the past, but
used it to create an exploit for its own offensive
work rather than report it to Microsoft. It was
only when the existence of this vulnerability
was revealed by The Shadow Brokers that
Microsoft became aware of the issue and
issued a ‘critical’ security patch on 14 March,
but many organisations had not yet applied it.
Scaled beyond belief
We know that the WannaCry malware spread
exponentially through a worm-borne
ransomware, but it lacks scale in decryption
8
www.risk-uk.com

News Analysis: WannaCry Ransomware Attack
and sophistication in ransom payment
collections. Simply put, the attackers’ clever
use of code has generated vast scale for
infections, but they’ve shown poor business
acumen for turning ransoms into profit. So,
despite its apparent success, has this attack
actually bitten off more than it can chew?
The WannaCry hackers have left much to be
desired when it comes to the transactional
components for securing the cash. WannaCry’s
decryption process is manual, which effectively
means that someone has to physically provide
the decryption key for literally hundreds of
thousands of ransoms (assuming anyone pays
up, of course). This process is fundamentally at
odds with the scale of the attack. The attackers
simply don’t have the manpower to ‘cash in’.
Second, Bitcoin (which, as stated, is used to
take the ransom payments) is the most visible
and traceable of all the cryptocurrency
platforms (and precisely why we’re beginning to
see ransomware attacks using altcoins such as
Monero and Zcash as the currency of choice).
The motivation behind the attack is unclear.
Our own analysis has led us to believe that the
attack was actually meant for home users. For
example, the malware is targeted at older
versions of Windows operating systems, which
are more commonly in use on home computers.
The inclusion of a ‘kill switch’ is interesting,
too. Typically, Domain Name System-based ‘kill
switches’ are used by virus writers to avoid
detection by sandboxes (a security mechanism
for running typically untested or untrusted
programs in isolation). A sandbox would
answer to all DNS queries and potential
requests to outside sites. Virus writers know
this and so terminate malware when they see
requests answered. This could point to the fact
that the malware was targeted at organisations
not running sandboxes, which would lead
towards the home user.
Combined with the failure to effectively
monetise the operation, this suggests the
intended targets were not corporate
organisations, such as the NHS and Telefonica.
It would seem these organisations found
themselves caught up in collateral damage.
However, they could easily have prevented any
ransomware infection through the adoption of
basic security hygiene in tandem with up-todate
frontline security.
Proactive data defence
Organisations should be taking a front foot
approach to avoid becoming the next in line
and being held hostage. They need to act now.
Make no mistake that the ransomware element
of the malware could easily be swapped for a
“What made the UK so newsworthy was the real-life impact
caused by attacks on hospitals. The ‘hijack’ of the NHS
meant patients had to be moved and treatments delayed”
more destructive command that would wipe the
hard drive of infected machines completely.
New and more innovative ‘strains’ of the
WannaCry malware are expected to emerge so
there’s a pressing need to be ready to weather
the storm.
The impact of WannaCry could have been
significantly suppressed if basic Best Practice
security hygiene had been implemented. The
NHS left itself vulnerable as its computer
systems were dangerously outdated.
Alarmingly, many NHS Trusts still use Windows
XP as their main operating system.
In order to operate a strong security defence,
organisations need consistent ingress and
egress filtering, regular patching and back-ups
of all data. Following these basic steps, security
should then focus on vulnerability testing and
management, improved end user education (to
stop the opening of dangerous links and
attachments), anti-virus endpoint detection and
content filtering.
These are all well-understood practices, of
course, but need to be implemented
consistently in order to break the ransomware
‘kill chain’ and choke this persistent threat.
The future threat
From the attackers’ perspective, WannaCry is a
technical success. They’ve proven their concept
for the worm delivery channel. With the
enormity and global scale achieved, however,
they will rue the day that they failed to convert
this opportunity into cold, hard and real-world
currency. Next time, the affected organisations
involved might not be so lucky.
Moving forward, this will not be the last we
see of large-scale ransomware attacks, or even
of WannaCry itself. Cyber criminals are
innovative and ‘tech savvy’. They’re constantly
looking for new ways in which to infiltrate
computer systems and deliver new payloads.
Easy wins, such as targeting legacy operating
systems, are just the tip of the iceberg.
The techniques for a similar attack will evolve
and grow to become more complex and more
damaging. In the future, we expect to see
game-changers such as new payment platforms
used for ransom, a greater array of target types,
‘Infect-A-Friend’ attacks and Ransomware-as-a-
Service. While the battle versus WannaCry has
certainly started, it has only just begun. More
than 1.3 million systems remain vulnerable.
Etienne Greeff: CTO and
Founder of SecureData
9
www.risk-uk.com

COIE 2017: A Collaborative Approach to
Industry Challenges and Risk Mitigation
overriding desire to listen, understand and act
on all of the feedback imparted.”
Cortech Developments
– the specialist in
mitigating risk in
relation to workplace
safety, security and
building efficiency –
has confirmed the
appointment of Risk
UK as its Official
Media Partner for the
2017 schedule of
Cortech Open
Innovation Events.
Here, Brian Sims
previews the content
on offer for practising
risk and security
management
professionals in
attendance
Bristol Science Centre will host the next
Cortech Open Innovation Event (COIE) on
Tuesday 18 July. This is a Continuing
Professional Development (CPD)-accredited
event with a difference for end users,
consultants and main contractors focusing on
innovative technology and the latest smart
integration techniques for workplace safety,
high security and building efficiency.
Paul Spence, marketing and communications
manager at Cortech Developments, explained:
“Previous COIEs have provided a great platform
for collaborative engagement, discussion and
debate regarding technology, Best Practice and
industry challenges. This backdrop will form an
integral part of the COIE Series throughout the
year as Cortech and our event partners seek to
promote knowledge transfer and added value
for those either managing buildings or involved
in specifying their security requirements.”
The Bristol gathering aims to challenge us all
to think about the way in which we manage
infrastructure and buildings with a view
towards enhanced safety, security,
interoperability and sustainability.
In conversation with Risk UK, Spence added:
“Given that these are CPD-accredited events
involving technology experts, we seek to impart
knowledge and empower building owners,
consultants and main contractors to embrace
new ideas and technology that assists in
mitigating risk. Our cluster groups on the day
bring together a cross-section of the industry to
openly discuss their challenges. It’s our
Empowering delegates
In collaboration with its partner manufacturers,
Cortech Developments provides an environment
for facilitating delegate interaction and
engagement through the aforementioned
organised cluster groups, in addition to the
demonstration of the latest technology.
Commenting on the value of the COIE days,
John Hill (head of operations at Cortech
Developments) said: “The Cortech Open
Innovation Events are always an exciting time
for me. They encourage passionate and open
discussion about the issues that really affect
the market. They’re a fantastic opportunity for
our industry to actually see what’s available
through technology and provide a platform for
us to listen to what the market is telling us and
discover how, through innovation, we can
continue to address industry needs.”
Craig Jackson, physical security advisor at the
DVLA, attended the last COIE of 2016 which
took place in London. He highlighted the value
to be gained in the cluster groups. “Having
attended several similar events during the
course of 2016, I thought I knew what to
expect, but this was different,” urged Jackson.
“In addition to the usual opportunity to keep
abreast of recent innovations in technology, the
event also provided a great platform for
networking with industry peers to both share
common issues and understand individual
concerns across the security industry.”
Glasgow COIE attendee Stephen Fleming,
physical security manager at the State Hospital,
observed: “I’ve attended previous Cortech
events and have always found them to be of
great value. The latest event in Glasgow was no
different as it was well-organised with quality
partners. Each COIE is an excellent networking
opportunity where you have the chance to
discuss the different challenges across the
security industry.”
The cluster groups draw on the opinion and
challenges of a cross-section of our industry
and this provides a particularly relevant lead
into the live demonstration on the day which is
facilitated through the use of software, control
technology and people to address challenges.
The demonstration provides an insight into
how smart integration can assist end users to
10
www.risk-uk.com

News Special: Cortech Open Innovation Events 2017
reduce risk and cost, meet their regulatory
requirements, enhance operational efficiency
and provide greater situational awareness.
Jason Blundell, head of sales at Cortech
Developments, spoke of the importance and
value of the live demonstration to delegates.
“Increasingly, organisations are centralising
their operations and managing technology
across multiple sites and buildings,” outlined
Blundell. “There’s a common need for visibility
and control of multiple systems and equipment.
As part of the demonstration, we highlight the
monitoring and control of technology from
thousands of miles away in practical terms.
Distance is no longer a barrier.”
The live demonstration has been viewed by
previous COIE delegates as an educational and
thought-provoking showpiece. “The experience
was augmented by real-time demonstrations of
the recording and control of security situations
within various applications ranging from fire
detection and CCTV monitoring through to
presence and perimeter detection,” enthused
Derek Follows, technical director at Jacobs UK,
who attended the COIE in Knutsford last year.
“An excellent event that’s invaluable for
contractors, specifiers and clients alike.”
This was a view shared by another Glasgow
COIE delegate, namely Allan Rowan (senior
building services engineer at Pick Everard).
“Attending a Cortech Open Innovation Event is a
fantastic way to keep up-to-date with the latest
thinking and developments across the field and
participate in stimulating exchanges of ideas
and experience. The interactive demonstration
was informative and interesting and afforded an
insight of how new and old systems can be
brought together under a single interface. This
has particular relevance to my profession and
industry in terms of the realisation of not only
energy efficiency, but also the significant
savings to be made in maintenance and the
effective prioritisation of alarm activations.”
Technology experts
Manufacturers confirmed for the forthcoming
COIE in Bristol are Bosch Security Systems
(CCTV), Harper Chalice (PIDs), Paxton (Access
Control) and Stentofon-Zenitel UK (Intercoms).
Each of the manufacturers will be represented
as part of the cluster groups and the live
demonstration, with representatives on hand
throughout the day to offer ‘one-t0-one’
engagement and advice for delegates.
As part of the COIE in Bristol, guest speaker
Steve Pilkington (technical director of Italik)
will address delegates regarding the current
cyber crime landscape. Pilkington’s
presentation will centre on what motivates a
hacker, examples of common threats, detail
around the ten steps to cyber risk management
and a summary of IT security trends.
“Speakers have proven to be a popular and
added value thread to the COIE Series,”
explained Paul Spence. “Cyber security is
becoming a fundamental part of business and
security strategy and we’re absolutely delighted
that Steve is presenting at the event to impart
his considerable knowledge and experience of
this specialist area.”
Spence went on to state: “Steve has over 20
years’ experience of working in IT as a
developer, an infrastructure consultant, a
network/security consultant and more recently
as a network security architect. He has also
been involved in a wide range of projects
involving everything from mobile device-based
Service Management Systems through to
virtualisation projects, network infrastructure
designs and secure architecture.”
Following last year’s COIE in London, Rob
Marshall (security and environment manager at
Cambridge University Press) spoke of the
benefits he gained from the cyber security
presentation given on the day. “Education and
value was obtained through the event’s guest
speaker, James Willison, who delivered a very
interesting, albeit concerning presentation on
the risk of cyber-physical attacks for
businesses. The end result of this has been
closer collaboration with my technology
colleagues to reduce the risk posed to our own
security systems. Furthermore, when we’re
investing in security equipment in the future,
we’ll ensure suppliers provide evidence that
they protect and secure their equipment.”
Bristol COIE itinerary
9.30 am: Arrival and Registration
10.30 am: Welcome from Cortech Developments
10.35 am: Industry Challenges in Focus
10.50 am: Guest Speaker – Steve Pilkington
(Italik) on Cyber Risk Management
11.10 am: Live Software/Hardware
Demonstration
11.50 am: Luncheon
12.15 pm: ‘Meet The Manufacturers’
2.20 pm: Closing Statements
If you’re an end user, security consultant or
main contractor interested in gaining a greater
understanding of smarter interoperability and
the mitigation of risk for workplace safety,
security and building efficiency, join Cortech
and its partners at one of this year’s events.
In 2017, the COIE Series runs as follows:
• COIE Bristol: 18 July 2017
• COIE Glasgow: 26 September 2017
• COIE Knutsford: 7 November 2017
Paul Spence: Marketing and
Communications Manager at
Cortech Developments
*Note that places for each
COIE are limited and will be
allocated on a first come, first
served basis. For more
information and to register
your interest in attendance
visit: www.coie.uk.com
11
www.risk-uk.com

Always a suitable solution
with the DIVAR hybrid
and network recorders
At Bosch, we believe that video surveillance solutions should be as easy to
install as they are to use. It’s the thinking behind our completely new portfolio
of DIVAR hybrid and network recording solutions. Specifically designed for
24/7 operation, they offer the ability to create video surveillance solutions
with professional security features. Solutions that can be tailored to fit the
growing needs of small and medium businesses.
boschsecurity.com

Opinion: Closing the UK’s Technology Skills Gap
Any shortage of technical training and skills
is going to be a significant issue across the
UK’s economy. Given its high reliance on
cutting-edge technology and expertise, the
UK’s security industry has particular reason to
be anxious of either a ‘brain drain’ or any
movement restrictions placed on internationally
sourced talent and resources post-Brexit.
A recent Hays Global Skills Index Survey
suggested that the UK’s skills shortage has
worsened for the fifth consecutive year, with an
8% increase materialising over that period. The
study, which involved no less than 90,000 UK
companies, also served to suggest that one-infour
vacancies is now difficult to fill. That’s a
staggering skills shortage by any definition.
The shortage in skilled technical labour is
even more pronounced when you consider that
unemployment is now at its lowest level for a
decade, meaning there’s an even smaller pool
of potential workers available to be trained in
skills shortage areas.
There’s a train of thought that suggests some
of these skills shortages are limited to very
niche areas and therefore don’t interest many
trainees or concern the majority of business
leaders. However, a skills shortage is always in
response to a specific need: it has to be a
blinkered view that ignores these requirements.
Research published earlier this year by the
Social Market Foundation states that science,
research, engineering and technology jobs will
grow at double the rate of other occupations
between now and 2023. This will see the
creation of 142,000 extra roles in these areas,
with the skills required for such positions
having to be sourced on an urgent footing.
When you look at the technical expertise
needs of the UK’s economy as a whole, there
are really two distinct aspects which demand to
be addressed. First, there’s the quality and
quantity of the potential pipeline of homegrown
talent. Second, there’s the availability of
talent from outside the UK.
In my experience, finding the best technical
expertise from the UK alone in the numbers
required can be quite a challenge. In our
business at the moment, we employ a sizeable
amount of our team from the best of the
international Human Resources market, finding
exactly the right people for key roles.
We also need to fully educate the next
generation of UK security professionals,
ensuring that we can find and nurture the right
talent closer to home in the future.
Taking the right steps
It’s disappointing to witness the current skills
gap as the UK Government started to take the
‘Mind The Gap’: Assessing the
Technology Skills Landscape
With Brexit dominating not only the national media’s
headlines, but also the consciousness of UK plc as a whole,
we’ve most certainly reached an important juncture when it
comes to planning for the future. Given the prospect of the
UK standing alone on the international stage when it comes
to trade and exports, it’s vital that we’re fully prepared for
doing so. One area which John Davies believes should be
subject to greater scrutiny is the technology skills gap
right steps some five-to-seven years ago by
reintroducing the concept of apprenticeships.
We will always need excellent academic
qualifications and trained people, but equally
so it must be recognised that a stint in further
education isn’t beloved by everyone.
Apprenticeships are a superb way of bringing
young and hungry talent into the industry for
‘on the job’ training. This isn’t just about
academic training, either. It also provides a
healthy dose of business experience as well.
That’s something which is perhaps more of a
challenge in traditional academia.
There has also been a lot of talk about ‘T-
Levels’ – Technology Level courses which offer
specific training for modern technology needs.
Indeed, it’s encouraging to see technology
education being promoted in this way and
appealing to those students who wish to build
a solid career in the UK’s technology sector.
In my experience, though, we in the UK are
still somewhat behind our European cousins
when it comes to technology education and
John Davies:
Managing Director of TDSi
13
www.risk-uk.com

Opinion: Closing the UK’s Technology Skills Gap
training. Take Germany, for example, a country
which has traditionally excelled in these areas.
The German education system has focused
heavily on engineering and vocational-based
training programmes which have paid dividends
for its technology sector. The country has also
continued to centre on this for decades,
meaning that it has an excellent pipeline of
trained talent ‘on tap’.
Such an approach would greatly enhance UK
training as well, affording up-and-coming talent
the support it needs to reach its full potential.
UK technology needs
The UK skills gap across all sectors has been
filled over the last few years largely thanks to a
healthy influx of very talented individuals from
across Europe. As a business, we’ve benefited
from this open and vibrant skills market,
supplementing the best of our local UK talent
with that from the European mainland and,
indeed, beyond.
With the Brexit deal now on the horizon, it
can only be hoped that this valuable source of
skilled professionals from Europe will not
simply dry up. At the very least, it’s essential
the UK continues to open its doors to this
expertise until such time that we can reap new
generations of home-grown UK talent, which is
evolving through the education system and
through other training initiatives (with, of
course, apprenticeships being among them).
It’s quite telling that, when you look at some
engineering faculties in UK universities, it’s
often the case 50% or more of their students
emanate from other countries. We have
education facilities that are world-renowned
and something to be proud of, and yet we still
don’t appear to be educating enough engineers
from the UK.
Interestingly, the UK Government recently
announced plans to promote what it terms a
‘Digital Strategy’ to support and underpin UK
businesses that work in this important sector.
This is a move to be applauded. It’s vital to
ensure that a post-Brexit UK is able to compete
fairly on this level.
It’s to be hoped that this approach has a
wider remit than just ‘online’ business.
Interestingly, part of the proposed scheme is
the establishment of a ‘Digital Skills
Partnership’ which will see the Government
work with businesses and other professional
“Apprenticeships are a superb way of bringing young and
hungry talent into the industry for ‘on the job’ training
which also provides a healthy dose of business experience”
organisations to help support and promote the
right skills for UK workers.
Any progress towards closing the skills gap is
encouraging, of course. It’s essential that the
security industry makes its voice heard when it
comes to supporting these initiatives – or any
future ones that may be developed – if there’s a
change in political leadership following this
month’s General Election.
Other ways to help
There are many ways in which to help
encourage students and existing workers to
train in the skills the UK economy needs. One
example is to offer financial incentives by
paying tuition fees or providing other support
for key degree courses to assist an increase in
numbers. This may encourage some students to
take these courses over their less vocational
alternatives. Going forward, establishing more
technical colleges and universities would also
seem to be a sensible approach.
Greater assistance from Government for
businesses providing ‘on the job’ training or
apprenticeships would be useful. This is a
classic win-win situation for everyone involved
and would help industry in filling the gaps that
need to be plugged ‘at the coalface’.
There’s also a need to address the gender
gap in technical education. We simply must
look to encourage more young women into
technical training and roles within the industry.
Sometimes there seems to be a perception that
technical jobs are ‘not for me’. This is
something we all need to tackle and correct,
ensuring that technical career paths are
inclusive and open to all potential talent.
Changes post-Brexit
With the changes that will follow Brexit in
regard to international trading and people
movement, it’s hoped that there will also be
significant evolution in the UK’s education
system to ensure we’re closing the skills gap.
We do possess some of the best educational
establishments in the world and a long history
of innovation and entrepreneurial skills to make
our technology highly commercial.
Undoubtedly, there’s a keen general interest
in technology – just try separating a Millennial
individual from their smart phone – and this
absolutely demands to be nurtured.
Along with apprenticeships and T-Levels, we
have the necessary tools and passion in place
to create the right opportunities. What we need
now is an impetus from UK leaders to help
close the skills gap and ensure that our
economy continues to grow and develop. This
has to be an essential target for all.
14
www.risk-uk.com

INSPIRATION
THROUGH INVALUABLE
DIGITAL INSIGHT
With approaches, systems and
devices constantly changing,
etailers need to be aware of the
latest trends and innovations to
gain significant competitive
advantage from their eCommerce
and mCommerce efforts.
The eTailing Summit offers a day
of meetings and networking with
industry suppliers and peers for
idea gathering, inspirations, tools
and tactics to help transform
strategies in line with the latest
technologies.
11th July 2017
Hilton London Canary Wharf
For further information contact Katie Bullot on:
01992 374049
k.bullot@forumevents.co.uk
@eTailingSummit
ForumEventsLtd
forumevents
MEDIA & INDUSTRY PARTNERS
etailingsummit.co.uk

Does Legislative Repeal Fit the Bill?
mention EU law that will not be part of the UK’s
legal system.
The British Government wants to invoke
controversial powers contained within King
Henry VIII’s Proclamation by the Crown Act of
1539, which also helped to disentangle England
from the continent at that time. These powers
will give ministers and civil servants alike the
authority to wade through vast amounts of EU
legislation and decide which bits to keep, which
to amend and which to repeal in their entirety.
Of particular note here is the fact that
ministers can waive the decisions through
without recourse to the House of Commons.
One of the largest
legislative projects
ever to be undertaken,
the Great Repeal Bill
will ensure that
European law no
longer applies in the
United Kingdom. Here,
Peter Webster
examines why
guarding companies
should be concerned
about the uncertainty
this legislation could
well create for the
security industry
One of the prerequisites of success for any
company in any industry is certainty, but
since the European Union (EU)
Referendum of June 2016, things have been far
from certain here in the UK. Whatever your side
of the argument, Brexit is now going ahead and
the best possible deal must be sought for the
UK and Europe. This is in everyone’s interests.
However, as the Government tiptoes its way
towards extricating the UK from European law
through the Great Repeal Bill, the guarding
sector has every reason to feel nervous.
Back in March, just a day after Article 50 was
invoked, David Davis (Secretary of State for
Exiting the EU) published the Great Repeal Bill,
which will repeal the 1972 European
Communities Act. This Act took Britain into the
EU and meant that European law assumed
precedence over laws passed in the British
Parliament. The repeal process is a gargantuan
task, as there are believed to be 12,000 EU
regulations in force, while Parliament has
passed some 7,900 Statutory Instruments
implementing EU legislation and 186 Acts
incorporating at least a degree of EU influence.
It’s argued that, without the Great Repeal
Bill, when the UK leaves the EU all of these
rules and regulations would no longer have
legal standing in the UK, creating a ‘black hole’
in our statute book. However, technical
problems will arise as EU laws are put on that
statute book. For instance, many EU laws
mention EU institutions in which the UK will no
longer participate after Brexit, or otherwise
Cause for concern
Although David Davis argues that the Great
Repeal Bill will provide “clarity and certainty”
by assuring laws derived from the EU don’t
“change overnight” during the Brexit process,
the precise terms of the UK’s deal with the EU
will remain unknown by the time the Great
Repeal Bill is introduced to Parliament later this
year. These practical considerations make the
alternative – a slow and torturous progression
of Bills through Parliament over many years –
simply impossible and the creation of any deal
with the EU somewhat difficult.
One significant issue with the Great Repeal
Bill is that, despite assurances to the effect that
it will be used correctly, it does hand
considerable power to the Government. As
former Lord Chief Justice Lord Judge said only
last year: “Unless strictly incidental to primary
legislation, every Henry VIII clause and every
vague skeleton Bill is a blow to the sovereignty
of Parliament. Each one is a self-inflicted blow,
with each one boosting the power of the
executive. Is that what we really want?”
These Henry VIII powers effectively eliminate
the checks and balances to which a Bill’s usual
passage through Parliament is subject. Indeed,
Parliament is effectively excluded from the
legislative process, even though Acts of
Parliament themselves may be repealed under
these clauses. Ultimately, nearly half a century
of workers’ rights, Health and Safety laws,
consumer protections, environmental standards
and numerous other factors are now in the
hands of Conservative ministers.
What’s the problem, then? These measures
are needed given the huge demands placed on
the Government by invoking Article 50 and
setting a firm date for the UK to exit the EU. In
principle, of course, the measure is fine. As a
16
www.risk-uk.com

Opinion: Security’s VERTEX Voice
mechanism to transfer any legislation into UK
law the Great Repeal Bill is to be welcomed, but
the Government should be mindful of the need
to ensure that the right balance is struck
between the requirement for scrutiny and the
necessity for speed.
The devil is in the detail. David Davis told Sky
News there are areas of EU law that need to be
“put right”, while also stating that: “There are
lots of parts of EU law of which we approve.”
There’s a perception that UK companies are
constrained by red tape and, while most
businesses will appreciate there being much
less of it, the risk with the powers as granted is
that they allow the Government to alter
legislation according to its own political
agenda. For example, the far right of the
Conservative Party would no doubt welcome
greater deregulation right across the board.
Safe from harm
What does all of this mean for the security
business sector, though? As an industry
employing well over 300,000 licensed
individuals, the security sector needs to be
making its voice heard in Government circles
and ensure that any attempt to amend or
revoke EU regulations as they pass across into
UK law doesn’t do it harm.
Take the Transfer of Undertakings (Protection
of Employment) Regulations – better known as
TUPE – as an example. These are designed to
protect employment rights when employees
transfer from one business to another. If the
Government chose to wipe TUPE from the
statute books the effects could be disastrous.
Every single security guarding company
traditionally ‘TUPEs’ staff from one job to
another at the end of a contract. Removal of
TUPE would give them a potentially massive
redundancy liability at the end of each contract
– one for which they simply wouldn’t have
allowed. This would have huge financial
implications for those in our industry, not to
mention other labour intensive sectors such as
cleaning and catering.
The cynical among us might consider that the
removal of TUPE would allow the Government
to outsource many of its existing functions at
lower cost. If this were to happen, it would be
solely to the benefit of the bigger contractors
(who are seemingly favoured for public sector
tenders on a consistent basis) and simply add
to a more uneven playing field.
Then there’s the potential for industrial
unrest and additional worry for workers created
by an erosion of the rights that they currently
enjoy. We could soon return to the bad old days
wherein any company that pays the lowest
wages wins the contract.
What’s more, by giving the power to change
important rights and protections for workers to
Judges, vital rules to protect workers could be
overturned without Parliament having any say.
This might include areas such as holiday pay
and equal pay, as well as direct and indirect
racial and gender discrimination.
The security industry is highly exposed to
regulatory change and the uncertainty created
by the Great Repeal Bill should be a worry.
On a practical day-to-day level, company
directors have a responsibility to manage and
quantify risk, but the risks here cannot be
quantified at the moment and, as a direct
result, leaves those in such important positions
of leadership pretty vulnerable.
Joined-up thinking
What the security industry can – and must – do
is take action to keep the Government informed
about the dire consequences that might result
from any potential regulatory ‘bonfire’.
One way in which to do this is to consider a
joint initiative with other industries for which
the removal of legislation like TUPE would be a
disaster. Joining forces with others would make
a great deal of sense because, as things stand,
the security industry has no effective lobbying
capability to speak of.
Put simply, if the worse case scenario does
materialise and security guarding companies
end up with millions of pounds’ worth of
financial responsibility unaccounted for, the
sector will wish it had made its voice heard.
Come that particular point in time, though, it
will be far too late in the day.
Peter Webster: Chief Executive
of Corps Security
*The author of Risk UK’s regular
column Security’s VERTEX Voice is
Peter Webster, CEO of Corps
Security. This is the space where
Peter examines current and often
key-critical issues directly
affecting the security industry. The
thoughts and opinions expressed
here are intended to generate
debate among practitioners within
the professional security and risk
management sectors. Whether you
agree or disagree with the views
outlined, or would like to make
comment, do let us know (e-mail:
pwebster@corpssecurity.co.uk or
brian.sims@risk-uk.com)
“As an industry employing well over 300,000 licensed
individuals, the security sector needs to be making its
voice heard in Government circles”
17
www.risk-uk.com

www.coie.uk.com
Cortech Open
Innovation Event
At-Bristol Science Centre, Anchor Road, Harbourside, Bristol
18 July 2017
The Mitigation of Risk for Workplace Safety, High Security
and Building Efficiency
An event with a difference for end users, consultants and main contractors:
Be educated, informed and better equipped to manage evolving building needs
Keep abreast of the latest advances in security, fire and building control technology
See technology in action as part of the live demonstration
Discover the latest smart integration techniques
Discuss industry challenges with fellow security professionals and technology experts
Learn about the 10 steps to cyber risk management
Attending Partners
Cortech
Developments
Media Partner

BSIA Briefing
IFSEC International 2017 will see the return of
the Smart Zone which proved incredibly
popular during its launch last year. The Smart
Zone showcases the capabilities of smart
security technology and features a ‘smart
home’ right in the middle of the exhibition floor,
covering not only home automation devices,
but also the wider Internet of Things, including
smart commercial buildings, smart offices and
connected security systems.
Further, the Borders and Infrastructure Expo
represents a brand new addition to the show
floor this year. This ‘show within a show’
focuses directly on products, solutions and
learning for large-scale security issues such as
border control, Critical National Infrastructure
protection, law enforcement, transport security
and the protection of key strategic assets.
Within the Installer Zone, teams of young
security apprentices will be competing against
each other in a live installation challenge for
the chance to claim a £1,000 prize at the
Security and Fire Excellence Awards in
November. The ever-popular Engineers of
Tomorrow competition returns to IFSEC
International for the nineteenth time and will
see competitors undertake a 90-minute
assessment, working in pairs to install and
commission an intruder alarm system.
IFSEC International is renowned for its
comprehensive education programme, affording
both security buyers and industry practitioners
alike access to key learning and thought
leadership on a wide spectrum of industry
topics. As always, there are several ‘not to be
missed’ presentations within this year’s busy
seminar schedule.
For example, in the Security Management
Theatre on Tuesday 20 June, there’s a
presentation on ‘Innovation in Access Control’
to be delivered by Sandrine Cocks (product
development manager at OPTEX) between noon
and 12.50 pm.
On Wednesday 21 June, the same location
plays host to ‘Body-Worn Video: An
Introduction to BS 8593 – Code of Practice for
the Deployment and Use of Body-Worn Video’.
In the driving seat for this seminar session
(which runs from 10.40 am-11.10 am) is Craig
Swallow, managing director at SoloProtect and
chairman of the BSIA’s Lone Worker Section.
Then, on the final day of the show, the
Trailblazer Apprenticeships will be outlined by
Peter Sherry, interim director general at Skills
for Security. Sherry’s presentation runs from
10.40 am-11.10 pm.
That’s followed in the afternoon by a ‘Meet
and Greet’ with the 50 most influential people
in the fire and security industry. This gathering
The BSIA: Promoting Best
Practice at IFSEC International
Organised by UBM EMEA, IFSEC International returns to
London’s ExCeL between 20-22 June. Event partner the
British Security Industry Association (BSIA) is looking
forward to another successful year for the show. James Kelly
outlines what’s in store for security and risk professionals
is sponsored by the BSIA and scheduled to take
place between 2.30 pm and 3.30 pm.
Borders and Infrastructure
In the Borders and Infrastructure Theatre on
Wednesday 21 June, the Surveillance Camera
Strategy for England and Wales is to be
detailed by Tony Porter QPM LLB, the
Surveillance Camera Commissioner. Porter’s
discourse runs from 10.40 am-11.10 am.
On the afternoon of Thursday 22 June from
1.20 pm-2.10 pm, the Borders and Infrastructure
Theatre hosts a panel debate focusing on the
lessons learned from major event security
(hugely topical given the recent terrorism
episode at the Manchester Arena). This debate
is set to feature Peter Brown, senior consultant
at G4S Risk Consulting.
In the Smart Buildings Theatre on Wednesday
21 June, ‘What is The Internet of Things and
What Opportunities are Available for Fire and
Security Installers?’ is the subject of John Goy’s
talk between 3.00 pm and 3.30 pm. Goy is the
M2M business development director at CSL.
On Wednesday 21 June between 12.30 pm
and 1.00 pm, the popular Tavcom Training
James Kelly: CEO of the British
Security Industry Association
19
www.risk-uk.com

BSIA Briefing
Theatre sees ‘The Future of Open Platforms’
explained by John Davies, managing director at
TDSi and chairman of the BSIA’s Export Council.
On the show floor
As in previous years, the BSIA will have a
substantial presence at IFSEC. The BSIA’s Stand
will feature a Members’ Lounge where
members can entertain clients or network with
other members and industry professionals.
There’s no doubt that IFSEC is the most
important show in which the Association takes
part and the strong partnership we’ve had in
place with UBM for many years now is a clear
indication of how committed we are to the
event. Over the years, IFSEC has provided us
with a platform for engaging with the wider
industry and demonstrating our key values.
BSIA members continue to attend IFSEC
International and 2017 will prove no exception
to that rule. Member companies will be there in
force. Altron (Stand B710) produces CCTV poles,
columns, towers and associated mounting
equipment. The business designs products
specifically for CCTV. At IFSEC 2017, Altron will
be demonstrating its lowering trolley head
CCTV pole, which includes patented features.
These benefit the end user when it comes to
ease of operation and provide enhanced Health
and Safety benefits for operators.
CSL (Stand D1100) will be showcasing CSL
Connected and its new CSL Routers. CSL
Connected combines Critical Connectivity with
the chosen alarm panel and the added option
of an end user App, such that security
managers can control their alarms from their
phone. There will be demonstrations of CCTV
over mobile in real-time with connectivity
provided by the CSL Routers. Visitors can also
access CSL’s latest kit including security
installer favourites DigiAir and GradeShift.
Elmdene International is exhibiting on Stand
F1150 and showcasing a variety of new products
including a range of power supplies carefully
designed to house some of the most common
door controllers. With different power options
and enclosure sizes available, this new access
control range offers the security professional a
choice of PSUs for a variety of applications.
The PoE UltraPod, a PoE product that can
power and control multiple doors using a single
Ethernet cable, is going to be on display. The
company will also be showcasing the PoE
“IFSEC International is renowned for its comprehensive
education programme, affording both security buyers and
industry practitioners alike access to key learning”
MiniPod, a PoE+ powered device that provides
four hours of back-up power for critical PoE
cameras. In the event of a mains drop out, the
MiniPod enables continuous recording from
high security cameras.
Knight Fire and Security Products will be
having meetings at various stands across IFSEC
and also making good use of the BSIA
Members’ Lounge. This year, the business is
pleased to announce that the SEISMO
ADVANCE unit meets the new CENELEC
publication of EN 50131-2-8:2016, as it includes
four selectable fault output resistors which can
be configured in a triple EOL configuration.
Knight Fire and Security Products will be
promoting this solution throughout IFSEC 2017.
Night vision solutions
Nocturna (Stand F1700) is part of the awardwinning
IRNV Group specialising in innovative
infrared night vision products. The company
provides hardware and support to security,
military and blue light partners worldwide.
Nocturna’s solutions are also used by
Government and civilian search and rescue
organisations, increasing search capabilities at
night, enhancing the successful early detection
of individuals lost or injured in low visibility
scenarios and ultimately saving lives as well as
boosting survival rates in hostile environments.
Skyguard (located on Stand M200 in Safety
and Health Expo) has recently launched a new
version of its Windows Mobile smart phone app
which connects to the ‘SmartButton’ Bluetooth
panic button accessory.
The company will be demonstrating its range
of dedicated devices and smart phone apps, all
of them certified to BS 8484:2016. For those
clients who place an order as a result of
meeting Skyguard at the Safety and Health
Expo, the company will be offering the first
month’s service subscription free of charge.
Lone worker safety provider SoloProtect
(Stand L170 in Safety and Health Expo) will be
co-locating with personal safety charity The
Suzy Lamplugh Trust in close proximity to the
Lone Worker Education Theatre.
SoloProtect is set to showcase its full range
of lone worker solutions. The company provides
a combination of discreet technology combined
with in-house, 24/7, EN 50518-approved Alarm
Receiving Centre support.
TDSi (Stand A1250/B1250) is highlighting its
GARDiS software and hardware solution, which
offers all the benefits of a highly secure webbased
application. GARDiS is easily adaptable
for an increased workload, provides easier
maintenance and installation, is more secure
and accessible from anywhere (on any device).
20
www.risk-uk.com

Specialist
Security
Products
for Professionals
Tried & tested products that
deliver what they promise.
Roller Barrier ­ the non­aggressive anti­climb product
that protects your perimeter and flat roofs against
climbers without the risk of causing impalement injury
...other stock products include;
l Search Mirrors
l Security Screws
l Metal Detectors
l Random Search
Selectors
l Safety & Security Mirrors
l Window Security Bars
l Safety Products
l Bird Free ­ the Safe &
Instant Bird Deterrent
...and there are hundreds more to choose from
Proven products
Free expert advice
Risk Free ­ No Quibble
Money Back Guarantee
With hundreds of Security and Safety products
available for next day delivery,
...whatever your needs we’d love to help,
see “Roller Barrier” and our full product range at:
www.insight­security.com
Units 1&2 Cliffe Industrial Estate
Lewes, East Sussex, BN8 6JL
tel: 01273 475500

The Built Environment: Can It Really
Be Designed to Reduce Acts of Crime?
Criminologists,
sociologists,
psychologists and
many others will
doubtless continue to
develop our
understanding of
crime and its myriad
effects on society. One
aspect for keen
consideration is
whether or not it’s
actually possible to
reduce crime simply
through the improved
planning and design
of our built
environment. Here, Jon
Roadnight and Tony
Townsend look for
some answers
Jon Roadnight:
Director at CornerStone GRG
22
www.risk-uk.com
Most cultures function within a set of rules
developed to manage and effect the
behaviour of society. Where behaviour is
deemed unacceptable or anti-social, these
rules are often communicated as ‘laws’ and the
concept of ‘crime’ is necessarily introduced.
Historically, the desire to prevent crime
tended to focus upon the pressure that could
be exerted by local communities on those who
might behave in a way that would be
detrimental to either a member of a given
community or the community as a whole.
Punishment has also been used as a method of
dissuading would-be offenders that their
planned criminal activity isn’t worth the
consequences should they be caught.
When we consider crime reduction in the
built environment, the latter refers to our manmade
surroundings including buildings,
transport systems, parks and open spaces
where society resides and goes about its daily
life. It’s the new office block, as well as the outof-town
shopping centre, the airport, the High
Street or a stretch of green space.
The built environment is important. Studies
conducted over many years have determined
that it can influence how human occupants
behave. This is vital because that infers a
potentially negative impact as well as the
possible beneficial effects.
In the 1950s and 1960s there was a growing
appreciation that good architectural design and
town planning could create better places in
which to live and work. In 1971, criminologist Dr
C Ray Jeffery published his book ‘Crime
Prevention Through Environmental Design’. A
year later, architect Oscar Newman introduced
his own volume entitled ‘Defensible Space:
Crime Prevention Through Urban Design’.
Newman subsequently refined his defensible
space approach with further multi-disciplinary
aspects and named the concept ‘Crime
Prevention Through Environmental Design’, the
term which he credited Jeffery for initiating.
Crime Prevention Through Environmental
Design (CPTED) continued to evolve through
the 1980s with criminologist Tim Crowe –
among others – developing Newman’s original
concepts. By 2004, CPTED was commonly
understood to refer to the Newman/Crowe
model. Although CPTED emerged from the
States, recognition is due that it has actively
influenced many other crime prevention models
throughout the world.
In the UK, the police service introduced
Secured by Design in 1989. This is the title for a
group of projects centred on the design and
security of dwellings, commercial premises and
car parks. It supports the principle of ‘designing
out crime’ with a focus on physical security and
processes to deliver crime reduction.
What is CPTED?
In essence, CPTED is a proactive crime
prevention methodology that seeks to influence
the decisions of a potential offender prior to
them perpetrating a criminal act with the
intention of reducing levels of crime to the
benefit of the local community and society as a
whole. It focuses on tactical design and the
effective use of the built environment to reduce
both crime and, indeed, the fear of crime.
CPTED draws on a common sense approach
and helps in developing a heightened sense of
awareness of how the built environment might
be used to enhance the community, as well as
how it may be used for nefarious purposes.
Having assessed a broad range of factors,
better architectural and planning decisions can
then be made that positively influence how a
space is used.
Modern CPTED incorporates five key
elements: natural access control, natural
surveillance, territorial reinforcement,
maintenance and image improvement and
activity support. Let’s look at each in turn.
Natural access control limits the opportunity
for crime by taking steps to clearly differentiate
between public and private space. With the
strategic locating of points of entry and egress,
the use of security fencing, lighting design and
landscaping, it’s possible to control the flow of
pedestrian and vehicular movement, thereby
naturally controlling access.
It’s essential to understand the potential
users of a space, as this will enable the
designer to identify areas of conflict. An area
where the elderly or infirm are expected to
navigate past a busy office entrance with a
large open area outside that might be attractive
to skateboarders is bound to experience some
level of user conflict. By introducing suitable
landscaping that breaks up the open space,
adding vegetation or installing structures and

Security Design in the Built Environment
artefacts, users can be directed, creating
segregated paths with appropriate signage and
lighting to make the area less attractive to the
skateboarders, while offering other users a
more defined route to gain entry and exit.
By subtly channelling pedestrians, it’s
possible to make behaviour more predictable.
This predictability can inform design decisions
from the outset, often reducing the need for
additional physical security measures to be
applied. The end result is a more natural
aesthetic and lower cost of delivery.
Natural surveillance
Natural surveillance raises the perceived risk of
attempting criminal or anti-social behaviour by
improving visibility of potential offenders for
the general public. Natural surveillance occurs
by ensuring that activities and people are not
obstructed in such a way that visibility of the
space and its users are maximised. This sense
of openness adds to a potential offender’s
feeling of increased scrutiny. The perceived
increase in risk can be extended by an apparent
lack of viable and covert escape routes.
Lighting can play a significant role in
achieving natural surveillance. Effective, welldesigned
lighting schemes can provide choices
for the people using the space during the hours
of darkness and will again act to deter – or at
the very least displace – potential offenders.
Natural surveillance objectives can be
boosted with the use of overt CCTV. The choice
of camera type and location of devices can play
a critical role in its effectiveness. When used
appropriately, CCTV becomes a useful
enhancement to natural surveillance.
Territorial reinforcement assists in controlling
how a space is used by increasing the definition
of that space. An environment with a clearly
delineated private space can be used to
generate stakeholders. Stakeholders have an
increased sense of ‘investment’, even if that’s
only at an emotional level, and are then more
likely to challenge intruders.
The sense of ‘owned’ space creates an
environment wherein ‘strangers’ stand out and
are more easily identified. By using many of the
measures relevant to natural access control and
surveillance to express a stakeholding and
delineate public, semi-public and private space,
natural territorial reinforcement occurs.
Sense of value and pride
Many studies from around the world have
identified the need to maintain an environment
that encourages a sense of value and pride. The
‘Broken Window Theory’ indicates that a
building left with a broken window, even for
only a short period of time, encourages vandals
to break other windows.
Before long, every window in the building has
been broken and that building becomes derelict
and attracts further anti-social and criminal
behaviour. If left unchecked, the surrounding
neighbourhood could well be sucked into a
spiral of decay that requires significant
investment and activity to arrest.
By maintaining the appearance that there’s a
good level of ‘stakeholder’ engagement, which
can be achieved by ensuring that low level
maintenance tasks are addressed, anti-social
behaviour and crime fails to take hold and the
community as a whole will benefit.
Activity support is achieved by ensuring that
the use of a space is defined such that, should
a different activity take place via the use of
natural surveillance, the risk of detection – and
particularly so if that activity is anti-social or
criminal – increases. By fitting signs in an area,
local residents become more aware of what’s
happening in this space. Should other activities
take place, it’s more likely to register in the
minds of the local community and, if the
individuals within are invested as stakeholders,
they’re more likely to take action to stop it.
CPTED will be most effective as part of an
holistic security strategy wherein engagement
begins at the earliest possible stage. For those
familiar with the RIBA work stages, this
certainly means no later than Stage 1, although
engagement will likely last through to Stage 4.
Tony Townsend: Senior
Technical Consultant and
CPTED Certified Practitioner
at CornerStone GRG
“Modern CPTED incorporates five key elements: natural
access control, natural surveillance, territorial reinforcement,
maintenance and image improvement and activity support”
23
www.risk-uk.com

‘Learning The Business’: ESRM for
Practising Security Professionals
Last November, ASIS
International – the
largest global
organisation for
security management
professionals with 242
chapters and 35,000
members worldwide –
pinpointed Enterprise
Security Risk
Management as a
global strategic
priority for the
organisation. Godfried
Hendriks examines the
philosophy and the
management system
underpinning this
train of thought
24
www.risk-uk.com
ASIS International’s involvement in
Enterprise Security Risk Management
(ESRM) can be traced back to 2005 with
the creation of the Alliance for Enterprise
Security Risk Management (AESRM) in tandem
with the Information Systems Audit and Control
Association (ISACA) and the Information
Systems Security Association (ISSA).
The AESRM was specifically designed to
bring both Board and executive level attention
to critical security-related issues and the need
for a comprehensive approach to protect the
enterprise. Subsequently, the AESRM produced
several White Papers and other helpful
documents, while ASIS has since covered ESRM
in scores of articles, seminar sessions,
presentations and courses. That said, the topic
was never treated as a strategic priority for the
organisation until last November.
Both a philosophy and a management
system, ESRM uses globally established risk
management principles to help security
professionals manage the varied security risks
facing their organisations. By making ESRM a
strategic objective, ASIS International is
looking to shift the profession from a siloed
approach for security management towards a
more collaborative process.
David Davis CPP, the president of ASIS in
2016 and this year’s chairman of the Board, has
stated: “Today’s threats are increasingly more
sophisticated, targeting organisations in myriad
ways. Also, the rapidly evolving business and
compliance landscape requires a somewhat
more holistic and strategic approach towards
managing organisational risk. As the only
global professional association representing
the spectrum of security, ASIS International is
uniquely positioned to lead this effort.”
ESRM covers not only traditional security
issues such as loss prevention and terrorism,
but also a broad array of topics (among them
brand protection, business continuity, corporate
espionage, cyber security, information security,
resilience and white collar crime). It requires
practitioners to continuously assess the full
scope of security risks posed to their
organisation, as well as within the enterprise’s
complete portfolio of assets. The end goal is to
effectively and efficiently manage the
protection of an organisation’s enterprise-wide
assets, thereby enabling the business to
advance its mission with strong purpose.
Another principle of ESRM is the focus on the
business, its goals and objectives and the
relationships security professionals must
establish to successfully integrate ESRM within
their organisations. Working through the
phases of an ESRM programme requires greater
collaboration across an organisation. The
process also relies on the security professional
‘learning their business’ and understanding the
many different types of assets an organisation
has within its span of control.
By embracing an ESRM mindset, security and
risk managers will become more effective
professionals and, indeed, more valuable
members of their host organisations.
ESRM Commission
To lead the initiative, the Board of Directors at
ASIS International established a two-year
ESRM Commission headed by Dave Tyson CPP,
president of ASIS International in 2015 and
founder of CISO Insights. Tyson has reiterated
that, while ASIS has been involved in ESRM for
several years, it has never committed to driving
the approach in this manner or emphasising its
vital importance to the work ASIS’ myriad
members transact on a daily basis.
Tyson explained: “The ESRM Commission will
develop a framework to integrate ESRM into all
ASIS education, White Papers, research and
other professional offerings. We believe the end
result will be a more empowered membership,

Enterprise Security Risk Management
safer enterprises, a more strategic approach
towards risk and a far more cost-effective
security function.”
Serving alongside Tyson on the Commission
are Brian Allen CPP, Raymond O’Hara CPP
(executive vice-president at AS Solutions),
John Turey CPP (senior director at TE
Connectivity), John Petruzzi Junior CPP (vicepresident
of integrated security solutions at
G4S in North America) and Volker Wagner
(senior vice-president for Deutsche Telekom).
The Commission quickly received substantial
input and feedback and is already laying out its
strategy. One of its first steps was to create a
dedicated committee focused on research. This
team has begun work on a maturity model
which will help security professionals evaluate
their programmes on the ESRM spectrum.
The maturity model adapts the Capability
Maturity Model Integration process, identifying
five levels of ESRM maturity within a given
organisation. Security professionals will be able
to ask a series of questions regarding ESRM
principles and practices and then rate their
responses. These ratings are key when it comes
to documenting the present state of ESRM
within an organisation, and offer insight into
activities that security professionals can
observe in a bid to improve the state of ESRM.
The Research Committee is working to
develop the first set of ESRM tools before ASIS
International’s Annual Seminar and Exhibits,
which takes place between 25-28 September in
Dallas. The timeline is what might be termed
‘aggressive’, but the Commission believes
developing this type of material for the annual
seminar is vitally important for members.
The working team progressing this material
includes Rachelle Loyear and Tim McCreight
CPP (director of strategic alliances at Above
Security – A Hitachi Group Company), who’s a
member of ASIS International’s Board of
Directors. The small working team will be
augmented by additional members as the
workload increases with time.
Strategic mindset
Future projects will focus on creating material
that security professionals can use in their
organisations to develop a more strategic
mindset for identifying and assessing risks
right across the enterprise. This material will
link to the education and awareness activities
already underway.
ASIS International has begun infusing ESRM
into its programmes. Back in March, ASIS held
‘ASIS Europe 2017 – From Risk to Resilience’ in
Milan. ‘Securing Today’s Connected Enterprise’
was the event’s theme and the two-day
“Working through the phases of an Enterprise Security Risk
Management programme requires greater collaboration
across an organisation. The process also relies on the
security professional ‘learning their business’”
programme brought together CSOs, CISOs and
their team members to assess and address
complex cyber-physical risks. No less than 700
registrants from 48 countries made for an
impressive crowd of both established and
aspiring security leaders with many global
enterprises represented.
Axel Petri (senior vice-president of group
security governance at Deutsche Telekom), who
gave a detailed presentation at ASIS Europe
2017, noted: “With the boundaries between the
physical and the virtual worlds now rapidly
disappearing, how threats are labelled is no
longer relevant (if it was relevant at all). You
just need to know how to stop them.”
Discussions on cyber-physical risks drew
attention to the need for ESRM’s holistic
approach. As Eduard Emde CPP (who has been
named conference chairman for ASIS Europe
2018, which runs in The Hague from 18-20 April)
duly reflected in the closing session: “We find
ourselves faced with questions of ownership,
responsibility and liability. While much debate
has centred on technology risk, we’ve also been
reminded that we cannot forget much more
familiar foes. We were reminded how much risk
stems from the human factor, whether through
ignorance or by malicious intent.”
Additional ESRM-related work by ASIS
International includes offering nearly half a
dozen ESRM sessions as part of the education
line-up at the aforementioned ASIS
International 63rd Annual Seminar and Exhibits.
The first session, entitled ‘IT Security for
Physical Security Professionals in Plain
English’, will be delivered by members of the
ESRM Commission as a pre-seminar session.
It’s designed to enable non-IT security
professionals to understand the challenges and
language of IT security and then be able to go
back to their organisations with the confidence
needed to understand information security
issues and threats and apply their learning.
There have also been multiple articles in the
ASIS journal Security Management, including
the December 2016 front cover story ‘Metrics
and the Maturity Mindset’, in addition to
several well-attended webinars to help explain
the concepts and lay the foundations for the
work to come. Aside from this, the White Paper
‘ESRM: An Holistic Approach to Security’ is the
very heart of the Society’s ESRM initiative.
Godfried Hendriks BSc MBA
CPP RSE: Global Management
and Security Consultant and a
Member of ASIS
International’s Global Board of
Directors
25
www.risk-uk.com

The New Camera Line Mx6 Creates More Possibilities.
More Images, in All Light Conditions, in Every Standard
More Intelligence Is on the Way
The new Mx6 6MP camera system from MOBOTIX offers increased performance.
A frame rate that is up to twice as fast than that of other cameras allows it to capture
quick movements even better and simultaneously deliver sharp images in MxPEG,
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6
camera line is faster, more flexible and higher-performing, opening up new application
and integration opportunities for to you to meet all requirements.
MOBOTIX AG • Langmeil, Germany • www.mobotix.com

Security Regimes for Corporate Data and Investigations
As a ‘scene-setter’ for any discourse on
criminal forensics, there’s arguably none
better than the following quote taken from
the Institute of Criminology at the University of
Cambridge: “Legal academics and Judges have
expressed that the undefined version of beyond
reasonable doubt (‘the defendant is presumed
innocent unless the prosecution has proved
guilt beyond a reasonable doubt’) is difficult for
jurors to understand. As a result, several
jurisdictions in the Anglo-American legal
system have proposed other wordings with a
view to aiding jurors’ understanding. In England
and Wales, for instance, the Legal Studies
Board advocates the wording: ‘The defendant is
presumed innocent unless the prosecution has
proven guilt beyond a reasonable doubt. Proof
beyond reasonable doubt is proof that makes
you sure of the defendant’s guilt’.”
Those working in the law enforcement world
often find themselves faced with the
impossible. A crime has been committed and
there are no obvious clues as to whom the
culprit might be. All of the initial indicators –
recorded CCTV footage and statements from
witnesses, for example – are either not
available or result in little progress being made,
while the offender has disappeared without a
trace. Or so it would seem.
This is where the forensics team steps in,
using the latest technology to scrutinise every
aspect of the crime scene for the tiniest pieces
of information that could, after some analysis,
yield a vital clue. An object that’s out of place, a
tiny thread of material or the smallest mark can
all be easily overlooked. However, these
fragments are often the most important parts of
any crime scene: minute pieces of a jigsaw
puzzle that, when complete, could signpost the
investigators straight to the solution.
All of this may seem obvious – after all, most
of us have seen CSI on the TV – but what’s less
obvious is that this principle has a wider
application in the world of business.
For the average large or multinational
company, day-to-day operations are a complex
web of moving parts taking place over a great
many countries or even continents. Each
organisation’s chief risk officer (or their
equivalent) needs a supreme oversight as to
the strategic and reputational health of every
aspect of operations. When things do go wrong,
they need to be able to pinpoint, understand
and mitigate the threat on a swift footing.
The problem for most businesses is that the
threat is highly unlikely to emerge from one
visibly obvious place. After all, how many times
do members of the police service find a neatly
sealed envelope containing a full letter of
CSI for Boardrooms
Thanks to the ongoing development of forensic technology,
the rapid identification, analysis and presentation of key
evidence in criminal cases has enabled what might be termed
a step change in the efficiency of investigation teams, be
they resident in Government, the police service or the
corporate sphere. Here, Jeremy Stimson evaluates the role
and importance of digital forensics
confession at the scene of a crime? Instead,
business risk is far more likely to manifest itself
as a multitude of emergent issues and
whispered signals emanating from both inside
and outside of the company: clues that are
largely imperceptible to the untrained ear or
eye, but potentially devastating to a business.
It’s important for chief risk officers to channel
their ‘inner Sherlock Holmes’ in a bold bid to
uncover these often covert early warning signs.
Painting by numbers
The key to gaining a true and complete picture
of an organisation’s risk profile lies in the vast
quantities of data produced every minute and
every hour, not only by the business itself, but
also more broadly by society in general.
The explosion in online media outlets and
social media channels over these last few years
means that businesses are now contending
with an expansive digital operating
environment that they need to understand,
quantify and analyse.
There are a plethora of signs available within
this data that can be interrogated to help
detect the most prominent and also subtle risks
Jeremy Stimson: Chief
Technology Officer at Polecat
27
www.risk-uk.com

Security Regimes for Corporate Data and Investigations
faced by a business, ranging from factors such
as social media conversations about a newlylaunched
product through to office morale, or
even slight abnormalities seen to be occurring
in the pattern of financial transactions.
Due to their ability to be overlooked, these
smaller ‘hints’ hidden away in unstructured
data can often be missed as signs of pending
danger. Indeed, many of the most substantial
threats and reputational risks to business do
not strike overnight. Rather, they’re the
consequence of a range of decisions and
behaviours – both internal and external to the
company – that escalate over time.
The ability to interrogate apparently smaller
risks as signals of a mounting and potentially
systemic problem is essential when it comes to
enabling the early intervention and mitigation
of operational and reputational damage.
The risk fingerprint
Truly understanding a business’ risk profile in
minute detail extends far beyond just
recognising unhealthy signs in its operational
structure. Indeed, one of the many benefits of
Big Data analysis is that it enables risk officers
to interrogate data sets in real-time – and, if
necessary, multiple times – every day.
Analysing this data using specialist
algorithms can serve to map a company’s
individual risk fingerprint and highlight
potential threats. The end results can also help
in working against institutionalised bias and
any potential corporate unwillingness to
recognise evidence of problems by providing
hard objective data and measures of divergence
from the parameters of a healthy risk profile.
Once a business is aware of its own
fingerprint, it can also benchmark this against
other companies exhibiting a similar risk DNA.
If such benchmarking shows that an individual
company is more exposed than its peers, such
evidence can then help inform and prompt the
C-Suite to take swift action.
Despite their importance, continually
monitoring for these small shreds of
information is a colossal job – especially so
when the process is being conducted across an
international organisation – and one that
usually falls within the remit of the risk,
reputation or compliance officer. This is where
developments in risk and reputation profiling
technology become extremely useful in refining
“Businesses can use technology to understand and calibrate
what a healthy landscape looks like in order to identify
divergences and provide alerts relating to pending risks”
our ability to identify potential and emerging
risks at scale – across geographies, languages
and cultures and in real-time.
Businesses can use technology to
understand and calibrate what a healthy
landscape looks like in order to identify
divergences and, in turn, provide alerts relating
to pending risks and areas of ill-health. In doing
so, such anomalies and discrepancies may be
immediately identified and investigated.
Huge leaps forward in the sophistication of
Artificial Intelligence mean that businesses can
now automatically scan oceans of data and
derive intelligent insights that might have
traditionally taken a team of consultants days
or far longer to do so. In this sense, chief risk
and compliance officers can now hand much of
their detective work over to technology, which
will effortlessly map trends, inter-relationships
and patterns in the data as well as building
models designed to quantify and calibrate
corporate risk and reputation exposure.
Deep learning technology
The advancement of deep learning technology
enables these models to be constantly refined
by ‘learning algorithms’, allowing the digital
detective to become sharper and more precise
every hour. Importantly, leveraging technology
in this way also allows the business to quickly
and easily compare its profile and exposure
against its peers, different sectors,
stakeholders, topics, geographies and time.
This is essentially what’s taking place when a
business builds an image of what ‘healthy’
looks like for that organisation. The technology
creates a picture of what the landscape should
look like and, in those instances where reality
fails to correspond with the ideal state, it
provides an automated ‘trip wire’ that alerts the
chief risk officer, enabling them to draw
attention to the issue and take action with a
view towards mitigating the threat.
Forensics experts refuse to leave any stone
unturned when assessing a crime scene, and it
must be said that it’s largely thanks to their
diligence and ability to see the bigger picture
that some of the most complex cases in history
have been solved.
By applying the same rigour and
attentiveness to the corporate data of their own
organisation, as well as broader data produced
by news outlets and social media, all chief risk,
reputation and compliance officers can become
the designated ‘forensics expert’ within their
own organisations, threading together the
patterns and clues that will actively expose
hidden threats and help in preventing any
incident – or indeed crime – before it happens.
28
www.risk-uk.com

“
MY PASSION IS
MAKING SURE EVERY
PRODUCT MEETS OUR
HIGH STANDARDS
”
Keith Gay, Production Manager, 32 years with Jacksons
OUR PASSION
IS YOUR SECURITY
With the design, manufacturing and
logistics expertise to deliver some
of the largest and most complex
perimeter security projects in the
UK and Europe, our team is ready to
support your project, large or small.
www.jacksons-fencing.co.uk

June 2017
www.risk-uk.com
Security and Fire Management
Showtime at ExCeL London
IFSEC and FIREX International 2017 in the Spotlight
Security and Fire Safety Solutions Guide for End Users
Wireless Security Systems in Commercial Premises
Counter-Terrorism: A Guide to Impact Testing
Broadcasting Lockdown Messages: Best Practice

IFSEC and FIREX International 2017: Solutions Guide
Going Wireless in Commercial Premises
Wireless technology is
an essential part of
most modern
solutions and, as a
result, end users are
not simply requesting
it, but rather expect it
from any high-tech
system. Given
advances in the
quality and
performance of
wireless security
systems, the demons
of the past do appear
to have been well and
truly laid to rest, but is
that really the case?
Texecom addresses
this issue
In the electronic security sector, wireless
devices have become commonplace and with
good reason. Gone are the days of
frustratingly intermittent connections, poor
product performance and questionable
reliability. With advancements in modern
wireless chipset technology, electronic security
manufacturers have all the tools needed to
deliver robust and stable wireless solutions.
Battery-powered security devices offer
obvious advantages over their hard-wired
counterparts. With speed of installation
dramatically improved, greater freedom on
product positioning, avoidance of damage to
property, minimum disruption to the property
owner, reduction of copper wiring and further
advantages when upgrading or refurbishing, it’s
clear to see why wireless is one of the security
industry’s fastest-growing market segments.
Despite being more expensive than wired
equipment, wireless systems were initially
developed for residential applications where
the performance requirements were less
demanding. The same cannot be said for
commercial applications, such as factories,
schools, offices and retail spaces. Here, the
expectation of performance placed on
electronic security equipment is far greater
than in residential installations. The
environments are harsher, the number of
devices and the size of area requiring
protection is greater and the risk – and
potential cost – of a security incident is
significantly higher.
Here, even the latest standard wireless
devices can suffer from adverse performance
issues. For instance, commercial premises can
be large in size and constructed from materials
whereby radio signals are substantially
reduced. These factors limit the available
coverage from a standard wireless solution.
Also, with only one wireless signalling path
available, typical wireless devices are
susceptible to being ‘cut-off’ if there are
changes to the building infrastructure. Even
something as simple as the addition of a metal
filing cabinet could cause signalling disruption.
In order to professionally verify the
positioning and reliability of wireless
communications, it’s Best Practice to perform a
site survey. This usually requires the site to be
evaluated by diagnostic equipment in order to
determine the suitability for wireless devices –
defeating the intent of wireless being quicker
and simpler to install.
Next generation systems
For reliable wireless systems in commercial
applications, a combination of intelligent
system design and specification of higher-grade
products is required. With careful selection and
consideration, wireless systems are providing
key benefits even in harsher environments.
Hybrid systems: Combining quality wire-free
equipment with established hard-wired
products creates a ‘Best of Both Worlds’
scenario. Where cabling access is difficult to
deploy, or where the wireless performance is
less challenging, the benefits of wire-free
technology can be used. Where the wireless
performance is too demanding, or the particular
device requirements are not available in
wireless form, hard-wired products are
specified instead.
Powered repeaters: To overcome the range
limitations of point-to-point wireless
communications, many manufacturers offer
systems that employ powered repeaters. As
their name suggests, powered repeaters are
powered devices that receive wireless
communications from wireless devices and
repeat the information to the control panel,
usually across a wired network. By using
multiple powered repeaters the wireless
coverage is increased, as well as the overall
number of wireless devices.
Mesh network technology: Mesh network
technology is where each individual batterypowered
wireless device is capable of acting as
a repeater, receiving and repeating wireless
transmissions from other devices. In this
scenario, the size, scalability and range of the
entire wireless security system are all extended
as wireless signalling is no longer restricted by
point-to-point communications.
By having every single device in a system
capable of re-transmitting wireless
communications, there are significant
improvements to be derived in reliability, even
when compared to using powered repeaters.
Additional detail around the key issues that need to be considered when it comes to the next
generation of wireless security solutions may be accessed at IFSEC International 2017. Make sure
you visit Texecom on Stand G1200
32
www.risk-uk.com

Simple & Easy Installation
Integrated Security - Access Control
Inception is an integrated access
control and security alarm system with
a design edge that sets it apart from the pack.
Featuring built in web based software, the Inception
system is simple to access using a web browser on a
Computer, Tablet or Smartphone.
With a step by step commissioning guide and outstanding user interface,
Inception is easy to install and very easy to operate.
For more information, visit www.innerrange.com/inception.
There you will find installation guides and videos to help you
get the most out of your Inception system.
IN
DESIGNED
A U ST R A
R
LIA
Security
Alarm
Access
Control
Automation
No Software
Required
Multiple
Devices
Easy Setup
with Checklist
Prompting
Send IP Alarms via
the Multipath-IP
Network
Visit www.innerrange.com or call 0845 470 5000 for further information

IFSEC and FIREX International 2017: Solutions Guide
In the UK, and indeed
the rest of the world,
the threat posed by
terrorism is constantly
changing in nature,
meaning that the
operators of
vulnerable sites need
to be continually
assessing the risk.
One method of
terrorist activity is
vehicle borne attacks
through suicide
missions or ramraiding.
As Frontier
Pitts explains, site
managers need to
protect their assets –
including both
buildings and people –
from such attacks
Guide to Impact Testing
When they attack, terrorists will use the
element of surprise to achieve maximum
casualties. As we’ve seen with the
recent incidents in Manchester and London,
crowded places (such as major events,
shopping centres, commercial hubs, hotels and
restaurants, pubs and clubs and visitor
attractions) are particularly vulnerable.
A vehicle borne improvised explosive device
(VBIED) is an explosive device placed in a
vehicle such as a goods van, a truck or a car
and then detonated at a target location.
Commonly used as a ‘weapon of terrorism’,
they normally kill the occupants of the vehicle
(ie suicide bombers) and those near the blast
site, while also damaging buildings. Vehicle
bombs act as their own delivery mechanism
and can carry a relatively large amount of
explosives without attracting suspicion.
If your site is deemed to be at risk, the Centre
for the Protection of National Infrastructure
(CPNI) can offer further advice and access to
the Catalogue of Impact-Tested Vehicle Security
Barriers (CITVSB). The CITVSB contains
information on all of the IWA14 and British
Standards Institution (BSI) PAS 68 impacttested
products that the CPNI has evaluated.
In addition, each police force across the UK
has a number of Counter-Terrorism Security
Advisors (CTSAs) employed and deployed by
the National Counter-Terrorism Security Office.
Working alongside the CPNI, the CTSAs can visit
sites and offer non-biased advice. A Scoping
Document will provide the client with all of the
relevant questions to ascertain their site’s
security needs and operational requirements.
Once completed, this Scoping Document can be
issued to vehicle security barrier manufacturers
to obtain comparable quotations.
Layered security
One solution is a layered security approach
(also known as an ‘onion’ approach). This
provides the facility with layers of security and
protection around an asset which will detect,
deter, delay and deny any attack.
Another option is ‘Interlock Security’. An
‘Interlock’ system – or ‘Sally Port’ and ‘Tiger
Trap’ as it’s also known – provides the site with
a secure containment area to check incoming or
outgoing vehicles. The traffic throughput for an
interlock includes vehicles entering the first
section control point and, once in, this set of
barriers will close. If the vehicle is authorised to
proceed subsequent to security checks, the
second control point will then open and allow
entry to site. At no point during the cycle will
both sets of vehicle security barriers be in the
open position. Only when the first set of
barriers is fully secured in the closed position
will the second set open.
A third option would be LPS 1175 security.
The standards for the protection of building
fabrics and external perimeters are set by the
Loss Prevention Certification Board (LPCB). LPS
1175 covers the ‘Requirements and Testing
Procedures for the LPCB Approval and Listing of
Intruder-Resistant Building Components,
Security Enclosures and Free-Standing
Barriers’. Products tested and approved to this
standard are widely recognised by Government
agencies and Data Centres as being an effective
means of protecting both people and assets.
The BSI’s PAS 68 is the latest Publicly
Available Specification for vehicle security
barriers. It has become the UK’s standard and
the security industry’s benchmark for Hostile
Vehicle Mitigation equipment, and is the
specification against which perimeter security
equipment is tested as part of the ongoing
research to prevent VBIED-style attacks.
PAS 69 complements this specification by
providing guidance on the installation of the
tested product. The ratings and specifications
illustrate the different levels of PAS 68.
Frontier Pitts will be at IFSEC International 2017 on Stand E1700. Talk to the company’s
representatives at ExCeL and discover all of the key points you need to know about building,
people and asset protection
34
www.risk-uk.com

Award winning wireless systems
Premier Elite systems offer a complete range of commercial grade, expandable, communicating control
panels featuring integration compatibility with leading access control, CCTV, home automation and managed
alarm-signaling providers. Each Premier Elite control panel shares the same programming platform and peripheral
devices, ensuring instant product familiarity across the range.
Ricochet® enabled wireless devices receive and repeat wireless transmissions from other devices. The size, scalability
and range of the entire system are extended as wireless signalling is not limited by point-to-point communications.
Mesh
Network
Superior
Range
Self
Healing
Bi-
Directional
Signal
Encryption
Commission
Mode
Visit us:
Stand G1200

IFSEC and FIREX International 2017: Solutions Guide
It’s a regrettable fact
that there’s an
emerging need for
members of the public
and building users in
general to be informed
swiftly and
unambiguously of the
need to stay put
during an emergency
scenario and remain
where they are to
ensure their safety. As
Vimpex duly explains,
this scenario has
become known as a
‘lockdown’
Broadcasting Lockdown Messages
This need has been highlighted during the
recent terror attacks in London where staff
in numerous restaurants and bars and even
three major hospitals were proactive in locking
their doors to deny entry by marauding
terrorists. These actions are likely to have
prevented injuries and the loss of life.
Safety in such situations could be further
improved by the broadcasting of a clearly
audible and unambiguous ‘lockdown’ message
via the building’s existing fire alarm system.
The technology for providing such an early
warning isn’t new, it must be said, with its
application relying on existing and familiar fire
alarm system architecture.
For its part, though, the use of voiceenhanced
fire alarm sounders to broadcast
‘lockdown’ messages is a novel approach.
Thankfully, products with a pre-recorded
‘lockdown’ voice message are easily interfaced
with both addressable and conventional fire
alarm systems and can be configured to use
existing sounder circuits to power voice
sounders. This allows staff to activate
‘lockdown’ and other safety messages via panic
buttons or other manual means.
Episodes of panic
In situations of panic, pre-recorded messages
are often more effective than live broadcasts. A
pre-recorded message is unemotional,
consistent and unambiguous, whereas in a high
pressure situation non-trained staff
broadcasting via a live PA microphone could
work to increase panic rather than allay it.
Any risk of the announcer being attacked is
also removed and the message can be
configured to broadcast continuously while
members of staff and customers alike work to
make the environment as secure as possible
and seek safe refuge.
Voice-enhanced sounders use existing fire
alarm bell circuits, meaning that upgrading any
fire system to incorporate ‘lockdown’ alarm
messages is simple. Voice sounders can be prerecorded
with up to seven messages so the fire
system can be used not only for ‘lockdown’
alarms, but also for delivering standard ‘fire
alarm/evacuation’ messages, ‘all clear’
announcements and ‘test messages’. Certain
solutions draw similar levels of current to
standard conventional electronic sounders so
power supply issues shouldn’t be an issue.
Another advantage of using the building’s
existing sounder circuits is that audibility tests
carried out during the original fire alarm survey
and system commissioning process should give
confidence as to the intelligibility and audibility
of the voice sounders. Where voice sounders
are installed in those areas frequented by
overseas tourists, for example, multi-language
settings may be specified.
Case Study: London Underground
An excellent example of where voice sounders
have been an effective and efficient alternative
to traditional live speech for many years now is
on the London Underground where all streetlevel
stations have ‘fire-cryer’ voice sounders
installed to broadcast the renowned ‘Inspector
Sands’ message.
If it’s the case that the call to the coded
message isn’t answered within a predetermined
time period then the system
defaults to an evacuation message. Such an
approach could be adopted in bars and
restaurants where, instead of defaulting to an
evacuation message, a coded alert could
cascade to a ‘lockdown’ message if necessary.
This would mean an automatic escalation from,
say, coded alert to ‘lockdown’ resulting from
just one single human input to the system.
Just like warning signals used in conjunction
with smoke curtains, the system may be
integrated to ensure that any fire doors held
open with door holding devices could
automatically swing closed and, ultimately,
automatically lock via integration with the
building’s access control system.
Elaborate and complex integration
Needless to say, such an elaborate and complex
integration of ‘lockdown’ procedure, the fire
system and the security system would need a
fair degree of detailed consideration in order to
ensure that high pressure and high risk
environments don’t actively worsen a situation
or otherwise serve to prevent security forces or
other Emergency Services professionals from
gaining access to the building.
Vimpex is exhibiting at FIREX International 2017. Further detail on the key areas of fire detection,
fire alarm and emergency evacuation solutions will be available on Stand D143
36
www.risk-uk.com

FRONTIER PITTS
Protecting Your World
www.frontierpitts.com +44 (0)1293 422800
SECURITY AND
HOSTILE VEHICLE MITIGATION
STAND E1700
GATES BARRIERS BLOCKERS BOLLARDS PEDESTRIAN

IFSEC and FIREX International 2017: Solutions Guide
The news headlines
are bringing us more
frequent reports of
terror attacks and
corporate theft –
occurring both on and
offline – so security is
never far from any of
our minds. As Inner
Range Europe duly
observes, every
organisation – no
matter its size or the
sector in which it’s
resident – depends
upon wholly robust
security systems to
defend itself against a
more sophisticated
type of intruder
A New Era of Security
For those sites in sectors such as defence,
healthcare, education and Government, the
requirement for watertight security is
amplified significantly. Any hub of valuable
information – such as a Data Centre – or
facilities housing high-value or high-risk
products has always had to consider how to
mitigate the risk of theft or attack, but their
protection now depends on the constant
evolution of systems in alignment with the everchanging
tactics of criminal groups.
In 2017, security systems need to rise to the
challenge and deliver smarter solutions to
mitigate this growing and omnipresent threat.
Systems that provide an end-to-end, fullyencrypted
solution to 128 bit with Mac
authentication offer organisations the ability to
add an additional layer of protection. Data
encryption ensures secure LAN communications
at all times, while continuous monitoring
detects any fault or attempted module
substitution. Put simply, when security takes
precedence over all other factors, the highest
grade of security system isn’t optional.
Not all created equal
Most security systems in the UK should
conform to European Standards in the BS EN
50131 series, but that doesn’t make them
equal. All components of the system are graded
and the overall grade measured by how
resilient the alarm system is to attacks by
intruders and other outside influences.
Lower-graded systems can be vulnerable to
fairly low-tech attacks. Indeed, even Grade 3
systems may be compromised using specialist
knowledge that’s often shared online.
Without end-to-end encryption, it’s possible
that, through sophisticated attacks, criminals
could compromise or overcome your security
system. Having a highly encrypted and robust
system in place offering features such as
substitution detection will deliver an added
layer of protection for the host organisation.
We advise all organisations to conduct a risk
assessment of their current security system to
ensure it’s fit for purpose. If the chances of an
attack materialising are ‘Likely’ or ‘Very Likely’
and the consequences are going to be either
‘Major’ or ‘Catastrophic’ (or may be
‘Catastrophic’ regardless of the likelihood of an
attack) then you have no option but to prioritise
investment in a system that delivers end-to-end
encryption to 128 bit with Mac authentication.
Access control
Within the public sector, an NHS Hospital Trust
is a good example of a facility where an attack
is ‘Likely’ or ‘Very Likely’ and the consequences
would be ‘Major’ or even ‘Catastrophic’. Along
with the vital importance of safeguarding
patients, staff and visitors, trustees have the
additional responsibility of locking down all
areas housing high-value assets, confidential
files and prescription drugs. If the hospital’s
security system can be tampered with or
compromised, people and assets could then be
left vulnerable to criminal activity.
Some Data Centres have taken extreme
measures to deliver ultra-secure hosting for
customers requiring the highest level of
protection for their data. Rather than choosing
city locations such as London, companies have
opted to relocate, purchasing facilities like
redundant nuclear bunkers located in out-oftown
‘secret’ locations. They’re reinforced with
blast-proof, solid steel walls. However, without
an end-to-end data encryption for their security
system, facilities are potentially still leaving
themselves open to attack.
Quite simply, there’s no other approach for
buildings and facilities such as Data Centres
and research labs other than to take a proactive
rather than a reactive stance when it comes to
their security strategy.
Inner Range Europe is exhibiting at IFSEC International 2017. For all the latest detail and
information on web-powered security solutions for your business visit Stand E1400
38
www.risk-uk.com

The most sophisticated configurable
water leak detection system available
Protect your assets from the greatest risk to
buildings and managed systems: Water.
The only way to mitigate the risk of water damage is to continuously monitor for water
leaks. The risk assessment of water damage and the installation of Water Leak Detection
Systems are increasingly being recommended by commercial insurers and is often a
requirement for full cover.
Hydrosense systems deliver a new standard in water leak detection. Unlike other
systems, Hydrosense is fully customisable and configurable allowing connection to
Building Management Systems (BMS) and a wealth of other vital supporting systems.
Hydrosense continuously monitors for water leaks protecting a company’s building and
assets year in year out.
Contact Us Today!
vimpex.co.uk
sales@vimpex.co.uk
01702 216 99

IFSEC and FIREX International 2017: Show Preview
C-TEC will once again
be exhibiting at FIREX
International,
Europe’s largest fire
safety show. Centre
stage on this occasion
will be CAST, the
company’s
“revolutionary” ownprotocol
fire alarm and
detection system
C-TEC set to showcase CAST
Created to meet the demand for powerful
yet cost-effective addressable fire systems,
CAST panels are designed to integrate
seamlessly with an extensive range of C-TECmanufactured
fire detectors, sounders, Call
Points and interfaces.
Other innovations to look out for at ExCeL
include C-TEC’s high-performance range of
EN54-23 certified VADs and an advanced series
of hybrid digital power supplies.
Andy Green, C-TEC’s marketing manager,
informed Risk UK: “FIREX is a superb platform
for new innovations. We’re looking forward to
exhibiting some very exciting products,
particularly our CAST addressable system that’s
now in operation at multiple BETA sites and
very close to full release.”
Distribution deal
C-TEC’s sister company, SigNET, has been
appointed as the exclusive UK distributor of
RCF’s innovative new range of EN54-16 and
EN54-24 certified digital voice alarm systems.
Two solutions are available: the DXT 3000
and the DXT 9000. Designed for wall mounting,
the DXT 3000 is an intelligent ‘plug-and-play’
voice alarm solution for small to medium-sized
projects where EN54-16 compliance is required.
Ideal for supermarkets, schools, offices and
more, the DXT 3000 represents a practical
solution for integrating music and PA with a
voice-only emergency evacuation system.
The DXT 9000 is a medium-to-large range of
configurable EN54-16 compliant voice alarm
solutions. Versatile and completely scaleable,
it’s suitable for a host of applications ranging
from schools and hotels through to large
campuses with multiple buildings.
With C-TEC’s assistance, SigNET – recognised
as one of the UK’s leading manufacturers of
audio life-safety equipment – will concentrate
on promoting its products to companies
operating within the fire and security sectors.
For more information contact SigNET direct
on (telephone) 0844 800 1625 or alternatively
visit the website: www.signet-ac.co.uk
• C-TEC is currently hosting a series of free
educational CPD events across the UK. To check
dates and availability visit www.c-tec.com or
contact the company’s Marketing Department
on (telephone) +44 (0)1942 322744

M A N UFA CTURER
ADDRESSABLE VADS TO BE HAD!
C-TEC’s addressable visual alarm devices & sounders are here!
Introducing C-TEC’s new range of UK-manufactured addressable visual alarm devices and sounders. Fully
compatible with our XFP & ZFP range of XP95/Discovery fire panels, Base, Hi-Output and Compact variants are
available, all certified to the relevant parts of EN54 parts 3, 23 and 17.
G140
C-3-8 Base VAD
c/w 96dB(A) Sounder
• C-3-8 light distribution
• Ideal for mounting under
fire detectors in corridors, etc.
• Sounder, VAD-only and Voice
Sounder variants also available
Hi-Output W-2.4-8.2 Wall VAD
c/w 103dB(A) Sounder
• W-2.4-8.2 light distribution
• 14mA alarm current @24V DC
• IP33C rated
• VAD-only and Voice Sounder
variants also available
Compact C-3-8 Ceiling
VAD c/w 91dB(A) Sounder
• C-3-8 light distribution
• 14mA alarm current @24VDC
• IP21C rated
• Sounder, VAD-only and Voice
Sounder variants also available
VAD SYSTEM
DESIGN GUIDE
NOW AVAILABLE
CALL +44 (0)1942 322744
FOR A COPY
+44 (0)1942 322744 sales@c-tec.co.uk
You’re safe with C-TEC
www.c-tec.com
0359-CPR-00446
A PROUD BRITISH

Advertisement Feature
Converged Security Management:
Key to Mitigating Cyber Security Risks
The global challenge of extracting the
maximum benefit from Internet of Things
(IoT) technology while also balancing
security concerns in business is complex. On
that basis, Axis Communications has
commissioned a detailed White Paper on the
subject from James Willison, the founder of
Unified Security and vice-chairman of the ASIS
European Convergence/Enterprise Security Risk
Management Committee.
The IoT revolution is, in short, the resulting
combination of several related changes. These
changes include a reduction in component
prices, global mobile device adoption, greater
levels of connectivity through telecoms
infrastructure and the rise of Application
Programming Interfaces (or APIs) designed to
take advantage of the latest innovations.
As innovation occurs in the consumer
technology market with ‘smart’ devices, these
new technologies are increasingly being
employed within a business environment.
Today, it’s evident that any unsecured
physical security devices can be accessed
through the Internet from any number of
endpoints. Vulnerable devices are now easily
searchable through the online vulnerability
search engine Shodan, for example.
In September last year, we encountered the
first-ever co-ordinated attack using unsecured
IoT technology and encompassing CCTV and
Digital Video Recorder (DVR) devices.
Naturally, the consumer market harbours a
significantly different set of requirements and
specifications when it comes to product
security. As a result of a breach, the worst that
can happen is the loss of an individual’s bank
details or personal information. Given this
relatively low level of perceived risk, to date
security hasn’t been a key consideration.
As IoT technology increasingly enters the
business landscape, and with networked
security solutions now the staple of an effective
and modern security infrastructure, the
technologies employed are often not ‘Secure By
Design’. Should a business be hacked, the
ramifications are far greater than the loss of
individual sets of personal data.
In truth, a business risks the loss of groups
of files ranging from employee records through
to financial and customer data. This could
ultimately expose it to various levels of fines
with particularly severe consequences under
the upcoming European Union General Data
Protection Regulation (GDPR), which comes
into force in May 2018.
Rising concerns
IoT adoption is rapidly transforming the global
business landscape. As organisations witness
the ease of connectivity demonstrated in the
consumer sphere, their first instinct is to use
technology for business benefit, often without
fully appreciating the risks present behind
unsecured devices. As this infrastructure is
integrated within commercial environments,
however, the differing framework requirements
between business and consumer technology
become a significant challenge in terms of the
areas of compliance, data security and even the
overall cyber security of systems.
In meeting the challenges posed by this
convergence, we must first consider supply
chains. This includes the importance of third
party suppliers and the security of the end
products they duly provide.
An under-reported stakeholder within the IoT
security puzzle, for example, is third party
libraries. These organisations often contribute
upwards of 80% or more of the total product
code and, therefore, have a significant stake in
ensuring that products are secured.
While under the GDPR supply chains are not
liable for the fines of end users, the case can
indeed be made for rolling the financial
obligation downhill should Best Practice be met
and demonstrated. As a large number of OEMs
Steve Kenny discusses
the scope of a new
White Paper that
focuses on the global
framework
underpinning the rise
of Internet of Things
technology, why third
parties must ensure
‘Secure By Design’
principles are met and,
indeed, why the
convergence of IT and
Security Departments
absolutely demands
an holistic approach to
ensure success

Advertisement Feature
are seemingly not securing their devices, those
challenging the status quo stand out from the
majority and are leading the charge for
industry-wide standards to ensure the basic
security of IoT devices.
Initiating convergence
Technology and the physical devices sold by
vendors are converging on the corporate
network. While businesses are often
enthusiastic to implement the latest
technology, it’s not always as secure as
members of the security team require it to be.
It’s crucial that all new physical security
systems are considered with input from the
company’s cyber security team or specialist.
According to the Department of Homeland
Security in the States, the rapid growth in the
IoT has meant that: “This interconnectedness
of devices introduces cyber-physical
technologies that connect cyber systems to
physical systems, thereby removing the barrier
between the cyber and physical worlds, but the
greater connectivity also expands the potential
attack surface for malicious actors.”
As the cyber security threat continues to rise,
both in terms of the potential damage which
can arise from a breach and the number of
attacks which may be propagated, a shift in
business priority is being witnessed. Until
recently, most risk management strategies were
exclusively undertaken in siloes, with
Information and IT Security Departments
responsible for cyber security and physical
security specialists holding overall
responsibility for the physical element.
In meeting the challenges posed by the
integration of unsecured devices, we’re seeing
an increasing convergence between IT and
Security Departments, with obligations often
blurring and becoming analogous. Businesses
have now begun to integrate the practice of
converged security management with a multidisciplinary
security team identifying and
responding to the cyber and physical security
threats faced by the host organisation.
Redefining the landscape
As the security landscape changes, so too must
the practices of industry professionals resident
within it. Organisations now have a pressing
responsibility to employ due diligence when
identifying and purchasing new security
technology. In point of fact, no longer is it
sufficient to merely assume that security
products are secure by their very nature.
The IoT landscape increasingly favours
unfinished, unsecure technology with a race to
push products to market as soon as possible –
a key reason behind the success of the Mirai
botnet. In complying with regulations,
achieving Best Practice and ensuring overall
security, industry professionals now have the
perfect opportunity to redefine the B2B
procurement landscape.
As businesses begin to insist on the security
of products used to gain commercial
advantage, the supply chain will soon follow.
Integrated solutions at IFSEC 2017
On the Axis Communications Stand (E1000) at
IFSEC International 2017, visitors will be able to
experience a world of IoT security solutions,
writes marketing manager Dominic Jones.
All of the latest innovations will be
showcased, including a new radar detector that
offers the opportunity to greatly reduce false
alarms. The D2050-VE radar detector gives an
exact position of a moving object and can
deliver information such as the distance to an
object as well as angle of movement and speed.
In addition, this solution allows for visual
identification together with a camera.
The radar detector minimises false alarms
triggered by bad weather or insects and is
therefore a perfect complement to an end
user’s outdoor surveillance system even during
the hours of darkness.
In partnership with HID, Axis
Communications will be showcasing the first
integrated open IP-based mobile access control
solution. Visitors will also see how integrating
Axis’ speaker, camera and access control
solutions can offer practical and robust answers
to the real world challenges faced by
businesses. Of course, Axis Communications
will also be demonstrating its partnership work
in the sphere of cyber protection.
Steve Kenny: Business
Development Manager
(Architecture and Engineering)
at Axis Communications

Advertisement Feature
Mitigating The Outsider Threat:
How Data Centres Can Ensure GDPR Compliance
The future of business is taking place in the
cloud. Cloud products will reportedly
represent 30% of Microsoft’s revenue by
2018, while in Q4 2016, Amazon Web Services
generated $3.53 billion in revenue (up 47%
from the previous year). As the use of cloud
technology increases, it follows that so too
does our reliance on the infrastructure
supporting this growth – Data Centres.
In addition to their primary task of providing
managed access to cloud services and data,
Data Centres are increasingly required to
protect customer data (a key aspect of which is
demonstrating the security of that data and
processes through compliance reporting).
Data Centres invariably hold a wealth of
sensitive user data (and particularly so within
co-location sites) which they don’t own. As the
number of cyber attacks rise, resources are
increasingly reallocated to defend against the
cyber threat, often leaving physical security as
an afterthought. In real terms, this means that,
when an engineer is called out, security and
verification can often be limited to a single
phone call to check their identity, resulting in
significant vulnerability to outsider threats.
Within Data Centres, continual uptime and
data security are key – particularly in light of
the upcoming EU General Data Protection
Regulation (GDPR). The GDPR stipulates that a
fine of 4% of annual group turnover (or €20
million, whichever is the higher figure) is to be
paid in the event of proven non-compliance.
With the GDPR set to come into force in May
next year, any outdated security practices will
simply no longer suffice.
Meeting GDPR requirements
Currently, only 15.7% of firms in the UK and the
US are in the advanced planning stages of
GDPR compliance. 74% now believe that their
organisations are vulnerable to insider threats,
with 68% fearing breaches caused by insider
negligence. It’s clear that, to attain compliance
with the GDPR and reduce the impact of the
‘human factor’ (often the weakest link in a
security chain), physical security must be
deployed in tandem with cyber measures.
Ensuring the security of Data Centres
requires a dedicated approach combining
cyber security efforts with effective physical
security and access control solutions. In
meeting this challenge, any ‘smart’ physical
security technology must also now be cybersecure.
This requirement highlights the
pressing need for Data Centre specialists to
communicate with dedicated security
professionals familiar with both the potential
of the technology on offer and the best
methods of integrating and installing it with
security very much in mind.
The strategies underlying a compliant
approach are remarkably simple, combining
common sense with existing technology. In the
first instance, we can move beyond visitor
management at a distance (such as phone call
verification). Instead, once a stakeholder
within a Data Centre judges that an engineer,
for example, is required on site, they issue an
‘invitation’ to their employer. This invitation is
then received and actioned by said employer
and can be used as an access credential –
either as a printed code or one issued by the
organiser for action within a mobile device.
In practice, this supplies one factor of
authentication before the engineer has even
arrived on site, providing due proof that
potential risk has been noted and assessed
and that steps are in place to manage it.
Once the engineer appears at the Data
Centre, the code can then be presented to the
perimeter access control solution – either to an
IP camera or a Network Door Station.
If a given Data Centre can demonstrate
compliance, showcasing records of any visitor
to a site and proving an audit trail, this will
undoubtedly increase the attractiveness of its
service offer to potential customers.
John Allen examines
why Data Centres, the
very mainstay of ‘The
Information Age’,
require robust physical
security
considerations to
ensure that EU GDPR
challenges are met
John Allen: Business
Development Manager
(Access Control) at Axis
Communications

Cybersecurity?
Buckle up.
At Axis, we do everything we can to mitigate the risks of cyber attack. We have 100% focus on
cybersecurity. We build protection right into your network camera solutions. And we work hard to make
it easy for you to play your part. But we really can’t do it without you.
Because cyber protection is a lot like the seatbelt in your car. It won’t keep you safe unless you use it.
Learn Visit more about axis.com/about-axis/cybersecurity Axis’ quality assurance work
at axis.com/quality and find out how to stay protected!

Despite the growing
need for smarter
security systems in a
rapidly changing
landscape of risk,
upgrades of access
control for buildings
can sometimes be put
on the backburner.
Often, once
organisations have
invested in a system
that works for them
and meets their
perceived business
needs, it can be many
years before an
upgrade is considered.
Is that the right
approach to adopt?
Tim Northwood
investigates
Moving With The Times
Some organisations might ask themselves if
they really need to upgrade their access
control system when what they already
have in place appears to do the basic tasks at
hand well enough, but contemplate for a
moment everything for which we now use our
smart phones. This usually includes managing
diaries, online banking, airport check-ins,
navigating new places, tracking personal
fitness and even switching on the heating.
Arguably, we could function in our
professional and personal lives without a smart
phone. However, wouldn’t continuing to use an
old model of mobile phone from the pre-smart
phone era – or a ‘dumb phone’ as they’ve come
to be known – seem like a step backwards (or
at least leave us standing still) once we
consider the time, cost and efficiency savings
from which we could benefit by upgrading?
We opt for smart phone upgrades because
it’s the full range of mobile device functionality
that allows us to live our lives with less stress
and more ease (and much greater success). In
essence, the new breed of integrated access
control and security systems deliver time, effort
and cost efficiencies in a similar way (and you
can even manage some elements of newer
access control systems via your smart phone).
If we readily upgrade our mobile phones –
among other technology – why do some of us
still settle for limited functionality when it
comes to evolving our integrated security and
access control systems? The stakes are
certainly higher. Now that we’re living in an age
of greater risk posed by cyber and terror
attacks, concerns about security and access
control will be front and centre for those
organisations of critical importance to the
national infrastructure, such as those in the
medical, defence, Government and educational
sectors, not to mention Data Centres, research
laboratories and financial institutions.
Security system developers and
manufacturers are meeting this evolving
requirement head-on with the provision of even
more robust access control systems, but tighter
security aimed at threat prevention isn’t the
only motivation for introducing an upgraded
integrated security and access control system.
There’s a commercial one, too, and that’s
something all businesses are considering in the
currently tough economic climate.
Key players in a variety of successful
organisations are asking how their investment
in access control can help to keep them safe
and secure, but also how it can assist them to
stay ahead of their competitors. With CCTV,
people want to know how they can use their
cameras for more than just basic surveillance.
They want to use them for risk assessment,
analysis of trends and much more besides.
Business intelligence
Emerging to meet this need are systems with
highly-integrated security, access control and
building automation functionality. Features
such as 24-hour unmanned access help in
meeting Health and Safety requirements at
lower costs. Intelligent integration with subsystems
such as CCTV, biometrics, lighting, air
conditioning, intercom solutions and fire safety
makes for reduced bills as well as offering
greater protection.
Central and remote building and security
management from a single user interface helps
in managing multiple locations on a 24/7/365
basis using iOS and Android Apps.
Your chosen access control system might
operate satisfactorily, but is it enabling your
organisation to be the best and the safest it can
be? There’s so much valuable insight and
business intelligence that may be gained from
using newer solutions. Organisations can glean
better insight into how visitors and staff access
and use facilities, in turn building a profile that
may be used to track staff, visitor and asset
movements for safety, security and the
optimum performance of the business.
If upgrading your access control system isn’t
a current priority, is this due to budget
constraints or is it simply a case of: “If it’s not
46
www.risk-uk.com

Access Control: Considerations for System Upgrades
broken, why should we fix it?” Here’s a little
detail about some of the functionality you could
be missing out on if your access control system
is five-to-ten years old:
• Web interface and mobile device management
of your access control security system gives
your administrators secure access to the
interface via any Internet-enabled device
(including smart phones and tablets), allowing
them to respond quickly to alerts and events
even when they’re off-site or away from the
Security Control Room
• User-friendly interactive interface: Easy-touse
interactive schematics of all your buildings
and facilities simplify access control
management and control. If you need to lock a
specific door, for example, you can do so from
the comfort of your Security Control Room or
even via a secure smart phone or by dint of
some other mobile device
• Advanced integration possibilities: Given the
ability to integrate your access control system
with many other business and building
management solutions, the possibilities are
endless. For example, you can manage visitor
arrivals with automated, intelligent lift control
and use ANPR to co-ordinate car parking
• Capability to support vulnerable sites: If your
organisation is of critical importance to the
national infrastructure or the risk from a major
security attack or terror incident is high, having
a fully-integrated access control and security
system in place will be vital. This includes realtime
access to CCTV, as well as the ability to
lock down doors and buildings to protect
people and assets and better control a situation
• Smart cards: Now, your access control card
enables staff and visitors to gain entrance to
authorised areas of your facilities and can have
multiple other uses such as cashless vending,
locker control and ID. Given their ability to
integrate with HR management programmes,
systems can be streamlined to reduce the
duplication of work
• Multi-drop RS 485-based smart card readers
that employ 128 bit AES encryption from the
card through to the door module afford a far
superior level of security
• Highest levels of security: When security
takes precedence over all other factors, the
highest grade of security system isn’t optional.
Systems that provide an end-to-end, fullyencrypted
solution to 128 bit with Mac
authentication offer organisations the ability to
add an additional layer of protection. Data
encryption ensures secure LAN communications
at all times, while continuous monitoring will
actively serve to detect any fault or attempted
module substitution
Scale up or downsize?
If your access control system is over ten years
old, as well as the above features you may also
not be benefiting from:
• Access control and building management
locally, nationally and globally: Having the
ability to manage access control and security
for multiple buildings, regardless of their
location, will allow you to better use your
security team resource. If your organisation is
located in one area, but has, over the years,
acquired additional buildings with different
access control and security systems, the
company would benefit from having the ability
to manage and control the entire estate from
just one system
• The ability to scale up or downsize if required:
Access control systems are now built with
flexibility in mind. They allow for rapid
upscaling in times of prosperity and expansion.
There’s a realisation that, due to consolidation
or industry changes, the number of facilities an
organisation may manage could also reduce
over time. It’s important to know that your
chosen solution can adapt to your needs
• Integration capabilities: Forward-thinking
integrated access control systems will work
cohesively with leading brands, continually
adding the latest and most popular
technologies to their partner list, from the
basics such as CCTV through to building
management systems involving heating,
lighting and air conditioning solutions
• A management system that can ‘talk’ to
business systems already in use: A major
concern for your organisation, along with the
invesment in an access control system, may be
about how many of your other security
solutions will be made redundant following an
updgrade? You might be surprised to learn that
much of your current infrastructure could still
be used, bringing a higher return on existing
investments and reducing costs
Going beyond protection
Given a summary of benefits that vast, surely
this provides much food for thought for any
business with access control regimes in place?
Many of you may not have been aware of the
scope of capability now offered by today’s
integrated security and access control systems.
Even if you were, perhaps you’re now beginning
to think about them in a new light.
Tim Northwood:
General Manager of Inner
Range Europe
“Your chosen access control system might operate
satisfactorily, but is it really enabling your organisation to
be the best and the safest it can possibly be?”
47
www.risk-uk.com

Contractor Screening Procedures:
Eradicating the ‘Blind Spots’
Traditional business models are under fire as organisations
increasingly seek ways in which to extend their workforce
beyond the humble ‘employee’. Initiatives like the sharing
and gig economies are rising in popularity because they
allow companies to meet short-term capacity needs and
enable them to operate more flexibly. Steve Girdler addresses
the security management implications for hiring companies
Professional services firm PwC predicts a
significant leap in the proportion of
contractors making up our workforces by
2022. While the move towards an extended
workforce comprising vendors and contractors
presents businesses with a great opportunity to
enhance and diversify their skills base, it can
also open the door to new forms of risk.
Unless those risks are understood and
mitigated from the start, the repercussions of a
bad hire can be very long-term indeed, even if
the worker’s contract isn’t. Any new or existing
employee has the potential to expose a
company to risk. Remember that a given chain
is only as strong as its weakest link.
Companies that provide access to
confidential customer information, Intellectual
“It’s simply not enough to solely rely on recruitment agencies
or suppliers of temporary workers to have performed the
bespoke checks that fit in with the needs of a business”
Property and financial information in particular
need to extend the same level of attention to
screening vendors and contractors as they
would do for permanent members of staff – a
challenge that goes way beyond Best Practice
and enters into the realm of compliance.
However, our own 2017 Employee Screening
Benchmarking Report finds that less than half
(42%, in fact) of EMEA companies we
questioned actually screen non-employees
such as independent contractors, temporary
workers and volunteers. Furthermore, a quarter
(ie 24%) relax their screening process for the
extended workforce. By not checking third
parties who come into contact with their
business, companies risk both their reputation
and profitability. It’s time they closed the gap.
Spotting the red flags
A truly robust recruitment process requires the
background screening of all candidates,
including those in the extended workforce. It
should form an integral part of a company’s
business continuity and risk management
strategy. It should not be viewed as an ‘added
extra’, but instead as a necessity designed to
ensure the security of the business.
While there might be the temptation to limit
investment in short-term workers, filling
temporary gaps should still require employers
to follow set risk management procedures
during the recruitment process.
Therefore, organisations need to plan ahead
in order to spot where the gaps may arise in
their workforce, identifying regular ‘crunch
times’ and keeping on top of the trends that
affect hiring needs. Only with in-depth planning
can the needs of the company be met in a
secure and efficient way.
The amount of screening for applicants
should be matched to the level of risk they
pose. For instance, those trusted with sensitive
information or privileged access to company
systems are the ones on whom most attention
ought to be focused.
The process of screening promotes a safe
working environment, builds integrity among
employees and helps to ensure the credentials
of the most skilled and experienced talent
available. By screening both permanent and
temporary workers as a standard part of the
recruitment process, employees can make a
48
www.risk-uk.com

Background Screening of Employees
safe assumption that the colleagues whom
they’re working alongside are who they say
they are and duly qualified for their role.
It’s simply not enough to solely rely on
recruitment agencies or suppliers of temporary
workers to have performed the bespoke checks
that fit in with the individual needs of a
business. Instead, companies must build time
into the recruitment process to identify any
inconsistencies and, in doing so, uncover the
potential risks a business could face before
they’re realised.
While of course it can be tempting to cut
down the time it takes to hire by reducing or
otherwise avoiding the screening of employees,
it’s crucial to ensure every member of the team
is able to live up to their CV and share the
organisation’s values all the while.
Maintain brand integrity
A company’s reputation is often either built or
burned by the behavior of its employees. The
rise of sites such as Twitter, Trustpilot and
TripAdvisor means that every experience a
customer has with a brand can be shared with
members of the public. That being so, a
positive outcome is now arguably more
important than ever before. When it comes to
the extended workforce, every employee must
be aware of the standards of behaviour and
conduct expected of them in the working
environment no matter their contract length.
Even if someone’s brought in to a company as
a stop-gap measure, businesses need to be
able to trust such employees to work in line
with the existing brand expectations.
Timeframes for recruitment and training may be
reduced, but on balance the importance of
ensuring such employees are willing and able
to fulfill obligations they take on has priority.
Fraudulent activity can have severe
consequences for businesses, meaning that the
definition and subsequent implementation of
preventative policies and procedures is
paramount. Our research found that most
business leaders (84% of those surveyed)
perceive their greatest risk to be external, but
Kroll’s Annual Fraud Report for 2016 found that
most fraud incidents (81%) involve at least one
insider. In that study, six out of every ten
respondents who worked for companies that
suffered from fraud identified a combination of
perpetrators that included current and former
employees and third parties. Almost half (49%)
said that incidents involved all three groups.
Junior staff were cited as key perpetrators in
two-fifths (39%) of all fraud cases, closely
followed by senior or middle management
(30%) and freelance or temporary employees
(27%). Former employees were also
responsible for 27% of reported incidents.
Overall, 44% of respondents reported that
insiders were the primary perpetrators of a
cyber incident, with former employees the most
frequent source of risk (20%) compared to 14%
citing freelance or temporary employees and
10% focusing on permanent employees. Adding
agents or intermediaries to this ‘insider’ group
as quasi-employees increases the proportion of
executives indicating insiders as the primary
perpetrators to a majority 57%.
Over half of all respondents (56%) to the
Kroll study explained that insiders were the key
perpetrators of security incidents, with former
employees (at 23%) the most common of these.
Putting the right security measures and IT
systems in place is vital in terms of protecting
businesses from outsiders, but the evidence
shows that the greatest risk is actually from
within. Serious and credible threats from
external sources such as cyber crime attract a
lot of attention and are much feared, but the
few major instances that reach the mainstream
media can be a smokescreen for the more
realistic threat posed by internal weak spots.
Companies need to plan for this threat with the
same energy that they do external risks.
Background screening can be a critical tool in
the prevention of legal challenges. A lack of
effective screening may open businesses up to
avoidable compliance issues such as those
surrounding the UK Bribery Act or the
forthcoming EU General Data Protection
Regulation (GDPR).
The implementation of the GDPR next May is
one of the most significant developments in
data protection that the EU has seen, with the
UK expected to adhere to the regulations
before its exit of the EU. The GDPR will improve
individuals’ rights over how their data is being
used by businesses. With fines that could
stretch well into the millions, this has to be a
priority for all companies.
Steve Girdler: Managing
Director (EMEA) at HireRight
49
www.risk-uk.com

16 - 17 October
Whittlebury Hall Hotel & Spa,
Northamptonshire
Limited Places Remain
This October, the Total Security Summit
will be celebrating it’s 20th anniversary.
Meet with the most experienced
suppliers, learn from industry gurus and
connect with peers over the course of this
two-day Summit.
For more information on our remaining
delegate and supplier invitations, please
contact Nick Stannard today on
01992 374092 or email
n.stannard@forumevents.co.uk
totalsecuritysummit.co.uk
@TSSummit
#TSSummit

The Changing Face of Security Services: Security Uniforms
What’s The Future Role
of Uniforms in Security?
In a recent series of exclusive articles for Risk UK, Peter Drew Contracts’
Tim Drew has examined the provision of managed uniform services (Risk
UK, December 2016, pp32-33) and how to successfully switch uniform
suppliers and therefore realise the full benefits available from the supply
chain (Risk UK, March 2017, pp35-36). Now, the emphasis turns towards
the future of uniforms and their use in the security business sector
The security landscape and, indeed, the
security business sector itself is
undoubtedly changing and, not
surprisingly, these changes are having an
impact on the clothing used and the services
offered by today’s myriad solution providers.
In order to clarify the position as it stands,
we need to briefly look back at the role of
security personnel and how this has both
evolved and developed to produce the breed of
security officer that we now witness looking
after buildings as well as the assets and people
within them on a daily basis.
Traditionally, the security officer was tasked
with protecting physical assets such as
factories and industrial estates. Often, that
officer was employed in-house in what might
best be termed a ‘gate-guarding’ duty and, in
fairness, the role harboured a somewhat
limited range of tasks. In days of old,
communication equipment was often no more
sophisticated than a landline telephone.
As far as uniforms were concerned, the look
of the practising security officer wasn’t driven
by image, but rather by simple practicality and
‘recognition’ of the role being performed on
site. Corporate branding was non-existent. A
standard badge stating ‘Security’ and
something of a military influence was pretty
much all that was required to meet the need.
This type of security role still exists in small
numbers and, it must be said, isn’t without
merit in some specialist or traditional
environments. However, if we move forward to
today’s fully-integrated security services
provision so beloved by many practitioners, the
contrast becomes immediately apparent.
Array of services
Security now encompasses an extensive range
of both complex and specialist services.
Leading security providers are closing the gaps
between disparate security requirements and
offering integrated, flexible and added value
services for their client base. This is different to
– and, arguably, offers much more than –
standard facilities management. The services
now on offer are targeted specifically at
security and attuned to the safety of the
customer and/or members of the general public
rather than simply the maintenance of the
facility that’s being safeguarded.
These added value services have a direct
effect on the skills and activities of the security
officers present on a given customer’s site and,
as a consequence, the equipment and
protective clothing that will be required by
them. We’re now witnessing the development of
the modern security officer: a multi-skilled,
multi-tasking multi-role occupied by a highlytrained
and assiduous individual.
Training for today’s security personnel can
take in excess of 12 months and represents a
considerable investment by a front line security
services provider. Remember, too, that the
security officer is only one part of a complex
and robust security solution which may also
encompass active manned CCTV, mobile
patrols, first response medical assistance,
firefighting and major incident management.
For each of these services, it follows that a
different uniform will be required.
Manning a reception service within a prestige
office in a major city is no longer simply a ‘Meet
and Greet’ and issue a pass-style security
function. Security staff may now be tasked with
building evacuation, co-ordination with
members of the Emergency Services or even
the management of what’s an ongoing terrorist
threat (the level of that threat posed to the UK
mainland is currently set at ‘Severe’ by the Joint
Terrorism Analysis Centre).
Put simply, the security officer of today must
change from a stance of ‘hiding in plain sight’
to be recognised as a person of influence and a
conduit of information in an emergency
scenario by both members of the public and,
indeed, the Emergency Services.
Tim Drew: Managing Director
of Peter Drew Contracts
51
www.risk-uk.com

The Changing Face of Security Services: Security Uniforms
Requirement for PPE
Specialist uniforms are issued that may only be
used for a few moments in an incident, but
these will be every bit as important as the daily
wardrobe. Mobile officers supported by CCTV
protecting public places may require PPE to
handle needles or, in some of the more extreme
cases, could well be issued with covert or overt
stab protection.
Large Government facilities and universities
are typical examples of locations where the
modern day security officer is now being
deployed. Integrating mobile patrols, static
guards, physical security, CCTV and first
response offers benefits for the purchasing
client in terms of both enhanced security and
reduced cost.
Security companies are now training their
officers in fire protection techniques (with a
view to helping reduce the potential outbreak
of fire) and in fire-fighting small fires to allow
safe evacuation, at the same time deploying
small fire engines and fire-fighting equipment
as part of a complete protection service.
Response times to an alarm can now be as little
as two minutes.
In a true one-stop operation, sniffer dogs
may be deployed for firearms or drugs
detection. The use of these dogs is increasing
in public areas and venues. The dogs need to
be identified and they too have a uniform,
including dog boots and dog goggles.
Even the event security sector – which, in
general, has been characterised by the
employment of temporary personnel and the
issuing of low value uniforms – is now changing
rapidly. Classic suits are often worn in
customer-facing positions, with the switch
made to corporate-branded and highly visible
clothing for crowd management duties.
Different vibrant colours can indicate
different roles and, in what’s a new
development, LEDs may be built into garments
as a method for informing members of the
public of a developing scenario.
The multi-role security officer can offer the
client excellent value through improved public
protection combined with a reduction in
insurance premiums. All of the tasks involved
require a complex issue of different pieces of
clothing across different wardrobes. Managed
uniform providers simply must be prepared to
meet the requirements of the modern multi-role
security officer of today. Large ranges of
specialist equipment, garments and footwear
are going to be required.
Complex and diverse
Gone are the days when the uniform supplier
was simply a tailor or the maker of clothing.
The security uniform is now complex and
diverse and requires the co-ordination of a
range of specialist providers in order to
complete the requirement.
In addition, this must be coupled with
systems that can control the supply chain as
well as simplify the ordering and monitoring of
the life of uniforms and PPE.
Will the modern day security officer
described here become the standard for
security? Given recent events, it’s abundantly
clear that officers with diverse skill sets are a
huge advantage when it comes to dealing with
a severe threat. There will always be room in
the industry for officers of all levels, but the
specialist security officer is a welcome growth
area and one which suppliers to the industry –
and notably uniform providers – must either
invest in or be left behind.
Ordering systems should be developed that
can handle the ordering and tracking of
multiple garment requests. New and adaptable
IT systems capable of being reconfigured to
customers’ requirements are essential to the
process. Software capable of predicting current
and future uniform requirements will be created
to manage the issue and re-issue of uniforms
and PPE. These systems should project both
the future requirements by quantity and the
overall cost, in turn allowing the security
provider to budget ahead.
Managed IT services
Managed uniform providers should be prepared
to work with security companies to closely
integrate payroll systems and enable live
reporting. This will reduce the need for rekeying
staff information.
For their part, managed IT services can be
supported on mobile devices and made
available to every concern, from the smallest
right through to the largest security company.
The good news for all of us is that it looks
like the uniformed multi-skilled security officer
is very much here to stay. The world will be a
far safer place because of them.
“Integrating mobile patrols, static guards, physical security, CCTV and
first response offers benefits for the purchasing client in terms of both
enhanced security and reduced cost”
52
www.risk-uk.com

We go the extra mile.
Axis Security – supporting customers every step of the way.
• Our employees – are highly trained, valued and rewarded
• Our proactive management approach – ensures service is continually improving
• Our intelligent technology – ensures open lines of communication and transparency
• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards
T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk

The Changing Face of Security Services: Officer Profiles
Women in Security
How do women view themselves within the security business
sector? How are they perceived by their male colleagues (of
all levels) and how do members of the public look upon
female security officers? Paula Mathers reports on the
extremely interesting results of a recent study
As part of the senior management team at
Coverguard Services, it’s one of my tasks
to ensure we employ a wide demographic
of staff and are giving everyone a fair and equal
chance at employment regardless of their race,
ethnicity, age, level of ability or gender.
There are statistics which show what
percentage of females we need to employ in
order to provide evidence that we’re an equal
opportunities employer, and a great number of
companies actually state within their equal
opportunities policies what percentage of
women they will hire as a minimum.
The Office for National Statistics reports that
female students obtain higher GCSE and degree
results than males, which could mean that
women are less likely to enter physical
employment – such as security – and more
disposed to take on roles reliant to a somewhat
greater extent upon academic skills.
There are more males in senior roles within
business, medicine and academia, which
should balance out the equation. Maybe the
answer is that males are more open to the kind
of employment they enter than women, with
females being rather more particular about the
kind of role for which they would apply.
Within the cyber security industry, it’s found
that only 11% of staff are female.
Moral dilemma for employers
In March, the House of Commons reported that
women are expected to make up at least 25%
of company Board members in the business
sector. This leaves employers with a moral
dilemma if they wish to adhere to that goal.
In order to comply with the required
statistics, are we expected to employ or
promote female staff members over their male
counterparts regardless of their level of
experience or ability to do the job? For some
companies, this may be the only way in which
it’s possible to conform with these figures.
We set up a study to see how females
perceive themselves within the security
industry, how they’re viewed by their male
colleagues (of all levels) and how the general
public looks upon female security officers.
The findings suggest that (the majority of)
women perceive themselves as being better at
their security role than their male counterparts.
They feel they have more compassion, are able
to diffuse a situation quicker and easier and are
faster to react to potential trouble, reading
signs of unrest on a swifter footing than their
male colleagues.
When assessing how male security personnel
perceive their female colleagues, significant
differences were found between what people
were prepared to say in public and what they
wished to disclose in private. The majority of
males were actually unsure of how to treat a
female security officer. For some, the belief is
very strongly embedded that females are only
in the role so that someone can “check the
girls’ toilets” or “make up the diversity
numbers”. In a public forum, those same male
officers claimed that they saw female security
personnel to be just as good as the males.
The public’s view of females in security is
very different and seems to depend directly on
looks. The more attractive female officer makes
members of the public wary with comments
such as “Is she strong enough to break up a
fight?” and “How is she going to stop any
trouble?” being the norm. The perceived to be
less attractive females are considered along the
same lines as male security officers, with little
or no questioning of their abilities.
Despite employing the best person for the
job within our company regardless of gender
bias, we have what seems to be a much higher
percentage of female staff than other security
businesses. Over 30% of our licensed staff, in
fact, are female. Last year, we enjoyed an influx
of only female candidates turning up for our
scheduled interviews and, what’s more, they
excelled in all interview areas.
This puts us at a great advantage. It may
possibly be due to our family-friendly policies
and stringent lone working procedures, or it
might be down to the types of clients whom we
choose to serve. Whatever it is, it’s working.
Paula Mathers:
Assistant Director of
Coverguard Services
“In March, the House of Commons reported that women are expected to
make up at least 25% of company Board members in the business
sector. This leaves employers with a moral dilemma”
54
www.risk-uk.com

Tel: 08707 508070 Fax: 08707 508066
Risk UK Offer
Uniforms@PeterDrew would like to offer
all Risk UK readers, SIA licensed companies,
FM companies and end users of security
services the following -
• Free samples on a sale or return basis
• Free artwork and design setup
• Free dedicated buying portal
• Discounted contract prices
• Committed customer sales support
• Same day dispatch, next day delivery
• Branded stock holding available
•
To take advantage of this offer or for more
information contact uniforms@peterdrew.com
or call 08707 508070
Website: www.peterdrew.com
Twitter: @UniformSecurity
Facebook: facebook.com/
PeterDrewCorporateClothing

The Changing Face of Security Services: Counter-Terrorism
Peter Webster:
CEO of Corps Security
Peter Webster looks
back on the tragic
terrorist attack that
took place at
Manchester Arena on
Monday 22 May and
what it means for
practising security
professionals
Reflecting on Manchester
The full horror of what happened in
Manchester last month is still sinking in. At
the time of writing there were 22 dead and
over 60 injured in the wake of a suicide bomber
walking into Manchester Arena following a
concert by Ariana Grande and initiating the
worst terror attack in the UK since the 7 July
2005 suicide bombings in central London.
Watching footage filmed inside the building
after the bomb was detonated and seeing
images of injured children and young people
outside the venue filled me full of sadness,
anger and a sense of determination that those
perpetrating such acts must be defeated.
This episode also highlighted the important
job our security services do in preventing more
of these types of incidents. While every terrorist
attack that’s successful is one too many, lots
more are prevented. We must all be vigilant in
order to help in stopping future atrocities.
It’s also important to recognise the role my
industry colleagues played in the immediate
aftermath in terms of helping the injured and
working with the Emergency Services. I’m sure
that, faced with a similar situation, security
officers from up and down the country would
have acted in the same calm and professional
manner. Security personnel deal with serious
situations each and every day and their actions
usually go unrecognised. Put simply, far greater
respect needs to be afforded to those who
perform security-related tasks.
It goes without saying that security
professionals must be on high alert to the
potential impact of threats posed to the people,
property and assets they protect and review
their contingency plans where necessary.
Furthermore, in order to stand the best
chance of spotting terrorists, the public must
also play its part by reporting any suspicious
behaviour. The National Police Chiefs’ Council
needs to do more to promote the advice offered
in its ‘Run, Hide, Tell’ policy.
The attack on Manchester has sent
shockwaves around the world and is a clear
indicator of the type of havoc that those with
malicious intent can wreak upon our lives as
they try to undermine our values and what we
stand for. Sadly, I don’t believe that we’ve seen
the last of this type of despicable activity.
Vigilance is our key strength and we must
use it in full support of our security services.

Access Control: The Keys to Successful
Security Management Regimes
Given the increasingly
high-profile status of
potential risks in this
day and age, Steve
Bumphrey outlines
why it’s not surprising
that more and more
specialist sectors –
including the
Emergency Services
sector and custodial
operations – are
reviewing their
security posture from
the basics through to
the highest levels
Let’s begin with a quote from the Global
Access Control Security Market Research
Report 2017: “The need for electronic
access control has grown in the wake of threats
becoming increasingly complex. The threats
posed to both members of the public and
private properties are coming from across the
border and their own citizens. The electronic
access control market includes management
and authentication systems as well as intruder
alarm and perimeter security systems as they
monitor and prevent malicious activities.”
At its simplest, access control has always
been concerned with doors and buildings.
Increasingly, we now look towards protecting
three elements: people, equipment and data or
information (particularly since the latter has
featured so significantly on recent crime
statistics reports issued by the police).
In an era when there are increasingly
sophisticated and complex control systems
available, it’s very easy to lose sight of the
basics. In “times of plenty” there were the
budgets available to invest in advanced
systems. What it comes down to, and notably in
today’s more uncertain times, is that every
investment is likely to be scrutinised far more
closely. That being so, it’s essential to build a
strong security case right from the ground up.
Most people understand the ‘make it
difficult’ part. After all, that’s what security is
designed to do, but they often forget the times
when you also need to make it very easy for
people to move through doors.
For example, in the case of fire or other
emergency evacuation scenarios, or at sporting
facilities, transport hubs or entertainment
venues when you have to move thousands of
people through an area in a very short space of
time, enabling them to move swiftly through
entrances and exits is absolutely vital.
Further, added focus is afforded by the need
to remember the requirements of the Disability
Discrimination Act (ie to provide equal access
to services and products and make openings
easy and accessible for all).
This is where accounting for the basics and
having a clear audit control on keys (and any
form of credential or access control) among
members of staff – both temporary and
permanent – can prove absolutely essential.
Effective key and equipment management
ensures a completely secure solution, right
from door entry through to the filing cabinets,
COSHH cupboards and, critically, for personnel
in sectors such as the Emergency Services.
Audit control
It’s understandable that most individuals focus
their security planning on trying to prevent
entry to or exit from a building. There’s a
bewildering array of choices when it comes to
locking and access systems but, taking a step
back from all of this, it’s important to be able to
account for all keys that are still functioning
and manage staff and visitor access control
credentials efficiently from one platform.
You can have the most sophisticated,
Internet-enabled, biometric access-controlled
scanning system in the world in place, but if the
credentials are not allocated to authorised
personnel then security will be swiftly
breached. Considering keys on their own, they
may not be a high value item to replace, but
when you think about what those keys are
controlling, it could well be the most precious
equipment (often in terms of data stored as
opposed to its monetary value).
58
www.risk-uk.com

Access Control: Electronic and Physical Key Management
If such keys fall into the wrong hands, not
only is it an expensive process to change all the
compromised locks, but it’s also potentially
breaching security and creating a vulnerable
environment. Adding to the concerns over
physical key management, the ease of both
the instruction and ability to copy keys – not
only in High Street stores, but also by referring
to social media influences – also serves to
again leave keys, equipment, businesses and
public sector organisations exposed.
Simply put, basic keys are equally easy,
simple and inexpensive to copy and, in doing
so, the building administrator or security officer
instantly loses control of the security situation.
Traditionally, the solution is to introduce a
key control system, whereby keys are
‘managed’ by a particular department holding
‘keys on hooks’ (sometimes in a metal cabinet)
and keeping a manual record of any keys that
are distributed or loaned out. The more
sophisticated solution for managing this
scenario is to use an electronic key cabinet that
monitors who has used each key and when it
was allocated and also restricts who has access
to the keys themselves.
If a key ever goes missing or a compromise
situation occurs, a full audit trail exists showing
who has had access and which keys have been
taken. It’s quite amazing how quickly keys are
returned when end users know they’re both
accountable and traceable. In this scenario,
perhaps what’s less well known is the level of
cost, resource and efficiency savings to be
realised in being able to immediately account
for keys and access rights at any one time.
Software-controlled systems can turn
traditional keys into intelligent ones by setting
curfews for their return and triggering alarm
events if they’re not brought back to base by a
certain time.
Looking at the evidence
Despite the Government stating crime figures
have continued to fall, given the ongoing
impact of policing budget cuts it’s very much
the case that the necessity to carefully manage
costs in the emergency sector is still required.
Hertfordshire Police is a good example. A key
management system has helped supervisors
know how and when vehicles are being used.
They have the ability to determine who can
access the keys to particular vehicles and
when, record and report on mileage driven
during the periods keys are out, capture data
on any reported defects or damage to enable
appropriate decisions to be made and timely
actions taken and also decide which vehicles
individual officers can and cannot drive.
“Software-controlled systems can turn traditional keys into
intelligent ones by setting curfews for their return and
triggering alarm events if they’re not brought back to base
by a specified time”
From a Duty of Care perspective this provides
control. The force is able to ensure officers
cannot take out a vehicle when they’re not
authorised to drive or for which they haven’t
received proper training. Further, it helps to
maintain the cars so that, when used in an
emergency, officers can be confident their
vehicles are always in perfect working order.
Thames Valley and Northamptonshire Police
is one force that has taken steps to implement
electronic and intelligent physical management
of equipment to ensure a more efficient service
can be provided for its community. The force
has safeguarded equipment such as radio
terminals using an intelligent locker system to
deliver better security and management.
With over 5,000 airwave radios in use across
the Thames Valley force at any given time, it’s
essential that replacements are made available
day or night and quickly. Replacements are held
in 29 locations across the region. Officers
needing a spare or replacement radio simply
access the electronically-operated locker
system by making a telephone call to a 24/7
Help Desk using a dedicated adjacent
telephone. The Help Desk operator will then
check the identity of the officer and remotely
unlock the electronic locker to allow access to a
replacement unit and then enters the details
into the bespoke database.
In addition to the electronic lockers
containing replacements for standard airwave
radios and accessories, the force has also
introduced a new range of lockers for securing
radios used on selected special operations by a
small number of highly-trained officers. For
these special operations radios, RFID tagging is
incorporated to identify each radio, recording
when a terminal is removed from one of the
cabinets and by whom. In turn, this provides
powerful management information.
Age of uncertainty
In an age of security uncertainty, while action is
being discussed in terms of ways in which to
better protect our communities, it’s clear every
item of expenditure is under scrutiny. There’s a
defined requirement to consider a cost-effective
and pragmatic approach right across the board.
These factors alter the dynamics of security
planning – and, indeed, effective access control
– for designers and specifiers alike.
Steve Bumphrey:
Sales Director for Traka
59
www.risk-uk.com

Fire Safety: Standards and The Law
The UK’s fire industry
faces new challenges
as the density of
occupation increases
alongside the
developing complexity
of buildings in which
people live and work.
Furthermore, growing
end user demands are
heightening the
urgency to introduce
governance on fire
equipment and fire
safety solutions.
Against this backdrop,
Don Scott discusses
the importance of fire
safety standards
60
www.risk-uk.com
According to the Home Office’s fire statistics
for Great Britain, there were 22,000 fires in
commercial buildings between April 2013
and March the following year. In 64% of those
premises with installed detectors, the
technology failed to operate due to – among
other reasons – the poor positioning of
equipment, incorrect installation and/or the
incompatibility of fire technologies. Many of
these issues would be resolved if unskilled,
untrained technicians were prevented from
installing or servicing vital fire safety systems.
Recognition that the legislation for fire safety
needed to be simplified resulted in the
Regulatory Reform (Fire Safety) Order 2005 in
England and Wales, with separate legislation
introduced for Scotland in 2006 and Northern
Ireland in 2010. The Order is designed to
provide a minimum fire safety standard for
commercial premises and designates the
Responsible Person. That individual is required
to perform certain fire safety duties which
include carrying out a fire risk assessment,
producing a fire safety policy, developing safety
procedures, undertaking staff training,
implementing fire drills and providing and
maintaining a clear means of escape.
The Responsible Person is the individual with
control of a workplace. However, in the case of
a prosecution for an offence under the Order, a
director or manager could face criminal charges
with consequential prison sentences and/or
fines if they’re the nominated Responsible
Person. To date, there have been 223
prosecutions of Responsible Persons in 2017,
which represents a 14% increase on last year.
Fires need three elements to burn: a source
of ignition (heat), a source of fuel (materials
that burn) and oxygen. Employers, building
owners and occupiers must carry out a fire
safety risk assessment and keep it updated.
This fire safety risk assessment should identify
potential sources of ignition, substances that
may burn and those personnel who may be at
risk. Based on the findings, employers must
then ensure that adequate and appropriate fire
safety measures are in place to minimise the
risk of injury or loss of life.
The Fire Safety (Employees’ Capabilities)
Regulations place a responsibility on employers
to consider the capabilities of their employees
as regards Health and Safety when entrusting
them with fire safety-related tasks. Such tasks
include carrying out fire risk assessments and
being a nominated fire warden or marshal.
Employers need to ensure their employees have
the requisite training, skills and experience in
place for their delegated tasks.
In supporting the Regulatory Reform (Fire
Safety) Order, the Department for Communities
and Local Government (DCLG) has published a
number of guidance documents to assist
employers in meeting their responsibilities.
Impact of false alarms
Under the Government’s Localism Act (ratified
in February 2012), Fire and Rescue Authorities
have the right to charge for attendance at false
fire alarm episodes caused by malfunctioning
or poorly installed detection systems. An
example is the London Fire Brigade who
introduced a stringent rule to charge
organisations if they have more than nine false
alarm call-outs at their premies in a given year.
The legislation was brought in to encourage
UK businesses to regularly maintain their fire
alarms and reduce the cost and time lost by
Fire and Rescue Services due to attending
unwanted fire alarm signals (ie false alarms
that are passed to the Fire and Rescue Service
for action). The maintenance of fire alarm
systems forms part of fire risk assessments and
is the remit of the Responsible Person.
According to the Fire Industry Association
(FIA), false alarms generated from remotely
monitored fire detection and fire alarm systems
cost businesses and Fire and Rescue Services
an estimated £1 billion per annum in the UK. In
2014-2015, unwanted fire alarms caused by

Evaluating Fire Safety Standards
equipment accounted for two-thirds of all false
alarms, amounting to a total of 143,500. This
DCLG figure is slightly lower than for the
previous year, but it’s still unacceptably high.
Fire detection systems shouldn’t cause
unwanted alarms. If an organisation suffers
from excessive occurrences of false fire alarms,
the root cause is either poor technology or poor
service and maintenance support, both of
which are addressable issues.
The effect that false alarms have on business
continuity is immense. Lost working hours and
the upheaval of evacuating premises adds up to
significant financial loss. Even a short
evacuation would cost a large supermarket in
excess of £20,000, an airport £35,000 and a
London Underground station something in the
region of £53,000.
False alarm call-outs not only impact host
organisations themselves in terms of loss of
earnings and loss of reputation, but are also a
public safety issue. When alarms go off
repeatedly, there’s a tendency for people to
disregard them and, in the case of a real fire
scenario, complacency could further endanger
lives. Today’s technology helps in addressing
this issue. It really is a false economy to install
fire detection systems that place members of
the public and organisations at risk.
EN 16763 under evaluation
Following five years of planning, the EN 16763
‘Services for Fire Safety and Security Systems’
Standard places the focus on service delivery.
Every aspect is included from planning through
to design, commissioning, installation and final
handover. Importantly, this new standard spells
out the expected level of service at each
individual stage, bringing a new benchmark of
quality to the fore in the fire sector.
Furthermore, this standard also aims to
improve the quality of service delivery by
specifying the level of competence, knowledge
and understanding required of a company and
the individuals employed within.
The Regulatory Reform (Fire Safety) Order
2005 states that an individual delivering a
service must be ‘competent’. However, this is
merely defined as ‘a person who has sufficient
training and experience or knowledge and other
qualities to enable them to properly implement
the measures referred to in the Order’. EN
16763 aims to create a uniform benchmark for
service provision across the fire industry,
subsequently improving levels of education and
experience and increasing professionalism.
The FIA and a number of companies across
the sector have supported the creation of this
new standard and service providers will be
expected to comply. There may be a move to
write the standard into the BAFE and LPCB
certification schemes over time. As has been
widely publicised, the FIA will soon be
delivering accredited courses to providers,
offering a recognised qualification that meets
the requirement of the new standard.
Selecting suppliers
When end users are seeking fire safety solution
providers, it’s vital that they select companies
wholly committed to interpreting customer
specifications, ensuring the relevant legislation
and British Standards are met and considering
the impact on Health and Safety and the
environment. This will require full compliance
with the relevant BS, EN and LPCB documents.
For fire detection systems, adherence to LPS
1014 and BAFE SP201 is important as this very
much predetermines the right approach to
design and design management. All operational
staff from sales through to engineering and into
management should be fully-trained (by way of
an accredited course) on all parts of BS 5839.
This is the Code of Practice that prescribes the
manner in which fire detection and fire alarm
systems are designed, installed, commissioned
and serviced here in the UK.
Caution needs to be observed regarding fire
detection equipment which is covered by BS EN
54-2. End users cannot solely rely on the CE
Mark. They also need to check the Declaration
of Performance to ensure the equipment fulfills
specification requirements. A fire alarm panel
may be approved to BS EN 54-2, but this
product standard does allow for options with
requirements. An example would be two fire
alarm panels, both approved, but one including
coincidence detection Type A and the other
coincidence detection Type B. This information
will appear in the Declaration of Performance.
It’s vital that the correct one is chosen in order
to meet the specification and not simply the
requirements listed in BS EN 54-2.
Fire safety standards and regulations are
designed to save lives and protect both people
and property. For their part, business owners
must take a responsible approach to the Health
and Safety of all personnel on their premises.
Likewise, solution providers within the fire
industry should be wholly focused on the
delivery of intelligent technology.
Don Scott: Fire Engineering
Consultant at Siemens
Building Technologies
“If an organisation suffers from excessive occurrences of
false fire alarms, the root cause is either poor technology
or poor service and maintenance support, both of which
are addressable issues”
61
www.risk-uk.com

Breached Fire Compartmentation in
Buildings: Reducing The Risk
Back in 2007, Building
Regulations Approved
Document B was
introduced and
required that buildings
be sub-divided into a
number of discreet
compartments or cells
by dint of construction
materials being used
to prevent the
passage of fire from
one cell to another for
a given period of time.
Richard Sutton
focuses on fire
compartmentation and
how regular fire risk
assessments can help
to reduce risk and
prevent breaches
Compartmentation was introduced to
contain fires, based on the fact that large
fires are more dangerous to occupants,
members of the Fire and Rescue Service and
people located nearby. Fire compartmentation
is also effective in limiting damage to a building
and its contents and is an important factor in
reducing the risk of fire spread.
Designed to protect ‘means of escape’ routes
from a building, compartmentation is
particularly important where there’s minimal
fire separation other than the means of escape,
for example in a simple office building served
by a single flight of stairs. In this instance, the
floor area may be open plan with no partitions.
However, the stairs should be enclosed by fire
walls (and fire doors) to ensure that a fire
within any part of the accommodation cannot
pass through to the stairway.
Spaces that connect fire compartments, such
as stairways and service shafts, are described
as ‘protected shafts’ and play a vital role in
restricting fire spread between compartments.
Larger buildings have greater reliance on fire
compartmentation. In high rise residential
structures, each flat is generally treated as its
own ‘cell’. Fire spread from one cell to another
shouldn’t occur. Depending on the size of the
flat, additional fire separation is often included
to protect the occupants’ means of escape.
Regular, in-depth fire risk assessments are
essential for ensuring the integrity of fire
compartmentation. Often, such risk
assessments don’t extend to inspections being
made above ceilings (or below floors) to ensure
that the fire compartmentation hasn’t been
breached. This could be an expensive mistake
that badly affects the fire safety of a building.
Fire compartmentation should be assessed
and reasonable endeavours made to at least
sample fire stopping in areas where there’s
obvious potential for penetration. The reason is
that smoke travels quickly (at between 15 and
90 metres per minute, in fact). Studies have
shown that 67% of fire-related deaths are
through smoke inhalation, while 44% of those
deaths involve people who were not in the
room from where the fire originated.
Material alterations
Due to the age of many public and private
sector buildings, there will have been various
alterations to building fabric and layout during
their lifetime. It’s good practice to carry out a
pre-works survey if any refurbishment is
planned to ensure that penetrations in firerated
constructions are identified, assessed
and managed (therefore keeping track of any
material alterations that do take place).
It may be the case that records of any
breaches in compartmentation and control over
many aspects of fire protection may be limited.
Plans could be out-of-date and not truly reflect
the building as it stands today. In order to
establish the current condition of the building –
and, specifically, the compartmentation – an indepth
survey should be conducted. This must
provide a detailed record of the location and
condition of compartmentation, take note of
penetrations and outline remediation works.
This can form the basis of a ‘working
document’ that may be used alongside costing
exercises and planning for remediation works.
Such an approach can help focus available
resources on areas of high importance, as well
as providing a comprehensive tracking system
to record where upgrade works have been
carried out as well as detailing future works
that may otherwise be overlooked.
Recently, we were called in to conduct risk
inspection and remediation works on the fire
compartmentation across a number of
62
www.risk-uk.com

Building Regulations Approved Document B and Fire Risk Assessments
buildings in the North West. Following these
inspections, our team found that the fire
compartmentation to these buildings had been
breached and was no longer providing an
effective fire barrier. The breaches were mainly
occurring above ceiling level or within littleused
cupboards and risers which were hidden
from normal view.
On further analysis, we found that there were
three main causes for the breaches. First, it was
revealed that fire stopping hadn’t been
completed correctly at the initial installation.
These buildings had been constructed within
the last decade, so fire compartmentation was
part of the Building Regulations at this time.
Second, repair and maintenance activities had
been carried out since the building was
occupied, but without adequate fire stopping.
Finally, parts of the building had been
remodelled and refurbished, but again without
adequate fire stopping.
Detailed analysis: the procedure
Our detailed survey of the fire
compartmentation and fire breaches was
carried out at weekends and overnight using a
smart phone-enabled survey system. Each
penetration was marked with a QR code and
unique identification number and
photographed for future reference. Building
layout drawings were also marked with every
penetration, which included instances of the
wrong fire stopping material being used.
Our FIRAS-accredited team was then
appointed to complete the works to make all
compartmentation fire safe. Each time we made
safe a fire penetration it was captured on our
survey system and photographed. After all the
works were completed, the client was supplied
with comprehensive reports detailing all of the
works, materials used and drawings.
In these cases, the building owners can be
assured that the fire compartmentation system
will operate to the required specification, which
includes giving occupants a certain number of
minutes in which to escape.
If installed correctly, fire separation solutions
do harbour an enviable success rate. That said,
breaches through compartment walls, floors
and ceilings can cause smoke, gases and fire to
spread through escape routes to other parts of
a building. As well as allowing fire spread, it
also hinders the Fire and Rescue Services’
operations and can place firefighters at an
increased risk.
Breaches in compartmentation are often
down to a lack of control over external
contractors when carrying out works. Building
owners and facilities managers should make
“It’s good practice to carry out a pre-works survey if any
refurbishments are planned to ensure that penetrations in firerated
constructions are identified, assessed and managed”
sure that contractors are aware of the
importance that passive fire protection plays
and that they need to ensure any breaches are
adequately catered for in an appropriate
manner. Training may also have to be given to
persons carrying out fire risk assessments to
ensure there’s sufficient knowledge in terms of
the location and type of fire compartmentation,
its function and the importance of maintaining
it to achieve the expected level of fire
resistance. Alternatively, a good way of
reducing any risk is to bring in an external
company to take care of fire risk assessments.
Good fire safety design requires a
combination of passive (compartmentation and
sub-compartmentation by fire and smoke
barriers) and active (automatic fire detection
and fire suppression systems) fire safety
systems, in addition to sound building
management that fully understands and
delivers on the building’s fire strategy.
Strategies need to be driven from the top and
backed by sufficient training to ensure those
who commission refurbishments and the
contractors that carry out the works are fully
aware of and understand fire compartmentation
and the implications for breaching this during
refurbishment tasks. Failure to do this could
lead to seriously increased levels of risk within
a building and direct contravention of the
Regulatory Reform (Fire Safety) Order 2005.
Risk of fire spread
One tragic case in recent times is that of
Lakanal House, where fire compartmentation
had been breached and inadequate fire
provision was unearthed. Within 30 minutes of
the first 999 call, the fire had spread
throughout the block of flats in London with a
speed and ferocity that baffled firefighters.
One of the contributory factors to the quick
fire spread was said to be a failure to adhere to
fire guidelines in respect of compartmentation
during refurbishment works. This would have
been picked up by a thorough fire risk
assessment. The escape routes, including an
internal staircase, were found to be
inadequately compartmented, which meant
that fire travelled from the flats to the corridors,
preventing occupants from being able to make
a quick exit. This high-profile case highlights
that fire compartmentation needs to be
regularly inspected and all breaches remedied.
Richard Sutton:
General Manager at Horbury
Property Services
63
www.risk-uk.com

Chemical and Biological Terrorism:
Should We Insure The Risk?
When conversations
turn towards terrorism
risks and
‘insurability’,
chemical and
biological incidents
rank among the most
feared of all episodes.
Even at the level of
terrorism reinsurance
pools on the global
stage, there tends to
be a marked variation
in the degree of cover
provided for such
events. Dan Kaszeta
and Rachel Carter
examine a rather
complex issue
*The Security Institute is the
UK’s largest membership
organisation for security
professionals. For more
information visit the website:
www.security-institute.org
Traditionally, there are only a limited
number of Lloyd’s syndicates who provide
cover for chemical and biological terrorism.
Lloyd’s requires a series of scenarios on which
to base decisions and, in the development and
modelling effort to make these Lloyd’s
scenarios, the industry has traditionally cited
the most extreme and, it must be said,
relatively improbable situations.
The key questions for the insurance industry
are ‘What is the relative risk?’ and ‘What’s the
probability of the risk materialising?’ (always
bearing in mind that, where chemical and
biological terrorism’s concerned, there are few
event precedents to assist with the
underwriting process).
Is it most appropriate to continue the status
quo practice of looking at the exceptionally
difficult and resource-intensive ‘doomsday
scenarios’? Alternatively, could we begin to
collaborate with experts from the military and
others within the chemical and biological
industries to discern the realistic realm of
probability given the costs, the likely outcome
of an attack, the resources required and the
chances of such a plot being foiled?
Obviously, the insurance industry must
remain conservative to ensure sufficient capital
reserves that cover against potential losses.
However, looking at the reality and the risks
associated with chemical and biological
terrorism, this unearths an area where existing
insurers could expand traditional terrorism
offerings. Should the commercial insurance
industry take more of this risk, particularly so
in a ‘soft’ market environment where this
opportunity provides a potential additional
revenue stream?
If we start to recalibrate our models to
become more reflective of reality then we need
to begin using realistic information from
security officials and others who understand
the mechanisms by which an attack can be
carried out, discern the quantities of the
chemicals (or biological agents) required and
their propensity to kill or harm others.
Closer interaction with the security services,
the military and other chemical specialists will
help gauge greater understanding of the threat
posed. From an insurer’s viewpoint, what would
the cost of a recovery effort look like and might
business interruption insurance expenditure be
likely? This may also whet the appetite of
alternative capital suppliers who could be
looking to diversify portfolios in an area where
there are presently few commercial insurers
writing cover.
Addressing the myths
Back in March, the Journal of Terrorism and
Cyber Insurance ran an industry seminar
designed to educate the insurance industry on
the reality of chemical and biological terrorism
and how each chemical or biological agent
could be used in a potential attack. The
seminar was designed to dispel some of the
myths and scaremongering such that insurers
could then develop a more informed knowledge
base upon which to underwrite the risk.
One of the challenges is that there’s
insufficient data on attacks of this nature, while
that which does exist isn’t co-ordinated. There
are few experts who understand chemical and
biological risks and even less insurers who’ve
engaged these individuals to assist with
scenario design. On the data side, the industry
should start to develop data based on a variety
of capabilities, terrorist events and other
attacks which could then be translated into a
chemical or terrorist attack.
In the interim, and viewing the risk at a more
technical level, there’s potential for the number
of offerings to increase and, therefore, for the
64
www.risk-uk.com

The Security Institute’s View
penetration of these risks within the
commercial insurance market to increase.
The myths associated with chemical and
biological terrorism are not merely due to fear
or conservatism within the insurance sector.
Hollywood and modern social media have much
to blame for the circulation of half-truths,
misnomers and urban legends. Further,
conspiracy theories prey on ignorance and
misperception, making matters even worse. As
one of the key effects of terrorism is, by
definition, terror, there’s much that can be done
in mitigation of the threat. That being so, let’s
address some of the misconceptions.
The first generation of chemical weapons
were true gases: chlorine and phosgene. The
Hollywood chemical attack of a wall of purple
fog chasing people down the street makes for
good drama, but it’s inaccurate. ‘Poison gas’
and ‘Gas warfare’ became enshrined in the
public lexicon. However, most chemical warfare
agents introduced since 1917 are not gases at
normal temperatures. Most are liquids, albeit
with varying degrees of volatility (ie the
propensity to evaporate). Even so-called
‘Mustard Gas’ isn’t really that: its real name is
Sulfur Mustard and, in truth, it’s a liquid.
It’s also important to remember that, even
when they’re in vapour form, the majority of
chemical warfare agents (and all the biological
ones in aerosol form) are heavier than air. This
is also useful for context in terms of assessing
the risks to insurers. From an insurance
perspective, there’s less appeal in the use of
such chemical agents because there’s no
associated spectacle which can then be shown
to the media as a spectacle of the terror event.
Without any shocking visual display, it’s
unlikely that there will be the pull towards such
methodologies for perpetrating terror attacks.
‘One drop can kill’
Journalists are keen to use phrases like ‘only a
milligram of X will kill someone’, but these
statements reveal a fundamental gap between
theoretical toxicology and the practical
mechanics of dispersing chemical or biological
weapons. Chemical and biological weapons are
highly dependent on a wide variety of variables
such as weather and their mechanical design.
They rely not just on chemistry and biology, but
also on physics. Gases, vapours, aerosols,
liquids, solids and microbes all need some way
of accessing the human body (the ‘route of
exposure’ in technical speak). There’s simply no
defying either physics or logic.
In theory, it only takes 50 mg of Sarin in a
cubic meter of air to kill. In all likelihood, an
air-dropped bomb which occurred in April this
year containing perhaps 90 kg of Sarin
managed to kill 70 to 100 people. In 2013,
something like 800-1,000 kg of Sarin killed in
the region of 1,400 individuals (counts vary) in
Ghouta, Syria. These incidents serve to
illustrate the gap between theory and practice.
It’s easy to slip into apocalyptic metaphors
when discussing this strain of terrorism and
then for apocalyptic insurance scenarios to be
developed. However, doing so works as a force
multiplier for bad people attempting to do bad
things. To date, the majority of terrorism
incidents in this field have been hoaxes
involving innocuous substances.
Although competent professionals can sit
down and calculate horrific outcomes, these
scenarios represent the rare worse case
development and do little to help us
understand the threat or, in the context of
insurance, the probability of occurrence and a
loss materialising. Likely scenarios tend to have
mediocre and inefficient employment.
Incremental use
One thing that’s usually overlooked in
commentary on chemical and biological
weapons is the likelihood of incremental use.
For the insurance industry, this information is
key as it’s one of the critical factors which need
to be taken into account when underwriting
chemical and biological terrorism insurance
products and setting appropriate limits, event
sub-limits and capital allocation and pricing the
risks in an adequate manner.
Historically, chemical and biological weapons
that are actually effective at causing
widespread impact are the result of both the
accumulation of large quantities of chemical
and biological warfare materials and extensive
testing and development efforts. Fine-tuning
the physical mechanisms for dissemination of
these materials in a form that will cause harm
(and without destroying the materials in the
process) turns out to require mastery of many
variables. Even the large nation states had to
resort to much trial and error to gradually arrive
at weapon designs that worked in practice.
Terrorist groups are not likely to commit to
testing regimes to fine-tune a device, and
neither are they necessarily going to patiently
accumulate large quantities of it if, in doing so,
they expend scarce resources and greatly
increase the likelihood of their discovery.
Dan Kaszeta:
Managing Director at
Strongpoint Security
Rachel Carter PhD (Candidate)
BA (Hons) LLB (Hons) MSyI:
Managing Director of Carter
Insurance Innovations and
Manager and Co-Founder of
the Journal of Terrorism and
Cyber Insurance
“There are few experts who understand chemical and
biological risks and even less insurers who’ve engaged
these individuals to assist with scenario design”
65
www.risk-uk.com

People Power: The Benefits of Security
Awareness and Vigilance Programmes
Security awareness
and vigilance
programmes help to
support and better
enable other security
applications to
function, be they
physical, technical or
operational in nature.
As Andy Davis
explains, they’re not a
substitute for those
other measures, but
rather an enhancer
and an enabler of
them to be more
effective in their
management of risk
and asset protection
Andy Davis MSc CSyP FSyI CPP:
Managing Director at Trident
Manor, a Member of the ASIS
UK Committee and a Member of
the ASIS International Cultural
Properties Council
Friday 12 May reinforced the power that
people wield in both attempting to destroy
and protect organisations. The release of
the WannaCry ransomware crippled the UK’s
National Health Service (NHS), causing the
cancellation of operations and appointments
and costing millions of pounds to rectify
systems. It wasn’t just the UK or the NHS that
was impacted, either, with reports suggesting
that over 100,000 organisations and upwards of
200,000 individuals in over 150 countries were
also badly affected.
This problem was ‘human created’: the
ransomware was scripted in the first instance
before being intentionally released. It was then
‘human activated’ by people opening e-mail
attachments and spreading it across networks.
WannaCry was also ‘human defeated’ thanks to
the efforts of a 22 year-old ‘ethical hacker’ from
the South West of England.
At the highest levels, vulnerabilities were
identified – and exploited – by the National
Security Agency. Opportunities to manage and
mitigate the risks were not taken, and although
Microsoft did issue warnings, was it simply a
case of too little too late? Could more have
been done – and particularly so at the
organisational level – to better educate
workforces about the risks that exist and the
part they can play in managing them?
The answer is a resounding ‘Yes’ and, while
we cannot remove all risks, what we can do is
manage and mitigate them by adopting a
sensible, structured and organisation-wide
approach. Part of this should involve the
proactive use of security risk management
awareness and vigilance programmes.
A security awareness and vigilance
programme is simply a means of educating and
training a workforce, a group of employees or
specific individuals about existing or
anticipated security risks that can affect the
business and the steps needed to manage
them. The programme should be risk-based and
organisation specific. An American company
that I recently visited required its programme to
include advice on ‘Active Shooters’ and supply
chain theft. A UK-based charity operating in
Africa would have different priorities, including
the need for awareness on personal security.
A security awareness and vigilance
programme doesn’t have to be labelled as such,
but it should be a ‘whole of life’ commitment
and a continuous process. Just having an
induction process in isolation is a good start,
but the benefits will be minimised unless it’s
followed up and constantly reviewed. If risks
are not static, why should the process of
educating an organisation about them be so?
Based on wider needs
A security awareness and vigilance programme
must work collaboratively across the
organisation and be based on wider needs than
just traditional theft, loss and injury scenarios.
An example would be the use and control of
illegal drugs in the workplace. This may be a
Human Resources-centric responsibility, but it
also affects Health and Safety, operations and,
of course, security. Therefore, by ensuring that
a collective message is being delivered, the
programme is supporting other disciplines in
protecting organisational assets.
Any awareness programme must be
proactive. In essence, it should be a part of the
organisational culture and be a feature from
induction to departure from the organisation
and from the Boardroom to the office, shop or
factory floor. A security awareness programme
must be the storyboard and media/messaging
outlet for all security matters.
During any risk management process where
incident types are identified, the awareness
programme should be used as a means of
highlighting the risks and providing guidance
on their management as well as organisational
expectations. When used proactively, the
programme can provide confirmation of risks
that exist and, indeed, their extent, which in
many cases would otherwise go unreported.
An instance of this was in an office-based
scenario where several petty thefts occurred
from desks. The information was shared with
the workforce with an intention of preventing
further incidents, increasing vigilance and
providing a means of communicating concerns
or reporting suspicions.
Due to the alert, other incidents were
reported which enabled an analysis of the data
to be undertaken and a timeline identified. This
enabled physical and procedural measures to
be introduced, the frequency of offences to be
reduced and offenders to be identified and
dealt with in the appropriate fashion.
66
www.risk-uk.com

In the Spotlight: ASIS International UK Chapter
How a security awareness and vigilance
programme is delivered will depend on the host
organisation and the resources it’s able to
allocate. In line with a proactive approach, and
being a part of the organisational culture, initial
exposure to the programme should be during
induction to the business. Only by reaching out
at these early stages and continuing
throughout the whole life of organisational
engagement will security awareness and
vigilance become an accepted part of the
organisation’s culture.
There’s a wide range of delivery methods that
can be adopted for the induction process which
may include being integrated into a wider
organisational package, face-to-face briefings
with a member of the security team or even the
introduction of e-Learning packages.
Following on from the induction process, the
information sharing can be in the form of
briefings, security alerts and bulletins, posters
and means of visual notification, workshops
and videos that are organisation and riskspecific
(ie focusing on areas such as access
control and travel management).
What about the content?
As has already been mentioned, the programme
should be organisation specific and risk-based.
Also, it should work collaboratively with other
teams within the organisation. Therefore,
agreeing the scope and remit – even where
overlap exists – is an important part of
establishing the programme’s content.
Once established, the content can include
advice (general in nature) and guidance (more
specific and work/task-related) on a wide range
of subjects including personal security (advice),
access control (guidance), travel security
(advice), workplace violence (guidance),
substance abuse (advice and guidance), office
security (advice and guidance) and emergency
actions (advice and guidance). The list is
literally endless and, inevitably, will vary from
one organisation to the next.
A correctly developed security awareness and
vigilance programme should create a culture of
acceptance that security is everybody’s
responsibility and emphasise that everyone has
a part to play in protecting themselves and the
business from security risks. When used
proactively, such a programme creates levels of
trust between the workforce and those within
dedicated security roles.
The end result is that simple tasks can be
shared, instead of everything being the sole
remit of the security team. Examples here
include reporting suspicious activities and the
malfunction of protective measures (ie security
lights not working, breaks in perimeter fencing
lines and internal thefts).
A correctly used awareness and vigilance
programme can improve welfare, limit exposure
to activities that could result in negligence
claims and increase productivity. While there’s a
cost associated with the introduction and
maintenance of such a programme, it’s far less
than the introduction of technical solutions
and, in many cases, more effective.
Two examples clearly illustrate the benefits.
In one instance, a senior member of a
management team was in an international
airport and duped into leaving his bag alone
while helping a couple. The bag was stolen
along with his wallet, passport and visas,
laptop, access cards and passwords.
As a result, the individual involved was out of
action for three weeks, with possible data
breaches and delays to the project. There were
additional costs associated with sending items
to him and the reissuing of documentation as
well as other staff disruption.
In the other scenario, an executive received a
location-specific briefing that outlined the
crime issues in the areas he was transiting,
Thanks to an advanced briefing, the executive
was aware and identified many of the indicators
that had been previously outlined. When he
was approached by third parties, he could deal
confidently with the situation in front of him.
“During any risk management process where incident
types are identified, the awareness programme should be
used as a means of highlighting the risks and providing
guidance on their management”
67
www.risk-uk.com

In conjunction with
the all-new Fire
Industry Association
(FIA) Awarding
Organisation, the FIA
is releasing not one,
but four new formal
qualifications in fire
detection and alarm
systems. These
qualifications will be
officially launched
during FIREX
International, which
runs at London’s
ExCeL from 20-22
June. Ian Gurling
fleshes out the detail
Ian Gurling: Manager of the
Fire Industry Association’s
Awarding Organisation
Fire Detection and Alarm Systems:
Appraising The New Qualifications
There will be a range of seminars and
workshops running at FIREX International
to help delegates and visitors understand
more about what’s actually involved, as well as
a large FIA networking area where it will be
possible to meet with FIA staff and ask
questions on a one-to-one basis, but ahead of
focusing on the actual content of the new
qualifications, what exactly is the Fire Industry
Association Awarding Organisation?
Essentially, it’s a nationally regulated
organisation that’s quality assured on an
external basis by Ofqual, the QIW and the CCEA
specifically for the purpose of setting
qualifications. The same regulators are
responsible for the standards adhered to by the
awarding bodies of GCSEs, A-Levels and
vocational qualifications studied through
schools and colleges nationwide.
Therefore, learners and business owners
looking to embark on the new educational
pathway can be assured of the quality mark of
the new qualifications and that those
qualifications on offer are validated and
properly approved with the relevant
Government-authorised bodies.
To get the qualifications off the ground, we
started off by gaining recognition for the FIA
with the regulators to be an awarding body – an
Awarding Organisation, as they call us – and
set up a new company within the FIA. The
regulators wanted us to establish the business
outside of the FIA with its own offices, but we
managed to persuade them – by proving our
integrity and via corporate governance – that
we could do this within the organisation and
still have a training arm as well.
As for the qualifications themselves, the Fire
Industry Association Awarding Organisation has
developed separate qualifications for the job
roles of installer, maintainer, designer and
commissioner of fire detection and alarm
systems. Each qualification is comprised of four
units, all of which must have a pass recorded
against them in order for the qualification to
have been achieved by the learner.
Common aspects of fire safety
The first element is a Foundation Unit covering
the common aspects of fire safety across all
four roles including legislation and guidance,
technology and how they relate to each other.
We’ve also tailored the qualifications to account
for regional variations so if you’re in Ireland, for
example, we include IS 3218 etc for the various
standards and requirements.
Once a given individual has completed the
Foundation Unit they can address the others in
any order they wish. We have a Health and
Safety Unit and an Environmental Unit. In the
latter, we’re covering the environmental impact
of a fire alarm system. For example, how to
transport and handle ionisation detector heads
and how to handle gaseous systems if an
individual is working on them in any way.
We also have the role-specific Advanced Unit
for the ‘design, install, maintain and
commission’ procedures. As stated, once all
four units have a pass recorded against them,
the qualification has been attained.
What level of detail do the qualifications go
into and what sort of technical content can be
expected? The qualifications call for an in-depth
technical knowledge, so it’s not just a simple
matter of knowing what BS 5839 or IS 3218 (or
any other number of standards on the syllabus
for the qualifications) actually say. Technicians
will have to be able to apply that knowledge.
Understanding and interpretation will be
absolutely key.
The qualifications also explore many other
areas such as legislation and the different
technologies involved in a fire detection and
alarm system. How does a point detector work?
How does a beam detector or an aspirating
detector function? What are the effects of a
sound alarm system? What about the difference
between bells and sounders? As for voice
alarms, how do they operate?
Depth of knowledge is going to be involved in
the qualifications. The implications of a system
as it’s attached to the fabric of a building are
essential. How does it affect passive protection
(fire stopping)? How does it affect and/or how
is it affected by evacuation strategies? All of
that is brought out in the new qualifications.
Level of thought needed
The difference here is that technicians will be
able to develop professionally much further
than before, simply because of the level of
thinking required for the qualification. No
longer will they simply be able to perform the
various tasks that they need to carry out.
Rather, they’ll now be able to use their
knowledge of standards and legislation to know
68
www.risk-uk.com

FIA Technical Briefing: Formal Qualifications for the Fire Sector
why certain things need to be done in a certain
way. No longer is it a case of knowing what to
do. It’s 2017. Now, it’s all about knowing why
you’re doing it.
The important thing to note here is that the
study required for the qualifications is much
wider. The examinations are set externally by
the Awarding Organisation, so it will be
impossible to ‘teach to the test’, meaning that
candidates undertaking an examination must
really have absorbed the knowledge and
understanding in order to pass.
Unlike during any other form of training
where assessments are simply a test, the
qualification examinations are a much more
formal process. The benefit here is clear: a
formal examination means that candidates
must demonstrate not just that they can ‘parrot
out’ the information they’ve been given ad
nauseum, but also be able to analyse, apply
and answer the examination questions
correctly. Hopefully, this will mean that
technicians are able to do the same once
they’re out working in the field, using their new
knowledge and deeper understanding to
analyse and solve problems on a surer footing.
We’ve developed a system whereby the
formal examination is going to be conducted
electronically. Learners will be provided with a
tablet and they’re going to be asked to log-in to
their own assessment paper online. That
assessment paper will then be conducted live
and the learner will receive a pass/fail result at
the end of the process. That pass/fail result is
provisional only on possible necessity that we
need to investigate the conduct of the
examination, in which case learners will be
notified. Otherwise, after a two-week period,
the test result is then duly confirmed.
If the readers of Risk UK are wondering about
other forms of training currently available from
the FIA, and whether they’re still relevant, be in
no doubt that this training will absolutely still
be as beneficial to technicians resident in the
fire industry as it ever was. The existing FIA
units are incredibly valuable. They serve the
industry very well indeed and remain just as
relevant and current as they’ve ever done.
‘Qualified technicians’
Technicians undertaking current FIA training
courses will still gain indispensable knowledge
that will help them on the road to success.
While they might receive a certificate of
completion, that alone doesn’t make them
‘qualified technicians’.
This is a phrase that’s bandied around a lot
within the fire industry, but as from the launch
of the new qualifications, only those that have
actually undertaken the qualifications and
passed them successfully will be able to use
the above moniker as a badge of proficiency
and professionalism.
Current FIA training courses remain popular
due to their high level of technical knowledge
and recognition within the industry among
employers and technicians right across the
board. The standard to be achieved is high and
well respected, but the new qualifications go
one step further, increasing the amount of
content delivered and the degree of time spent
in the classroom to develop levels of both
knowledge and technical understanding.
From now on, a higher bar has been set for
the industry in a determined bid to increase the
levels of professionalism throughout.
“The examinations are set externally by the Awarding Organisation, so it
will be impossible to ‘teach to the test’, meaning that candidates
undertaking an exam must really have absorbed the knowledge to pass”
69
www.risk-uk.com

Engaging Times for Security Guarding
solution providers deliver the support that
officers require, both in terms of their training
and development and when it comes to a
simple sense of ‘belonging’?
There’s a real danger here that firms are
simply ‘ticking a box’ to satisfy procurement
requirements without having any real capability
(ie finance) to deliver on a genuine employee
engagement/security officer welfare strategy.
The scale of the problem shouldn’t be
underestimated. Over the last three years or so,
we’ve interviewed more than 200 officers
across 20 different service providers and the
end results of those discussions are, to say the
very least, somewhat alarming.
In today’s fast-moving
and ever-changing
business landscape,
there’s a clear and
present danger that
security companies
are simply ‘ticking the
box’ to satisfy client
procurement
requirements without
having any real
capability (ie
financing) to deliver
on a genuine
employee
engagement/security
officer welfare
strategy. Steve
Kennedy examines the
overriding importance
of attention to detail
when it comes to
personnel support
Given the ever-increasing security threats
that now pervade our world, it’s perhaps
no surprise to learn that the private
security industry has experienced
unprecedented growth of late, in turn
highlighting the need for qualified and reliable
security personnel. High staff turnover rates,
though, threaten to undermine the quality of
the service being delivered on the ground.
It’s no secret that the security guarding
industry is under mounting pressure. Service
providers are increasingly expected to do more
with less. Their officers are stretched, expected
to take on further responsibility and play an
even greater role in liaising with the police and
other agencies to keep people – and, by
extension, the country – safe from that evergrowing
list of threats.
Whether such officers are properly equipped
to manage this responsibility that has been
thrust upon them is debatable. The ‘night
watchman’ of old has had to evolve into a multidisciplined,
multi-talented officer whose role
now extends far beyond the front door.
‘Security’ is only one part of their remit. Today,
they’re expected to take responsibility for Front
of House, the Post Room, general facilities and
Health and Safety. They’re also expected to be
motivated and engaged. On that basis, they
should be justly remunerated, recognised and
rewarded for the job they do on a daily basis.
Herein lies the problem, though. How do you
keep security officers motivated and engaged
against a background of falling margins and an
unseemly ‘race to the bottom’? When budgets
are slashed, and only small single digit margins
can be achieved, how might security guarding
Disengaged officers
Most of those security officers feel completely
disengaged from their employer. They feel they
work for the client rather than their employer as
they have more direct day-to-day contact with
the former. On the one hand, this may be seen
as a positive. Officers feel ‘integrated’ and an
essential part of the client’s workforce.
The reality of the situation, however, is that
officers can often go several months without
any direct contact from their actual employer’s
management team. The end result is a sense of
isolation from their employer.
When officers are spoken to by a member of
the management team, it can be little more
than a casual ‘How are you doing?’, a phrase
used in passing and in no way intended as an
invitation to hold a more detailed interview or
for an appraisal to take place.
Sometimes, the security officer has no more
opportunity than to answer ‘OK’ and the
‘interview’ is complete. This doesn’t make for a
successful security officer engagement
programme, nor can it be considered an
appraisal (which are often offered by service
providers as part of the tender process). In
reality, those appraisals are rarely delivered.
Out-of-hours mobile supervisor visits are
another service offered as an alternative means
of officer engagement, but for many repeatedly
fall short in terms of their fundamental task.
While looking good on paper and in theory, in
practice a mobile supervisor typically only
engages with a single member of a team, most
usually the shift supervisor.
More often than not, these visits result in
security officers feeling that they’re being
‘checked on’ instead of them being involved in
any kind of meaningful interaction.
70
www.risk-uk.com

Security Services: Best Practice Casebook
Poor communication
In our experience, officers are more likely to
open up to an auditor or third party
representative than they would members of
their own management team for fear of being
reprimanded or, worse still, losing their job.
This, too, is primarily a by-product of poor
communication and inadequate engagement.
As direct communication is scarce, officers
begin to lose faith in their employer. They listen
to rumour and hearsay, and are rarely given the
full picture of how a company is performing in
the real world. This is in no way conducive to a
healthy working relationship.
Another factor impacting the wider security
officer engagement piece is the trend towards
e-Learning. Whereas e-Learning undoubtedly
has a significant role to play in keeping officers
up-to-date with new ways of thinking, toolkits
and training, etc, it’s now being delivered
almost entirely at the expense of any personal
interaction that would be experienced in the
traditional classroom-style environment.
Contract managers play an essential role in
the management and motivation of their teams.
Within the tenders we’ve seen, suppliers will
state that each contract manager will look after
12-to-15 sites (on average). However, the reality
is that they can be looking after more than
twice and sometimes three times that number,
managing upwards of 30 clients at any one
time. As such, they’re so overextended that
they simply don’t have the time or the
opportunity to offer meaningful engagement for
each officer under their charge.
This isn’t to suggest, it should be stressed,
that contract managers are in any way
meaningfully or purposefully negligent in their
duties. Once again, it’s a factor of time and
money. Their role is so demanding that they’re
often dealing with the day-to-day, ongoing
issues around pay, uniforms, discipline and
other Human Resources-focused matters rather
than engaging with their officers over welfare.
Among those contract managers with whom
we’ve spoken, the majority confess that officer
engagement is a ‘tick in the box’ exercise
designed to satisfy a tender’s criteria. It’s not,
as it should be, an opportunity for conducting
formal appraisals and staff development.
Missed opportunity
Why should service providers care about officer
engagement? Put simply, those security officers
who are engaged feel valued not just by the
company for whom they work, but also by the
industry as a whole. In an age where we’re
asking security officers to do more, they need
to be recognised.
An engaged officer is a happy officer, and a
contented workforce delivers a better ‘product’
for the client base. It’s no coincidence that
those sites scoring the highest marks in terms
of end user customer satisfaction also score
highest when it comes to officer engagement.
Formal officer engagement programmes
foster greater loyalty among teams. They help
in terms of recruiting the better employees and
prevent churn, enabling suppliers to retain their
officers for longer, while protecting their longerterm
investment in training and development.
Clients include officer engagement as a vital
part of a given tender. That, at least in part, is
undoubtedly driven to help satisfy their moral
obligations to employee welfare. Whatever their
motivations, they must surely understand that
such a desire comes at a cost?
Resourceful business sector
The security guarding sector is nothing if not
resourceful. It has met every challenge that has
been thrown its way and, what’s more, it must
continue to do so. Technology can certainly play
a role in optimising time and reducing
operational costs, while also helping to deliver
the desired outcomes in terms of reducing staff
turnover, increasing productivity and delivering
a better service for end user customers.
At the end of the day, investing in officer
engagement should never be seen as a cost
that can easily be cut, but rather as one that’s
an investment designed to deliver real value.
Steve Kennedy: Managing
Director of Officer Connect
“Among those contract managers with whom we’ve
spoken, the majority confess that officer engagement is a
‘tick in the box’ exercise designed to satisfy a tender’s
criteria rather than an opportunity for formal appraisals”
71
www.risk-uk.com

Taking Cyber Protection to the Extreme
Cyber security risks
are evolving quickly.
Conventional security
methods are not
keeping up, with data
breaches rife as
attackers gain the
upper hand. Now, a
technology is finally
coming of age that
could help risk
managers redress the
imbalance. As Barry
Scott discovers,
machine learning
promises to make
context-aware
decisions about
system access in realtime,
subsequently
closing the window on
today’s data thieves
Cyber security teams must think differently
about corporate threats. Why? Standard
methods are not working. For many years,
companies have relied on passwords to protect
their valuable employee accounts, but each
year, news headlines and breach statistics
show that they’re not up to scratch. Companies
are haemorrhaging login credentials thanks to
threats such as phishing, malware keyboard
loggers and social engineering.
Forrester Research’s recent cyber security
report, entitled ‘Stop the Breach’, reveals some
shocking figures. Two-thirds of organisations
have suffered an average of five security
breaches or more over the last two years, with
identities and passwords the most likely
elements to be affected during a compromise.
57% of survey respondents highlighted these
as the primary targets. Hackers compromised
more than a billion identities in 2016 alone.
IT teams can harden operating systems, lock
down access ports, encrypt data and segment
networks, but a compromised employee
account will still be a gateway to corporate
systems. For enterprises, even a single account
breach can be devastating.
Any privileges granted to a stolen account
are then available to an attacker. An intruder
with a stolen account can burrow their way into
systems and gain access to other kinds of
information that are also at risk (customer
records and Intellectual Property among them).
IAM: a key tool
Identity and access management (IAM) has
been a key tool in managing these risks.
Companies with a mature IAM strategy use
solutions that document employee identities
and access credentials, but also segment
access privileges.
An IAM system will ensure that an employee
account can only access the data and
applications that the specific role allows. This
helps to mitigate the damage that a stolen
account owned by a low-level employee can do.
Nevertheless, any compromised account is
still a risk: the more privileged the stolen
account, the higher the risk involved. It only
takes a single session with a privileged account
to steal sensitive data or wire funds to an
offshore bank account. An employee may not
even realise that they’ve been compromised
until such time that it’s too late.
Security teams can configure policies in IAM
systems to reduce the risk of compromise. They
may stipulate that a senior manager’s account
can only be used on the local area network, for
example. In practice, though, this can prove to
be rather restrictive.
C-Suite executives often require enhanced
access to resources while on the road. Senior
executives and mid-level managers are also
increasingly mobile, which can make their
access patterns more erratic and unpredictable.
This creates problems for security teams tasked
with preventing unauthorised access to
systems. It isn’t plausible to grant account
access only under a narrow set of conditions.
Executives don’t work that way anymore.
Managing risk in real-time
Artificial Intelligence (AI) promises to solve
some of these problems by adding another
layer of defence that adapts to access
conditions in real-time. Effective AI has been a
Holy Grail for years, but success here
somewhat limited, largely thanks to a lack of
computing power. More recently, however,
advances in computing power and academic
research have prompted a renaissance in a
specific branch of AI, namely machine learning.
In the last couple of years, machine learning
has permeated various areas of technology.
Companies use it for everything from image
recognition through to intrusion detection due
to its unique computational properties.
Traditional computer programs use explicit
linear rules to achieve precise results. An
72
www.risk-uk.com

Machine Learning: A New Layer of Cyber Defence
access control program, for instance, might
reason: “If Bob tries to access his account, only
grant him access if he’s on the LAN.”
If Bob books a business trip to Florida, he
might need access to some applications, but
not others. Traditionally, he would have to call
the security team and warn them of his
forthcoming change in behaviour. The team
would then have to create a new rule granting
access under those conditions.
When Bob travels to a customer site in
Toronto, the access rules may differ, offering
him new collections of applications and
requiring a different level of authentication. The
situation quickly becomes unworkable for both
employees and security professionals,
especially so when the rules may vary for
employees with different roles.
Machine learning algorithms circumvent this
problem by reducing the reliance on explicit
policies, instead adapting themselves based on
historical data. They mine specific data points
over time to produce a condensed statistical
model. This model then provides a baseline of
known and acceptable characteristics.
Security applications
A machine learning-based IAM system is nondeterministic.
The statistical model it uses
returns a probability score based on how
someone’s trying to access the system. This
probability model means that it doesn’t simply
have to deny access in unexpected conditions,
but can impose different levels of
authentication challenge and grant different
privileges solely based on the level of risk it
identifies at the time.
Machine learning is used in many areas,
ranging from image recognition through to
natural language processing. Innovative
companies are also finding new applications in
areas such as security.
Just as machine learning algorithms can
statistically determine whether a picture is of a
car, or whether someone just said the phrase
“OK, Google”, they can also determine whether
an individual’s behaviour is out of the ordinary
when trying to log into a company system. All
they need is the data to work on.
A machine learning algorithm takes its
historical data from IAM systems, using it to
generate a statistical model which will help it to
understand what constitutes normal behaviour.
For machine learning to support dynamic,
real-time IAM, it needs several data types.
Access location is one. Access time is another.
It should also know who’s requesting access,
along with what applications or other corporate
computing resources they’re requesting.
“A machine learning-based IAM system is nondeterministic.
The statistical model it actively uses returns
a probability score that’s based on how someone’s trying
to access the system”
The type of device that an employee uses to
access a system can help to hone the statistical
model. If historical data shows that they always
access the HR system from a Windows 10 PC
inside the network, a machine learning model
would notice if they suddenly seem to be using
a Linux box in Estonia.
Security and convenience
Using machine learning in this way brings
several benefits to an existing IAM deployment.
The first and most obvious lies in more
individual access requests that are more secure
as they operate in real-time. A stolen account
can be blocked before its legitimate user even
realises that they’ve been compromised.
Artificially-intelligent IAM is also more
convenient for end users because it eliminates
the need for cumbersome ‘hoop jumping’ by
low-risk employees. A high-level executive who
always accesses systems under different
conditions may frequently need to authenticate
themselves using a separately-sent SMS code.
Conversely, an employee consistently accessing
their account under predictable conditions may
never need to worry about additional
authentication requirements.
This decreases the ‘security fatigue’
associated with constant, heavy-handed
compliance warnings, multi-factor
authentication and other security controls.
Employees who don’t have to deal with them
are far less likely to put the system at risk by
attempting to circumvent them.
Machine learning systems can also reduce
the workload for cyber security teams by
simplifying policies. Instead of creating and
managing a constellation of rules,
administrators can use a reduced set of static
conditions, complemented by the dynamicallyadapting
machine learning model. Reducing
complexity makes human error less likely and
frees up members of the security team to
concentrate on strategic goals.
When combined with a well-designed IAM
system, a machine learning algorithm can
increase visibility across the entire base of user
accounts by automatically documenting its realtime
decisions. It can flag incidents where
account risk has been escalated or an account
blocked altogether. This creates useful data for
security incident and event management.
Barry Scott:
CTO (EMEA) at Centrify
73
www.risk-uk.com

‘Licence-Linked Qualifications Used
in the Private Security Industry’ (Part Two)
Ofqual’s recent report
entitled ‘Licence-
Linked Qualifications
Used in the Private
Security Industry’
focuses on the actions
that the qualifications
Regulator for England
and Wales has taken
in order to address
concerns around
potential malpractice
and fraud in the
private security sector.
Here, in the second
instalment of a threepart
series of articles
exclusive to Risk UK,
Stuart Galloway
continues a detailed
review of the contents
Some commentators – myself among them –
would seriously question the learner
engagement for the various Security
Industry Authority (SIA) licence-linked courses.
Is there really effective and realistic
Information, Advice and Guidance (IAG)
provided to the majority of those entering the
sector? Particularly in the employability space,
it seems to me it’s very much a ‘bums on seats’
attitude that’s being adopted to attract learners
and obtain Government funding with no real
prospect of employment at the end.
So much so, in fact, that I’m aware of stories
suggesting that several training providers have
allegedly engaged a number of individuals on
their SIA courses knowing full well there wasn’t
a chance of these individuals gaining
employment in the sector for myriad reasons
(including their criminal record, reliability and
attitude, etc). Until this changes, the security
sector will always attract poorer candidates.
Do training providers really give structured
IAG? I’m sure there are many who do, but my
suspicion is that the majority do not. Why? It’s
simply because they see the pound signs.
There’s also a feeling that some don’t actually
know how to administer structured IAG.
All risk models should be based on a volumebased
approach. The more courses delivered
the greater the risk, thus creating the need to
carry out more announced and unannounced
external quality assurance visits. Likewise, new
centres should be considered high risk from the
outset until such time that a percentage of
announced and unannounced visits have taken
place at the premises. As a guide, I would
suggest in the region of at least 20% of courses
delivered should be visited. This figure would
gradually reduce to 10% through positive
external quality assurance visitations.
Similarly, if a centre hasn’t delivered any
courses in a three-month rolling period then
appropriate sanctions should be applied, with
the ultimate sanction occurring at the ninemonth
period (that sanction being notice of
approval withdrawal due to lack of delivery).
This will discourage centres from ‘approval
bagging’ across awarding organisations and,
indeed, increase controls accordingly. There are
seemingly a number of centres not visited from
one year to another. Surely this cannot be right
in any shape or form?
Meeting the criteria
As a rough order of magnitude, my belief is that
between 30% and 40% of centres approved for
delivery of the SIA’s licence-linked
qualifications either shouldn’t have been
approved in the first place or indeed should no
longer be approved. I also believe that there’s a
similar percentage of those teaching in the
sector who don’t meet the criteria laid down by
the SIA in relation to occupational experience.
Here’s a question for you: ‘How can any
Awarding Organisation offer free approval for
SIA-related qualifications given that there’s
clearly a considerable direct cost required?’ It
certainly beats me as to how they can do this
for an indefinite period.
Whose responsibility is that? One thing for
sure is that it isn’t the SIA’s. That responsibility
lies fairly and squarely with the Awarding
Organisations. I struggle to understand how a
tutor can be approved by one Awarding
Organisation, yet not obtain approval from
another. The one refusing approval will no
doubt cite that they have higher quality
measures in place than others, but in the real
world what’s the difference?
Similarly, there are without doubt numerous
centres, directors, owners, principles and tutors
out there that have had their centre approval or
tutor approval to deliver removed by an
Awarding Organisation, but for some reason
74
www.risk-uk.com

Training and Career Development
unbeknown to me they’re then approved by
another Awarding Organisation. This alone
demonstrates there’s little or no communication
between Awarding Organisations, and that
possibly all that some Awarding Organisations
are interested in is commercial gain.
Before anyone jumps on the bandwagon of
mitigating circumstances for approvals being
removed, my focus here is on the risk-based
approach which, on the surface at least, doesn’t
appear to exist.
If Awarding Organisations rigidly applied the
SIA’s requirements for tutor approval, I’m sure
that you would see a reduction in tutors and a
possible increase in the quality of provision.
You need only look back to the 2012 Olympic
Games in London and the Bridging The Gap
programme when it appeared that almost every
Tom, Dick and Harry was approved despite, in
some cases, having either very limited
experience or having actually never worked in
the sector at all.
Standards too low
Standards remain too low in the sector. The
industry still suffers massively from a lack of
investment in training and staff development,
but in putting on my rose-tinted glasses, I hope
that the latter will improve with the recent
introduction of the Apprenticeship Levy.
If I compare training standards from now to
those in the pre-SIA days then I have to admit
it’s night and day even at the bottom of the
scale. However, this doesn’t detract from the
fact that we should always be seeking to
improve provision and always strive for the
best. I’m not sure that others think the same as
myself here given that I’ve carried out market
research and seen SIA courses being advertised
from as little as £99.00.
Without going into the statistics cited in
Ofqual’s report in too much depth, they do
make me wonder in relation to their accuracy.
Page 9 indicates that nine certificates were
bestowed for the Level 2 Award in Cash and
Valuables in Transit between January 2015 and
June last year, a figure that does surprise me.
More interesting, perhaps, are the
achievement rates for qualifications. Why are
they not published by Awarding Organisations?
Is there anything to hide here? I might be living
in a parallel universe on this one, but I cannot
think of any rational reason not to publish
achievement rates. This would provide us with a
truer picture in relation to those entering or
attempting to enter the sector at the point of
pre-licence application.
The Ofqual report and, indeed, the SIA’s
licence figures (which, at the time of writing,
“How can any Awarding Organisation offer free approval
for Security Industry Authority-related qualifications given
that there’s clearly a considerable direct cost involved?”
hadn’t been updated on the Regulator’s website
since June last year) further highlight to me that
there needs to be a radical overhaul of the
training provision including course design and
development and centre and staff approval. In
no way does the training provided show the
occupational competency of individuals.
Without demeaning its importance, it comes
across as a mere knowledge entry requirement.
Raising expectations
There are those who would herald having SIA
licences for trainers. However, I would view this
as a step too far simply because, as things
stand, there’s not the scope for doing so within
the Private Security Industry Act together with
the fact that we should, in some ways,
encourage self-regulation. Indeed, if quality
assured correctly with a standardised approach
by the Awarding Organisations, there’s no need
to licence the training sector.
Most certainly, though, there’s a requirement
for a national database of approved tutors.
Such a database could act as a quality mark for
Awarding Organisations, employers and
training providers alike.
It’s interesting to witness the emergence of
the Security Training Authority thanks to the
effervescent Bob Betts and a register of trainers
within the sector. Registration will be through
application and confirmation of relevant
experience and Continuing Professional
Development (CPD) with a modest annual fee of
£30 and confirmation of continuing CPD. This
register can act as a central point for
employers, training providers and, indeed, both
the SIA and the Awarding Organisations.
We should be moving towards a single
security qualifications body harbouring the
specialism of security and security-related
courses. The body I have in mind would become
the sector skills body/council for the industry
and replace Skills for Security.
That body would be a not-for-profit
organisation and work in clear partnership with
the SIA for the overall betterment of the
industry, with any financial surpluses generated
being reinvested in R&D to ensure continuous
improvement. I see that new body being selffunded
once established. Initial funding could
potentially come from the SIA licence fee. After
all, why shouldn’t the Regulator actively
support skills and career development?
Stuart Galloway Cert Ed MSET
Dip RSA: Senior Associate at
WSG Associates
75
www.risk-uk.com

Risk in Action
Amthal Fire & Security checks in at St Michael’s Manor Hotel
Security is a top priority for the safety of staff and guests alike at the luxurious
privately-owned St Michael’s Manor Hotel, which is based close to the heart of
St Albans in Hertfordshire. Recently, the management team decided on the
installation of a fire alarm system designed to offer automatic detection on all
escape routes within the building.
Brought in to address this bespoke project, Amthal Fire & Security assumed
maintenance and control of the system covering all the facilities of the stately
hotel, in turn offering all necessary support and service requirements (including
the ability to provide a priority response on a 24/7/365 basis).
Richard Marrett, general manager at St Michael’s Manor Hotel, told Risk UK:
“Even more important than a sense of comfort and style, the quality of our
welcome or, indeed, our renowned level of service, when they stay with us we
make sure our hotel guests feel as safe and secure as they do in their own
home. It enables them to truly settle and enjoy the whole experience.”
Marrett continued: “At St Michael’s Manor Hotel, we take this responsibility
so seriously that it’s at the core of our Duty of Care to staff and guests. With the
help of Amthal Fire & Security, we believe we not only achieve the latest
industry standards, but are also safe in the knowledge that, should an incident
occur, it will be resolved as quickly and efficiently as possible.”
Paul Rosenthal, sales director at Amthal Fire & Security, responded: “Any
security measures taken in
hotels must be discreet. It’s
absolutely essential to strike
the right balance between
safety and intrusiveness.
What St Michael’s Manor
Hotel demonstrates is that,
while modern technology
plays a critical role, equally
important is the
maintenance of any systems
installed to ensure they
continue to operate at an
optimum level at all times.”
BNP Paribas Real Estate contract
wins for new London properties
celebrated by Axis Security
Axis Security has successfully mobilised a team
of security officers for BNP Paribas Real Estate
in order to provide security guarding services at
two new London properties. A specialist
division of the financial services group BNP
Paribas, BNP Paribas Real Estate has appointed
Axis Security to look after the security at both
Salters Hall and The Monument Building.
Axis Security was awarded the contracts
following two separate competitive tenders
wherein the company was able to demonstrate
that it would be the right trusted partner.
A Grade II-listed Livery Hall and office
building next to a fragment of the old London
Wall, Salters Hall is home to The Salters’
Company. In recent times, the building has
undergone a complete refurbishment,
extension and ‘reinvention’.
At Salters Hall, the priority for any security
officer functioning on site is to act as a tenant
liaison and work with the facilities manager,
undergoing the extra training necessary for the
correct operation of the on-site security
solutions (including access control systems).
Eaton fire alarm system provides
first class protection for University
of Liverpool students
Eaton has delivered a fire alarm system to
protect students residing in prestigious
university accommodation in Liverpool. The
power management company supported EFT
Systems in providing equipment for Ablett
House, named in honour of the late Liverpool
and Everton footballer Gary Ablett.
The centrally-located Ablett House scheme
is The Student Housing Company’s latest
development in Liverpool. Completed in just
12 months, the bespoke 12-storey, 396-bed
building has been designed to provide
students in Liverpool with a relaxing
environment in which to live and study.
Mindful of the disruption and cost
implications that can arise from frequent false
alarms in student accommodation, The
Student Housing Company specified a
bespoke fire alarm solution with a
sophisticated range of cause-and-effect
programming to ensure fast and accurate
detection of any suspected fire.
To meet the project’s detection and alarm
requirements, EFT installed four of Eaton’s
CF3000 intelligent and addressable control
panels at the student accommodation.
“The CF3000 panels harbour sophisticated
levels of functionality and are simple to
operate, which is precisely why we
recommended them to EFT,” explained Mike
Slater, sales account manager at Eaton, in
conversation with Risk UK.
76
www.risk-uk.com

Risk in Action
Evolution determines to keep
heart of Royal Infirmary of
Edinburgh ticking
Evolution, the integrated security and fire
solutions business, is helping to improve the
security of patients, visitors and staff at one
of Scotland’s largest teaching hospitals
thanks to the installation of sophisticated
fibre optic-based access control technology.
Evolution has been working with the team
at the Royal Infirmary of Edinburgh (RIE), a
major acute teaching hospital, to upgrade
the cabling infrastructure to fibre optic as a
more reliable way of ensuring access for the
hospital’s thousands of pass holders.
The new card-based access system has
now been installed to manage some 227
doors throughout the RIE, further improving
the hospital’s security and reducing the need
for (and the cost of) unnecessary
maintenance. The cards are proximity
readers and used at controlled doors, while
each card also contains a photograph plus
name and department details, thereby acting
as proof of identity.
Scott Lawson, operations manager at RIE,
commented: “The system has to manage the
access demands of a 10,000-strong footfall
that the hospital experiences on a daily
basis. It has proven to perform consistently
well right across the entire estate.”
The RIE plays host to over 4,000
employees as well as 400 students from the
University of Edinburgh and receives
upwards of 115,000 patients each year at its
A&E Department alone.
Along with system reliability, the hospital
also demanded flexibility, both in terms of
the system itself and its installation.
“The hospital regularly sees changes of
purpose for buildings and so requirements
for access can alter substantially,” explained
Lawson. “With the new system, any changes
can be quickly and easily accommodated.
The Evolution system allows operators to
programme and dispense new passes from
an easy-to-use portal.”
Talking to Risk UK, John Baillie (area sales
manager at Evolution) explained: “It was
essential for the hospital to remain open
throughout the installation period and with
minimum disruption to daily operations. That
being so, we worked closely with each
department to support their specific needs.”
Charity for the homeless selects Delta Security’s Master Key
Suite access control solution
A highly-secure Master Key Suite system
installed by CCTV and access control
specialist Delta Security is helping to
protect residents within properties
managed by Brick By Brick, the Londonbased
charity that provides permanent
and temporary housing for people with
homeless status.
The Evva EPS Master Key Suite system
provides Brick By Brick’s housing
managers with one key that can be used
to open all flats within its Old Kent Road,
Queen’s Road and Trafalgar Avenue
properties. The six-pin security keys
cannot be copied. Each may be identified and tracked with a unique coding,
while only Delta Security can provide any necessary replacements.
The properties have been fitted with individual locks to replace a dual
locking system. Isabelle Gravenstein, general manager at Brick By Brick,
believes this is a solution far better suited to residents. “Residents now only
require one key for their properties. The doors have a ‘roll-on’ locking system
whereby they don’t lock when the door closes. Rather, they’re required to be
locked upon leaving the property. Both enhancements have significantly
reduced the number of occasions where residents lock themselves out.”
Gravenstein stated that the system is also extremely beneficial for housing
managers. “All housing managers now carry one key and can access any
property should the need arise while making a site visit,” observed
Gravenstein. “Also, the process of tracking other housing managers’ use of the
keys is now far less complicated. This has significantly improved the efficiency
with which members of staff are able to perform their roles.”
World Heritage Site boosted
by Advanced fire protection
Durham Cathedral, the 1,000 yearold
World Heritage Site and one of
Britain’s most visited buildings, is
now protected by intelligent fire
panels courtesy of Advanced.
Founded in 1093 and the final
resting place of St Cuthbert, Durham
Cathedral remains the seat of the Bishop of Durham (the fourth most senior
cleric in the Church of England). As well as being the home of the Magna Carta,
the famous building and its environs have also featured in numerous
Hollywood films, among them the Harry Potter series.
The Advanced MxPro panels specified for Durham Cathedral were supplied by
Custom Advanced Systems and installed by Expert Fire Solutions. The fire
system covers the entire complex, including the new ‘Open Treasure’ exhibition
that affords the public access to previously unseen parts of the Cathedral. The
system comprises two MxPro 5 panels linked by fault-tolerant network cards
and supplemented by a remote display terminal.
Jo Hughes, property and facilities manager at Durham Cathedral, outlined:
“Durham Cathedral has played a prominent role in the history of the North
East. Both the building itself and its priceless artefacts deserve the best
possible protection. After working closely with the installation team, we
concluded that Advanced’s panels offered the right combination of quality,
reliability and functionality required for this vital installation.”
77
www.risk-uk.com

Technology in Focus
End users urged to “Try before you buy”
with EyeLynx portable radar system
A security software expert has created a portable system
designed to instantly demonstrate the range of its latest
radar unit which is able to identify ‘predatory’ vehicles at
distances of up to 700 metres.
EyeLynx has designed a mobile pack fitted with its EPR-
500 radar and Pharos PTZ camera on top of a tripod and
challenged security professionals to book a free demo to
prove it can detect potential intruders up to a quarter of a
mile away – and drones at distances of 80 metres.
The free demo has been initiated so that EyeLynx can
show site operators ‘live, in-the-field’ (and in their own environment) the EPR-
500’s ability to detect security threats early as well as the capability of EyeLynx
software to control CCTV autonomously and zoom in to collect evidence and
then send it to manned patrols or Security Control Rooms.
EyeLynx’s CEO Jay Patel explained to Risk UK: “We built this pack so that we
can visit your site, get in your car and drive to the most remote location, set up
the radar within minutes using a hammer, some batteries and a camera and
then demonstrate the extraordinary range of this powerful solution.”
www.eyelynx.com
Edesix introduces X-100 and X-
200 Series body-worn cameras
Edesix has announced the launch of new
head and torso-mounted cameras,
designated the X-100 and the X-200.
The X-100 is a side-mountable tactical
head camera, ideal for use on headwear (as
currently deployed by police firearms
divisions). It offers the automatic rotation of
footage, meaning that it can be worn on
either side of the head without requiring
user configuration to rotate any footage.
For its part, the X-200 is a torsomountable
camera for use on uniform vests,
tactical body armour or all-weather clothing.
These models are capable of capturing
1080p video at 30 fps or simultaneously
recording and streaming at 720p. Both
accessories are easy to operate.
www.edesix.com
ATG Access boldly determines to “revolutionise the
protection of people in crowded places”
In a volatile and changing threat environment which has seen a rise in
extremism and altering attack targets, it’s fundamental that protective
measures are used to secure both Critical National Infrastructure and crowded
places within the public realm. The latter is a more recent target for extremists
and one which is more difficult to protect due to the sporadic nature of attacks.
It has always been recognised that terrorists could employ the vehicle itself
as a weapon. The recent high-profile attacks conducted on the Prom D’Angalis
in Nice, the Christmas Market in Berlin and at Westminster Bridge in London
have reminded us all of this possibility and highlighted that temporary events
or tourist areas provide high densities of people often with little physical
protection from vehicle attack.
While explosive devices used in historical attacks are difficult to construct
and deploy, vehicles are readily available and require no special or unusual
skills to use them as effective weapons. This has changed the face of terror
attacks and altered the target from being infrastructure to infrastructure and
crowded places within the public realm.
When it comes to an event or a seasonal tourist attraction, protective
measures for individuals within the public realm are normally required on a
temporary basis. Existing measures are effective but can be heavy, slow to
deploy, difficult to store and cumbersome to both transport and remove.
With this in mind, ATG Access has launched not one or two but three new and
“revolutionary” temporary protection devices. The new product launches aim to
provide the security industry and
its end users with a more flexible
solution which is easy to store,
quick to deploy and operationally
far easier to work with.
The three different innovations
provide the industry with options
for various site-based scenarios.
www.atgaccess.com
Control your future “in an instant”
with SPC Connect from Vanderbilt
Vanderbilt SPC has always provided its myriad
customers with future-proof, high-performance
technologies specifically designed to deliver
advanced functionality. With SPC Connect, the
business continues that legacy.
The latest development from Vanderbilt is a
hosted cloud-based solution designed
specifically for the monitoring, management
and maintenance of SPC panels remotely from
any location. End users can download the SPC
Connect App free of charge.
www.vanderbiltindustries.com
78
www.risk-uk.com

Technology in Focus
Axis Communications
launches explosion-protected
cameras for deployment in sensitive
industrial projects
Axis Communications has announced the
introduction of three new explosion-protected
cameras for use in sensitive industrial areas:
the XF40-Q2901 explosion-protected
temperature alarm camera, the XF60-Q2901
explosion-protected temperature alarm camera
and the XP40-Q1942 explosion-protected PT
thermal network camera.
“Industrial plant operators have a
tremendously difficult task in front of them,”
explained Martina Lundh, global product
manager for thermal and explosion-protected
cameras at Axis Communications. “They need
to ensure efficiency and continuity in largescale
critical industrial processes while also
meeting all Health and Safety and
environmental regulations across multiple
locations and, often, huge areas. Our new
cameras deliver critical real-time information,
allowing for immediate incident response which
can prove to be a life-saving benefit.”
Typical industrial applications for the fixed
XF40-Q2901/XF60-Q2901 explosion-protected
temperature alarm cameras include control of
equipment temperatures, the detection of leaks
in pipes, fire detection and the monitoring of
equipment and perimeter protection.
www.axis.com
Traka locks intelligent solutions
into Safety and Health Expo 2017 at
London’s ExCeL
Traka is attending the Safety and Health Expo
event (which takes place at London’s ExCeL
from 20-22 June) specifically to showcase how
its latest intelligent key and equipment
management solutions can enforce process
and ensure compliance with the very highest
Health and Safety standards.
On Stand N200, the specialist in intelligent
key cabinets and locker systems will
demonstrate how it can help organisations
fulfil Health and Safety requirements and
implement superior management control from
pre-operational safety checks right through to
loading management.
Fault reporting, integrated alcohol testing
and machine start controlled access to forklift
trucks and fleet management (making sure
Novigo voice alarm system
talks to its public
Studies reveal that many people
don’t know how to react to
conventional alarms such as bells
or sirens. Some assume that it’s a
test or a false alarm, while others
remain confused and, ultimately,
unsure of exactly what to do.
An essential element of ensuring
life safety is the ability to manage
phased and orderly evacuation in
the event of an emergency. The
Novigo voice alarm system from
Siemens not only delivers high
performance messaging across multi-level,
multi-occupancy estates, but also operates
as an advanced PA system.
Novigo delivers comprehensive messages
about the nature of the incident and the
appropriate action to take using clear
language, minimising the potential for panic
or confusion. It’s highly scaleable and
exceeds relevant British and European
Standards. The solution is fully-configurable
with the capacity to extend to 4,000 network
nodes. It can be divided into zones to ensure
appropriate messaging across particular
areas and is capable of integration with third
party systems via a program interface.
Novigo’s advanced audio facility offers
studio sound quality and significant storage
capacity for automatic and live messaging as
well as multiple background music files.
www.siemens.com
only qualified staff can operate
them) are just some of the
processes available where
Traka can help to maintain
strict adherence to audit
control using the latest
intelligent key management.
Traka’s representatives will
also be available to discuss
tailored customer solutions
(including PDAs, scanners and
expensive radio equipment).
Steve Bumphrey, sales director at Traka, told
Risk UK: “Our ambition at the event is to
demonstrate how key and equipment
management is not only essential for
achieving compliance requirements, but also
show how it can create a more efficient
business operation with full audit capability to
ensure staff are accountable and traceable.”
www.traka.com
79
www.risk-uk.com

Security and Fire Management
BE SMART!
Read Risk UK Magazine on
your tablet or smartphone
using the FREE app

Appointments
Bob Forsyth
After 30 years of diligent
service at Kings Security
Systems, including three
years since PrimeKings
became the majority
shareholder in the
Bradford-based business,
Anthony King has decided
that it’s now time to leave
the company. At the same juncture, it has been
announced that Bob Forsyth is joining the firm
in the role of CEO.
Forsyth brings extensive business services
experience from his former role at Mitie, where
he transformed the security division from a
manpower-led operation to become a wideranging
technology business. Across an eightyear
period as managing director of Mitie Total
Security Management, Forsyth grew the
division’s revenues to over £300 million, such
that it became the second largest security
company in the UK with a strategy of
differentiation and technology advancement
through a focus on risk and integrated service
delivery for a wide range of sectors.
Speaking about this development, Geoff
Zeidler (chairman of Kings Security) told Risk
UK: “The Board would like to pay tribute to
Anthony for all that he has achieved in building
the business and wish him well for the future.
Bob has a broad market knowledge and a
fantastic track record of delivering profitable
growth. The Board looks forward to working
with him and the executive team.”
Commenting on his new role, Bob Forsyth
enthused: “Kings Security has a tremendous
market position and a reputation for passionate
people who deliver great service. Together with
the financial support of PrimeKings, this creates
a tremendous opportunity.”
Dianne Gettinby
The National Security Inspectorate (NSI) has
announced the appointment of Dianne
Gettinby as head of marketing
communications with immediate effect.
Responsible for delivering the NSI’s strategic
plan of marketing and communications,
Gettinby will optimise the use of all media to
build brand recognition, value and loyalty.
Prior to joining the NSI, Gettinby spent five
years at the British Dental Industry
Association with overall responsibility for the
development and implementation of the
Association’s myriad marketing and research
activities, including that focused on the UK’s
largest dental exhibition.
Appointments
Risk UK keeps you up-to-date with all the latest people
moves in the security, fire, IT and Government sectors
Stephen Lampett
The British Security Industry Association (BSIA)
has appointed Stephen Lampett to the position
of technical manager following two successful
years as the Association’s technical officer.
The announcement follows on from the
resignation of Paul Phillips, who left the BSIA at
the end of May to pursue a new role within the
security industry.
With over 20 years’ security experience,
Lampett’s background includes several roles at
ADT Fire and Security in various different areas
of electronic fire and security, including quality
management, environmental management,
Health and Safety and technical projects.
Prior to beginning his role at the BSIA,
Lampett worked as a QEHS consultant in the
manufacturing and construction industries.
David Wilkinson, the BSIA’s director of
technical services, commented: “I’m very
pleased to announce that Stephen has accepted
the position of technical manager and will
succeed Paul Phillips in the post from 1 June. I
wish Paul well in this next step in his career,
and I would also like to take this opportunity to
thank him for the significant contributions that
he has made to the BSIA’s success over the past
eight years.”
Wilkinson added: “Over the coming weeks
we’ll be recruiting to replace Stephen in the role
of technical officer to ensure that the Technical
Department remains at full strength in order to
meet the complex needs of our members.”
Previously, Gettinby worked at IHG in
various marketing management roles based
within the EMEA region.
Gettinby is the proud holder of an MSc in
International Marketing from Strathclyde
University and a member of the Chartered
Institute of Marketing.
On Gettinby’s appointment, NSI CEO Richard
Jenkins commented: “As we look to the future,
Dianne’s appointment reflects the strength of
our ongoing commitment to ensuring that
we’re delivering the highest standards for our
wide and diverse audience. I’m confident that
Dianne’s experience will be a great asset as we
continue to build our brand.”
Gettinby informed Risk UK: “I’m delighted to
be appointed in this role.”
81
www.risk-uk.com

Appointments
Graham Allison
Cardinal Security, the provider of “dynamic and
innovative” security solutions, has announced a new
high-profile appointment to its senior management team
in the form of Graham Allison. A well-known and
respected industry figure, 47 year-old Allison will serve as
the company’s commercial director with a view to
positioning the business as the “first choice” security
services provider.
Allison has served in the security industry for more
than 20 years now and joins Cardinal Security from Sentinel Group Security,
where he was chief operating officer for over three years.
Prior to that, Allison worked as retail relationships director for Mitie plc’s
dedicated security operation and, having also enjoyed roles at Securitas
Security Services and Reliance Security Services, he brings extensive
knowledge of the commercial and retail sectors to his new role.
Allison will now promote the advantages of using Cardinal Security’s
specialist services to organisations right across the country and focus on the
development of new opportunities. Allison is also going to play a key function
in supporting the Cardinal Training Academy, which will perform a vital role in
attracting new entrants to the industry via an apprenticeship scheme.
Eyal Assa
Siklu, the specialist in
millimeter wave radio
solutions for safe and
smart city projects, has
announced the
appointment of Eyal Assa
as the company’s new
CEO. Assa is a veteran
executive with over 20
years of leadership experience gained in the
telecommunications industry.
Siklu is a particularly strong participant in
the fast-growing 5G fixed wireless access
market. For its part, 5G fixed wireless access is
a major telecommunications infrastructure
upgrade and the first step on the way towards
ubiquitous 5G speeds.
Assa’s extensive experience of leading
growth-focused projects in the
telecommunications sector makes him uniquely
qualified to lead Siklu in the growing market for
millimeter wave radio solutions.
“Eyal understands what drives success in the
telecoms industry,” explained Siklu’s chairman
Izik Kirshenbaum.
Assa most recently served in the role of vicepresident
of global sales at Amdocs. Prior to
that, he held leadership positions at Ceragon,
including remits focused on OEM and business
development. Prior to his time at Ceragon, Assa
was vice-president of R&D at Seabridge.
“At Siklu, I’ve joined an innovative and highly
competent team that has consistently delivered
cutting-edge millimeter wave wireless solutions
to capture a leading market position,” stated
Assa in conversation with Risk UK.
Peter Jones
Peter Jones has joined
NG Bailey (the UK’s
largest independent
engineering, IT and
facilities services
business) as managing
director of its specialist
IT Services division
following the
announcement of current managing director
Bob Dunnett’s retirement at the end of May.
Jones is reporting directly to NG Bailey’s CEO
David Hurcomb and leads the division which
specialises in the design, supply, installation,
management and maintenance of voice, data
and structured cabling solutions to contracting,
enterprise and public sector clients alike.
Jones joins NG Bailey from G4S where he
held the role of managing director for facilities
management in the UK and Ireland. Jones has
also previously held senior leadership positions
at both CBRE and Carillion.
David Hurcomb explained: “Bob has done a
great job and we wish him a long and happy
retirement. I look forward to working with Peter
on continuing the development of the division
and the growth of all our services businesses.”
Pete Hancox
Specialist security
provider Allegion has
appointed Pete Hancox
as commercial leader of
its UK and Ireland
businesses to build and
lead strategic
partnerships in
specification. He’ll also
be in charge of commercial activity in Ireland.
Hancox joins Allegion UK in Birmingham
from his recent role as client services
director for HP Doors, but he’s no stranger to
the business, having been part of the
Ingersoll Rand security group for almost nine
years prior to his appointment with HP
Doors. Allegion formed as a result of the
spin-off of Ingersoll Rand’s commercial and
residential security business back in 2013.
It’s widely recognised in the industry that
door hardware is becoming more
sophisticated as electronics and mechanical
hardware merge. Allegion will now seek to
educate customers on the benefits new
technology brings and how to incorporate it
within long-term commercial properties.
Hancox said: “I look forward to creating
new opportunities and strengthening
relationships with our existing partners.”
82
www.risk-uk.com

20 - 22 JUNE 2017 EXCEL LONDON, UK
New exhibition within
IFSEC International 2017
AT BORDERS & INFRASTRUCTURE EXPO YOU WILL BENEFIT FROM:
• Access a VIP Meeting Service
live product demonstration and testing area
BRE Global
Networking Lounge
• See the latest UAVs at The Drone Zone.
against them

Best Value Security Products from Insight Security
www.insight-security.com Tel: +44 (0)1273 475500
...and
lots
more
Computer
Security
Anti-Climb Paints
& Barriers
Metal Detectors
(inc. Walkthru)
Security, Search
& Safety Mirrors
Security Screws &
Fastenings
Padlocks, Hasps
& Security Chains
Key Safes & Key
Control Products
Traffic Flow &
Management
see our
website
ACCESS CONTROL
KERI SYSTEMS UK LTD
Tel: + 44 (0) 1763 273 243
Fax: + 44 (0) 1763 274 106
Email: sales@kerisystems.co.uk
www.kerisystems.co.uk
ACCESS CONTROL
ACCESS CONTROL
ACT
ACT – Ireland, Unit C1, South City Business Park,
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,
Warrington, WA3 7GB. Tel: +44 161 236 9488
sales@act.eu www.act.eu
ACCESS CONTROL – BARRIERS, GATES, CCTV
ABSOLUTE ACCESS
Aberford Road, Leeds, LS15 4EF
Tel: 01132 813511
E: richard.samwell@absoluteaccess.co.uk
www.absoluteaccess.co.uk
Access Control, Automatic Gates, Barriers, Blockers, CCTV
ACCESS CONTROL
COVA SECURITY GATES LTD
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007
Email: sales@covasecuritygates.com
Web: www.covasecuritygates.com
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,
Waterproof Keypads, Door Closers, Deadlocks plus many more
T: 01202 676262 Fax: 01202 680101
E: info@alpro.co.uk
Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES
HTC PARKING AND SECURITY LIMITED
St. James’ Bus. Centre, Wilderspool Causeway,
Warrington Cheshire WA4 6PS
Tel 01925 552740 M: 07969 650 394
info@htcparkingandsecurity.co.uk
www.htcparkingandsecurity.co.uk
ACCESS CONTROL
INTEGRATED DESIGN LIMITED
Integrated Design Limited, Feltham Point,
Air Park Way, Feltham, Middlesex. TW13 7EQ
Tel: +44 (0) 208 890 5550
sales@idl.co.uk
www.fastlane-turnstiles.com
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED
Authorised Dealer
Tel: 0845 1 300 855 Fax: 0845 1 300 866
Email: info@secure-access.co.uk
Website: www.secure-access.co.uk
ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD.
Nortech House, William Brown Close
Llantarnam Park, Cwmbran NP44 3AB
Tel: 01633 485533
Email: sales@nortechcontrol.com
www.nortechcontrol.com
Custom Designed Equipment
• Indicator Panels
• Complex Door Interlocking
• Sequence Control
• Door Status Systems
• Panic Alarms
• Bespoke Products
www.hoyles.com
sales@hoyles.com
Tel: +44 (0)1744 886600
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD
Planet Place, Newcastle upon Tyne
Tyne and Wear NE12 6RD
Tel: 0845 643 2122
Email: sales@ukbinternational.com
Web: www.ukbinternational.com
Hoyles are the UK’s leading supplier of
custom designed equipment for the
security and access control industry.
From simple indicator panels to
complex door interlock systems.
BUSINESS CONTINUITY
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT
VANDERBILT INTERNATIONAL (UK) LTD
Suite 7, Castlegate Business Park
Caldicot, South Wales NP26 5AD UK
Main: +44 (0) 2036 300 670
email: info.uk@vanderbiltindustries.com
web: www.vanderbiltindustries.com
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM
Creating Continuity ....... Building Resilience
A not-for-profit organisation providing help and support
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845
Email: membership@continuityforum.org
Web: www.continuityforum.org
www.insight-security.com Tel: +44 (0)1273 475500

CCTV
CONTROL ROOM & MONITORING SERVICES
CCTV
Rapid Deployment Digital IP High Resolution CCTV
40 hour battery, Solar, Wind Turbine and Thermal Imaging
Wired or wireless communication fixed IP
CE Certified
Modicam Europe, 5 Station Road, Shepreth,
Cambridgeshire SG8 6PZ
www.modicam.com sales@modicameurope.com
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ
Tel: +44 (0) 1269 831431
Email: cctvsales@altron.co.uk
Web: www.altron.co.uk
ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring
• Vehicle Tracking • Message Handling
• Help Desk Facilities • Keyholding/Alarm Response
Tel: 0208 889 0475 Fax: 0208 889 6679
E-MAIL eurotech@eurotechmonitoring.net
Web: www.eurotechmonitoring.net
DISTRIBUTORS
CCTV
G-TEC
Gtec House, 35-37 Whitton Dene
Hounslow, Middlesex TW3 2JN
Tel: 0208 898 9500
www.gtecsecurity.co.uk
sales@gtecsecurity.co.uk
CCTV/IP SOLUTIONS
DALLMEIER UK LTD
3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH
Tel: +44 (0) 117 303 9 303
Fax: +44 (0) 117 303 9 302
Email: dallmeieruk@dallmeier.com
SPECIALISTS IN HD CCTV
MaxxOne
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.maxxone.com
sales@onlinesecurityproducts.co.uk
www.onlinesecurityproducts.co.uk
AWARD-WINNING, LEADING GLOBAL WHOLESALE
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.
ADI GLOBAL DISTRIBUTION
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company
also offers an internal technical support team, dedicated field support engineers along with a suite of
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online
account, installers can order up to 7pm for next day delivery.
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM COMMUNICATIONS COMPANY
EUROPE
Panasonic House, Willoughby Road
Bracknell, Berkshire RG12 8FP UK
Tel: 0207 0226530
Email: info@business.panasonic.co.uk
WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS,
PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.
MAYFLEX
Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ
Tel: 0800 881 5199
Email: securitysales@mayflex.com
Web: www.mayflex.com
COMMUNICATIONS & TRANSMISSION EQUIPMENT
KBC NETWORKS LTD.
Barham Court, Teston, Maidstone, Kent ME18 5BZ
www.kbcnetworks.com
Phone: 01622 618787
Fax: 020 7100 8147
Email: emeasales@kbcnetworks.com
DIGITAL IP CCTV
SESYS LTD
High resolution ATEX certified cameras, rapid deployment
cameras and fixed IP CCTV surveillance solutions available with
wired or wireless communications.
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333
Email: info@sesys.co.uk www.sesys.co.uk
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS
CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP
Tel: 0118 912 5000 Fax: 0118 912 5001
www.norbain.com
Email: info@norbain.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD
Unit 39 Sir Frank Whittle Business Centre,
Great Central Way, Rugby, Warwickshire CV21 3XH
Tel: 01788 567811 Fax: 01788 544 549
Email: jackie@plettac.co.uk
www.plettac.co.uk
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION
SATSECURE
Hikivision & MaxxOne (logos) Authorised Dealer
Unit A10 Pear Mill, Lower Bredbury,
Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.satsecure.uk
www.insight-security.com Tel: +44 (0)1273 475500

EMPLOYMENT
FIRE AND SECURITY INDUSTRY RECRUITMENT
SECURITY VACANCIES
www.securityvacancies.com
Telephone: 01420 525260
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,
Reading, Berkshire RG74GB, United Kingdom
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001
Email: ireurope@innerrange.co.uk
www.innerrange.com
PERIMETER PROTECTION
IDENTIFICATION
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS
GJD MANUFACTURING LTD
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX
Tel: + 44 (0) 1706 363998
Fax: + 44 (0) 1706 363991
Email: info@gjd.co.uk
www.gjd.co.uk
COMPLETE SOLUTIONS FOR IDENTIFICATION
DATABAC GROUP LIMITED
1 The Ashway Centre, Elm Crescent,
Kingston upon Thames, Surrey KT2 6HH
Tel: +44 (0)20 8546 9826
Fax:+44 (0)20 8547 1026
enquiries@databac.com
PERIMETER PROTECTION
GPS PERIMETER SYSTEMS LTD
14 Low Farm Place, Moulton Park
Northampton, NN3 6HY UK
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097
E-mail: info@gpsperimeter.co.uk
Web site: www.gpsperimeter.co.uk
POWER
INDUSTRY ORGANISATIONS
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION
Tel: 0845 389 3889
Email: info@bsia.co.uk
Website: www.bsia.co.uk
Twitter: @thebsia
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY
SSAIB
7-11 Earsdon Road, West Monkseaton
Whitley Bay, Tyne & Wear
NE25 9SX
Tel: 0191 2963242
Web: www.ssaib.org
INTEGRATED SECURITY SOLUTIONS
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER
Tel: 01443 471900 Fax: 01443 479 374
Email: sales@dyconpower.com
www.dyconpower.com
STANDBY POWER
UPS SYSTEMS PLC
Herongate, Hungerford, Berkshire RG17 0YU
Tel: 01488 680500
sales@upssystems.co.uk
www.upssystems.co.uk
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD
Adept House, 65 South Way, Walworth Business Park
Andover, Hants SP10 5AF
Tel: 01264 351415 Fax: 01264 351217
Web: www.adeptpower.co.uk
E-mail: sales@adeptpower.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY AND FIRE
Tel: +44 (0) 844 8000 235
E-mail: securitysales@honeywell.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
UNINTERRUPTIBLE POWER SUPPLIES LTD
Woodgate, Bartley Wood Business Park
Hook, Hampshire RG27 9XA
Tel: 01256 386700 5152 e-mail:
sales@upspower.co.uk
www.upspower.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

SECURITY
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS
INSIGHT SECURITY
Units 1 & 2 Cliffe Industrial Estate
Lewes, East Sussex BN8 6JL
Tel: 01273 475500
Email:info@insight-security.com
www.insight-security.com
CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD
Challenger House, 125 Gunnersbury Lane, London W3 8LH
Tel: 020 8752 0160 Fax: 020 8992 9536
E: info@contractsecurity.co.uk
E: sales@contractsecurity.co.uk
Web: www.contractsecurity.co.uk
QUALITY SECURITY AND SUPPORT SERVICES
CONSTANT SECURITY SERVICES
Cliff Street, Rotherham, South Yorkshire S64 9HU
Tel: 0845 330 4400
Email: contact@constant-services.com
www.constant-services.com
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM
Lincoln House,
Malcolm Street
Derby DE23 8LT
Tel: 0871 208 1187
www.ebuyelectrical.com
LIFE SAFETY EQUIPMENT
C-TEC
Challenge Way, Martland Park,
Wigan WN5 OLD United Kingdom
Tel: +44 (0) 1942 322744
Fax: +44 (0) 1942 829867
Website: www.c-tec.com
PERIMETER SECURITY
TAKEX EUROPE LTD
Aviary Court, Wade Road, Basingstoke
Hampshire RG24 8PE
Tel: +44 (0) 1256 475555
Fax: +44 (0) 1256 466268
Email: sales@takex.com
Web: www.takex.com
FENCING SPECIALISTS
J B CORRIE & CO LTD
Frenchmans Road
Petersfield, Hampshire GU32 3AP
Tel: 01730 237100
Fax: 01730 264915
email: fencing@jbcorrie.co.uk
INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311
Email: sales@optex-europe.com
www.optex-europe.com
SECURITY EQUIPMENT
PYRONIX LIMITED
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY.
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042
www.facebook.com/Pyronix
www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS
BOSCH SECURITY SYSTEMS LTD
PO Box 750, Uxbridge, Middlesex UB9 5ZJ
Tel: 0330 1239979
E-mail: uk.securitysystems@bosch.com
Web: uk.boschsecurity.com
INTRUDER AND FIRE PRODUCTS
CQR SECURITY
125 Pasture road, Moreton, Wirral UK CH46 4 TH
Tel: 0151 606 1000
Fax: 0151 606 1122
Email: andyw@cqr.co.uk
www.cqr.co.uk
SECURITY EQUIPMENT
CASTLE
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
SECURE CONNECTIVITY PROVIDERS
CSL
T: +44 (0)1895 474 474
sales@csldual.com
@CSLDualCom
www.csldual.com
SECURITY PRODUCTS
EATON
Eaton is one of the world’s leading manufacturers of security equipment
its Scantronic and Menvier product lines are suitable for all types of
commercial and residential installations.
Tel: 01594 545 400 Email: securitysales@eaton.com
Web: www.uk.eaton.com Twitter: @securityTP
INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS
RISCO GROUP
Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton,
Manchester, M24 2SS
Tel: 0161 655 5500 Fax: 0161 655 5501
Email: sales@riscogroup.co.uk
Web: www.riscogroup.com/uk
SECURITY SYSTEMS
VICON INDUSTRIES LTD.
Brunel Way, Fareham
Hampshire, PO15 5TX
United Kingdom
www.vicon.com
www.insight-security.com Tel: +44 (0)1273 475500

R
EasyIP 3.0
H.265+
SIMPLE AND POWERFUL
THE EASIER JOURNEY TO
BETTER SECURITY
EasyIP 3.0 SERIES
- Up to 4K ultra-HD, advanced H.265+ encoding
- Darkfighter ultra-low illumination technology
- Efficient VCA functions
- Easy to install, setup, and manage
- Budget-friendly and powerful
Hikvision UK & Ireland
4 The Square, Stockley Park,
Uxbridge, UB11 1ET
Tel: 01628 902140
sales.uk@hikvision.com
support.uk@hikvision.com
www.hikvision.co.uk