RiskUKNovember2017
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
November 2017<br />
www.risk-uk.com<br />
Security and Fire Management<br />
What’s in the Pipeline?<br />
Risk Management for the Extractive Industry<br />
Security Systems: Requirements for Continuous Availability<br />
Venturing into the Datasphere: An Examination of Storage<br />
Training and Career Development: Lessons in Cyber Security<br />
Fire Safety Management and Installation Supplement
“<br />
MY PASSION IS<br />
ALWAYS GOING THAT<br />
EXTRA MILE -<br />
WHATEVER THE JOB<br />
”<br />
Steve Lang, CNC Programmer/Operator, 3 years with Jacksons<br />
OUR PASSION<br />
IS YOUR SECURITY<br />
We combine the highest quality<br />
perimeter security fencing and<br />
gates with seventy years of expertise<br />
to provide you with the right solution<br />
for your project, large or small.<br />
www.jacksons-fencing.co.uk<br />
0800 953 3730<br />
Jacksons<br />
Fencing
November 2017<br />
Contents<br />
31 Fire Safety Management and Installation<br />
The FIA, Kentec, Xtralis and Klaxon all feature in our regular Fire<br />
Safety Management and Installation Supplement<br />
Security in the Extractive Industry (pp24-25)<br />
5 Editorial Comment<br />
6 News Update<br />
ONS on latest crime figures. Linx International Group publishes<br />
training study. Home Office determines to tackle violent crime<br />
8 News Analysis: National Cyber Security Centre<br />
Brian Sims delves into the detail contained within the National<br />
Cyber Security Centre’s 44-page Annual Report<br />
11 News Special: ‘Creating A Security Culture’<br />
The Security Institute has launched ‘Creating A Security Culture’<br />
in partnership with ITN Productions. Brian Sims reports<br />
12 News Special: IRM International Certificates<br />
International Certificates in Enterprise Risk Management and<br />
Financial Services Risk Management are available through the<br />
IRM. Brian Sims outlines the core content<br />
14 Opinion: General Data Protection Regulation<br />
Andrew Joss offers his views on the implications of the European<br />
Union’s upcoming GDPR for security and risk professionals<br />
16 Opinion: Security Business Sector Insight<br />
Graham Allison explains why security services providers need to<br />
offer sustainable careers for their employees and ensure that<br />
end user customers receive the highest levels of service<br />
19 BSIA Briefing<br />
James Kelly discusses the current biometrics market and some<br />
future trends in the sector well worth keeping an eye on<br />
42 Venturing into the Datasphere<br />
Andrew Palmer evaluates in great detail precisely why storage is<br />
the fundamental beating heart of today’s surveillance systems<br />
45 Under Surveillance<br />
Jonathan Sturley on remote monitoring for video surveillance<br />
48 View From On High<br />
Stephen Smith reviews PSIM solutions in the public sector<br />
51 On The Right Tracks<br />
Key and equipment management at TfL addressed by Ben Farrar<br />
54 Meet The Security Company<br />
Risk UK turns the spotlight towards Omni Security Services<br />
56 The Security Institute’s View<br />
58 In The Spotlight: ASIS International UK Chapter<br />
60 FIA Technical Briefing<br />
62 Security Services: Best Practice Casebook<br />
64 Cyber Security: Advanced Persistent Threats<br />
66 Training and Career Development<br />
68 Risk in Action<br />
70 Technology in Focus<br />
73 Appointments<br />
76 The Risk UK Directory<br />
22 Advancing the Science of Risk-Based Design<br />
Philip Strand examines the science underpinning security<br />
designs in today’s built environment<br />
24 Failing to Invest is Investing to Fail<br />
There’s an increasing demand for more effective, holistic and<br />
integrated security arrangements in the extractive industry, as<br />
Philip O’Sullivan duly observes<br />
27 The Requirement for Continuous Availability<br />
It’s crucial for security systems to be fully-operational around<br />
the clock. Duncan Cooke describes Best Practice approaches<br />
ISSN 1740-3480<br />
Risk UK is published monthly by Pro-Activ Publications<br />
Ltd and specifically aimed at security and risk<br />
management, loss prevention, business continuity and<br />
fire safety professionals operating within the UK’s largest<br />
commercial organisations<br />
© Pro-Activ Publications Ltd 2017<br />
All rights reserved. No part of this publication may be<br />
reproduced or transmitted in any form or by any means<br />
electronic or mechanical (including photocopying, recording<br />
or any information storage and retrieval system) without the<br />
prior written permission of the publisher<br />
The views expressed in Risk UK are not necessarily those of<br />
the publisher<br />
Risk UK is currently available for an annual subscription rate of<br />
£78.00 (UK only)<br />
www.risk-uk.com<br />
Risk UK<br />
PO Box 332<br />
Dartford DA1 9FF<br />
Editor Brian Sims BA (Hons) Hon FSyI<br />
Tel: 0208 295 8304 Mob: 07500 606013<br />
e-mail: brian.sims@risk-uk.com<br />
Design and Production Matt Jarvis<br />
Tel: 0208 295 8310 Fax: 0870 429 2015<br />
e-mail: matt.jarvis@proactivpubs.co.uk<br />
Advertisement Director Paul Amura<br />
Tel: 0208 295 8307 Fax: 01322 292295<br />
e-mail: paul.amura@proactivpubs.co.uk<br />
Administration Tracey Beale<br />
Tel: 0208 295 8306 Fax: 01322 292295<br />
e-mail: tracey.beale@proactivpubs.co.uk<br />
Managing Director Mark Quittenton<br />
Chairman Larry O’Leary<br />
Editorial: 0208 295 8304<br />
Advertising: 0208 295 8307<br />
3<br />
www.risk-uk.com
Connect your life to your<br />
home and your security<br />
Interact, control and integrate your Texecom security system like never before<br />
The Texecom Connect App allows you to control your security directly from your compatible<br />
<br />
system events and monitor cameras or activity from anywhere in the world.<br />
www.texe.com<br />
Sales: +44 (0)1706 220460<br />
Watch the Texecom<br />
Connect App video
Texecom Connect App<br />
New smartphone application for<br />
iOS operating systems<br />
Texecom Connect SmartCom<br />
Texecom Connect ethernet<br />
communicator<br />
Texecom Connect SmartPlug<br />
Ricochet ® enabled<br />
wireless plug<br />
Editorial Comment<br />
IoT at the Double<br />
Vodafone has recently published its fifth annual Internet of<br />
Things (IoT) Barometer Report. This is a document widely<br />
recognised as the leading global survey of business<br />
sentiment regarding investment and innovation in the IoT.<br />
The latest missive reports that the percentage of companies<br />
with more than 50,000 active connected devices has doubled in<br />
the last 12 months, while 84% of IoT adopters say that their use<br />
of the IoT has grown in the last year. 51% of adopters are<br />
adamant that the technology is increasing revenues or opening<br />
up new revenue streams and 66% of all companies agree that<br />
digital transformation is impossible without the IoT.<br />
Businesses in the Americas have led the way in embracing<br />
large-scale IoT projects, it seems. Here, 19% of companies using<br />
the IoT have more than 10,000 connected devices compared to<br />
13% in Europe and 7% in the Asia Pacific region. These largescale<br />
users also report some of the biggest business gains with<br />
67% of them highlighting significant returns from IoT usage.<br />
Interestingly, energy and utility companies are at the forefront<br />
of the largest IoT projects worldwide, with applications such as<br />
smart meters and pipeline monitoring very much to the fore.<br />
Meanwhile, the range of benefits that end users are gaining<br />
from the IoT is also widening as adoption increases. Greater<br />
business insights, reduced costs and improved employee<br />
productivity top the list globally. In the Asia Pacific region, 53%<br />
of respondents cite increased market competitiveness as the top<br />
benefit compared to 35% in the Americas and 33% in Europe. In<br />
the automotive sector, 51% of companies comment that the IoT<br />
is helping them to improve brand differentiation.<br />
As the scale of IoT projects increases, the comprehensive<br />
report also notes a rise in connectivity requirements. Companies<br />
are looking to use a mix of technologies from fixed line to low<br />
power Wide Area Networks (LP WANs) depending on the<br />
application. Typically, large-scale projects employ four different<br />
connectivity options with mobile and Wi-Fi the two most popular.<br />
There’s increasing interest in the newer technologies such as<br />
Narrowband IoT. Indeed, 28% of all companies are now<br />
considering this and other LP WAN options for new IoT projects.<br />
It’s perhaps not surprising to learn that security around the IoT<br />
remains the biggest barrier for organisations when it comes to<br />
deployment. That said, in those companies with 10,000 or more<br />
connected devices in operation, only 7% of them highlight<br />
security as their top worry. Organisations are taking more steps<br />
to tackle security concerns including an increase in security<br />
training for existing staff, working with specialist security<br />
providers and recruiting more IT security specialists.<br />
“What’s evident is that the IoT is becoming an important part<br />
of our lives,” writes Ben Dickson on the TechCrunch website. “Its<br />
security is one of the major issues that must be addressed via<br />
active participation by the entire global tech community. Will we<br />
be able to harness this most-hyped emerging technology that<br />
will revolutionise the world, or will we merely end up opening a<br />
Pandora’s Box that spirals the world into a new age of mayhem?”<br />
The fervent hope must be for the former outcome.<br />
Brian Sims BA (Hons) Hon FSyI<br />
Editor<br />
December 2012<br />
5<br />
www.risk-uk.com
“Rising crime shows no sign of abating”<br />
in wake of latest ONS figures and analysis<br />
Police forces appear to be struggling to stem<br />
the tide of ‘genuine increases’ in crime. Figures<br />
published by the Office for National Statistics<br />
(ONS) show that police-recorded crime has<br />
risen by 13% in the last 12 months with huge<br />
increases in violent crime (up by 19%), sexual<br />
offences (also up by 19%) and police-recorded<br />
theft (which has escalated by 11%).<br />
Despite the old adage that improved<br />
recording processes have resulted in rising<br />
crime in recent years, the experts responsible<br />
for collating the statistics judge that there have<br />
indeed been ‘genuine increases’.<br />
John Flatley, crime statistics and analysis<br />
specialist at the ONS, commented: “The latest<br />
figures suggest that the police are dealing with<br />
a growing volume of crime. While improvements<br />
made by police forces in recording crime are<br />
still a factor in this increase, we judge that<br />
there have been genuine increases in crime,<br />
and particularly so in some of the low<br />
incidence, but more harmful categories.”<br />
Flatley continued: “Police figures cannot<br />
provide a good measure of all crime in society,<br />
since we know that a large volume of criminality<br />
never comes to their attention. The recent<br />
increases in recorded crime do need to be seen<br />
in the context of the overall decline in crime<br />
indicated by the Crime Survey for England and<br />
Wales, which remains our best guide to longterm<br />
trends for crime in general.”<br />
Calum Macleod, vice-chairman of the Police<br />
Federation of England and Wales, observed: “I<br />
can see little chance of this sorry state of affairs<br />
changing any time soon. Every day, officers set<br />
out to protect their communities from harm, but<br />
every day their job is being made more difficult<br />
due to cuts in funding and cuts in their number,<br />
yet the demand for their services isn’t<br />
dwindling. It’s the public that suffers and it’s<br />
the public’s safety that’s compromised.”<br />
According to the Police Federation, the<br />
“dangerous reality of policing” is “plain to see”<br />
with violent crime continuing to rise, including<br />
knife crime climbing at a startling rate and<br />
exhibiting a 26% increase in offences across the<br />
last 12 months (with 36,998 offences compared<br />
to 29,476 the previous year). Offences involving<br />
a firearm also spiked by a substantial 27%<br />
(6,696 offences compared to 5,269).<br />
In conclusion, Macleod went on to state: “We<br />
know from our own research that officers suffer<br />
significantly at the hands of volatile and<br />
dangerous individuals. These ONS figures paint<br />
a disturbing picture of the reality they face<br />
when responding to calls for help. Quite frankly,<br />
the Government needs to wake up to what’s<br />
happening right in front of its eyes. Police<br />
forces are always trying to play their part in<br />
meeting demand, but it cannot be all one-way<br />
traffic. More needs to be done to support them<br />
in achieving their goals.”<br />
Linx International Group publishes results of detailed training trends study<br />
The Linx International Group has just revealed the results of an extensive survey conducted by the<br />
company with a view to investigating the attitudes of security professionals towards training. The<br />
survey highlights a clear commitment to professional and personal development, the desire to raise<br />
industry standards and the sense that security is now becoming a serious long-term career path.<br />
The findings reveal that security professionals are taking their careers and skills development<br />
seriously, with Continuing Professional Development (76%), certification/training (71%) and<br />
personal development (64%) cited as the three main drivers for undertaking training. This attention<br />
to personal and professional progression is reflected in how training is being paid for, with just over<br />
half (51%) of all respondents paying for training themselves, while 45% of training is being funded<br />
by the employing organisation and the remainder via other means.<br />
The survey results also highlight a widespread acknowledgement of the importance of<br />
recognised training qualifications, with 81% of respondents stating its importance to them as an<br />
individual, 68% acknowledging training’s importance to the organisation and 74% recognising the<br />
positive impact that training qualifications have on their respective industries.<br />
Ken Livingstone MSc FSyI (pictured), group training director for the Linx International Group,<br />
informed Risk UK: “There’s a clear trend towards upskilling and individuals taking responsibility for<br />
their own career development and advancement, as well as a demand from industry for better<br />
qualified, certified and accredited professionals.”<br />
Focus areas in which professionals are looking to gain more expertise are security management<br />
(63%), security consultancy (61%), counter-terrorism (55%) and crisis management (47%).<br />
6<br />
www.risk-uk.com
News Update<br />
Home Office announces package of<br />
new measures specifically designed<br />
to tackle violent crime<br />
Prison sentences for those who repeatedly<br />
carry corrosive substances without good<br />
reason for doing so are among a set of new<br />
laws being proposed by the Home Office with<br />
the key aim of tackling serious violence.<br />
The measures include a new offence of<br />
possession of a corrosive substance in public<br />
without a good or lawful reason. It would<br />
place the onus on the individual caught in<br />
possession to explain why they’re carrying<br />
such a substance, rather than on the police<br />
service to prove that the substance was<br />
intended to cause injury. Those convicted of<br />
this offence for a second time would face a<br />
mandatory minimum sentence in line with the<br />
existing knife possession laws.<br />
The proposals are part of the consultation<br />
on new legislation around offensive and<br />
dangerous weapons. This duly sets out<br />
legislative measures to reduce violent crime,<br />
respond to recent rises in police-recorded<br />
knife and firearms offences and deal with the<br />
emergence of attacks where acids and<br />
corrosive substances are being used.<br />
Home Secretary Amber Rudd (pictured)<br />
explained: “All forms of violent crime are<br />
totally unacceptable, which is why we’re<br />
taking action to restrict access to offensive<br />
weapons and crack down on those who carry<br />
acids with intent to do harm. Acid attacks can<br />
devastate lives and leave the victims with both<br />
emotional and physical scars. By actively<br />
banning the sale of the most harmful corrosive<br />
substances to those under the age of 18 and<br />
introducing minimum custodial sentences for<br />
individuals who repeatedly carry corrosive<br />
substances with intent to cause harm, we’re<br />
sending out a message that the cowards who<br />
use these substances as weapons will not<br />
escape the full force of the law.”<br />
Measures on which the Government will now<br />
consult in detail are new offences pertaining<br />
to the sale of acids and the most harmful<br />
corrosive substances to people aged under 18,<br />
possession of a corrosive substance in public<br />
and restricting online sales of knives such that<br />
they cannot be delivered to a private<br />
residential address and must instead be<br />
collected at a place where age ID can be<br />
checked and verified.<br />
Sarah Newton, the Minister for Crime,<br />
Safeguarding and Vulnerability, has just<br />
announced the launch of the £500,000<br />
Community Fund for local projects aimed at<br />
tackling knife crime in tandem with more than<br />
£280,000 of successful bids for community<br />
work determinedly focused on ending gang<br />
violence and exploitation.<br />
BRE Global/LPCB Attack Testing<br />
Zone set for expansion at IFSEC<br />
International 2018<br />
Security is the biggest challenge the world is<br />
facing at present, with the need to safeguard<br />
people and property arguably now greater<br />
than at any point in the past. On that basis,<br />
end users need to know the products and<br />
solutions about which they’re making critical<br />
purchasing decisions are fit for purpose.<br />
With this in mind, IFSEC International’s<br />
organiser UBM EMEA will once again be<br />
partnering with the experts at BRE Global and<br />
the LPCB to host the 2018 event’s Attack<br />
Testing Zone.<br />
Following the hugely successful introduction<br />
of this new demonstration area in June, the<br />
Attack Testing Zone will be expanded and<br />
moved to a prominent position in the Borders<br />
and Infrastructure area of IFSEC International<br />
2018, in turn providing dramatic<br />
demonstrations of the capabilities of worldclass<br />
security solutions.<br />
Expert technicians from BRE Global/LPCB<br />
will actively demonstrate the effectiveness of<br />
a range of physical security solutions. All of<br />
the products on display are LPCB Red Bookapproved<br />
and will have met the stringent<br />
conditions laid down by a range of UK and<br />
European standards. That being so, end users<br />
in attendance at London’s ExCeL next June will<br />
be watching ‘Best in Class’ products taken to<br />
task in real-time scenarios.<br />
Richard Flint, technical and business<br />
development manager for physical security at<br />
BRE Global, explained to Risk UK: “BRE Global<br />
is delighted to once again partner with IFSEC<br />
International in order to continue with the<br />
Attack Testing Zone. We were hugely<br />
impressed with the volumes and quality of the<br />
visiting audience this year and, such was the<br />
level of interest generated, we made sure the<br />
IFSEC International team would both expand<br />
and relocate this area for 2018. It’s a unique<br />
opportunity for security professionals to see<br />
leading products being tested in real-time and<br />
showcases the impressive levels of security<br />
and protection these solutions can provide.”<br />
Gerry Dunphy, brand director for IFSEC<br />
International, stated: “The Attack Testing Zone<br />
was the star performer at IFSEC International<br />
2017, with visiting customers standing fourdeep<br />
around the area just to try and obtain a<br />
view of what was going on. It’s clearly a major<br />
area of interest for industry professionals.”<br />
7<br />
www.risk-uk.com
National Cyber Security Centre prevents<br />
“thousands of attacks” in first 12 months<br />
A 44-page report<br />
marking the first<br />
anniversary of the<br />
National Cyber<br />
Security Centre (NCSC)<br />
has shone light on the<br />
vital work the<br />
organisation has<br />
already conducted to<br />
make the UK a safe<br />
place in the online<br />
world. The NCSC,<br />
which is part of<br />
GCHQ*, brought<br />
together elements of<br />
its parent organisation<br />
with previously<br />
separate parts of<br />
Government and<br />
intelligence to create a<br />
‘one-stop shop’ for<br />
UK cyber security.<br />
Brian Sims reports on<br />
progress made to date<br />
While there’s still much work to be done,<br />
in its first 12 months of operations the<br />
NCSC has prevented thousands of<br />
attacks and provided vital support for the UK’s<br />
Armed Forces. Cyber experts received a total of<br />
1,131 incident reports, with 590 of them being<br />
classed as ‘Significant’.<br />
Across the last 12 months, the NCSC has<br />
launched Active Cyber Defence, which blocks<br />
tens of millions of attacks every week and has<br />
reduced the average time that a phishing site is<br />
online from 27 hours to just one hour.<br />
In point of fact, the organisation has<br />
responded to upwards of 590 significant<br />
incidents, co-ordinating Government’s response<br />
and providing reassurance to the public, and<br />
also led the UK’s response to the global<br />
WannaCry incident – which directly affected 47<br />
NHS Trusts – by providing vital assistance and<br />
advice to those directly affected.<br />
The NCSC has created a website to provide<br />
easy-to-understand advice and information for<br />
the public. The site received 100,000 visitors in<br />
a single month and 2,000 tweets were issued<br />
over the year. Furthermore, the organisation<br />
hosted 2,300 delegates and 173 speakers at its<br />
three-day CyberUK conference in Liverpool to<br />
share insights and build on the understanding<br />
of cyber security.<br />
In parallel, the NCSC has overseen a 43%<br />
increase in visits (4,000 visitors per month) to<br />
the Cyber Security Information Sharing<br />
Partnership (CiSP), which allows the community<br />
to share information about cyber threats.<br />
In addition, the NCSC has produced 200,000<br />
physical items for 190 customer departments<br />
through the UK Key Production Authority, in<br />
turn securing and protecting the vital<br />
communications of our Armed Forces and the<br />
national security community.<br />
Importantly, the NCSC has created the<br />
pioneering ‘Industry 100’ initiative to work with<br />
or embed 100 industry professionals within the<br />
organisation in a bid to provide challenge and<br />
generate innovation. The organisation has also<br />
made an impact on the future of cyber security,<br />
helping to foster a talent pipeline of the next<br />
generation of experts and working alongside<br />
business and academia to create a culture<br />
wherein technology can thrive.<br />
Jeremy Fleming, director of GCHQ, explained:<br />
“In an increasingly digital world, cyber is<br />
playing an ever-more important part in our daily<br />
lives and, indeed, in the UK’s approach to<br />
security. The threats to the UK are evolving<br />
rapidly as technology advances. Our response<br />
has been to transform in order to remain ahead<br />
of them. The NCSC is a pivotal element of that<br />
transformation. It’s a critical component not<br />
only of GCHQ, where it benefits from the data<br />
and expertise to which it has access as part of<br />
the intelligence community, but also of how<br />
Government as a whole works to keep the UK<br />
safe. The NCSC has brought together<br />
unparalleled skills, capabilities and<br />
partnerships and, in its first year, has taken<br />
enormous strides when it comes to increasing<br />
and improving upon our cyber capabilities. It’s<br />
on the front line in protecting the UK against a<br />
growing number of cyber attacks.”<br />
Crucial for national security<br />
Ciaran Martin, CEO of the NCSC, added: “Cyber<br />
security is crucial to our national security and<br />
prosperity. We’re incredibly proud of what we’ve<br />
achieved in our first year at the National Cyber<br />
Security Centre, bringing together some of the<br />
best cyber security brains in the country in a<br />
single place, but the threat remains very real<br />
and growing. Further attacks will happen, and<br />
there’s much more for us to do in order to make<br />
the UK the safest place in the world in which to<br />
live and transact business online. We look<br />
forward to working with our partners in the<br />
year ahead in pursuit of that vital goal.”<br />
Commenting on the news that more than<br />
1,000 incidents were reported to the NCSC in its<br />
8<br />
www.risk-uk.com
News Analysis: National Cyber Security Centre Annual Report<br />
first year of operation, Joe Hancock (cyber<br />
security lead at Mishcon de Reya) stated:<br />
“1,000 attacks may seem like a large number,<br />
but the reality is that this is the tip of the<br />
iceberg. The majority of attacks on business,<br />
Government and third sector organisations go<br />
unreported and often undetected. Behind these<br />
high-profile incidents, there are millions of<br />
online crimes that affect individuals every day.”<br />
Hancock continued: “We routinely deal with<br />
these issues, and it’s clear to us that more<br />
needs to be done to support law enforcement<br />
in helping responders and victims to better<br />
detect and recover from cyber episodes. The<br />
recent Equifax breach shows the potential<br />
downsides of large-scale data collection where<br />
there’s apparently little consent. The level of<br />
cyber security isn’t globally consistent: we’re<br />
always only as strong as the weakest link.<br />
We’re extremely keen to see the NCSC’s<br />
strategy broadened with further investment.”<br />
Although operational since October 2016, the<br />
NCSC’s new London headquarters was officially<br />
opened by Her Majesty The Queen and HRH The<br />
Duke of Edinburgh in February this year. As well<br />
as co-ordinating the Government’s response to<br />
those 590 significant incidents referred to<br />
earlier, the NCSC has prevented waves of<br />
attacks through its aforementioned Active<br />
Cyber Defence programme.<br />
As part of GCHQ, the NCSC is proud to deliver<br />
vital work nationally and internationally and,<br />
across the last year, has worked with officials in<br />
more than 50 countries across five continents,<br />
including signing NATO’s groundbreaking<br />
Memorandum of Understanding on Cyber.<br />
The UK Government is fully committed to<br />
defending the nation against cyber threats and<br />
addressing the cyber skills gap to develop and<br />
grow talent. The NCSC was created as part of<br />
the Government’s five-year National Cyber<br />
Security Strategy. Announced in 2016, that<br />
strategy is supported by £1.9 billion of<br />
transformational investment.<br />
Tightening the law<br />
Counter-terrorism laws are to be updated to<br />
keep pace with modern online behaviour and<br />
address the issue of online radicalisation,<br />
Home Secretary Amber Rudd has announced.<br />
The Government intends to change the law<br />
such that those individuals who repeatedly<br />
view terrorist content online could face up to 15<br />
years behind bars.<br />
The proposed changes are designed to<br />
strengthen the existing offence of possessing<br />
information likely to be useful to a terrorist<br />
(Section 58 of the Terrorism Act 2000) such that<br />
it applies to material viewed repeatedly or<br />
“In an increasingly digital world, cyber is playing an evermore<br />
important part in our daily lives and, indeed, in the<br />
UK’s approach to security”<br />
streamed online. Currently, this power only<br />
applies to online material which has been<br />
downloaded and stored on the offender’s<br />
computer, is saved on a separate device or<br />
printed off as a hard copy.<br />
The move to tighten the law around the<br />
viewing of terrorist material comes as part of a<br />
wide-ranging review of the Government’s<br />
counter-terrorism strategy in the wake of this<br />
year’s terror attacks, and will help in providing<br />
an important and effective way of intervening<br />
earlier in an investigation and disrupting<br />
terrorist activity.<br />
The legal changes will also increase the<br />
maximum penalty if found guilty from ten to 15<br />
years’ imprisonment in order to reflect the<br />
seriousness of the offence and ensure that<br />
perpetrators are locked up for longer periods.<br />
The new maximum penalty of 15 years behind<br />
bars will also apply to terrorists who publish<br />
information about members of the Armed<br />
Forces, the police and the Security and<br />
Intelligence Services for the purposes of<br />
preparing acts of terrorism (Section 58a of the<br />
Terrorism Act 2000).<br />
There have been a number of prosecutions<br />
for terrorism offences featuring Armed Forces<br />
personnel (or military establishments) as the<br />
targets of attacks, including last year’s<br />
successful conviction of Junead Khan for<br />
planning to attack personnel at a USAF airbase<br />
in Norfolk and of those responsible for the<br />
horrific murder of Fusilier Lee Rigby.<br />
The updated offence will ensure that only<br />
those found to repeatedly view online terrorist<br />
material will be captured by the law. This will<br />
serve to safeguard those who click on an<br />
Internet link by mistake or who could argue<br />
that they did so out of curiosity rather than with<br />
any criminal intent in mind. A defence of<br />
‘reasonable excuse’ would still be available to<br />
academics, journalists or others who may have<br />
a legitimate reason to view such material.<br />
*Government Communications Headquarters<br />
(GCHQ) is one of the three UK Intelligence and<br />
Security Agencies, along with MI5 and the<br />
Secret Intelligence Service (MI6). GCHQ works<br />
to protect the UK and its citizens from a range<br />
of threats posed to national security, including<br />
those attributable to terrorism, serious and<br />
organised crime and cyber attack. It also works<br />
to protect and safeguard the UK’s Armed<br />
Forces wherever they may be deployed<br />
Jeremy Fleming:<br />
Director of GCHQ<br />
Ciaran Martin: CEO of the<br />
National Cyber Security Centre<br />
9<br />
www.risk-uk.com
They see a well secured airport.<br />
You see smart data to<br />
optimize traveler flow.<br />
Bosch empowers you to build a safer and more secure<br />
world. And with built-in video analytics as of the IP 4000<br />
cameras, we allow you to use video data for more than<br />
security alone. Like identifying interruptions and<br />
patterns in airport traffic.<br />
Find out more at boschsecurity.com<br />
+1<br />
People counting<br />
Queuing alarm<br />
Enforcing safety<br />
regulations
News Special: ‘Creating A Security Culture’<br />
The Security Institute launches ‘Creating<br />
A Security Culture’ with ITN Productions<br />
The recent terrorist attacks on the very<br />
doorsteps of democracy are an acute<br />
reminder of the ongoing public security<br />
battle we face, with the nation having<br />
experienced a severe increase in terrorist<br />
activity over the last few years.<br />
With this in mind, ‘Creating A Security<br />
Culture’ looks at how security professionals are<br />
working together to realise a unified dialogue<br />
and fight against this global threat. It also<br />
examines how digital surveillance is enhancing<br />
the quality and quantity of footage captured, as<br />
well as the ability companies currently have to<br />
store and interrogate large amounts of data.<br />
Anchored by celebrated national newsreader<br />
Natasha Kaplinsky, ‘Creating A Security Culture’<br />
also makes a point of delving into the spheres<br />
of corporate espionage and hacking, social<br />
unrest and the Government’s campaigns<br />
designed to educate the public on coping<br />
mechanisms. The programme explores in some<br />
degree of detail the phenomenal innovation in<br />
this sector, turning towards products such as<br />
virtual laser ‘ceilings’, satellite surveillance and<br />
even ceramic ball technology.<br />
Drawing upon ITN’s 60-year heritage and<br />
expertise in storytelling, this news-style<br />
venture combines key interviews and<br />
sponsored editorial profiles from a wide range<br />
of industry experts including the Engineering<br />
and Physical Sciences Research Council,<br />
EtherSec, GJD Manufacturing, Kaba, OPTEX,<br />
Scandef and Seagate Technology.<br />
The programme will form part of an extensive<br />
communications campaign featuring experts in<br />
the security business sector as well as relevant<br />
journalists, writers and bloggers.<br />
Andrew Nicholls, deputy chairman of The<br />
Security Institute, said: “For almost 12 months<br />
now, The Security Institute has been working<br />
closely with ITN Productions to help support<br />
this very special programme about the<br />
important work of security professionals. The<br />
production illustrates the wide range of<br />
essential work being carried out across the<br />
security industry and also explains some of the<br />
key developments in technology which are<br />
helping to keep us all secure.”<br />
Simon Shelley, head of industry news at ITN<br />
Productions, added: “ITN Productions is<br />
delighted to have partnered with The Security<br />
Institute to explore this critical and complex<br />
profession that works to keep society safe. By<br />
The Security Institute and ITN Productions have launched a<br />
news and current affairs-style programme entitled ‘Creating<br />
A Security Culture’ that features in-depth perspectives on<br />
international security, investigating how emerging threats to<br />
global security are being tackled decisively thanks to the use<br />
of sophisticated technology and a heightened awareness<br />
around public safety. Brian Sims reports<br />
examining the technologies behind<br />
security systems and engaging<br />
with key organisations and<br />
individuals right across the sector,<br />
the programme will contribute to<br />
the ongoing debate on how to<br />
continue to improve security in<br />
what are now increasingly<br />
challenging environments.”<br />
Group membership<br />
At the organisation’s Annual<br />
Conference 2017, held on Tuesday<br />
3 October in central London, The Security<br />
Institute announced that it has now entered<br />
into a Group Membership arrangement with the<br />
Civil Aviation Authority (CAA), the UK’s<br />
specialist aviation regulator.<br />
The scheme will enable security specialists<br />
within the CAA’s Aviation Security Directorate to<br />
become members of the Institute and obtain<br />
professional membership status. The new<br />
arrangement will enable around 50 members of<br />
the CAA’s security team to join the Institute.<br />
Peter Drissell, the CAA’s director of aviation<br />
security, stated: “The CAA is delighted to enter<br />
into this partnership with The Security Institute<br />
which will ensure that our team of security<br />
professionals remains up-to-date with the<br />
latest industry advancements and has the<br />
opportunity for ongoing development.”<br />
Andrew Nicholls added: “We’re delighted to<br />
make this announcement at our Annual<br />
Conference and very much look forward to<br />
working with the CAA in the future.”<br />
*The Security Institute is the UK’s largest<br />
professional membership body for security<br />
professionals with over 2,500 members. Since<br />
2000, the Institute has been working to<br />
promote the highest possible standards of<br />
integrity and professional competence in the<br />
business of security<br />
National newsreader Natasha<br />
Kaplinsky is the chosen<br />
presenter for ‘Creating A<br />
Security Culture’<br />
11<br />
www.risk-uk.com
News Special: IRM Certificates in Risk Management<br />
Qualifications “assist in developing<br />
transferable skills” urges the IRM<br />
The Institute of Risk<br />
Management (IRM) is<br />
perfectly placed to<br />
help risk managers<br />
and their members of<br />
staff remain up-tospeed<br />
in the<br />
discipline, no matter<br />
what stage of their<br />
career they’ve<br />
reached. The globallyrecognised<br />
International<br />
Certificates in<br />
Enterprise Risk<br />
Management and<br />
Financial Services Risk<br />
Management will help<br />
individuals to become<br />
effective risk<br />
professionals, as<br />
Brian Sims reports<br />
Nicola Crawford CFIRM:<br />
Chair of the Institute of Risk<br />
Management<br />
12<br />
www.risk-uk.com<br />
With the current business climate now<br />
increasingly uncertain, organisations<br />
need competent, efficient and<br />
knowledgeable staff to manage threats.<br />
Focusing on cyber security, data breach, supply<br />
chain and people risk, an enterprise-wide risk<br />
management approach will help the host<br />
organisation to maximise opportunities and<br />
mitigate risks in the business environment.<br />
Nicola Crawford CFIRM, chair of the IRM,<br />
informed Risk UK: “IRM qualifications are a<br />
solid platform which give the broad background<br />
of risk and help to develop transferable skills. I<br />
came from a banking back office environment<br />
and then a strategic planning background. I’ve<br />
seen what happens when Enterprise Risk<br />
Management (ERM) isn’t embedded within an<br />
organisation’s key processes. Understanding<br />
other organisational functions is an important<br />
element of being able to help businesses learn<br />
how ERM fits into the rest of the organisation<br />
and where the key changes need to occur in<br />
order to make this happen.”<br />
Whether practitioners are just starting out on<br />
their career or considering how to make the<br />
most of existing options, qualifications attained<br />
with the IRM offer them the chance to become<br />
pivotal players in any organisation.<br />
Completing either International Certificate<br />
through distance or blended learning (which<br />
offers a more face-to-face approach) can take<br />
just six months and earns the IRMCert<br />
designation, enabling professionals to stand<br />
out from their peers with an internationallyrecognised<br />
and respected qualification.<br />
The IRM boasts learners from all over the<br />
world and in every sector, from aviation,<br />
healthcare, infrastructure and oil and gas<br />
through to the public sector. The International<br />
Certificates are aimed at anyone with<br />
responsibility for risk in any organisation and in<br />
any business sector around the globe.<br />
Course details in brief<br />
Individuals don’t require any prior experience<br />
or qualifications to study for the International<br />
Certificates with the IRM.<br />
The qualifications consist of two modules.<br />
Studied together, each module is assessed by<br />
examination. Candidates sit their exams for<br />
both modules in the same exam period. The<br />
IRM has examination centres around the globe<br />
and recently launched its blended learning<br />
option in the UK for those who do prefer a more<br />
face-to-face approach.<br />
The International Certificate in Enterprise<br />
Risk Management provides an entry route into<br />
the International Diploma focused on the same<br />
discipline. On completing the International<br />
Certificate, as stated professionals will then be<br />
able to use the internationally-recognised<br />
membership designation IRMCert.<br />
This is the first step towards becoming a<br />
Certified Member of the IRM (CMIRM). Students<br />
have two years to complete the certificate<br />
modules from the date of enrolment.<br />
Recently, the IRM hosted a webinar to explain<br />
its qualifications in more detail and how they<br />
can help individuals reach certified status.<br />
Available to view at www.theirm.org/training/<br />
webinars.aspx, the webinar features past<br />
students’ experiences and how qualifications<br />
have helped them in their roles. Both<br />
examiners and module coaches also talk at<br />
length about the syllabus and course content.<br />
The IRM also offers a range of in-house and<br />
open training courses to suit specific training<br />
requirements, from the Fundamentals of Risk<br />
Management through to Risk in the Boardroom.<br />
The courses are all interactive, giving learners<br />
the greatest impact in the time available.<br />
All courses have been selected not just for<br />
their theoretical content, but also for their<br />
practical impact such that learners leave their<br />
studies with tools and techniques they can put<br />
into action immediately. Further detail is<br />
available at www.theirm.org/training<br />
Vinay Shrivastava FIRM, director of Turner &<br />
Townsend Infrastructure and a Board member<br />
of the IRM, observed: “The IRM qualifications<br />
are a necessary quality benchmark in our<br />
Industry. I receive dozens of CVs on a weekly<br />
basis and candidates who are IRM-qualified<br />
stand out for consideration for our roles as this<br />
indicates that, beyond having a demonstrable<br />
core skills set, these particular individuals take<br />
professional development seriously and are<br />
committed to a career in risk management.”<br />
If you look at global infrastructure, cyber<br />
security, energy, defence and security as well as<br />
all major projects, they all have one thing in<br />
common: someone somewhere has to manage<br />
the risks and opportunities they present.<br />
Make sure your company has qualified staff<br />
in post to manage risk both efficiently and<br />
effectively on an ongoing basis.
SkyHawk AI<br />
The hawk is back and<br />
smarter than ever.<br />
Gain the commercial edge with SkyHawk AI,<br />
built for AI-enabled surveillance systems,<br />
and now protected by SkyHawk Health.<br />
WWW.SEAGATE.COM<br />
©2017 Seagate Technology LLC. All rights reserved.
Tackling the EU’s GDPR: Strength of<br />
Conviction and Purpose is Required<br />
The European Union’s<br />
General Data<br />
Protection Regulation<br />
(GDPR) comes into<br />
force in less than a<br />
year. At its heart, the<br />
GDPR is designed to<br />
give consumers more<br />
control over how their<br />
data is stored and<br />
processed, and will<br />
help to hold<br />
businesses to account<br />
for any proven<br />
careless data handling<br />
procedures. Andrew<br />
Joss offers his views<br />
on the GDPR’s<br />
implications for<br />
today’s risk and<br />
security professionals<br />
Across the last few months, the GDPR has<br />
finally begun to gain traction in the<br />
Boardroom as an urgent matter – and with<br />
good reason. One of the most highly-publicised<br />
aspects of the legislation is the threat of noncompliance<br />
fines up to the greater of €20<br />
million or 4% of annual global revenues.<br />
Companies that fail to bring their data<br />
management procedures into line are at risk of<br />
having their finances seriously damaged. No<br />
matter how big a business happens to be, the<br />
GDPR fining system has the potential to drain a<br />
large proportion of revenues if the offence is<br />
deemed serious enough.<br />
That’s without mentioning the huge<br />
reputational damage that will arise with a GDPR<br />
non-compliance case. Consumers are now more<br />
sensitive than ever to how their personal data<br />
is processed and protected, and as the GDPR<br />
impacts consumer rights, it has the potential to<br />
cause highly-publicised cases that will run in<br />
the press as ‘The People versus Corporations’.<br />
In other words, if you fail to comply with the<br />
GDPR, you’re opening yourself up to<br />
reputational disaster.<br />
Technology leaders like Chief Data Officers<br />
and Chief Information Officers must see this<br />
oncoming regulatory challenge as an<br />
opportunity to take the lead in building<br />
compliance into company processes. In doing<br />
so, they can not only appease the regulators,<br />
but also help their companies to achieve<br />
multiple benefits. Ultimately, GDPR compliance<br />
is about having a comprehensive view of – and<br />
detailed control over – the personal data you<br />
process. In the connected era, that data can be<br />
a source of real business benefits.<br />
At this point, it’s important to caveat that<br />
GDPR compliance must always come before<br />
business benefits. Businesses must do what’s<br />
necessary to protect the personal data they<br />
control and, for some, this may run contrary to<br />
their financial interests. However, for many<br />
companies, improving their data management<br />
stance will afford them an opportunity to use<br />
their improved insight for commercial purposes<br />
once compliance has been achieved.<br />
From removing operational silos and creating<br />
more efficient internal processes to improving<br />
customer personalisation programmes, good<br />
data makes for a successful business. Data is<br />
the fuel that drives intelligent decisions:<br />
everything from Netflix’s movie<br />
recommendation system to Google’s query<br />
corrections and your smart phone’s auto-correct<br />
function are powered by data that has been put<br />
to intelligent and effective use. Put simply,<br />
having a clear view of what data you hold<br />
makes it easier to use that data.<br />
The same principles can and should apply to<br />
business decisions. Companies may use the<br />
data they hold on their customers to provide<br />
insights which can guide their marketing<br />
strategy, product roadmap and branding. When<br />
handled properly, it can make businesses work<br />
more cohesively as a unified whole and helps<br />
them to adapt to new challenges in the future.<br />
Ingrained opposition<br />
Companies have to invest to protect data under<br />
their control and develop a roadmap that will<br />
deliver value over time. As a result, for the past<br />
decade the technological and financial barriers<br />
have inhibited progress.<br />
As one example of specious thinking, some<br />
might ask why they ought to dedicate Capex to<br />
a data management project if the business is<br />
already running well? For that reason, data<br />
governance has sometimes been seen as an<br />
add-on rather than a necessity.<br />
There’s also a cultural barrier to overcome in<br />
many cases. Gaining full control of your data<br />
often means changing the way in which the<br />
company works. This can bring with it<br />
difficulties of its own. It can be a long and<br />
arduous process to carve out an integrated<br />
approach, ensuring team leaders are aware of<br />
the aims of the programme and that this<br />
trickles down to all levels. For a company to<br />
truly make the most of its data assets,<br />
everyone needs to be enfranchised. If some<br />
divisions within continue to treat data<br />
carelessly, not only will they be missing out on<br />
the benefits outlined above, but they’ll also be<br />
at risk of non-compliance.<br />
Now, the approach of the GDPR deadline may<br />
force the issue. With the C-Suite more focused<br />
than ever on the importance of good data<br />
management, the Chief Data Officer should<br />
take responsibility for making the company<br />
data-centric and then help it reap the rewards.<br />
With this in mind, there are several points we<br />
consider could be important to help your<br />
business on its GDPR initiative journey.<br />
14<br />
www.risk-uk.com
Opinion: European Union General Data Protection Regulation<br />
Don’t see the GDPR as an enemy. Financial<br />
services companies are used to building many<br />
of their processes around regulation, but many<br />
other industries are not. That can lead them to<br />
feel threatened by the coming change, but<br />
there’s no need to be afraid of making the<br />
necessary preparations. Instead, treat them as<br />
an opportunity for competitive differentiation.<br />
Preparing for the GDPR can help businesses<br />
in gaining a good, in-depth understanding of<br />
the personal data they process. In that sense,<br />
compliance can be a benefit as well as a<br />
challenge. It might damage those who are not<br />
prepared for it, but on the other hand it can<br />
afford others plenty of valuable insights to help<br />
drive growth and customer engagement.<br />
Planning your programme<br />
Plan your compliance programme carefully. The<br />
journey towards GDPR compliance is often a<br />
long one. It’s important to be able to show<br />
regulators and stakeholders alike that you’re<br />
intentional and serious about reaching<br />
compliance by the deadline of May next year,<br />
and that you have control over your data. Begin<br />
as soon as you can and stick with it.<br />
Also, map out your data. A good way to start<br />
on GDPR compliance is identifying how your<br />
organisation processes personal information<br />
across its ecosystem so you can appropriately<br />
process and effectively secure it. To do that, we<br />
think you would want a clear view of your entire<br />
data landscape. Think of it like a macro version<br />
of ‘Where’s Wally?’ If you can only search part<br />
of the picture, you might find Oswald or Wenda,<br />
but you’re probably not going to find Wally.<br />
As a result, organisations may wish to<br />
consider automating the data discovery<br />
process. Manually sorting through the huge<br />
amounts of data involved often takes a lot<br />
longer than predicted and, as your data is<br />
evolving all the time, your insights will be stale<br />
almost as soon as you produce them.<br />
Automated data discovery and management<br />
can speed up the process and help you to keep<br />
pace with shifting data inputs. By generating a<br />
risk score for relevant data, today’s<br />
organisations can then begin to understand<br />
how to start prioritising remedial activities.<br />
Involve the whole company. This isn’t just a<br />
problem for application developers: the entire<br />
business from the top down needs to be on<br />
board with making GDPR compliance and data<br />
centricity a success. This means the Chief Data<br />
Officer needs to ensure that senior<br />
stakeholders such as the CEO are involved and<br />
committed right from the start, as they can<br />
help to unify the company around the single<br />
goal of achieving compliance.<br />
In addition, maintain a good dialogue with<br />
your Legal Department. The professionals<br />
operating within are a key part of protecting the<br />
company and can help you to understand the<br />
scope of what’s required.<br />
External expertise<br />
Bring in the right external expertise.<br />
Technology alone isn’t enough for this task. It’s<br />
an accelerator for a GDPR initiative, but it’s only<br />
one part of the story.<br />
You may also require switched-on business<br />
consultancy to go hand-in-hand with it.<br />
Ultimately, companies may need to re-engineer<br />
their entire operational structure to<br />
accommodate the new GDPR, so it’s entirely<br />
possible they’ll also need insightful strategic<br />
counsel to help them do so.<br />
Start now, not later. Potentially, Chief Data<br />
Officers face a long and uphill task to meet the<br />
GDPR’s requirements, so starting now is key.<br />
Like the proverbial bird, the company that<br />
begins early will catch the compliance worm<br />
and the market share that comes with it. The<br />
tools and techniques are available to do so.<br />
Last year, organisations could afford to<br />
theorise about the EU’s GDPR. We believe now<br />
is the time for concerted action.<br />
Andrew Joss:<br />
Head of Industry Consulting<br />
(EMEA) at Informatica<br />
“With the C-Suite more focused than ever on the importance<br />
of good data management, the Chief Data Officer should<br />
take responsibility for making the company data-centric”<br />
15<br />
www.risk-uk.com
Pay Rates in Security: The Highs and Lows<br />
Although the pay rates<br />
that security officers<br />
are awarded remain a<br />
cause for concern, the<br />
issue points to a wider<br />
problem regarding<br />
training and skills<br />
development, not to<br />
mention the way in<br />
which personnel are<br />
deployed. In the first<br />
instalment of a new<br />
regular section for the<br />
readers of Risk UK,<br />
Graham Allison<br />
explains why security<br />
services providers<br />
need to offer<br />
sustainable careers for<br />
employees in order to<br />
increase their value<br />
and ensure that<br />
customers receive the<br />
highest levels of<br />
service at all times<br />
According to PayScale, a security officer can<br />
start out on a pretty low wage of £7.73 an<br />
hour. That figure is just 23 pence higher<br />
than the National Minimum Wage. A selfinflicted<br />
culture of competitive undercutting, an<br />
obsession with market share and the inability<br />
to professionalise the industry by offering<br />
talented young people a career path has led to<br />
a situation wherein the majority of customers<br />
simply don’t place a high enough value on their<br />
security guarding operations – and will not pay<br />
a penny more than they have to for the service.<br />
This status quo has far-reaching implications<br />
for customers, some of whose preoccupation<br />
with lowest cost is increasingly proving to be a<br />
false economy. At a point in time when their<br />
security strategies should be watertight, many<br />
customers don’t have adequate measures in<br />
place to counter risks or threats.<br />
Revamped security regime<br />
Similarly, tenders are often carried out on an ‘as<br />
is’ basis simply because purchasers are<br />
concerned that the outlay for implementing<br />
measures different than those already in place<br />
will cost them more. While this can indeed be<br />
the case, it’s equally possible that a revamped<br />
security regime could cost less: a more<br />
optimised service will be more efficient.<br />
While at first glance it might appear that this<br />
issue has little to do with low pay, the fact is<br />
that a more holistic strategy will reduce<br />
response times, lower security-related<br />
expenditure for retailers and improve the<br />
quality of the security operatives deployed.<br />
What it also means is that security officers are<br />
given a real opportunity to demonstrate Return<br />
on Investment against a defined set of Key<br />
Performance Indicators (KPIs). In turn, this<br />
drives up their skills, value and, therefore, pay.<br />
However, we still have a long way to go. The<br />
problem is that the approach to loss prevention<br />
and protecting organisations from those with<br />
malicious intent is fundamentally the same as it<br />
has always been. Traditional Shopping Centre<br />
security, for example, encourages a silo-based<br />
mentality wherein, as well as paying a service<br />
charge for the security guarding of public areas,<br />
retailers also procure their own in-store<br />
operatives. This often leads to a fragmented,<br />
costly and ineffective security strategy that<br />
doesn’t enable adequate measures to be put in<br />
place to counter any risks or threats and<br />
proactively deal with them when they happen.<br />
Problem solving<br />
By using existing technology and adopting<br />
smarter thinking this issue could be resolved. If<br />
a panic button were to be installed within each<br />
store, security officers in a Shopping Centre’s<br />
public areas could be notified via a smart<br />
phone, tablet or even a remote monitoring<br />
centre where and when help is needed and<br />
provide an immediate response. Such a<br />
‘clustered’ solution eliminates the need for<br />
retailers to employ their own personnel – or at<br />
least it can prompt them to reduce their<br />
number – and reassures them that help is at<br />
hand at the press of a button.<br />
It’s an approach that has benefits for all<br />
interested parties, as it reduces expense for<br />
retailers by dint of them not having to pay twice<br />
over for security. It also increases margins for<br />
the security services provider and allows them<br />
to deploy more highly-trained and skilled<br />
personnel. The same logic applies to retail<br />
parks, business and technology parks and even<br />
multi-tenanted office spaces.<br />
To ensure standards of response are<br />
maintained regardless of the size of the<br />
organisation, KPIs can be agreed in advance.<br />
Security operatives can use smart devices for<br />
live incident reporting and organisations may<br />
work together, talk to each other and create a<br />
more cohesive security solution with no silos<br />
and greater degrees of information sharing.<br />
Gathering the right data means that security<br />
16<br />
www.risk-uk.com
Opinion: Security Business Sector Insight<br />
officers can be deployed more effectively and<br />
helps them provide a better level of service.<br />
Added value<br />
A security strategy can only ever be as effective<br />
as the people charged with implementing it on<br />
a day-to-day basis. The aforementioned<br />
‘intelligent guarding’ approach combines<br />
technology, and the data produced by it, with<br />
people who are able to deal with the outputs of<br />
these systems. As we’ve stated on previous<br />
occasions, knowledge about loss prevention,<br />
report writing, behavioural analysis and<br />
profiling, Health and Safety, data and<br />
intelligence gathering and First Aid, in tandem<br />
with excellent customer service skills, is now<br />
vital for the modern security officer, as is their<br />
ability to work and function as part of a team<br />
with non-security based personnel.<br />
Likewise, in these uncertain times the threat<br />
posed by terrorist activity must be taken<br />
seriously and there are obviously some<br />
locations at higher risk of attack than others.<br />
Again, those with specialist training in counterterrorism<br />
strategies will be able to undertake<br />
an appraisal of the threat posed and outline the<br />
communications system, infrastructure and<br />
decision-making processes necessary in the<br />
event of an attack.<br />
It’s by focusing on the development of these<br />
skills that the overall worth of the security<br />
officer’s role can be elevated. Investing in<br />
employees ensures that they’re given the<br />
requisite knowledge to develop their careers.<br />
This facilitates a virtuous circle, whereby if a<br />
company looks after its employees, those<br />
employees will look after its customers who, in<br />
turn (and by retaining the security company’s<br />
services long-term), will enhance profitability.<br />
It also engenders a corporate ethos of<br />
inclusivity, pride, loyalty and commitment, as<br />
well as increasing staff retention.<br />
Upping the game<br />
If this concept is promoted, acknowledged and<br />
accepted then margins might start to improve<br />
and, as a result, more talented individuals will<br />
consider working in the security business<br />
sector as an attractive career choice. It could<br />
also start to tackle the lack of diversity in terms<br />
of gender, ethnicity and age in the industry,<br />
which is nothing short of shocking.<br />
If a security officer doesn’t possess the skills,<br />
talent and basic training needed to use the<br />
technology-based tools at their disposal, then<br />
at the end of the day the concept of intelligent<br />
guarding will never progress.<br />
However, it mustn’t be forgotten that, above<br />
all else, security guarding is a people-focused<br />
service. The key to long-term success involves<br />
bringing the two worlds together.<br />
Added to that, with so much change<br />
happening in the industry, knowledge provision<br />
shouldn't be seen as a ‘quick fix’. On the<br />
contrary, companies must invest in the<br />
Continuing Professional Development of their<br />
employees and create a culture of ongoing<br />
improvement. This means that employees will<br />
perform to the standards required. It’s the kind<br />
of expertise that can literally be the difference<br />
between life and death.<br />
The security industry clearly has much to do<br />
in terms of increasing the professionalism of<br />
those working within it, but at times can be its<br />
own worst enemy. A business sector that<br />
employs in excess of 350,000 professional and<br />
licensed operatives should be doing much more<br />
to address the negative perceptions held of it<br />
within wider society. There’s currently a distinct<br />
lack of knowledge and appreciation for the role<br />
that security personnel play in keeping people,<br />
property and assets safe.<br />
Sadly, it would appear that trade bodies have<br />
little interest in promoting the positives of the<br />
security guarding sector. Therefore, the security<br />
services industry must do more to communicate<br />
the positives it offers. Frankly, if it doesn’t do so<br />
then it will continue to struggle attracting high<br />
quality individuals from what’s now a rapidly<br />
diminishing pool of talent.<br />
Looking ahead<br />
The commoditisation of security services and<br />
those who perform them is by no means a<br />
recent phenomenon and, to a greater or lesser<br />
extent, the industry only has itself to blame. It<br />
needs to adapt in order to meet the demands of<br />
the future through innovative ways of working<br />
which are already offering Return on<br />
Investment, while also elevating the position of<br />
security officers and increasing their pay.<br />
Although some customers will always expect<br />
‘champagne for beer money’, forward-thinking<br />
organisations across a diverse array of vertical<br />
sectors are already beginning to realise the<br />
benefits of information sharing and appreciate<br />
precisely why skilled security personnel are<br />
worth the investment.<br />
It’s therefore beholden upon security service<br />
providers to build on this by investing in their<br />
people and offering them the types of careers<br />
deserving of such a vital role.<br />
Graham Allison: Managing<br />
Director of Cardinal Security<br />
*Security Business Sector Insight<br />
is the space where members of<br />
Cardinal Security’s management<br />
team examine current and often<br />
key-critical issues directly<br />
affecting today’s companies and<br />
their customers. The thoughts and<br />
opinions expressed here are<br />
intended to generate debate and<br />
discussion among practitioners<br />
within the professional security<br />
and risk management sectors. If<br />
you would like to make comment<br />
on the views outlined on these<br />
pages, please send an e-mail to:<br />
brian.sims@risk-uk.com<br />
**Cardinal Security was formed<br />
back in 2003 and is a privatelyowned<br />
company delivering<br />
innovative security solutions<br />
throughout the UK, Europe and the<br />
US. The business is a leading<br />
supplier of security officers, store<br />
detectives and key holding to the<br />
retail and logistics industry and<br />
works with many well-known<br />
brands including Arcadia, Asda,<br />
Dixons Carphone, Footasylum,<br />
House of Fraser, Morrisons and UK<br />
Mail. Cardinal Security is a<br />
Security Industry Authority<br />
Approved Contractor and in the Top<br />
5% of all security providers<br />
“A sector that employs in excess of 350,000 professional<br />
and licensed operatives should be doing much more to<br />
address the negative perceptions held of it in wider society”<br />
17<br />
www.risk-uk.com
Cybersecurity?<br />
Buckle up.<br />
At Axis, we do everything we can to mitigate the risks of cyber attack. We have 100% focus on<br />
cybersecurity. We build protection right into your network camera solutions. And we work hard to make<br />
it easy for you to play your part. But we really can’t do it without you.<br />
Because cyber protection is a lot like the seatbelt in your car. It won’t keep you safe unless you use it.<br />
Learn Visit more about axis.com/about-axis/cybersecurity Axis’ quality assurance work<br />
at axis.com/quality and find out how to stay protected!
BSIA Briefing<br />
Biometrics is the technical term for body<br />
measurements and calculations and refers<br />
to metrics related to human<br />
characteristics. Biometric authentication, which<br />
is sometimes referred to as ‘realistic<br />
authentication’, is used in computer science as<br />
a form of identification and access control. It’s<br />
also employed to identify individuals in groups<br />
that are under surveillance.<br />
Biometric identifiers are distinctive and<br />
measurable characteristics used to describe<br />
individuals. They’re often categorised as<br />
physiological versus behavioural<br />
characteristics. The former are related to the<br />
shape of the body, with examples including<br />
(but not limited to) fingerprints, palm veins,<br />
facial recognition, DNA, palm prints, hand<br />
geometry and iris recognition.<br />
Behavioural characteristics are related to the<br />
pattern of behaviour of a person, including (but<br />
not limited to) their walking gait and voice.<br />
Indeed, some researchers have coined the term<br />
‘behaviour metrics’ to describe this particular<br />
class of biometrics.<br />
More traditional means of access control<br />
include token-based identification systems,<br />
such as a driver’s license or passport, and<br />
knowledge-based identification systems (such<br />
as a password or PIN). Since biometric<br />
identifiers are unique to individuals, they’re<br />
viewed as being far more reliable when it<br />
comes to verifying identity than token and<br />
knowledge-based methods. However, there has<br />
been much debate over the years about the fact<br />
that the collection of biometric identifiers raises<br />
privacy concerns around the ultimate use of<br />
gathered information.<br />
What is biometric security?<br />
Essentially, all biometric systems work by<br />
unobtrusively matching patterns of live<br />
individuals’ data in real-time against enrolled<br />
records. Data is initially read with an<br />
‘enrolment’ reader and then ‘encoded’ into a<br />
template which is usually stored in an access<br />
control database or on a smartcard for use at<br />
some later juncture.<br />
The encoding process ensures that the data<br />
cannot be reproduced from the template, but<br />
only compared against a recent read sample for<br />
a pass or fail result.<br />
Biometrics have been recorded and used<br />
within society since the late 19th Century, with<br />
fingerprint identification being used by police<br />
agencies around the world to identify both<br />
suspected criminals as well as the victims of<br />
crime. Since then, and as mentioned,<br />
approaches have extended to the iris, face,<br />
hand geometry and, more recently, the heart.<br />
Biometrics: An Alternative<br />
View of Security Management<br />
Alongside incredible advancements in medicine and science,<br />
innovative methods of accessing systems using the human<br />
body have led to an explosion in biometric security solutions.<br />
Here, James Kelly discusses the current biometrics market<br />
and some future trends worth keeping an eye on for today’s<br />
practising security management professionals<br />
In an era where personal information leaks<br />
from major organisations now appear to be<br />
increasingly common, security has had to<br />
evolve far beyond traditional physical locks and<br />
keys. Scientists and engineers have developed<br />
innovative ways of using unique identifiers<br />
within the human body to create access control<br />
systems that are ‘un-hackable’ to even the most<br />
tech-savvy of criminals.<br />
Just this year, researchers at the University of<br />
Buffalo in New York announced that they’ve<br />
developed a security method that uses the<br />
measurements of an individual’s heart to<br />
identify and authenticate a user. This futuristicsounding<br />
method makes use of low-level<br />
Doppler radar to determine the heart’s<br />
dimensions. With the initial scan taking roughly<br />
eight seconds, the system can then<br />
continuously monitor the heart of the user to<br />
make sure another user hasn’t stepped in to<br />
work on the machine.<br />
Beyond making it much easier to log in and<br />
log out, this method makes it incredibly difficult<br />
– if not actually impossible – for criminals or<br />
imposters to infiltrate a system as every user’s<br />
James Kelly: CEO of the British<br />
Security Industry Association<br />
19<br />
www.risk-uk.com
BSIA Briefing<br />
*For more information on<br />
biometric technology, take a<br />
look at the BSIA’s ‘Access<br />
Control: Biometrics User<br />
Guide’ which provides an<br />
invaluable overview of the<br />
main types of biometrics,<br />
system architectures and the<br />
advantages and<br />
disadvantages of today’s<br />
systems as well as the factors<br />
to be considered when<br />
choosing the right solution.<br />
Download the BSIA’s Guide<br />
at: www.bsia.co.uk/<br />
web_images//publications/<br />
181_Access control_<br />
biometrics_user_ guide.pdf<br />
heart dimensions are different and certainly<br />
unique to them.<br />
Fingerprint technology<br />
Fingerprint technology has also developed in<br />
recent years in order to thwart criminals from<br />
counteracting security regimes by taking<br />
impressions of fingerprints. With fake finger<br />
tips capable of mimicking human skin available<br />
to criminals, advances in optical sensor<br />
implementation have now made it possible for<br />
fingerprint readers to look beyond the surface<br />
of the print to the subcutaneous layers of the<br />
skin (such as the capillaries underneath) which<br />
would not be as easily replicated.<br />
Iris recognition is another area of biometrics<br />
that has raised the bar when it comes to<br />
accuracy. In comparison with fingerprint-based<br />
systems, when they were first introduced, iris<br />
systems were producing hundreds or<br />
potentially thousands of fewer false<br />
acceptances. These systems take an image of a<br />
person’s iris and apply pattern recognition<br />
algorithms. The next time the iris is presented<br />
to the recognition reader, a comparison can<br />
then be made with the stored pattern.<br />
Iris systems tend to be seen most regularly in<br />
airports, but with the introduction of biometric<br />
passports they’re now becoming less common.<br />
However, due to their abilities they do have a<br />
place in specialist high security applications.<br />
Like iris systems, facial recognition<br />
technology has been widely available in recent<br />
years. Apple has made use of the technology in<br />
the creation of its new Face ID feature available<br />
on the iPhone X which is due to be released<br />
this month. According to Apple, the new system<br />
is 20 times more secure than Touch ID, the<br />
fingerprint-based system previously included<br />
on the company’s products.<br />
With Face ID, Apple has implemented a<br />
secondary system that exclusively looks out for<br />
attempts to fool the technology. Both the<br />
authentication and spoofing defence are based<br />
on machine learning, but while the former is<br />
trained to identify individuals from their faces,<br />
the latter is used to look for signs of cheating.<br />
According to Apple: “An additional neural<br />
network that’s trained to spot and resist<br />
spoofing defends against attempts to unlock<br />
your phone with photos or masks.” If a<br />
completely perfect mask is made which fools<br />
“Like iris systems, facial recognition technology has been<br />
widely available in recent years. Apple has made use of the<br />
technology in the creation of its new Face ID feature<br />
available on the iPhone X”<br />
the identification neural network, the defensive<br />
system will still notice – as, indeed, would a<br />
human. All that said, Apple’s Face ID is not<br />
without its restrictions. The Cupertino,<br />
California-based company has reported that it’s<br />
not suitable for users under the age of 13 or<br />
those with identical twins.<br />
Advantages of biometrics<br />
Biometric technology can be extremely<br />
advantageous in terms of playing a<br />
fundamental role in an extensive security<br />
strategy. In regards to access control, the<br />
technology is attractive to users for a number of<br />
reasons, primarily because information cannot<br />
be passed along to another person in the same<br />
way that an access card or PIN might be. This<br />
can also be useful in terms of Human Resources<br />
management, reducing identification fraud<br />
among employees during ‘clocking-in’.<br />
The technology can help to eliminate security<br />
threats that may arise when cards or PINs are<br />
either lost or borrowed, not to mention the cost<br />
savings made by removing the management of<br />
lost, stolen or forgotten access cards.<br />
This is not to say that biometric technology<br />
doesn’t have its disadvantages, with readers<br />
sometimes taking slightly longer to identify<br />
users than card-based systems, particularly as<br />
users usually have to stop and properly identify<br />
themselves to biometric readers.<br />
Not everyone can use biometric systems,<br />
either. Such solutions rarely suit an external or<br />
exposed location and, in extreme cases,<br />
fingerprint readers can fail to identify those<br />
users with damaged, dirty or worn fingerprints.<br />
Additionally, it’s important to note that the<br />
correct management of biometric systems is<br />
critical in ensuring that any data protection<br />
concerns are always alleviated.<br />
As mentioned, biometrics based on brain<br />
(electroencephalogram) and heart<br />
(electrocardiogram) signals have emerged. A<br />
research group at the University of Kent led by<br />
Ramaswamy Palaniappan has shown that<br />
people have certain distinct brain and heart<br />
patterns specific to each individual.<br />
The advantage of such ‘futuristic’ technology<br />
is that it’s more fraud resistant than<br />
conventional biometrics. However, this<br />
technology is generally more cumbersome and<br />
still has noted issues (such as lower accuracy<br />
and poor reproducibility over time).<br />
This new generation of biometric systems<br />
has been dubbed ‘the biometrics of intent’. The<br />
technology will analyse physiological features<br />
such as eye movement, body temperature or<br />
breathing and predict dangerous behaviour or<br />
hostile intent before it translates into action.<br />
20<br />
www.risk-uk.com
ENCRYPTED HIGH SECURITY<br />
CLASS 5<br />
Encrypted High Security<br />
End of Line Modules Are Only the Beginning<br />
Inner Range’s Infiniti Integriti Class 5<br />
is High a complete Security Hardware/Software<br />
System<br />
solution is a complete designed Hardware/Software<br />
specifically for<br />
Class solution 5/Zone designed 3 installations. specifically for<br />
High Security installations.<br />
Our range includes:<br />
Our All range Software includes:<br />
Hardware All Software Controllers<br />
End Hardware of Line Controllers Modules<br />
Power End of Supplies Line Modules<br />
Keypads Power Supplies<br />
Enclosures Keypads<br />
Communications Enclosures Devices<br />
Access Communications Control Readers Devices<br />
Credentials<br />
Access Control Readers<br />
Why Credentials take chances?<br />
Full<br />
Why<br />
End<br />
take<br />
to End<br />
chances?<br />
Encryption<br />
compliant Full End to with End AS/NZS Data Encryption 2201.1:2007<br />
Class Externally 5 Externally Certified Certified<br />
BEST NEW PRODUCT<br />
OF THE YEAR<br />
MEMBER<br />
AUSTRALIAN SECURITY INDUSTRY<br />
ASSOCIATION LIMITED<br />
T: +44 +61 3 (0)845 9780 4300 470 5000<br />
E: integriti@innerrange.com<br />
IREnquiries@innerrange.com<br />
W: innerrange.com<br />
T: 1300 319 499 W: csd.com.au
There’s full agreement<br />
within the security and<br />
risk management<br />
industry that technical<br />
security systems<br />
should be designed<br />
according to the<br />
unique risk profiles of<br />
those systems’<br />
intended recipients.<br />
This makes sense: the<br />
arrangement and<br />
capabilities of security<br />
systems required for a<br />
retail outlet to prevent<br />
petty theft are far<br />
different from those<br />
that a nuclear power<br />
plant needs to guard<br />
against acts of<br />
terrorism. With this in<br />
mind, Philip Strand<br />
examines the science<br />
of security design<br />
Advancing the Science of<br />
Risk-Based Security Designs<br />
Risk profiles are normally determined by<br />
risk managers who carry out Risk, Threat<br />
and Vulnerability (RTV) assessments.<br />
Unfortunately, while many organisations are<br />
able to conduct such assessments, the<br />
information derived from them is often not<br />
complete enough or not rendered in a format<br />
that can be readily used by security system<br />
designers and engineers.<br />
When RTV assessments are written without a<br />
practical understanding of security system<br />
design, there’s a risk of reports being produced<br />
that lack the basic information required to<br />
select and design appropriate security systems.<br />
This can lead to excessive delays in project<br />
timelines as additional information then has to<br />
be gathered. Additional workshops and<br />
meetings may need to be held, photographs<br />
may not show designers what they need to see<br />
and/or the capabilities and intents of threat<br />
actors might not be discussed in a sufficient<br />
enough degree of detail. In the worse case<br />
scenarios, inadequate security systems might<br />
be selected, purchased and installed.<br />
Whether a company is a specialist in risk<br />
management, security system design or both,<br />
it’s worth the time of those professionals within<br />
to ensure that there’s an efficient process in<br />
place for incorporating the findings of RTV<br />
assessments into security system designs.<br />
These two products should be viewed as subcomponents<br />
of a single holistic security<br />
solution planning process.<br />
Discussed in isolation<br />
It takes only a cursory review of literature<br />
regarding ‘RTV Assessments’ and ‘Technical<br />
Security Design and Engineering’ to see that<br />
these two subjects are often discussed and<br />
written about in isolation from one another.<br />
The body of knowledge related to risk<br />
management is saturated. Terms have been<br />
defined and theories and methodologies are in<br />
advanced stages of evolution.<br />
Industry Best Practices have been<br />
established through professional bodies<br />
designed to promote risk-based decisionmaking.<br />
Indeed, most Best Practices have been<br />
codified further by international (ie ISO) and<br />
national-level (ie BS EN) standards.<br />
The body of knowledge related to ‘Technical<br />
Security Design and Engineering’ is also fullysaturated<br />
in terms of literature defining<br />
industry Best Practices. Those Best Practices<br />
are fully-supported through professional<br />
bodies, training curriculums, licensing schemes<br />
and, again, via international and national-level<br />
standards. Literature concerning technical<br />
designs is primarily vocational and lacks many<br />
of the theoretical frameworks inherent to social<br />
science subjects. However, this would appear to<br />
be both expected and justifiable given the<br />
technical nature of engineering.<br />
What’s noteworthy here is that, despite the<br />
fact that nearly all recognised engineering<br />
processes describe the importance of<br />
‘customer’ (ie operational) requirements,<br />
there’s no industry-wide accepted process for<br />
ensuring that the operational requirements for<br />
security systems are derived from the unique<br />
risk profiles of systems’ individual recipients.<br />
Equally lacking here, risk management<br />
literature recognises the importance of<br />
identifying threats and risks, but there’s no<br />
clear process for ensuring that relevant and<br />
accurate information is subsequently translated<br />
into technical security designs. At an industry<br />
level, any push to research and develop a<br />
process for aligning these two products would<br />
measurably improve designers’ abilities to<br />
generate risk-based security designs.<br />
Bridging the gap<br />
Fortunately, companies wishing to develop a<br />
single process don’t have to begin their quest<br />
from ‘zero’. The Centre for the Protection of<br />
22<br />
www.risk-uk.com
Risk and Security Management<br />
National Infrastructure’s ‘Operational<br />
Requirements Report’ is an example of an<br />
existing product that endeavours to bridge the<br />
gap between RTV assessments and security<br />
system designs. One document, however, isn’t<br />
a ‘process’ and there are still a few challenges<br />
that the industry – not to mention individual<br />
companies – have yet to overcome.<br />
First, there are often knowledge and<br />
communication gaps between ‘risk assessment’<br />
professionals and security system designers.<br />
The fact that risk assessors cannot efficiently<br />
write for designers if the former don’t actually<br />
know the designers’ process is an obvious<br />
potential difficulty.<br />
Even more basic than this is the fact that<br />
there are still no commonly-accepted<br />
definitions for many risk-related terms. ISO<br />
31000 – Guide 73: 2009 – Risk Management<br />
Vocabulary is an example of an effort to<br />
standardise terminology, but some of the terms<br />
are vague, illogical when closely examined, not<br />
accepted in colloquial speech or industry<br />
parlance and (most importantly) not always<br />
known by designers and engineers.<br />
Non-risk professionals commonly use the<br />
terms ‘risk’ and ‘threat’ interchangeably. The<br />
definitions of ‘risk tolerance’ and ‘risk appetite’<br />
are also commonly confused.<br />
Some companies may be challenged by the<br />
different computer programs and software<br />
favoured by risk assessment professionals<br />
versus security system designers. Many risk<br />
management professionals are heavily reliant<br />
on basic software like that of the Microsoft<br />
Office Suite. Security system designers often<br />
have access to more powerful alternate<br />
software (ie CAD and other professional-level<br />
rendering programs) that demands more<br />
powerful computers (which designers also<br />
normally have). While designers’ unique need<br />
for more powerful tools is justifiable given their<br />
roles, differences become problems when<br />
people in different departments cannot readily<br />
exchange drawings and site plans.<br />
Unclear standards<br />
Other challenges may be related to unclear<br />
standards for both RTV assessments and<br />
‘Technical Security Design and Engineering’<br />
products. While it’s good that there are<br />
numerous accrediting bodies, standards and<br />
guidelines to promote professional quality work<br />
within the industry, it’s not good that different<br />
risk and design individuals adhere to different<br />
standards and guidelines. It’s not always clear<br />
which sets of standards people are working to<br />
and, if risks are not clearly described and<br />
prioritised in RTV assessments, then designers<br />
“Non-risk professionals commonly use the terms ‘risk’ and<br />
‘threat’ interchangeably. The definitions of ‘risk tolerance’<br />
and ‘risk appetite’ are also commonly confused”<br />
may underestimate or overestimate the<br />
specifications required.<br />
Many of the challenges mentioned appear<br />
easy to overcome and, in some cases, they may<br />
be. However, when it comes to efficient<br />
processes, the devil is always in the detail.<br />
It may be a bit much to believe that a single<br />
company will be able to, for example, singlehandedly<br />
standardise terms across the<br />
industry, but in-house workshops that include<br />
both risk assessment professionals and<br />
security system designers are very achievable<br />
and worthwhile investments. The output of<br />
such a workshop will be that terminology is<br />
codified to create a common language between<br />
risk assessment professionals and security<br />
system designers.<br />
Another workshop that normally helps an<br />
organisation when it comes to refining their<br />
security solution planning process should be<br />
aimed specifically at identifying the exact<br />
products and services deemed to be integral to<br />
both risk management and security designs.<br />
Most organisations conducting this sort of<br />
exercise are highly likely to find that there are<br />
fewer distinct work packages related to risk<br />
management projects than there are for<br />
security design and engineering projects.<br />
Each work package must be identified,<br />
defined, scoped and ordered according to<br />
production sequence and priority. This will<br />
provide stakeholders with an in-depth<br />
knowledge of each work package, which then<br />
allows links to be drawn between the work<br />
packages in both departments. Designers’<br />
needs become known to risk assessors and the<br />
latter can then ensure that every part of their<br />
report provides key information.<br />
Enough research, examination and<br />
experimentation is likely to lead to the<br />
successful development of a process that<br />
begins with an RTV assessment and finishes<br />
with a risk-based technical security design.<br />
Investments of time and effort can ensure that<br />
new processes are more closely matched to<br />
identified threats and risks than anything an<br />
organisation has seen before.<br />
Analysing, designing and testing new<br />
processes for informing technical security<br />
designs can lead to new tools for<br />
communicating risk-related (ie qualitative)<br />
information to engineers who require technical<br />
(ie quantitative) information.<br />
Dr Philip Strand PhD MBA:<br />
Senior Risk Consultant at<br />
CornerStone GRG<br />
23<br />
www.risk-uk.com
Failing to Invest is Investing to Fail<br />
Security threats posed<br />
to the extractive<br />
industry are changing.<br />
Improvements in<br />
technology, the<br />
continuing<br />
proliferation of small<br />
arms and advances in<br />
criminal/militant<br />
group intelligencegathering<br />
processes<br />
are driving an<br />
increasing demand for<br />
more effective, holistic<br />
and integrated<br />
security arrangements,<br />
as Philip O’Sullivan<br />
duly observes<br />
24<br />
www.risk-uk.com<br />
Intelligence and experience demonstrates<br />
that aggressors are better equipped, better<br />
armed and increasingly better prepared to<br />
carry out a range of damaging activities against<br />
extractive projects than in times past. Growing<br />
global geopolitical tensions are further<br />
catalysing this increase in risk.<br />
Among such drivers are worsening grievances<br />
motivating militant groups such as the<br />
Movement for the Emancipation of the Niger<br />
Delta, increasing levels of organised crime and<br />
heightening resource scarcity. The mitigation of<br />
threats to extractive projects from political and<br />
criminal violence is obviously heavily within the<br />
interests of both the insurer and the insured.<br />
The insurance industry has significant vested<br />
interest in reducing risk and liability for the<br />
consequences of political and criminal violence<br />
in the extractive sector. At the same time,<br />
developments in corporate manslaughter<br />
legislation are further motivating businesses to<br />
ensure the safety of their personnel.<br />
One way of achieving this is by specifying<br />
security, medical and contingency services<br />
within a policy in order to minimise the<br />
likelihood and consequences of an ‘event’.<br />
Such provisions significantly benefit both<br />
parties. For the insured, there’s the potential for<br />
substantial reduction in premiums, not to<br />
mention the safeguarding of human,<br />
shareholder and reputational well-being. For<br />
the insurer, these provisions mitigate the risk or<br />
size of potential claims. Insurers are now<br />
developing relationships with emergency<br />
response, intelligence and security providers.<br />
The extractive industry presents a unique<br />
range of vulnerabilities, characterised as it is by<br />
large static sites, high numbers of personnel,<br />
operations in volatile, inhospitable regions and<br />
the handling of high value materials and<br />
machinery. These vulnerabilities, combined<br />
with the high value resources and assets<br />
involved, make extractive projects an attractive<br />
target for criminal, militant and terrorist groups.<br />
From the beginning<br />
Given such increasing physical, legal and<br />
insurance requirements for security provision,<br />
it’s highly advisable for protective and<br />
preventative measures to be integrated into an<br />
extractive project from the very beginning. It’s<br />
no longer adequate to have one or two armed<br />
security personnel as an afterthought catering<br />
to the security of the entire operation. The<br />
increasing dynamism of the security<br />
environment necessitates intelligence-led<br />
practices, appropriate security and medical<br />
measures and rapid crisis response services.<br />
In order to address these extractive security<br />
challenges, a comprehensive and bespoke<br />
intelligence, security and emergency response<br />
package is necessary to meet the specific<br />
operating requirements of the region, project<br />
and client involved. Insurers should select their<br />
chosen intelligence, security and emergency<br />
response organisation with great care and<br />
diligence, consulting with each candidate to<br />
determine who’s most suitable and effective.<br />
In all honesty, many of these companies put<br />
significant funding into marketing and their<br />
public image while perhaps skimping on their<br />
services and solutions.<br />
There are four levels of security, in turn<br />
focusing on intelligence and risk reports, preevent<br />
physical security asset provision, tracking<br />
and crisis response and extraction. Let’s take a<br />
look at each of them.<br />
Intelligence and risk reports<br />
Regular, up-to-date intelligence reports using a<br />
range of critically-assessed, rigorouslyanalysed<br />
sources including dedicated satellite<br />
imagery, human intelligence networks, social<br />
media analytics and local news analysis should<br />
inform the activities of clients. Such information<br />
enables the avoidance of high risk areas<br />
altogether, and therefore vastly reduces the risk<br />
of an encounter with aggressors.<br />
In addition, these reports should inform<br />
regular employee safety training, scenario<br />
simulation, crisis response drills and Best<br />
Practice familiarisation. Such preparation forms<br />
the key foundations of an holistic policy that<br />
will save lives, assets and business reputation<br />
while also minimising claims. This process must<br />
begin at the earliest possible stage of a project<br />
to ensure a suitable level of integration and<br />
employee familiarity with security procedure.<br />
A developing tool of particular note is social<br />
media analysis. Intelligence gained from a<br />
regional analysis of social media feeds<br />
contributes to an ongoing localised threat<br />
assessment, allowing the detection of dissent<br />
or grievance within local communities.<br />
Among other things, these tools also enable<br />
the observation of the online activity of<br />
company employees. This facilitates a degree of<br />
protection against insider threat by highlighting<br />
any irresponsible sharing of sensitive details or<br />
the expression of negative or aggressive
Security Management in the Extractive Industry<br />
sentiment towards the employer. Intelligenceled<br />
prevention of high risk scenarios<br />
contributes towards the minimisation of a crisis<br />
for the insured or a claim for the insurer.<br />
Physical security asset provision<br />
Given the dynamism and unpredictability of<br />
many operating environments, the appropriate<br />
provision of adequate protective measures<br />
(including armoured vehicles, multilingual<br />
armed or unarmed security escorts and medical<br />
teams) should be applied if recommended. The<br />
chosen organisation named in the policy will<br />
carry out comprehensive and informed risk<br />
assessments and advise on the best measures<br />
to be put in place.<br />
The chosen security provider will put these<br />
measures in place and co-ordinate and control<br />
them out of their own Security Operations<br />
Centre. The Operations Centre is a 24/7/365<br />
communications hub based at the offices of the<br />
organisation that will operate crisis control, coordinate<br />
personnel and vehicle tracking,<br />
command security/medical teams and organise<br />
emergency response on the ground.<br />
Tracking services are essential to maintain<br />
up-to-date knowledge of the whereabouts of<br />
personnel and assets. Small dedicated tracking<br />
devices – some of which are available with<br />
gyroscope, accelerometer and audiovisual<br />
technology – should be distributed to<br />
personnel to ensure they’re keeping to preagreed<br />
travel itineraries and behaviours.<br />
In addition, regular telephone or SMS ‘checkins’<br />
should be arranged to ensure the safety<br />
and location of personnel throughout the day<br />
and night, with pre-agreed passwords to ensure<br />
lack of clandestine duress. This provides a<br />
capacity both to ensure the security of<br />
employees and also maintain a comprehensive<br />
picture of employee activities, at the same time<br />
protecting against insider threats from<br />
belligerent or irresponsible members of staff.<br />
A particular risk that’s regularly faced by<br />
extractive companies is basic vehicle theft.<br />
Given the terrain and distances typically<br />
encountered in extractive projects, such theft<br />
can potentially be highly damaging to<br />
operations. Vehicle hardening measures, as<br />
well as live location vehicle tracking, should be<br />
employed to prevent theft and also to pursue<br />
and reacquire the vehicle in the event of theft.<br />
Crisis response and extraction<br />
The final level of a policy-integrated security<br />
package is the emergency response provision.<br />
Sometimes crises are unavoidable, whether<br />
they’re due to natural disaster, accident,<br />
illness, the sudden eruption of war or regional<br />
conflict or a targeted criminal or terrorist<br />
attack. In these cases, in order to reduce the<br />
consequences for the insured and the insurer, a<br />
quality rapid emergency response is essential.<br />
The content of this service is highly<br />
dependent on the situation, but will involve<br />
appropriate measures designed to address<br />
whatever challenges are presented by the<br />
scenario. Following notification of ‘panic’ by a<br />
client, the chosen organisation will immediately<br />
initiate the emergency response. The Security<br />
Operations Centre will co-ordinate and begin to<br />
arrange the logistic, legal and practical<br />
measures necessary to fulfil the objective of the<br />
response (typically extraction and repatriation).<br />
On arrival of the emergency response, the<br />
security team will contain or neutralise the<br />
threat in whatever form is necessary, while the<br />
medical team will address any injuries<br />
sustained by the client(s). Following on from<br />
this, clients will be rapidly extracted and, if<br />
necessary, repatriated. In a more complex<br />
situation, ransom negotiation services will be<br />
provided by the organisation involved.<br />
It’s a common misconception that costs can<br />
be reduced by limiting the security and risk<br />
management programme for start-up<br />
companies or enterprises. The reluctance to<br />
invest in and prioritise these programmes can<br />
often lead to significant financial losses which<br />
could have been easily prevented.<br />
Philip O’Sullivan MBA MSyl:<br />
Senior Security Consultant at<br />
Northcott Global Solutions<br />
“The extractive industry presents a unique range of<br />
vulnerabilities, characterised as it is by large static sites, high<br />
numbers of personnel and operations in volatile regions”<br />
25<br />
www.risk-uk.com
Institute of Risk Management<br />
Are your staff risk ready?<br />
<br />
It is essential that your staff have a knowledge of the<br />
principles and practices of effective risk management.<br />
<br />
Enterprise Risk Management is designed to do just that.<br />
What’s in it for employers?<br />
> Managing risks effectively will<br />
lower your costs.<br />
> Turn threats to your business into<br />
opportunities.<br />
> Enhance business performance<br />
and improve risk taking<br />
approaches.<br />
> Develop a motivated, skilled and<br />
knowledgeable team.<br />
> Attract high-calibre professionals<br />
by investing in personal<br />
development.<br />
What’s in it for students?<br />
> Enhance your ability to design<br />
and implement effective risk<br />
management strategies.<br />
> Develop a critical understanding<br />
of the relationship between<br />
risk management, governance,<br />
internal control and compliance.<br />
> Gain an internationally<br />
<br />
months.<br />
> Join our global network of risk<br />
management practitioners.<br />
Distance<br />
Learning<br />
International<br />
Recognition<br />
Relevant for<br />
All Sectors<br />
Email: studentqueries@theirm.org<br />
Phone: +44 (0)20 7709 4125<br />
or visit www.theirm.org/risk-uk
Continuous Availability for Security Systems<br />
Having achieved the true integration of a<br />
diverse range of electronic security<br />
systems, regretfully security personnel in<br />
high security or mission-critical environments<br />
can still not be guaranteed peace of mind. At<br />
the risk of stating the obvious, it’s simply not<br />
enough to integrate electronic security<br />
systems: they all need to be working as close<br />
to 100% of the time as possible.<br />
Yet with IP network-based access control,<br />
video surveillance, intruder alarms, perimeter<br />
protection and also fire safety systems<br />
increasingly reliant on software-based<br />
management, even a well-designed and<br />
maintained system is vulnerable to downtime<br />
because of a simple server fault.<br />
Further, we cannot ignore the threat posed by<br />
cyber criminals. The recent Petya and WannaCry<br />
ransomware attacks have made headline news<br />
and, sadly, it appears that not a day passes<br />
without some organisation being held hostage<br />
by encryption-based ransomware.<br />
While the protection of people, assets and<br />
property is of paramount importance, video<br />
surveillance and access control are increasingly<br />
being used in support of compliance issues and<br />
any unplanned downtime of such systems<br />
could have a major impact on operational<br />
activity. Indeed, in some cases it may result in<br />
the temporary, but costly closure of a facility.<br />
Government regulations and local licensing<br />
laws, for example, will stipulate that a sporting<br />
event attended by members of the general<br />
public cannot take place unless the safety<br />
officer in charge can certify that the venue’s<br />
video surveillance system is operational and<br />
100% effective. The same rules may<br />
understandably be applied to night clubs and<br />
other environments where members of the<br />
public are likely to gather in large numbers.<br />
Health and Safety compliance is no less an<br />
issue within the industrial/production world.<br />
Consider the requirements of a food processing<br />
plant where the consequences of anyone with<br />
an expired hygiene certificate being allowed to<br />
work within could well be huge. An inspector<br />
might insist that all foodstuffs on site be<br />
destroyed and all machinery cleaned to avoid<br />
the slightest risk of contamination.<br />
Ensuring compliance<br />
A network-based access control solution, ably<br />
supported by Microsoft’s Active Directory, will<br />
provide a powerful tool to ensure compliance<br />
by generating reports which list those members<br />
of staff who are in need of refresher training or<br />
whose hygiene certificate is due to be renewed.<br />
However, the system needs to be working<br />
effectively 24/7/365.<br />
Security Systems:<br />
The Requirement for<br />
Continuous Availability<br />
Heightened security awareness has meant that it’s now<br />
crucial for security applications such as access control,<br />
intruder alarms, perimeter protection and video management<br />
systems to be fully-operational around the clock. As Duncan<br />
Cooke explains, the possibility of unplanned downtime if one<br />
of these applications fails – and particularly so when part of<br />
an integrated solution – represents a major threat to<br />
organisations reliant on their electronic security and building<br />
management systems 24/7/365<br />
The IT industry offers a wide range of options<br />
designed to keep security software applications<br />
running or otherwise quickly restore them.<br />
Perhaps the most simple approach to server<br />
availability is to have basic back-up, data<br />
replication and failover procedures in place<br />
which will help speed the restoration of an<br />
application and preserve data following a<br />
server failure. However, if back-ups are only<br />
occurring daily, there may only be a guarantee<br />
of 99% availability, resulting in up to 87.5 hours<br />
of unplanned downtime per year.<br />
High availability systems can deliver 99.95%-<br />
99.99% uptime, but this still represents up to<br />
five hours of downtime per year. It’s only<br />
continuous availability solutions that can<br />
deliver 99.999% uptime. That’s the equivalent<br />
of just five minutes of downtime per year.<br />
Duncan Cooke:<br />
Business Development<br />
Manager (UK and Europe) at<br />
Stratus Technologies<br />
27<br />
www.risk-uk.com
Continuous Availability for Security Systems<br />
Supported by specialist continuous<br />
availability software, two servers are linked and<br />
continuously synchronised via a virtualisation<br />
platform that pairs protected virtual machines<br />
together to create a single operating<br />
environment. If one physical machine should<br />
fail, the application or software platform will<br />
continue to run on the other physical machine<br />
without any interruptions. In-progress alarms<br />
and access control events, as well as data in<br />
memory and cache, are thereby preserved.<br />
Simply put, continuous availability means<br />
that no single point of failure can stop a<br />
security software platform from running and,<br />
unlike high availability, back-up and failover<br />
solutions, there’s no restart or reboot required<br />
and, therefore, no downtime.<br />
If a hardware component fails, a continuous<br />
availability solution will substitute the healthy<br />
component from the second system until the<br />
failed component is repaired or replaced. Most<br />
importantly, manufacturers who specialise in<br />
continuous availability solutions are able to<br />
offer end users the option of automatic<br />
monitoring and diagnosis of their security<br />
solution such that potential problems can be<br />
anticipated before they occur.<br />
It’s a solution that’s likely to be popular<br />
among electronic security system installers<br />
who may have limited IT knowledge. Quick and<br />
simple to install, no application, software or<br />
server modifications are necessary to provide<br />
continuous availability out-of-the-box.<br />
Case for virtualisation<br />
The physical security sector is starting to<br />
recognise the significance of the Internet of<br />
Things. It presents installers and system<br />
integrators alike with opportunities to generate<br />
new revenue streams, while also offering end<br />
user clients maximum benefit and high RoI by<br />
delivering truly integrated solutions.<br />
The emergence of smart buildings has<br />
created a need to monitor and control many<br />
disparate systems – security, IT, lighting, HVAC<br />
and more. Virtualised platforms are really the<br />
only cost-effective means of accomplishing all<br />
of this, but may mean businesses are opening<br />
themselves up to having a single point of<br />
failure which could be their downfall. Herein<br />
lies a major justification for the deployment of a<br />
continuous availability solution.<br />
“High availability systems can deliver 99.95%-99.99%<br />
uptime, but this still represents up to five hours of<br />
downtime per year. It’s only continuous availability<br />
solutions that are able to deliver 99.999% uptime”<br />
Worldwide, there are some excellent<br />
examples of where continuous availability has<br />
made a significant contribution towards<br />
providing security and operational management<br />
teams with peace of mind, in turn keeping the<br />
nightmare scenarios at bay.<br />
McCarran International Airport, the primary<br />
commercial airport serving Las Vegas, all-toooften<br />
experienced unplanned downtime of its<br />
Pegasys 2000 access control and badge<br />
tracking system. Whenever the access control<br />
system failed, the airport was forced to deploy<br />
personnel to monitor every door within the<br />
airport’s secure areas and alert operators<br />
stationed inside the site’s Control Centre of any<br />
potential security issues.<br />
As well as the additional labour costs<br />
incurred, system downtime could also result in<br />
Federal Transportation Security Administration<br />
(TSA) fines and penalties, potentially including<br />
the shutdown of operations and associated<br />
revenue losses for the airport and the airlines it<br />
serves. Furthermore, there were also issues<br />
with the baggage handling system deployed to<br />
help with the screening, storage, sorting and<br />
transportation of arrival, departure and transfer<br />
baggage. These outages required costly human<br />
intervention in order to maintain customer<br />
service levels, minimise safety risks and ensure<br />
compliance with TSA requirements.<br />
Following the deployment of a continuous<br />
availability solution, the airport has enjoyed<br />
zero unplanned downtime of the two systems.<br />
Even when a new terminal opened, increasing<br />
annual capacity to approximately 55 million<br />
passengers, the solution played a key role in<br />
allowing the IT staff to seamlessly scale the<br />
physical security and baggage handling<br />
systems to meet the expanded requirements,<br />
while also ensuring continuous availability.<br />
Is it time to invest?<br />
Your response to several key questions will<br />
help you to decide whether or not an<br />
investment in a continuous availability solution<br />
is required for your organisation.<br />
From what failures does the organisation<br />
need to be protected? How much unplanned<br />
downtime can you tolerate? What skills are you<br />
willing to acquire to manage the solution?<br />
If your mind’s still not made up, download a<br />
free copy of the ‘Availability for Dummies’<br />
Handbook at http://go.stratus.com/availabilityfor-dummies.<br />
As well as helping you to select<br />
the availability option that best matches your<br />
needs, the Handbook also describes how the<br />
latest computing trends are now impacting<br />
availability and increasing the need for<br />
downtime prevention strategies and solutions.<br />
28<br />
www.risk-uk.com
The New Camera Line Mx6 Creates More Possibilities.<br />
More Images, in All Light Conditions, in Every Standard<br />
More Intelligence Is on the Way<br />
The new Mx6 6MP camera system from MOBOTIX offers increased performance.<br />
A frame rate that is up to twice as fast than that of other cameras allows it to capture<br />
quick movements even better and simultaneously deliver sharp images in MxPEG,<br />
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6<br />
camera line is faster, more flexible and higher-performing, opening up new application<br />
and integration opportunities for to you to meet all requirements.<br />
MOBOTIX AG • Langmeil, Germany • www.mobotix.com
FIRE SAFETY<br />
Management & Installation<br />
Fire Protection and Prevention<br />
with Technology and Innovation<br />
Special Supplement in association with:
FIRE SAFETY<br />
“The professional<br />
qualifications consist<br />
of a range of<br />
competencies which<br />
provide a guide to the<br />
skills and knowledge<br />
expected of fire alarm<br />
system technicians<br />
across the industry”<br />
Time to qualify in fire<br />
detection and alarm systems<br />
The Fire Industry Association is pleased to offer a series of qualifications<br />
developed by its own nationally-regulated Awarding Organisation for the<br />
fire detection and alarm sector (namely the Fire Industry Association<br />
Awarding Organisation). Ian Moore, CEO of the FIA, explains in detail<br />
The qualifications have been produced in<br />
consultation with industry leaders and<br />
employers, matching the needs of the<br />
industry with what learners need to understand.<br />
We’ve worked with reference to the National<br />
Occupational Standards, current UK legislation<br />
and published standards, along with Codes of<br />
Practice and industry Best Practice, to give<br />
learners the opportunity to expand their<br />
knowledge and understanding in a format that’s<br />
in-depth and delivered under expert guidance.<br />
If you’re looking to gain qualifications and<br />
training for any part of the fire industry, the Fire<br />
Industry Association (FIA) can assist. Each year,<br />
we train over 4,500 delegates and boast an<br />
impressive pass rate of over 93%.<br />
We’re very proud to present our new range of<br />
nationally-recognised formal qualifications.<br />
These are equivalent to an A-Level and are the<br />
new professional standard for the fire industry.<br />
The qualifications are brought to you by our<br />
team of experienced and dedicated trainers with<br />
whom over 35,000 delegates have trained and<br />
learned across the last decade.<br />
The professional qualifications consist of a<br />
range of competencies which provide a guide to<br />
the skills and knowledge expected of fire alarm<br />
system technicians across the industry. We’ve<br />
worked with a range of experts and consulted<br />
with employers to form a new regime of study<br />
that will provide any delegate – whether new to<br />
their job role or perhaps more experienced –<br />
with a greater depth of understanding.<br />
The new professional qualifications are<br />
designed for anyone at any stage of their career<br />
in the fire detection and alarm sector – from<br />
maintainers and installers through to design<br />
and commissioning-focused individuals.<br />
We’ve undertaken extensive research,<br />
listened to what employers in the fire sector<br />
32<br />
www.risk-uk.com
wanted most and then developed our new<br />
qualifications with those requirements in mind.<br />
Why study with the FIA?<br />
Employers<br />
• Grow your team’s knowledge and confidence –<br />
all of our study courses are characterised by indepth<br />
technical explanations presented in a way<br />
that’s easy to understand<br />
• Four nationally-recognised qualifications – fire<br />
detection and alarm system installation,<br />
maintenance, design and commissioning<br />
• A portfolio of professional training<br />
programmes – everything from portable<br />
extinguishing to emergency lighting<br />
• Learning programmes available nationwide<br />
• Dedicated courses available in your workplace<br />
• Use our qualifications as a unique selling<br />
point for your business – assure your customers<br />
that your staff are qualified technicians<br />
Learners<br />
• Experienced professional trainers<br />
• Prove your knowledge and skills<br />
• Instant credibility with employers<br />
• Supported learning in a range of formats<br />
• Backing for those with additional needs<br />
• An opportunity to gain a Level 3 qualification<br />
(equivalent to an A-Level)<br />
How many units make up the new<br />
qualification?<br />
To gain the full qualification, learners must take<br />
and pass the three mandatory units plus one<br />
final unit. The final unit will determine which<br />
qualification will be achieved, either in design,<br />
installation, maintenance or commissioning.<br />
Which units are mandatory?<br />
All delegates must take the Foundation in Fire<br />
Detection and Alarms Unit, which is the starting<br />
point for each qualification. The Foundation in<br />
FD&A Unit is compulsory and delegates will not<br />
obtain the qualification without it.<br />
In addition, delegates must take and pass<br />
the Health & Safety at Work Unit and the<br />
Environment Unit or give evidence that they’ve<br />
met this requirement through other recognised<br />
means (eg through the ECS card scheme).<br />
If you’re unsure whether you need to take the<br />
Health & Safety at Work Unit or the Environment<br />
Unit, visit the FIA’s website or telephone head<br />
office to find out what other evidence would be<br />
“The new professional qualifications are designed for anyone<br />
at any stage of their career in the fire detection and alarm<br />
sector – from maintainers and installers to design and<br />
commissioning-focused individuals”<br />
acceptable in order to demonstrate competence<br />
in these specific areas.<br />
What qualifications are there?<br />
The qualifications on offer have been developed<br />
to reflect the job roles of the sector. They are:<br />
• The FIA AO Level 3 in Fire Detection and Alarm<br />
Design Theory and Regulatory Requirements<br />
• The FIA AO Level 3 in Fire Detection and Alarm<br />
Installation, Theory and Regulatory<br />
Requirements<br />
• The FIA AO Level 3 in Fire Detection and Alarm<br />
Maintenance, Theory and Regulatory<br />
Requirements<br />
• The FIA AO Level 3 in Fire Detection and Alarm<br />
Commissioning Theory and Regulatory<br />
Requirements<br />
What level are the qualifications?<br />
The qualifications have been developed to Level<br />
3 and registered on the Qualifications<br />
Curriculum Framework, equivalent to a Level 4<br />
on the European Qualifications Framework.<br />
A QCF Level 3 qualification means that<br />
learners are educated to A-Level standard in the<br />
specialised field of fire detection and alarms.<br />
About the Fire Industry Association<br />
The Fire Industry Association is a not-for-profit organisation. We’re the leading<br />
Trade Association for the fire industry in the UK. The education and training that<br />
we offer through our qualifications and industry-recognised courses exists to<br />
provide practitioners with a high level of knowledge and understanding that will<br />
help them to develop their career and build their business.<br />
The FIA’s courses are delivered by experienced professionals from the<br />
industry who can not only deliver education, but also answer questions and<br />
provide real-life examples, in turn enabling all delegates to deliver excellent<br />
results for their organisations.<br />
Combined with our website (www.fia.uk.com), we aim to provide a service<br />
that both contributes to and promotes technical developments in the industry.<br />
Standards are constantly being revised and updated and it’s vital to stay upto-date<br />
with the changes. By taking our qualifications and courses and using<br />
the extensive Resource Library on our website, practitioners can be sure that<br />
they’ll be well informed of any recent changes as and when they happen.<br />
The FIA’s range of professional qualifications and training programmes –<br />
along with the organisation’s extensive membership benefits – are all designed<br />
to support learners and their host businesses to grow, develop technical<br />
knowledge and increase their business networks.<br />
www.risk-uk.com<br />
33
FIRE SAFETY<br />
“Learners successfully<br />
completing all of the<br />
required criteria for<br />
their chosen<br />
qualification will be<br />
awarded the FIA AO<br />
qualification<br />
certificate, duly<br />
recognising their<br />
achievement to Level<br />
3 on the QCF”<br />
Qualification structure<br />
Each qualification is made up of four units, all of<br />
which require a pass for the award of the<br />
qualification. Three of the units are common to<br />
all of the qualifications. Learners are required to<br />
beging by completing the Foundation Unit<br />
before progressing to any of the other units.<br />
In what order must the units for<br />
the qualification be studied?<br />
The Foundation Unit must be taken first and<br />
then any other unit can be studied in any order.<br />
Will learners gain a certificate?<br />
Yes. Learners successfully completing all of the<br />
required criteria for their chosen qualification<br />
will be awarded the FIA AO qualification<br />
certificate, duly recognising their achievement<br />
to Level 3 on the QCF.<br />
Move towards qualifications<br />
Why has the FIA shifted from training to new<br />
qualifications? Are the old training courses still<br />
valid? Simple answer? Yes. The existing FIA<br />
units are still incredibly valuable. They serve the<br />
industry very well and remain just as relevant<br />
and current as they ever have done.<br />
It will take a while for the industry to shift<br />
across to the new formalised qualifications. For<br />
that reason, the FIA will still continue to teach<br />
the old courses until the switchover to the new<br />
qualifications (which contain at least double the<br />
amount of information than the old training<br />
courses) at the beginning of 2018.<br />
Technicians currently undertaking the old FIA<br />
training courses will still gain indispensable<br />
knowledge that will help them on the road to<br />
success. While they might receive a certificate<br />
of completion, that unfortunately doesn’t make<br />
them ‘qualified technicians’. This is a phrase<br />
that’s used frequently within the fire industry,<br />
but as from the launch of the new qualifications,<br />
only those that have actually undertaken the<br />
qualifications and passed successfully will be<br />
able to use the above term as a badge of<br />
proficiency and professionalism.<br />
Current FIA training courses remain popular<br />
due to their high level of technical knowledge<br />
and recognition within the industry among<br />
employers and technicians alike. The standard<br />
is high and well respected, but the new<br />
qualifications go one step further, increasing<br />
the amount of content delivered and the degree<br />
of time spent in the classroom developing that<br />
knowledge and understanding.<br />
From now on, a higher bar has been set for<br />
the fire industry in a determined bid to increase<br />
the level of professionalism throughout.<br />
If you’re still wondering whether the new<br />
qualifications will be right for you, the<br />
prospectus is available to download from the<br />
Fire Industry Association’s website.<br />
www.fia.uk.com<br />
34<br />
www.risk-uk.com
Protecting Infrastructure<br />
Transitions in IT and communications infrastructure have surpassed traditional smoke detection<br />
methodologies. Today’s precision, high-density IT and communication infrastructure require superior<br />
detection technologies capable of performing in these challenging high airflow and dynamic environments.<br />
Xtralis’ VESDA-E range of Aspirating Smoke Detection systems are designed to meet these exacting challenges.<br />
Xtralis.com/VESDA-E
FIRE SAFETY<br />
Kentec explains how<br />
cutting-edge fire<br />
safety technology is<br />
impacting on<br />
commercial buildings<br />
insurance<br />
www.kentec.co.uk<br />
Fire technology and buildings insurance<br />
ire poses risk in terms of safety to<br />
Foccupants, building integrity, business<br />
interruption and the economic health of a<br />
community. Consequently, reduction in the risk<br />
of fire for commercial buildings has been a<br />
significant goal for society, achieved through a<br />
better understanding of the myriad factors that<br />
contribute towards fire risk.<br />
Designing and building structures to comply<br />
with building and fire code requirements, as<br />
well as insurance industry guidelines,<br />
contributes to the reduction of fire losses.<br />
Loss control engineering<br />
Loss control engineering and fire protection<br />
engineering have their roots in the insurance<br />
industry. On many projects, especially large<br />
facilities and industrial buildings, insurance<br />
companies would often provide fire protection<br />
specifications to the design team early in the<br />
process, be involved throughout the design and<br />
construction of a building and provide<br />
additional inspection services after the building<br />
was occupied and in use. These activities, called<br />
‘loss control engineering’, were viewed by<br />
insurance companies as a sound investment. It<br />
was considered to be in the insurer’s interest to<br />
protect the building, operations and the<br />
insured’s business continuity from loss.<br />
Over the last 20-to-25 years, the insurance<br />
industry’s involvement in fire protection design<br />
has decreased. This shift is due, in part, to the<br />
modern business environment where both<br />
insurance companies and business corporations<br />
are continually reorganising. Insurance<br />
companies can no longer expect to insure a<br />
facility for an extended time, and thus have less<br />
incentive to make an investment in providing<br />
ongoing loss control services.<br />
As insurers cut back on loss control<br />
engineering services, it’s more important than<br />
ever that design professionals recognise the<br />
value of the specialised field of fire protection<br />
engineering. By working directly with owners, or<br />
as an integral part of a design team, fire<br />
protection engineers and building code<br />
consultants have a greater opportunity to<br />
influence a project, ensure appropriate fire<br />
protection features are included at the crucial<br />
preliminary design stage and avoid costly<br />
changes or additions later in the construction.<br />
Over time, an increased understanding of the<br />
many factors that contribute to the risk of fire<br />
has led to positive developments in the fire<br />
protection of commercial structures.<br />
Improvements in public fire protection systems<br />
and services, as well as the increased use of<br />
private active or passive systems through fire<br />
protection and loss control engineering, has<br />
meant an overall decrease in the cost of fire.<br />
Intelligent fire systems: delivering significant cost savings and performance<br />
Increasingly sophisticated predictive monitoring and servicing of fire alarm systems could allow potential problems to be resolved<br />
before they arise. In particular, access to information at regular intervals or as events occur has the potential to deliver real benefits<br />
for both building managers and insurers.<br />
These advances in communication technologies lie behind Kentec’s all-new Taktis fire detection and alarm system that not only<br />
provides solutions to the most technically challenging applications in life safety, but also delivers added value through ease of use,<br />
displaying clear information to ensure that, when an event occurs, the appropriate action is taken on a swift basis.<br />
Kentec’s Taktis combines the very latest in hardware and software to produce a control and indication system that’s both<br />
powerful and sophisticated, yet simple to understand. Available in 2-8 loop or 2-16 loop versions and certified to EN 54-2 and EN 54-<br />
4, Taktis is ideal for installation in larger buildings. Its capacity to be networked up to 128 panels and repeaters offers reassurance to<br />
all building owners/operators that fire safety is in safe hands.<br />
Taktis has been designed by Kentec with the practising end user very much in mind. The solution’s integrated touchscreen<br />
interface and QWERTY keyboard make it simple to use and understand.<br />
Access to the Taktis menu and control functions is through a unique six-digit code/control key switch, allowing up to 64 user<br />
accounts to be configured with different profiles and access permissions.<br />
Multiple protocol support on one panel (in banks of 2 loops) affords full flexibility. Its cause and effect capacity allows 5,000<br />
cause and effect entries with up to 40,000 inputs/outputs across the network. Taktis will deliver added value. The solution supports<br />
a 10,000-entry log with filtering that records system activity down to event type, dates, zone, panel and address.<br />
36<br />
www.risk-uk.com
Evacuate everyone<br />
EN54-23 Approved Fire Beacons<br />
<br />
<br />
<br />
<br />
<br />
Seminars<br />
<br />
<br />
EN54-3 Sonders & Beacons<br />
Nexus 105/110/120 Sounders<br />
<br />
Sonos Sounder Beacon<br />
<br />
Tel: +44 (0)1706 233879
FIRE SAFETY<br />
Frederick Koons,<br />
marketing<br />
communications<br />
director for Xtralis Fire<br />
& Security Solutions<br />
at Honeywell, takes<br />
an in-depth look at<br />
VESDA (Very Early<br />
Smoke Detection<br />
Apparatus), the worldleading<br />
brand in<br />
aspirating smoke<br />
detection (ASD)<br />
systems<br />
Xtralis’ VESDA systems<br />
continue to lead the way in<br />
the aspirating smoke<br />
detection (ASD) field.<br />
Ongoing product and<br />
market development has<br />
witnessed the evolution of<br />
ASD technology from being<br />
a niche solution to become<br />
the mainstay of the smoke<br />
detection industry. Now<br />
with addressable versions<br />
as well, there are VESDA<br />
solutions to suit virtually<br />
all applications and<br />
environments.<br />
www.xtralis.com<br />
38<br />
Making the most of ASD<br />
he introduction of aspirating smoke<br />
Tdetection (ASD) systems back in the 1980s<br />
was a big leap forward in the smoke<br />
detection industry and marked the beginning of<br />
a new era for very early and reliable smoke<br />
detection. It works by constantly sampling the<br />
air from the protected environment and then<br />
filtering to remove contaminants from the air<br />
sample before passing it through a detection<br />
chamber where laser light scattering takes<br />
place. The air is then sampled to detect smoke<br />
particles which, in turn, triggers an alarm once a<br />
pre-configured alarm<br />
threshold is exceeded. The<br />
system is constantly on watch<br />
for any irregularity in the<br />
sampled air. VESDA uses the<br />
industry’s first and only clean<br />
air barrier to protect the optics<br />
used inside the chamber to<br />
prevent contamination,<br />
prolong the life of the detector<br />
and support absolute smoke detection. As<br />
recognised by independent experts in the<br />
smoke detection industry, VESDA is the industry<br />
benchmark for ASD. Technology never stands<br />
still, and the introduction of the VESDA-E range<br />
has set a new benchmark in the industry and<br />
raised the bar to a much higher level than<br />
experienced before. VESDA-E delivers up to 15<br />
times higher sensitivity and up to six times<br />
better dust rejection than the previous<br />
generation VESDA and up to 80% increased<br />
coverage due to longer pipe runs, not to<br />
mention world-class connectivity options never<br />
before experienced in an ASD solution.<br />
Making the case for these systems is always<br />
a balance between the application (ie end user)<br />
detection needs, installation cost and ongoing<br />
system maintenance. All of these factors have<br />
an influence when specifying a smoke detection<br />
system. The reason for the VESDA-E range<br />
becomes clear on inspection. The improved<br />
smoke detection performance provides earlier<br />
warning for optimum asset protection and<br />
business continuity, improved reliability via<br />
reduced nuisance alarms which reduce the<br />
operational cost, in addition to the ease of<br />
installation, commissioning, monitoring and<br />
maintenance and backwards compatibility with<br />
the world’s most trusted ASD, VESDA VLP. All of<br />
this helps to build a level of security around the<br />
installed systems that enables the customer’s<br />
operations to run as smoothly as possible.<br />
Whether it’s a commercial premises such as a<br />
warehouse, a cold store, a Data Centre, an<br />
historic building or even a high-end residential<br />
property, VESDA-E provides the right solution.<br />
The latest VESDA-E VEA has been designed<br />
to make the detection of smoke even more<br />
targeted. As a response to customers and<br />
building designers wanting a more addressable<br />
and targeted smoke detection<br />
system, VEA was conceived<br />
from the start to address<br />
these needs, duly resulting<br />
in a flexible, expandable and<br />
discreet system targeting these very<br />
customer requirements.<br />
Using a network of small<br />
microbore tubes hat can be<br />
discreetly installed almost anywhere,<br />
this system allows each tube to have its own<br />
address, therefore pinpointing any potential<br />
issue. As a multi-channel addressable system,<br />
the detector is able to divide a protected space<br />
into sampling locations, enabling the<br />
localisation of potential sources of fire for faster<br />
incident response. This makes the VEA an ideal<br />
technology for multi-occupancy installations<br />
such as offices, educational facilities, retail<br />
premises and prisons and also makes it ideal for<br />
multi-storey properties and hotels.<br />
The standard VEA detector supports 40<br />
sampling points. This can be expanded to up to<br />
120 using Expansion StaX, all managed from a<br />
central location.<br />
VESDA VEA holds a number of advantages for<br />
the installer: less commissioning and<br />
maintenance time and a central point of access<br />
so that the entire system can be managed<br />
allowing a single person to test and commission<br />
the entire system. Centralised test and<br />
maintenance in an easily accessed location<br />
reduces service time by up to 90%, allowing<br />
servicing of up to 500 addresses per day and<br />
lowering TCO. Again, this makes the VEA an<br />
ideal system when it comes to avoiding the<br />
interruption of ongoing business operations or<br />
in multi-storey and multi-occupancy buildings.<br />
www.risk-uk.com
By Appointment to<br />
Her Majesty The Queen<br />
Supplier of Fire Detection Equipment<br />
Kentec Electronics Ltd. Dartford<br />
Taktis<br />
Analogue Addressable<br />
Fire Alarm Control Panels<br />
The Future of<br />
Life Safety Systems<br />
EN54 Approved<br />
Intuitive<br />
Flexible<br />
Customisable Interface<br />
Easy to use for<br />
end user & installer<br />
Multi protocol<br />
Scalable up to 8 Loops<br />
Come and See us at<br />
Firex International 2017<br />
where we will be<br />
showing the Taktis range<br />
of panels plus our<br />
comprehensive<br />
Certified Fire Control<br />
Panel Range<br />
20 th - 22 nd June 2017<br />
Excel London,<br />
Stand E125 in<br />
South Hall 2<br />
+44 (0) 01322 222121<br />
www.taktis.co.uk<br />
360b/01<br />
Life Safety System Specialists
FIRE SAFETY<br />
Audible and Visual Protection<br />
Pulse Alert Technology from Klaxon Signals is an award-winning beacon<br />
warning system which produces a light output that can protect most<br />
rooms with just a single device<br />
“All buildings deserve<br />
the latest fire<br />
evacuation<br />
technology, all fire<br />
alarm systems should<br />
be able to be<br />
upgraded and<br />
everyone deserves to<br />
feel safe and secure”<br />
odels in the Sonos Pulse range of EN54-<br />
M23 compliant beacons and sounder<br />
beacons are designed to ensure that all<br />
personnel, including those individuals with<br />
sensory impairments or working in sensory<br />
depriving conditions, are notified of fire<br />
emergencies. Featuring Pulse Alert Technology,<br />
Klaxon’s EN54-23 compliant beacons enable<br />
buildings to be evacuated much quicker, make<br />
evacuation requirements clear and<br />
unambiguous and allow personnel to feel safe.<br />
Relying on audible fire alarm notification<br />
alone disadvantages those people with hearing<br />
impairments or those working, or living in<br />
sound-reducing conditions. Even something as<br />
simple as wearing a pair of headphones could<br />
prevent someone from hearing an audible fire<br />
evacuation warning. To evacuate everyone from<br />
a building, fire systems need to signal<br />
effectively using light as well as sound.<br />
EN54-23 specifies the minimum performance<br />
requirements for Visual Alarm Devices. Klaxon’s<br />
Sonos Pulse beacons produce a light output<br />
that can protect most rooms with the<br />
installation of just a single device.<br />
Optical systems disperse light evenly,<br />
ensuring the most efficient distribution of light<br />
to maximise effectiveness.<br />
Klaxon’s Pulse Alert Technology affords all of<br />
the benefits an EN54-23 compliant system can<br />
bring, while at the same time answering all of<br />
the design challenges.<br />
Featuring the latest high-power LED<br />
technology, Pulse Alert Technology contains<br />
advance LED drive circuitry, further improving<br />
efficiency, light output performance and longterm<br />
device reliability. Sonos Pulse LED circuits<br />
are designed to exceed five years of continual<br />
operation without degradation of light output.<br />
As a company, Klaxon firmly believes that all<br />
buildings deserve the latest fire evacuation<br />
technology, that all fire alarm systems should be<br />
able to be upgraded and that everyone deserves<br />
to feel safe and secure.<br />
Installation<br />
EN54-23 specifies three different classification categories for Visual Alarm Devices: Wall, Ceiling and Open. Wall and Ceiling mount<br />
categories are specified at designated mounting heights and particular coverage pattern areas, as detailed by EN54-23. Open<br />
classification allows the manufacturer to specify the coverage volume and coverage shape and doesn’t restrict mounting height.<br />
Pulse Alert Technology has been designed to exceed the requirements of both Wall and Ceiling classifications, providing system<br />
designers with simple device performance specifications.<br />
Wall Classification<br />
Wall-mounted devices provide a rectangular prism of light. Wall<br />
classification devices with Pulse Alert Technology can be<br />
mounted up to 3.1 m in height and cover an 11.3 m x 11.3 m area<br />
Ceiling Classification<br />
Ceiling-mounted devices provide a cylinder of light. Ceiling<br />
classification devices with Pulse Alert Technology can be<br />
mounted up to 3 m in height and cover a 15 m-diameter area<br />
40<br />
www.risk-uk.com
One Source. One Loop.<br />
One Solution.<br />
Nittan evolution 1<br />
Touch Screen Single<br />
Loop Addressable<br />
Fire Alarm Panel<br />
• 254 devices on the loop,<br />
254 zones available<br />
• EN54 Part 2 and Part 4<br />
• Interactive 4.3” touch screen<br />
• Intuitive and easy to use<br />
menu structure<br />
• Fully programmable from<br />
touch screen or PC tools<br />
• Built in network capabilities,<br />
allowing 16 panel networking<br />
with no additional hardware<br />
The evolution 1 panel is a cost effective,<br />
one source solution, fully compatible<br />
with Nittans’s award winning evolution<br />
device range.<br />
Allowing up to 254 devices on the loop,<br />
with a touch screen and intuitive menu<br />
structure enabling everything from a<br />
simple stand-alone panel to multi-panel<br />
networked systems – the evolution 1 is the<br />
only one loop solution that you need.<br />
For further details, please contact:<br />
email: sales@nittan.co.uk | tel: +44 (0) 1483 769555 | www.nittan.co.uk
Venturing into the Datasphere<br />
To most, storage is a<br />
commodity. A concept<br />
of space. Something<br />
we don’t really think<br />
about until we run out<br />
of it, but without<br />
storage, even the<br />
most sophisticated of<br />
surveillance cameras<br />
is ultimately a box<br />
with a lens through<br />
which light passes. In<br />
the first of a two-part<br />
series exclusive to<br />
Risk UK, Andrew<br />
Palmer looks to alter<br />
our perspectives on<br />
space and outline<br />
how, rather than being<br />
just one tiny<br />
component of a<br />
surveillance system,<br />
storage is the<br />
fundamental heart of<br />
the solution<br />
42<br />
www.risk-uk.com<br />
In just about every way imaginable, the world<br />
around us is undergoing a dramatic<br />
transformation. From intelligent personal<br />
assistants through to autonomous cars, data<br />
underpins everything we do as individuals,<br />
consumers and businesses. It’s a change on the<br />
scale of the industrial revolution. The dawn of a<br />
new era wherein data is about more than just<br />
record-keeping. Rather, it’s the lifeblood of<br />
almost everything we do.<br />
It’s a seismic shift that’s perhaps most<br />
apparent in surveillance. With higher quality<br />
footage, analytics and innovative new<br />
applications of video footage, the scale and<br />
function of surveillance is growing. Certainly,<br />
‘The Data Age’ presents new opportunities<br />
alongside a wealth of new challenges. In<br />
parallel, it’s vital that storage keeps up.<br />
The Global Datasphere is larger than ever<br />
before and growing at a breakneck speed. By<br />
2025, we will be amassing 163 zettabytes of<br />
data (an astonishing 163 trillion gigabytes)<br />
every single year and, just as society en masse<br />
embeds more data into everything it does,<br />
surveillance will follow suit.<br />
As it stands, almost half of the world’s data is<br />
generated through video surveillance.<br />
According to market analyst IHS, we will be<br />
recording 2,500 petabytes daily by 2019.<br />
However, the real storage challenge isn’t that<br />
video surveillance data is growing globally.<br />
After all, no one organisation needs to store it<br />
all in one place. Rather, the issue is that<br />
businesses are capturing and archiving more<br />
footage on an individual level. All of the<br />
innovations we’ve seen in video surveillance<br />
present new concerns for storage.<br />
Today’s surveillance footage is high quality<br />
and high in framerate. Many of us are capturing<br />
thousands of hours of HD content and<br />
supporting numerous IP and analogue cameras<br />
in several locations. In what’s an increasingly<br />
security-conscious world, even smaller<br />
businesses are making committed investments<br />
in CCTV, empowered as they are by the<br />
decreasing costs of reliable IP cameras.<br />
There continues to be a significant increase<br />
in both the quality and quantity of surveillance<br />
streams. The end result is larger files and more<br />
of them. Data is now on a scale that demands a<br />
new and specialised approach to storage.<br />
Advances in analytics<br />
Meanwhile, advances in analytics mean that<br />
surveillance footage can do more than just<br />
keep locations safe and secure. Data has<br />
become a valuable business asset. It’s used to<br />
collect actionable insights and power more<br />
informed decision-making.<br />
In the retail sphere alone, analytics have<br />
begun to transform the way in which<br />
surveillance footage is used and the return on<br />
investment it delivers. Heat mapping allows<br />
retailers to maximise the impact of promotional<br />
stands. Queue management can be improved<br />
with surveillance analytics software that alerts<br />
staff if queues exceed a certain threshold.<br />
We’re even seeing improvements in audio<br />
analytics that can detect positive or negative<br />
sentiments from customers.<br />
Beyond retail, the applications are endless,<br />
from temperature measurement on thermal<br />
imaging devices to fault detection on critical<br />
infrastructure. In a climate of Big Data,<br />
businesses are finding exciting new ways in<br />
which to leverage and capitalise on the masses<br />
of surveillance data they’re already storing.<br />
Of course, all this depends on rugged, robust<br />
storage that can be deployed in a wide range of<br />
environments. Put simply, today’s storage<br />
needs to go wherever the data is.<br />
With all these sophisticated analytics, CCTV<br />
is no longer just a necessary purchase that<br />
delivers some peace of mind and safeguards<br />
against crime. It promises to become a key part<br />
of increasing business performance and<br />
profitability, but only if the data it realises can<br />
be stored and accessed effectively.<br />
With such an increase in the scale of<br />
surveillance data and myriad new ways of using
Data Storage for Security Systems (Part One)<br />
footage, it’s tempting to think that the future of<br />
video surveillance storage is simply ‘bigger’.<br />
For sure, larger capacity drives are an essential<br />
part of our data-driven future. However, this is<br />
just one part of the story.<br />
It’s not just a case of storing more<br />
information. Today’s businesses need their<br />
video data stored in a more sophisticated way,<br />
with fewer errors and increased accessibility.<br />
The threat of lost or incomplete data has<br />
always been a pressing issue in security. Packet<br />
data loss could mean missing the most critical<br />
moments of a recording. The impact of lost data<br />
today, though, is unthinkable. When video data<br />
is used for analytics, incomplete information<br />
can lead to misinformed decisions and severe<br />
miscalculations in terms of how a given<br />
business should act and respond.<br />
More than ever, video surveillance footage<br />
needs to be stored in a way that’s resilient and<br />
safeguarded, with integrity mechanisms<br />
protecting the quality of recordings and, in<br />
turn, the quality of the decisions they empower.<br />
Desktop hard drives are – and always have<br />
been – fundamentally incapable of delivering<br />
the performance required for video surveillance<br />
storage. For example, if a desktop hard drive<br />
works eight hours per day, five days per week,<br />
that’s approximately 2,000 hours every year. If<br />
your surveillance is running 24 hours per day<br />
every single day, that’s almost 8,000 hours.<br />
Traditional drives are not designed for the<br />
constant data writing involved with capturing<br />
multiple streams of video, let alone on the<br />
scale required by today’s increasingly common<br />
ultra HD footage.<br />
Meanwhile, poor hard drive performance can<br />
be a significant obstacle to analytics. Even with<br />
the fastest write speeds, slow reading makes<br />
timely analytics and alerting impossible. Think<br />
of hypercritical situations, such as traffic<br />
control or driverless cars. Suddenly, read<br />
speeds then become ultra-important.<br />
Whether capturing and archiving video or<br />
looking for new opportunities to leverage your<br />
surveillance data, the end user’s choice of<br />
storage is critical. In the worse case scenario,<br />
ineffective storage could be the weak point in<br />
your implementation: a burden that holds your<br />
entire deployment back and reduces your<br />
Return on Investment.<br />
Bottom line impact<br />
Stored and used appropriately, surveillance<br />
data holds tremendous value. The more data<br />
you have, the more wide-reaching the<br />
implications for analysis and gathering<br />
insights. However, using storage that’s poorly<br />
matched to surveillance doesn’t simply limit<br />
your opportunities. It comes with a very real<br />
financial impact that stretches way beyond the<br />
cost of lost data.<br />
Across an estimated 3,000 hours of use every<br />
year, the costs of running and maintaining<br />
storage mount up. Power consumption alone<br />
becomes a key factor when you’re running<br />
multiple drives in a multi-drive environment.<br />
As a result, it’s not enough for storage to be<br />
scalable and speedy. Truly surveillance-grade<br />
storage matches scale with sophistication,<br />
using technologies like motion sensing and low<br />
power modes that don’t compromise on<br />
availability or ‘time-to-ready’.<br />
At the same time, surveillance-grade storage<br />
is built to last. Where desktop drives are built<br />
for a low workload, the right drive for your<br />
surveillance will be tailored to the extreme<br />
workload that surveillance demands and<br />
backed by an appropriate warranty.<br />
In an environment of more data and more<br />
intelligent usage of that information, desktop<br />
hard drives are a false economy. Ask anyone<br />
that has had their storage fail, taking all of their<br />
crucial surveillance footage with it.<br />
Just as the world around us has changed,<br />
surveillance has changed, too. It’s not just that<br />
technology powers higher quality streams (and<br />
more of them). We’re in a period where security<br />
and surveillance are evolving. They’re a source<br />
of information and evidence, but also a<br />
potential source of business intelligence and<br />
competitive advantage.<br />
More and more of us will embrace that<br />
opportunity. According to the IDC and EMC,<br />
only 3% of the digital universe’s potentially<br />
useful data is analysed and tagged. However,<br />
with so much data in motion, even an increase<br />
to 5% places never-before-seen demands on<br />
storage to perform.<br />
Even for those us that are not ready for<br />
advanced analytics, there’s no avoiding the<br />
need for surveillance-specific storage. With<br />
higher quality recordings and an increasing<br />
number of streams, capacity alone is a pressing<br />
issue. Storage needs to be bigger than ever<br />
while maintaining its integrity and resilience.<br />
On the small and large scales, in terms of<br />
both quality and quantity and from security to<br />
analytics, surveillance is fundamentally<br />
changing. It’s essential that end user<br />
approaches towards storage do the same.<br />
Andrew Palmer:<br />
Group Sales Manager<br />
(Enterprise and Surveillance)<br />
at Seagate Technology<br />
“By 2025, we will be amassing 163 zettabytes of data (an<br />
astonishing 163 trillion gigabytes) every single year and,<br />
just as society en masse embeds more data into everything<br />
it does, surveillance will follow suit”<br />
43<br />
www.risk-uk.com
Remote Monitoring for Video Surveillance Systems<br />
Remote Video Response Centres (RVRCs)<br />
have enjoyed significant growth over<br />
recent times. The boom within the<br />
construction industry, as well as a large number<br />
of solar energy farms springing up all over the<br />
UK, are just two examples of where<br />
opportunities have been created for RVRCs to<br />
offer a cost-effective alternative to having<br />
security officers on site 24/7. This is in addition<br />
to the demand for their services from a diverse<br />
range of other vertical markets including the<br />
luxury homes sector and car dealerships.<br />
When we first established Arc Monitoring 18<br />
years ago, it was a technical challenge to offer<br />
a viable remote visual response service across<br />
the whole of the UK. ISDN lines, which were the<br />
primary method of transmitting video, were<br />
extremely expensive to lease and, while<br />
broadband was clearly offering an affordable<br />
and practical alternative option, UK coverage<br />
was extremely limited.<br />
Also, there was no Best Practice established<br />
for offering a professional level remote<br />
monitoring service. It’s a proud fact for us that<br />
Arc Monitoring was one of the pioneers in<br />
developing policies and procedures which, in<br />
due time, found their way into British Standard<br />
BS 8418 covering the operational requirements<br />
for RVRCs.<br />
At that time, there was still a widely held<br />
misconception that, in order to effectively<br />
visually monitor a remote site, it was necessary<br />
for operators to constantly watch a video<br />
screen to look out for any unusual activity. This<br />
was never going to be a sustainable, affordable<br />
or effective business model.<br />
Aside from the enormous cost of employing<br />
large numbers of operators, there was the<br />
question of how reliable the service could be as<br />
very few human beings have the ability to<br />
concentrate their attentions on a screen for<br />
long periods of time without the risk of missing<br />
something. Familiarity can – and sometimes<br />
does – breed complacency.<br />
Service Level Agreements<br />
RVRCs quickly moved on to formulate Service<br />
Level Agreements with end user clients which<br />
had ‘exception reporting’ or ‘event-driven’ as<br />
the modus operandi. Now, operators would<br />
have processes in place, agreed in advance<br />
with their clients, as to what actions to take<br />
when it could be visually verified as to precisely<br />
why an intruder or perimeter detection device<br />
had been triggered.<br />
In the early days of the intruder alarm<br />
industry, the police service had to deal with<br />
countless false alarms caused by unreliable<br />
detectors. The problem was so great that, when<br />
Under Surveillance<br />
Jonathan Sturley explains how close working relationships<br />
formed with installers have ensured that end users achieve<br />
maximum benefit from their investment in a remotely<br />
monitored video surveillance system, without having to live<br />
with the consequences of false alarms which have plagued<br />
the electronic security industry since time immemorial<br />
the directors of the leading installation<br />
companies formed an informal networking<br />
association, they called it the ‘98% Club’ (which<br />
jokingly reflected the fact that police time was<br />
being wasted 98% of the time).<br />
Of course, the police didn’t really appreciate<br />
that particular joke and the Association of Chief<br />
Police Officers introduced its Unique Reference<br />
Number (URN)-focused Security Systems Policy.<br />
Losing a URN due to false alarms meant that<br />
the police would no longer automatically<br />
respond to a report of an alarm activation.<br />
Equally important, it meant that a company<br />
might also lose its insurance cover or, at the<br />
very least, witness its agreed premiums and<br />
excess levels rise significantly.<br />
Intrusion detectors will quite often generate<br />
false alarms even though they’re doing what’s<br />
expected of them. This may be because<br />
members of the public have innocently entered<br />
a site at an unexpected time or adverse<br />
weather conditions have seen moving tree<br />
branches triggering a ‘phantom’ alarm. That’s<br />
why, during busy times, operators in Police<br />
Control Rooms will always treat a report of<br />
visually verified alarm activity as a higher<br />
priority than a report of an alarm activation<br />
Jonathan Sturley: Managing<br />
Director of Arc Monitoring<br />
45<br />
www.risk-uk.com
Remote Monitoring for Video Surveillance Systems<br />
triggered by a detector-only security system,<br />
which brings me neatly on to the subject of<br />
‘tough love’.<br />
Ensuring Best Practice<br />
Remotely-monitored security systems eliminate<br />
the risk of the police having to respond to false<br />
alarms. Instead, they place the burden on the<br />
RVRC to filter them out and the cost of doing so<br />
on to the end user. If false alarm incidents are<br />
to be minimised, it’s therefore essential that<br />
the installer and the RVRC work closely<br />
together to ensure Best Practice when the<br />
system’s being installed and commissioned.<br />
Some installers may regard the RVRC as<br />
being ‘difficult’ due to insisting on the following<br />
procedures, but by complying they will ensure<br />
that the cost of monitoring a detector-based<br />
intrusion system will be minimised:<br />
• Commissioning: This process must follow a<br />
logical progression in order to verify that<br />
detection devices and cameras are tested<br />
• Daytime Walk Test: This involves an engineer<br />
on site creating an alarm by walking around the<br />
location such that every sensor installed<br />
delivers an alarm image to the RVRC. In doing<br />
so, the engineer should ensure that each<br />
detector is correctly assigned to an appropriate<br />
camera and, where a camera with telemetry is<br />
installed, the correct pre-set is configured.<br />
Testing of all arming and disarming devices<br />
should be carried out at the same time<br />
• Night-Time Image Testing: This is intended to<br />
assess the quality of supplementary lighting<br />
and image resolution<br />
• Lighting Rating Scale: The RVRC should<br />
complete a lighting report as part of the<br />
commissioning process for all new connections,<br />
with snapshot images taken from all cameras<br />
during the day and then again at night. The<br />
report will identify if there’s adequate visibility<br />
in all lighting conditions or if poor visibility<br />
necessitates the requirement for additional<br />
lighting to be installed<br />
• Seven-Day Environmental Soak Testing:<br />
During this period, the system remains under<br />
detailed review to allow for evaluation of the<br />
effects of environmental influences<br />
Harsh environments<br />
A professionally-designed, installed and<br />
commissioned remotely-monitored video<br />
“Remotely-monitored security systems eliminate the risk of<br />
the police having to respond to false alarms. Instead, they<br />
place the burden on the RVRC to filter them out and the<br />
cost of doing so on to the end user”<br />
system can be effective and reliable even in the<br />
most harsh of environments. Battery<br />
technology has now advanced to the stage<br />
where a system can be rapidly deployed to a<br />
site where an electricity power supply may not<br />
be readily available and, in the absence of<br />
access to the network for transmission over<br />
broadband, it’s now possible to use 3G, 4G or<br />
even satellite technology to ensure<br />
communication between a site and an RVRC.<br />
Depending on the location of the site, pointto-point<br />
wireless transmission is also an option<br />
as it’s able to send high quality video over long<br />
distances with extremely low latency. It’s not<br />
unknown for a combination of satellite, pointto-point<br />
wireless and broadband to be used to<br />
meet the challenge of transmitting data and<br />
audio as well as video over large distances.<br />
The resolution of images captured by the<br />
latest generation of HD cameras means that,<br />
provided they’re correctly installed and<br />
configured, it’s virtually guaranteed RVRCs will<br />
receive video of sufficient clarity to enable<br />
operators to rapidly decide on an appropriate<br />
course of action when lighting and weather<br />
conditions are good.<br />
On that note, bear in mind that thermal<br />
imaging cameras now offer an affordable<br />
solution for those sites which may be subject to<br />
low-light or variable weather conditions.<br />
How to select RVRCs<br />
There’s no shortage of monitoring centres who<br />
will want your business, but their ability to<br />
meet your expectations as an end user will vary.<br />
Here are some tips to maximise the possibility<br />
of you choosing an RVRC which is able to<br />
deliver the service levels you require.<br />
Visit the National Security Inspectorate’s<br />
website at www.nsi.org.uk where you’ll find a<br />
directory of accredited RVRCs that operate to<br />
British Standards BS 5979 Category II and BS<br />
8418. Also, seek confirmation that the selected<br />
RVRC is independently inspected to the quality<br />
standard ISO 9001:2000.<br />
Further, check that the RVRC is approved to<br />
operate the monitoring centre platforms – such<br />
as Sureview Immix and Sentinel Plus – from<br />
leading software developers, and that it’s able<br />
to support IP, 3G and 4G transmission protocols<br />
(as well as, if appropriate to you, legacy ISDN<br />
and PSTN systems).<br />
Last, but not least, ascertain if the RVRC has<br />
field-based and in-house technical support<br />
personnel on board who will liaise with your<br />
installation company every step of the way,<br />
from system design right through to<br />
commissioning, in order to ensure optimum<br />
performance of your security systems.<br />
46<br />
www.risk-uk.com
We’ve Got You Covered<br />
Update to the BS5839-1:2017 states that “All MCPs<br />
should be fitted with a protective cover.”*<br />
All manual call points that are placed in vulnerable areas and are prone to false activation should be protected<br />
STI supply a range of protective covers, from basic integral covers to sounder models for all applications<br />
Contact us for further information on Call Point Protectors<br />
www.sti-emea.com<br />
info@sti-emea.com 01527 520 999<br />
<br />
*British Standard Institution (2017) ‘BS5839-1:2017 Fire Detection and fire alarm systems for Buildings’
Even before the<br />
tragedy at Grenfell<br />
Tower in June, local<br />
councils had been<br />
looking at ways in<br />
which they could<br />
improve how they<br />
respond to any form of<br />
emergency situation.<br />
With public sector<br />
budgets being cut by<br />
central Government,<br />
though, there’s<br />
tremendous pressure<br />
to make savings<br />
wherever possible.<br />
How, then, do councils<br />
improve responses<br />
and provide a clearer<br />
audit trail following an<br />
event without blowing<br />
the budget? Stephen<br />
Smith has the answer<br />
View From On High<br />
Unfortunately, fire prevention and security<br />
monitoring are two areas where financial<br />
prudency may have to be the order of the<br />
day, but cutting budgets doesn’t have to mean<br />
placing residents in greater danger. Far from it,<br />
in fact. It’s perfectly possible to use existing,<br />
installed technologies and protect legacy<br />
investments by virtue of the intelligent<br />
application of new management systems that<br />
afford councils greater control of their estate,<br />
greater protection for their residents and better<br />
value for the tax payer.<br />
The days when a disparate security system<br />
and a mobile patrol were enough to meet the<br />
security needs of a council are long gone. Now,<br />
there’s far more sophistication involved and<br />
greater technological advancement. As such,<br />
security managers are rightly demanding<br />
significantly higher levels of functionality and<br />
integration across all systems.<br />
Let’s take a look at a council estate in North<br />
London. The estate comprises two large<br />
apartment blocks and is blighted by vandalism<br />
and other anti-social behaviour. Even<br />
equipment installed to protect residents, such<br />
as CCTV cameras and door entry panels, has<br />
often been ripped out, spray-painted over or<br />
smashed to pieces. Creating a greater feeling of<br />
safety was therefore of paramount importance<br />
and a considerable challenge.<br />
That challenge was even greater since the<br />
council wanted to re-use equipment already<br />
installed, but make it work in a more integrated<br />
way. The answer was a new concierge and<br />
Physical Security Information Management<br />
(PSIM) solution. It’s a solution that enables<br />
council employees to control door access and<br />
manage fire and security systems across both<br />
apartment blocks from anywhere within the<br />
council’s estate.<br />
The two buildings already feature Intergrated<br />
Security Manufacturing’s (ISM) Ultimate door<br />
entry systems as well as third party technology.<br />
Thanks to the Genesys PSIM solution, all of<br />
these technologies can be controlled,<br />
regardless of manufacturer or who installed<br />
them. This delivers greater flexibility and<br />
control, eliminates the potential disruption<br />
caused by installing new equipment and<br />
protects the council’s legacy investment. It also<br />
means that further buildings and apartment<br />
blocks can be added over time as and when<br />
required with minimal additional investment.<br />
The Ultimate door entry system was chosen<br />
because it has multiple speech paths that allow<br />
numerous conversations to be had at one time.<br />
It can be specified as a simple single exchange<br />
for one building or multiple exchanges serving<br />
a network of buildings, all controlled by the<br />
software management system using Genesys.<br />
Multiple systems<br />
Genesys allows the integration not just of door<br />
entry systems, but also multiple systems from<br />
multiple manufacturers – all from one holistic<br />
integrated security set-up. Every electronic<br />
security or fire safety device from CCTV and<br />
intruder alarms through to electronic locking<br />
and Public Address (PA) may be monitored and<br />
controlled from a single platform.<br />
The Genesys system can also have control<br />
over all electronic security systems installed at<br />
each site including (but not limited to) guard<br />
tour, intercoms, panic/affray alarms, perimeter<br />
intruder detection, PA, radio paging, staff safety<br />
systems, trunked radio, video content analysis<br />
and building management systems.<br />
Most importantly, Genesys features Migrating<br />
3+ technology, a patented automatic failover<br />
technology that adds higher levels of automatic<br />
configurable redundancy and power. What this<br />
means in practice is that control is effectively<br />
distributed across multiple workstations, such<br />
that if one PC fails, control is then ‘migrated’ to<br />
another PC seamlessly with no interruption or<br />
downtime. Therefore, the system isn’t restricted<br />
in its performance by the size or capability of a<br />
server, nor does it require the additional<br />
48<br />
www.risk-uk.com
Physical Security Information Management<br />
expense of moving to server farms or using<br />
clustering software.<br />
This was also important for the council as it<br />
wanted each of its Control Rooms to be<br />
independent of one other, and yet when one<br />
wasn’t manned, another could take control as<br />
though it was ‘lead’ and perform all of the<br />
functions that the ‘owner’ would have wanted.<br />
Again, in simple terms this means that there’s<br />
no interruption in service and no chance of an<br />
important alarm being missed or ignored. Fire<br />
alarms, access control and CCTV can all now be<br />
controlled from one computer from anywhere<br />
on the council’s network.<br />
Ultimate control<br />
To improve efficiency and afford faster response<br />
times for residents, the council needed to<br />
provide concierge services to all of its estates.<br />
The development of third party integration into<br />
the Genesys platform allowed the council to<br />
combine technology, including CCTV and fire,<br />
without going to the expense of replacing<br />
legacy door entry equipment unnecessarily.<br />
This is delivering a much-needed saving during<br />
what are challenging economic times.<br />
Genesys is a ‘true’ PSIM system built around<br />
intuitive software that combines a range of<br />
features and benefits including an enhanced<br />
graphical user experience and 3D modelling, as<br />
well as a comprehensive event management<br />
database. Events and alarms are presented to<br />
the council’s operators as and when they<br />
happen so that the response can be immediate,<br />
‘informed’ and based on real intelligence.<br />
Standard operating procedures and<br />
automated workflow options that guide the<br />
operators through each event are also given. As<br />
all events are handled in the same generic way,<br />
training may be simplified and the efficiency of<br />
system operators greatly improved.<br />
The enhanced alarm handling incorporates<br />
multiple automated actions that can occur due<br />
to events being generated or by an operator’s<br />
actions, such as on receipt of an alarm event,<br />
when the operator accepts the alarm, if the<br />
device changes state, when the system<br />
automatically escalates the alarm, when an<br />
operator manually escalates an event or an<br />
alarm and when the event is reset.<br />
For example, if a Perimeter Intrusion<br />
Detection System alarm is triggered, Genesys<br />
can immediately increase the frame recording<br />
rate on the CCTB system, page security staff,<br />
lock down perimeter doors on the access<br />
control system, switch on perimeter lighting or<br />
display the alarm event to the operator.<br />
When the operator ‘accepts’ the alarm,<br />
they’re presented with live CCTV images<br />
together with pre- and post-event video<br />
recording from the time the alarm was<br />
generated. The workflow list can detail basic<br />
functions for audit purposes such as ‘Check the<br />
CCTV’ or ‘Call the Supervisor’. By selecting one<br />
of these actions, the system will carry out the<br />
automated function which will be checked off<br />
the list and the operator can then proceed to<br />
the next item. It’s possible to add events to the<br />
workflow list such as ‘Lock down doors’.<br />
Full system log<br />
Once the event has been cleared and the<br />
operator has reset the alarm, the system will<br />
automatically revert back to a default position,<br />
for example sending cameras back to their<br />
home positions, switching monitors to default<br />
view, returning the CCTV to a normal recording<br />
state, switching off floodlights, normalising<br />
doors and paging staff.<br />
Genesys has a full system log that file<br />
records the actions of the system detailing the<br />
operator, the action and any automated actions<br />
plus any responses to alarms that have been<br />
recorded by the operator. This log incorporates<br />
a search facility and is capable of producing<br />
basic level reports, ensuring that any incidents<br />
on the estate can be reported to the police with<br />
sufficient evidence to bring any charges.<br />
If a more detailed analysis of the logs is<br />
required then the database can be exported<br />
and interrogated by any ODBC program such as<br />
ACCESS and Crystal Reports.<br />
The PSIM software operates as a standalone<br />
platform over LAN or WAN networks for remote<br />
and local sites with workstations that can be<br />
transferred to any operating Security Control<br />
Room on the network. This offers the end user<br />
flexibility when closing down sites or buildings<br />
for off-peak or out of normal working hours or<br />
in the unlikely event of any system failures.<br />
The software is totally scalable – from control<br />
of just a single building to multi-site, multicountry<br />
Enterprise systems that can operate<br />
over LANs or WANs. Events can be transferred<br />
to any operating Security Control Room on the<br />
network (either local or remote) by site,<br />
discipline or alarm escalation, providing<br />
effective monitoring and high-level<br />
management of any situation. Should a Control<br />
Room be evacuated for any reason, operators<br />
can walk into the reserve Operations Centre<br />
without the loss of alarms or functionality.<br />
Stephen Smith:<br />
Managing Director of ISM<br />
“The days when a disparate security system and a mobile<br />
patrol were enough to meet the needs of a council are long<br />
gone. Now, there’s far more sophistication involved”<br />
49<br />
www.risk-uk.com
BENCHMARK<br />
Smart Solutions<br />
BENCHMARK<br />
Innovative and smart solutions can add value and benefits to<br />
modern systems for customers. With the technological landscape<br />
rapidly evolving, the Benchmark Smart Solutions project assesses<br />
the potential on offer from system integration, advanced<br />
connectivity and intelligent technology. Bringing together field trials<br />
and assessments, proof of concept and real-world experience of<br />
implementing smart solutions, it represents an essential resource<br />
for all involved in innovative system design.<br />
Launching in 2017, Benchmark Smart Solutions will be the industry’s only real-world resource for<br />
security professionals who are intent on offering added value through the delivery of smarter solutions.<br />
@Benchmark_Smart<br />
Partner Companies<br />
www.benchmarksmart.com
Security in the Transport Sector: Access Control Case Study<br />
Transport for London (TfL) is the integrated<br />
transport authority responsible for<br />
delivering Mayor of London Sadiq Khan's<br />
strategy and commitments on transport. The<br />
organisation runs the day-to-day operation of<br />
the capital’s public transport network and<br />
manages London’s main roads. The services it<br />
operates include London Underground, London<br />
Buses, the Docklands Light Railway, London<br />
Overground, TfL Rail, London Trams, London<br />
River Services, London Dial-a-Ride, Victoria<br />
Coach Station, Santander Cycles and the<br />
Emirates Air Line in Docklands.<br />
TfL is funded from fares income (the largest<br />
single source of its income) as well as<br />
advertising revenues, property rental and<br />
income from the Congestion Charge. In<br />
addition, there’s grant funding from the<br />
Department for Transport and the Greater<br />
London Authority as well as Crossrail funding<br />
(which, in 2017-2018, is largely being funded<br />
through the Community Infrastructure Levy and<br />
developers’ contributions). Borrowing and cash<br />
movements complete the funding picture.<br />
Every day, more than 31 million journeys are<br />
made across the TfL network. It’s a staggering<br />
figure, isn’t it? Each day also entails TfL<br />
working to make journeys easier through the<br />
use of technology and data. The organisation<br />
provides modern ways for customers to pay for<br />
its services through Oyster and contactless<br />
payment cards and provides information in<br />
numerous different formats to help people<br />
move easily around the city.<br />
As an integral element of the TfL network,<br />
London Underground has now been operational<br />
for 150 years and conveys over 1.265 billion<br />
passengers each year. Every one of those<br />
passengers is reliant upon the efficient running<br />
of the service to travel across the capital.<br />
Speaking on behalf of London Underground’s<br />
signals maintenance managers and their<br />
associated teams, Phil McCusker (signals<br />
maintenance manager – North Signals for<br />
London Underground) stated: “It’s our duty to<br />
make sure we have the right systems in place<br />
such that seamless journeys can take place.<br />
Everything must be done to create a safe and<br />
secure environment at all times.”<br />
Of course, that last point is particularly true<br />
in today’s turbulent times when the threat level<br />
posed by terrorism is currently set at ‘Severe’<br />
by the Joint Terrorism Analysis Centre and when<br />
high profile locations such as London<br />
Underground stations can be the target of<br />
terrorist activity. The readers of Risk UK only<br />
need to look back on the recent incident at<br />
Parsons Green Station and, of course, the 7 July<br />
2005 London bombings to highlight that fact.<br />
On The Right Tracks<br />
Arguably, no other city is as recognised by its transport<br />
system as London, with the capital’s famous red buses, black<br />
taxis and tube trains known the world over. Here, Ben Farrar<br />
assesses key and equipment management on the London<br />
Underground network in order to demonstrate how a<br />
considered ‘small detail’ can impact the smooth running of<br />
Transport for London for the benefit of staff and passengers<br />
Seamless experience<br />
As stated, alongside extending the network is<br />
an ambition on the part of TfL to make journeys<br />
easier through the efficient and effective use of<br />
technology and data.<br />
As journey processes become quicker, there’ll<br />
be a natural and growing expectation from<br />
passengers to see an increasingly seamless<br />
journey experience being created for them by<br />
TfL’s management. No-one likes delays at any<br />
stage, especially so given the recently-installed<br />
running of the Night Tube in the UK’s equivalent<br />
of the ‘city that never sleeps.’ The Night Tube<br />
runs on Fridays and Saturdays on the Victoria,<br />
Jubilee and most of the Central, Northern and<br />
Piccadilly lines.<br />
While for passengers these ‘seamless<br />
journeys’ mean that TfL must provide modern<br />
ways in which to pay and offer as much salient<br />
information ahead of journeys as possible,<br />
behind the scenes it’s all about establishing<br />
ways in which to improve the overall<br />
efficiencies of everyday operations, taking all<br />
detail into account. This includes what may<br />
seemingly be perceived as the smaller details,<br />
Ben Farrar:<br />
Market Development Manager<br />
at Traka UK<br />
51<br />
www.risk-uk.com
Security in the Transport Sector: Access Control Case Study<br />
such as the vital task of key and equipment<br />
management, for example.<br />
The consequences of poor key management<br />
are potentially devastating. It only takes one<br />
key to be missing, one ‘weak link’ to a building<br />
access event, an item of equipment or a vehicle<br />
and its operator to cause major delays and<br />
disruption. Unnecessary delays in such a timesensitive<br />
process will become more poignant<br />
and the consequences far more significant for<br />
TfL (and notably so at peak travel times).<br />
Traditionally for TfL, any attempt to manage<br />
keys had relied upon a basic key box and<br />
recording book whereby brief details of keys or<br />
equipment taken and returned were entered by<br />
hand and confirmed by an often illegible<br />
signature. Not surprisingly, such an<br />
arrangement was proving inefficient and<br />
unreliable and made tracing keys and<br />
equipment an almost impossible task.<br />
While the legacy system relied heavily on the<br />
diligence of employees, when under pressure,<br />
or in a rush to arrive at a job, keys were being<br />
taken by staff, but not always logged as such,<br />
or otherwise were not always returned on time.<br />
If equipment or a vehicle was needed by<br />
another member of staff, valuable time and<br />
resource was spent in searching for the relevant<br />
keys. Managers would also be concerned that<br />
untrained staff could operate expensive tools<br />
such as electrical drills stored on site.<br />
Intelligent management<br />
To rectify this situation, tighten up on keeping<br />
track of what’s going on and who has<br />
equipment or keys at any given time, as part of<br />
TfL’s efficiency drive an increasing number of<br />
departments are now choosing intelligent<br />
management tools. “It saves the team valuable<br />
time and resources in our key access<br />
processes,” explained Phil McCusker.<br />
By automating the process, TfL can also<br />
increase compliance with Health and Safety<br />
standards as the element of human error is<br />
minimised. The system decreases downtime<br />
and improves work efficiencies, all enabling<br />
different departments at TfL to manage the<br />
everyday items crucial to the many processes<br />
that keep the organisation running and ensure<br />
continued operational excellence.<br />
TfL has encountered further advantages in<br />
the move towards more intelligent security and<br />
access control systems. For one, key allocation<br />
is now far quicker and easier, with staff no<br />
longer needing to manually sign out keys. The<br />
intelligent set-up allows 24/7 access to<br />
response vehicles with no need for dedicated<br />
staff issuing keys. “We can see live transactions<br />
via the software reporting function,” added<br />
McCusker. “This is via the cabinet’s data<br />
display or instantly available on computer or<br />
mobile devices.”<br />
Critically for the smooth running of TfL, keys<br />
are also very rarely misplaced because if an<br />
employee takes a key, it must be returned<br />
within a set amount of time. If it’s not returned,<br />
the employee is then alerted to that fact, as is<br />
their manager, in turn encouraging a more<br />
responsible approach towards the use of<br />
vehicles and equipment by members of staff.<br />
“It’s all about traceability and<br />
accountability,” observed McCusker. “Members<br />
of staff know that, when they take a key, the<br />
system logs this episode on their employee<br />
record so, if they misplace it, we’ll know. The<br />
system encourages staff to return keys on time<br />
and also to leave vehicles and tools in good<br />
condition. If a vehicle or a piece of equipment is<br />
damaged, we can look back at who last had<br />
access and speak to them about how the<br />
damage occurred. All of this helps us to<br />
successfully manage the departments.”<br />
Keeping on track<br />
Traka was selected as the key and equipment<br />
management supplier of choice for TfL, for<br />
whom a new approach around key and<br />
equipment management has proven to make<br />
such a positive difference. The company worked<br />
closely with TfL’s signal maintenance team,<br />
tailoring the system to exact requirements.<br />
Importantly, the intelligent key and asset<br />
management specialist also ensured<br />
compliance with the very latest Health and<br />
Safety standards, whereby the systems operate<br />
so that unauthorised personnel simply cannot<br />
access keys to any equipment that they’re not<br />
meant to be using.<br />
“The positivity of the Traka team in helping<br />
us to install the right solution to suit our own<br />
individual requirements has been a welcome<br />
bonus and the main reason we’re now looking<br />
to expand our use of such solutions across TfL’s<br />
network,” concluded McCusker.<br />
“While the legacy system relied heavily on the diligence of<br />
employees, when under pressure, or in a rush to arrive at a job, keys<br />
were being taken by staff, but not always logged as such, or<br />
otherwise were not always returned on time”<br />
52<br />
www.risk-uk.com
Multi award winning security service provider<br />
Supplying security services to Government Departments,<br />
Local Authorities, Blue chip companies and Worldwide organisations<br />
Services provided<br />
Manned Guarding Service<br />
Site Patrols<br />
Reception Duties<br />
Car Park Security Management<br />
Front of House Service<br />
Mobile Patrol Visits – Internal/External<br />
Mail Room Service<br />
Remote CCT Monitoring<br />
Banks Men<br />
Security Lodge/Gatehouse Duties<br />
0800 772 3786<br />
sales@magentasecurity.co.uk<br />
www.magentasecurity.co.uk
Meet The<br />
Security Company<br />
This is the fifth<br />
instalment in a new<br />
series of articles for<br />
the readers of Risk UK<br />
where we shine the<br />
spotlight on NSIapproved<br />
businesses<br />
for the benefit of risk<br />
and security managers<br />
who purchase security<br />
guarding as well as<br />
systems-focused<br />
solutions. Answering<br />
our questions on this<br />
occasion is Peter Hale,<br />
general manager of<br />
Omni Security<br />
Services<br />
About the National Security Inspectorate<br />
Risk UK: Can you briefly describe your<br />
business’ activities and what you consider to<br />
be your USP as an organisation?<br />
Peter Hale: Omni Security Services has<br />
established itself in the security industry as a<br />
company that both promotes and adheres to<br />
strong values. Our goal of uncompromising<br />
integrity and high ethical conduct is something<br />
of which the company is extremely proud.<br />
Our core offerings are security guarding and<br />
security dog services, the latter encompassing<br />
general purpose patrol dogs, narcotics search<br />
dogs and explosives detection dogs.<br />
In terms of a USP, our approach to client care<br />
is designed to ensure maximum flexibility for<br />
the services we offer, enabling all at Omni to<br />
work closely in partnership with our valued<br />
customers and exceed their expectations.<br />
Risk UK: What do your clients value most<br />
about the services you deliver?<br />
Peter Hale: A recurring theme that shines<br />
through from our regular customer satisfaction<br />
surveys is the dynamism and agility of the<br />
service provided. We have a mature and layered<br />
infrastructure that allows us to respond to<br />
urgent requests for assistance from national<br />
The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit<br />
company limited by guarantee and operates as a UKAS-accredited certification<br />
body specialising in the security and fire safety sectors.<br />
For over 40 years, the NSI has served to protect businesses, homeowners<br />
and the general public alike, raising standards by providing robust and high<br />
quality audits of both security and fire safety service providers.<br />
customers with same day turnarounds for<br />
quality officers on location with full RAMS<br />
packs and associated documentation.<br />
The accessibility and expertise of our senior<br />
management in support of our front line<br />
operators is also consistently mentioned.<br />
Underpinning all of this is the performance<br />
and quality of our front line operators. We<br />
invest significant time in recruiting, training and<br />
retaining each member of staff to ensure that<br />
our organisational aims and objectives are<br />
always lifted off the page and made real.<br />
Risk UK: How do you feel accreditations have<br />
assisted your company?<br />
Peter Hale: In a word? Greatly. Omni Security<br />
Services has made a commitment to superlative<br />
service levels since 2002, when the company<br />
first entered into the NSI regime at Bronze<br />
level. From that point, the business progressed<br />
to NSI Silver in 2003 and then NSI Gold in<br />
2004, which it has held ever since.<br />
Omni Security Services is very proud to be<br />
one of the first specialist guarding companies<br />
to have achieved the ISO 9001:2015 transition<br />
within the NSI Guarding Gold framework. This<br />
commitment to attaining the highest standards<br />
of achievement has deeply embedded an<br />
attitude of excellence in the organisation.<br />
Security Industry Authority (SIA) Approved<br />
Contractor Scheme (ACS) registration was<br />
achieved in 2006 and has been held to date.<br />
Risk UK: Specifically, what value does ACS<br />
registration and NSI Guarding Gold approval<br />
bring to your business and its clients?<br />
Peter Hale: While some commercial processes<br />
do ask for evidence of ACS registration, there<br />
appears to be little understanding of the<br />
scheme. In many cases all that’s required is an<br />
answer in the affirmative.<br />
We invest some considerable time and tender<br />
column inches to expanding on the ACS, our<br />
score within it and how this translates to value<br />
for that particular prospective client as, quite<br />
often, Procurement Departments simply don’t<br />
know the appropriate questions to ask.<br />
To us, the NSI Guarding Gold scheme is still<br />
regarded as the most exacting inspection<br />
service for businesses operating within the<br />
security industry. The NSI Guarding Gold<br />
‘brand’ is held in high regard and recognised as<br />
54<br />
www.risk-uk.com
Meet The Security Company: Omni Security Services<br />
In association with the<br />
an endorsement of an organisation’s<br />
commitment to achieving excellence. There’s no<br />
room for complacency, though, and continued<br />
energy from the NSI in widely promoting the<br />
scheme would be valuable.<br />
Risk UK: In practice, what are the main<br />
differences between ACS registration and NSI<br />
Guarding Gold approval?<br />
Peter Hale: I see the framework of the NSI’s<br />
Guarding Gold scheme as a facilitator for<br />
excellence if the application and endeavour are<br />
accurate. Adherence to the requirements can<br />
provide the machinery for efficiency, qualitative<br />
outputs and delighted customers. It’s a nonnegotiable<br />
indicator of commitment to quality.<br />
The ACS provides a presentation of<br />
achievement, but could arguably be said to be<br />
more focused on the outcomes rather than a<br />
consistently applied process.<br />
To chase ‘points’ and provide the evidence<br />
required for a particular score for a particular<br />
element only is to miss the fundamental<br />
sustainability and underpinning commitment<br />
that should be part of the business process.<br />
Risk UK: How do you think technology has<br />
changed the industry over the last couple of<br />
years and what do you feel will be the<br />
direction of travel in the future?<br />
Peter Hale: I believe that technology has<br />
radically enhanced the industry. In the future,<br />
increasingly symbiotic solutions involving<br />
manned and technological resources are going<br />
to be key to providing a total service.<br />
The time of the ‘technophobe’ has long since<br />
passed and, in fact, the word itself is likely to<br />
have little relevance in the very near future<br />
within the guarding sphere as all credible<br />
suppliers will need to be able to demonstrate<br />
service-enhancing technological resources and<br />
embrace the changes they realise.<br />
Risk UK: When it comes to negotiating<br />
contracts and responding to tender requests,<br />
what aspects are of most value to customers<br />
and how are these changing?<br />
Peter Hale: Unsurprisingly, many customers<br />
still zero-in on the bottom right hand corner of<br />
a proposal. We’re aware the security industry<br />
can be driven by intense price competition that<br />
may serve to drive down standards and quality<br />
to provide the barest quotation.<br />
At Omni, we’re endeavouring to drive<br />
standards and quality in the industry upwards.<br />
By focusing on RoI for customers and<br />
demonstrating the clear layers of added value<br />
that sustainable partnering can bring, we find<br />
that negotiations move away from price points<br />
and races to the bottom and settle more on our<br />
complete support across all levels of a<br />
customer’s business.<br />
I’m pleased to say that there appears to be a<br />
slowly-building appreciation of the benefits of<br />
investing in a proper and well-designed<br />
solution to security needs as opposed to a<br />
cheap, quick and, ultimately, unsustainable fix.<br />
Risk UK: How has Government legislation (eg<br />
the National Minimum Wage, the National<br />
Living Wage and holiday pay) affected your<br />
business? Do you believe such legislation is<br />
a good thing?<br />
Peter Hale: I endorse any means to ensure that<br />
decent officers are remunerated appropriately.<br />
However, we shouldn’t just be relying on the<br />
Government to achieve that goal for us.<br />
Of course, there’s an inevitable ‘hit’ for<br />
accounts based at the lower end of the wage<br />
spectrum, but generally we in the industry are<br />
the architects of our own issues if we’re pricing<br />
work too narrowly to pay a decent wage just to<br />
win the business in the first place.<br />
I believe that the standard security guarding<br />
licence is too easily obtained. This is an area<br />
that should be reviewed in terms of rigour.<br />
Risk UK: What are the most important<br />
attributes you look for in your security<br />
officers and staff members in general?<br />
Peter Hale: While integrity, work ethic,<br />
reliability and communication skills are all core<br />
and basic requirements, I personally love to see<br />
ambition in people. Specifically, I’m referencing<br />
an ambition to be better and to be honest<br />
about wanting to be better.<br />
The private security industry offers genuine<br />
career paths and healthy, focused and nurtured<br />
ambition is the bullion for driving standards up<br />
and taking the sector forwards.<br />
Risk UK: How can the SIA, the NSI and<br />
industry standards best serve the sector in<br />
addition to the needs of your company’s<br />
clients and the wider public interest? Will<br />
the introduction of business licensing be a<br />
positive step?<br />
Peter Hale: Education of consumers and other<br />
interested parties is key. We must shine a light<br />
on professionalism and capability within the<br />
industry and set alignments to be assimilated<br />
within the mainstream consciousness.<br />
The planned introduction of business<br />
licensing could be a positive step, as long as<br />
the regulatory focus is accurate. To my mind,<br />
there seems little point in increasing the<br />
regulatory burden if the outcome of doing so is<br />
only recognised within the industry itself.<br />
Name<br />
Peter Hale<br />
Job title<br />
General Manager<br />
Time in the security sector<br />
18 years direct industry<br />
experience at senior level<br />
overseeing national accounts<br />
for global brands. I’m<br />
educated to post-graduate<br />
level in Security and Risk<br />
Management and an IRCAcertified<br />
Quality Management<br />
Systems (ISO 9001) lead<br />
auditor. I also hold<br />
certifications in employment<br />
practice (through the<br />
Chartered Institute of Legal<br />
Executives) and equality and<br />
diversity in the workplace<br />
Location of the business<br />
Omni Security Services’ head<br />
office is based in Huntingdon,<br />
Cambridgeshire. We have a<br />
satellite office in London and<br />
a national outreach<br />
Areas of expertise<br />
Security guarding (including<br />
executive guarding<br />
assignments), general patrol<br />
security dogs and specialist<br />
search security dogs<br />
Accreditations<br />
NSI Guarding Gold, SIA ACS,<br />
SAFEContractor, CHAS<br />
Accredited Contractor, BSIA<br />
Member, NASDU Company<br />
Member and Member of the<br />
British Safety Council<br />
Peter Hale: General Manager<br />
at Omni Security Services<br />
55<br />
www.risk-uk.com
Crisis Management: The Challenges<br />
Crisis management is<br />
the process by which<br />
an organisation deals<br />
with a disruptive and<br />
unexpected event that<br />
threatens to harm<br />
either the organisation<br />
itself, its stakeholders<br />
or the general public.<br />
The study of crisis<br />
management<br />
originated with the<br />
large-scale industrial<br />
and environmental<br />
disasters of the 1980s.<br />
Given that the speed<br />
and scale of disasters<br />
has changed markedly<br />
in recent times, how<br />
might security and risk<br />
practitioners deal with<br />
them? David Rubens<br />
offers some key words<br />
of wisdom<br />
Friday 13 October was the United Nations’<br />
(UN) International Day for Disaster<br />
Reduction, running only a month or so after<br />
Hurricane Irma hit Puerto Rico. At the time of<br />
the UN event, an announcement that<br />
accompanied it stated: “Natural disasters are<br />
inevitable, but it’s still possible to minimise the<br />
damage that they cause and change the social,<br />
economic and cultural issues that exacerbate<br />
those impacts. It’s not just a matter for the<br />
victims of natural disasters. The reduction of<br />
risk concerns the whole world, whether<br />
national leaders, bankers, meteorologists or<br />
the media. With this in mind, the International<br />
Day for Disaster Reduction proposes that<br />
Governments and concerned people commit to<br />
minimising risk through prevention and<br />
mitigation as well as active preparation.”<br />
As someone who has the opportunity to work<br />
with senior risk managers around the world,<br />
whether they’re engaged with Government<br />
agencies, regional bodies, global corporations,<br />
Critical National Infrastructure (CNI) or local<br />
community groups, I’ve witnessed at first hand<br />
both the commitment and professionalism that<br />
people and organisations bring to those efforts<br />
designed to build effective risk mitigation and<br />
emergency response capabilities within their<br />
own operating environments. I’ve also seen the<br />
despair and frustration when their efforts are<br />
overwhelmed by the forces of nature they’re<br />
facing, be they earthquakes or hurricanes, etc.<br />
Individuals involved in disaster and risk<br />
reduction have the responsibility to ensure that<br />
there’s a genuine understanding not only of the<br />
impacts of natural disasters, but also of the<br />
realities of what’s required for response and<br />
recovery, both in terms of the immediate event<br />
and long-term programmes that need to be<br />
maintained and sustained over years rather<br />
than weeks or even months.<br />
It seems the problem isn’t that we cannot<br />
deal with the external event, which in almost all<br />
cases is outside of our control, or even that we<br />
cannot manage the impacts, which are often<br />
dramatic, chaotic and involve a level of<br />
disruption and dislocation that goes beyond<br />
the local capabilities to effectively manage.<br />
Rather, the major challenge is our capability to<br />
create a response structure that can respond<br />
both speedily and appropriately to the wide<br />
range of predictable issues that are likely to<br />
arise in the immediate aftermath of any largescale,<br />
high-impact event.<br />
Crisis status<br />
One of the main issues associated with the<br />
strategic level of crisis response is the<br />
responsibility to acknowledge the crisis status.<br />
In many cases, it’s this that creates the<br />
opportunity to respond in ways that would not<br />
be possible under normal operating rules, and<br />
then to manage the transition from a standard,<br />
process-driven, bureaucratic decision-making<br />
framework to one that’s more suited to the<br />
demands and challenges – not to mention the<br />
extreme time pressures – of a crisis event.<br />
The announcement that, one month after<br />
Hurricane Irma struck Puerto Rico with such<br />
devastating effect, the US authorities had<br />
finally authorised the deployment of National<br />
Guard troops to this unincorporated territory of<br />
the States is a classic example of a crisis<br />
response framework being rendered completely<br />
ineffective because the management<br />
procedures associated with that framework<br />
hadn’t considered the realities of crisis<br />
response events.<br />
The argument given that the necessary<br />
procedures needed to be complied with before<br />
troops could be deployed seems to miss the<br />
fundamental objective of a fast response<br />
operation, which is that it’s able to be deployed<br />
at a moment’s notice.<br />
Given that Hurricane Irma was known about<br />
and expected, it would surely have been part of<br />
the National Guard’s responsibility to prepare<br />
itself to deploy to a location that would clearly<br />
be in need of the specialist skills, equipment<br />
56<br />
www.risk-uk.com
The Security Institute’s View<br />
and logistical management capabilities the<br />
National Guard would bring.<br />
Reading reports on the situation in Puerto<br />
Rico, as well as other islands across the region<br />
that have been equally hard hit by recent<br />
events, one’s reminded of the words from the<br />
Executive Summary of ‘Failure of Initiative’, the<br />
Congressional Report on Hurricane Katrina: “It<br />
remains difficult to understand how<br />
Government could respond so ineffectively to a<br />
disaster that was anticipated for years, and for<br />
which specific dire warnings had been issued<br />
for days. This crisis wasn’t only predictable, it<br />
was predicted.”<br />
The statement adds: “Government failed<br />
because it didn’t learn from past experiences,<br />
or because lessons thought to be learned were<br />
not implemented. If 9/11 was a failure of<br />
imagination, Hurricane Katrina was a failure of<br />
initiative. It was a failure of leadership.”<br />
Systemic failings<br />
This isn’t a diatribe against the US Government,<br />
though it seems there are deep-rooted systemic<br />
failings identified by Hurricane Katrina that<br />
haven’t been adequately dealt with in the<br />
meantime. Rather, it’s a call for anyone<br />
associated with emergency response and crisis<br />
management to recognise the increasingly<br />
challenging environments that we’re now called<br />
upon to respond to, and the increasingly high<br />
impact and often catastrophic impacts and<br />
consequences that those events produce.<br />
If we accept the fact that we cannot prevent<br />
the external event, which is outside of our<br />
control, then it’s possible we can influence the<br />
impact and even manage the consequences. If<br />
there’s one thing that we can claim to be in<br />
control of, though, then that element is the<br />
response operation.<br />
One of the fundamental issues associated<br />
with crisis management is the inescapable fact<br />
that crises are rare events. For most of us, a<br />
true crisis is something that we may only be<br />
faced with once or twice in a career.<br />
Here, I’m making the distinction between a<br />
true crisis event and something that could more<br />
correctly be labelled as a ‘routine emergency’<br />
or ‘major incident’ which, although challenging,<br />
doesn’t involve the level of catastrophic<br />
destruction, disruption and dislocation<br />
associated with a genuine crisis.<br />
Even for those organisations that are<br />
supposedly trained to deal with crisis<br />
scenarios, the facts as seen in the Hurricane<br />
Katrina episode – and, more recently, in the<br />
Caribbean – clearly demonstrate that even<br />
these organisations are often unable to deliver<br />
their core services within the challenging<br />
environment and operational pressures of a<br />
crisis event.<br />
Practice makes perfect<br />
It’s for this very reason that every opportunity<br />
to practice an emergency response or crisis<br />
management procedure should be taken, as it’s<br />
inevitable salient lessons will be learned and<br />
skills and capabilities developed that cannot be<br />
nurtured under even the most challenging of<br />
training scenarios.<br />
The decision to deploy troops in support of<br />
policing operations in the immediate aftermath<br />
of the Manchester Arena bombing incident in<br />
May was an example of a genuine situation<br />
with real needs being used to practice<br />
strategic, tactical and operational skills,<br />
including the critical issue of co-ordination and<br />
collaboration between different units that<br />
would not normally be working together under<br />
such circumstances. Benefits will be gained<br />
from such interaction that have real impact on<br />
the effectiveness of future operations, whether<br />
under normal operating conditions or in the<br />
heat of an emergency response.<br />
It’s true that the ‘crisis events’ we’re now<br />
facing are becoming more frequent, with a<br />
higher level of destructive impact and<br />
disruptive consequences, whether that’s<br />
because of climate change, natural disasters,<br />
technological dependency, the degradation of<br />
CNI, global supply chains, pandemics, social<br />
instability or any one of a dozen other issues<br />
approaching the increasing likelihood of<br />
suffering catastrophic failure. The single feature<br />
that’s common to all of these scenarios is<br />
complexity – complexity of the problems,<br />
complexity of the environments they cause and<br />
complexity of the solutions they’ll require.<br />
No right to be wrong<br />
It’s no longer acceptable that anyone<br />
associated with emergency response or crisis<br />
management can claim the plans were good,<br />
but that the complexity of the event was the<br />
cause of ultimate failure.<br />
As Rittel and Webber wrote almost 45 years<br />
ago in their groundbreaking work on ‘wicked<br />
problems’: “The planner has no right to be<br />
wrong”. The world around us may now be<br />
indescribably more complex in 2017 than it was<br />
back in 1973, but the responsibility to ‘get it<br />
right’ remains precisely the same.<br />
Dr David Rubens DSyRM CSyP<br />
FSyI MSc: Managing Director<br />
of Deltar Training Solutions<br />
“If we accept the fact that we cannot prevent the external<br />
event, which is outside of our control, then it’s possible we<br />
can influence the impact and even manage the consequences”<br />
57<br />
www.risk-uk.com
ASIS 2017: From Artificial Intelligence<br />
and Robotics to Perspectives on Risk<br />
ASIS International –<br />
the world’s largest<br />
association for<br />
security management<br />
professionals –<br />
recently delivered its<br />
63rd Annual Seminar<br />
and Exhibition<br />
(otherwise known as<br />
ASIS 2017) in Dallas,<br />
Texas. Produced in<br />
partnership with<br />
InfraGard and the<br />
ISSA, the four-day<br />
programme between<br />
23-28 September<br />
attracted 22,000<br />
registrants from 96<br />
countries and drew<br />
rave reviews from<br />
attendees, exhibitors<br />
and industry partners<br />
alike. Tom Langer and<br />
Mike Hurst review the<br />
event for the readers<br />
of Risk UK<br />
Tom Langer CPP:<br />
President of ASIS International<br />
and Vice-President of Security<br />
for BAE Systems<br />
58<br />
www.risk-uk.com<br />
There was an unmistakable ‘buzz’ in Dallas.<br />
Despite several natural disasters around<br />
the globe in the weeks leading up to the<br />
show, security professionals attended in their<br />
droves to exchange ideas, discuss Best Practice<br />
and experience first-hand the new products and<br />
services on the market.<br />
Key themes included the importance of a<br />
global community of peers for support,<br />
understanding the risks and opportunities<br />
inherent with the technologies that are<br />
reshaping our personal and professional lives<br />
and, most importantly, the necessity for<br />
security professionals to become empowered<br />
leaders in the security space.<br />
Keynote speakers set the tone for each day.<br />
On the Monday morning of the show, the 43rd<br />
US President George W Bush sat down with<br />
ASIS International’s CEO Peter O’Neil for a<br />
conversation about leadership and lessons<br />
learned in the White House. In his remarks,<br />
Bush outlined what he believes to be the key<br />
characteristics of an effective leader, stating:<br />
“Leadership means trying to understand what<br />
someone else is saying. Leadership means<br />
sharing the credit and taking the heat when<br />
things go bad. Leadership means building a<br />
culture not around a person, but around a<br />
concept greater than a person.”<br />
During the luncheon interval, entrepreneur<br />
and the NBA’s Dallas Mavericks owner Mark<br />
Cuban shared advice with attendees, noting<br />
that “the only constant is change”. Cuban said<br />
that he spends about two or three hours each<br />
day learning new ideas and concepts. “Now,”<br />
he ventured, “it’s all about Artificial<br />
Intelligence, accessing Amazon Web Services<br />
and teaching myself how to create machine<br />
learning algorithms or educating myself about<br />
neural networks and deep learning.”<br />
This commitment to lifelong learning rings<br />
true for us as security professionals. As threats<br />
evolve rapidly, it’s critical for us all to stay<br />
informed of the risks and opportunities in<br />
today’s rapidly changing business environment.<br />
Cuban went on to discuss the rise of Artificial<br />
Intelligence (AI) and machine learning. He<br />
voiced concern regarding the security risks if<br />
the US lags in these competencies. “If the<br />
Chinese win the robotics race… If the Chinese<br />
win the AI race... If the Russians win the AI<br />
race… and both the Russians and the Chinese<br />
have said this is a top priority. Vladimir Putin<br />
has suggested that whomever controls AI is the<br />
dominant country. That’s scary.”<br />
As far as Cuban’s concerned, robotics and AI<br />
need to become a core competency in the<br />
United States or “we will find ourselves on the<br />
outside looking in”.<br />
Perspectives on risk<br />
On the Tuesday of the show, futurist Scott<br />
Klososky outlined his perspectives on the risks<br />
– as well as the potential – posed by the<br />
various technologies that are reshaping society<br />
and the way in which we do business. He noted<br />
that we often integrate technology into our<br />
lives without fully understanding the<br />
consequences and, while many innovations<br />
bring benefits, they also present opportunities<br />
for criminals, bad political actors and those<br />
looking to inflict harm. “It’s probably time for<br />
us to become a little wiser,” urged Klososky.<br />
The Global Responses to Global Threats<br />
panel discussion, which included input from the<br />
City of London Police’s Detective Chief<br />
Superintendent Paul Barnard, focused on<br />
private-public sector collaboration designed to<br />
combat the growing terrorist threat. Key points<br />
included not only the need for a plan, but also<br />
the requirement to practice that plan.<br />
Collaboration is also essential. You cannot<br />
build a trusting relationship during a crisis.<br />
Strong working relationships need to be built<br />
between private-public sector colleagues<br />
before an event happens.<br />
Military aviation pioneer and F-14 Tomcat<br />
pilot Carey Lohrenz closed out the week with a<br />
call for fearless leadership. Lohrenz described<br />
the primacy of identifying the most important<br />
work you should be doing: work that requires<br />
purpose, focus and discipline.<br />
Lohrenz observed: “If you lose sight of the<br />
most important work you should be doing,<br />
you’re then guaranteed to lose the fight.”<br />
Lohrenz also encouraged attendees to accept<br />
failure, see it as an opportunity to grow and<br />
look to “banish your limiting beliefs”.<br />
The formal education programme featured<br />
more than 180 sessions spanning the security<br />
spectrum. New for this year, the first day of the<br />
programme was dedicated solely to education,<br />
with a focus on immersive and interactive<br />
learning formats for attendees at all experience
In the Spotlight: ASIS International UK Chapter<br />
levels. Another 2017 innovation, namely ‘Global<br />
Access LIVE!’, provided live streaming of select<br />
education sessions and Keynotes for those<br />
security professionals who were unable to<br />
travel to Dallas.<br />
The reimagined exhibition hall opened on the<br />
Tuesday and featured more than 575 exhibitors<br />
showcasing new and emerging products and<br />
technologies, such as machine learning and<br />
forensic analysis. The show floor also hosted<br />
two ‘impact learning’ theatres, a careers centre,<br />
an international trade centre, a virtual reality<br />
zone and the ASIS International Hub (a onestop<br />
shop for all things ASIS including ‘fireside’<br />
chats, council booths and livestream interviews<br />
with Chuck Harrold of Security Guy Radio).<br />
Exhibitor satisfaction was at an all-time high,<br />
reflected not only in the feedback heard onsite,<br />
but also in terms of stand bookings for ASIS<br />
2018 in Las Vegas. Already, 80% of the net<br />
square footage of the upcoming show floor has<br />
been committed for next year, with 35<br />
companies increasing their space allocation.<br />
In addition, notable brands like the Mobotix<br />
Corporation, the Ford Motor Company,<br />
UrgentLink and others who didn’t exhibit in<br />
Dallas have already committed for 2018.<br />
“ASIS 2017 delivered a prime audience to<br />
promote our software solutions that leverage<br />
emerging technologies such as mixed reality, AI<br />
and machine learning,” said Drew Weston,<br />
director of sales and marketing at CodeLynx.<br />
“The addition of the high quality content on the<br />
show floor not only offered us an opportunity to<br />
learn ourselves, but also drove attendees to the<br />
exhibition and created a ‘buzz’. We had<br />
consistent stand traffic and positive<br />
interactions with buyers, and we’ve already<br />
reserved our spot for Las Vegas.”<br />
Benefits of networking<br />
This year also saw a significantly improved<br />
networking event line-up with an opening night<br />
celebration on Sunday 24 September at<br />
Gilley’s, Dallas and the President’s Reception at<br />
the AT&T Stadium on Wednesday 27<br />
September. Both events drew significant<br />
crowds and provided ideal ‘bookends’ to the<br />
week of learning, as well as opportunities to<br />
welcome new and returning members and form<br />
new working friendships.<br />
For Peter O’Neil, the benefits for attendees at<br />
the show reach well beyond the educational<br />
sessions or tours of the exhibition floor.<br />
“Attendees left empowered with the<br />
information, access to professional networks<br />
and exposure to products and services they<br />
need to protect the people, property and<br />
assets entrusted to their care.”<br />
It was great to catch up with ASIS UK’s<br />
Chapter vice-chairman Mike Hurst, whom I last<br />
saw at ASIS Europe 2017 in Milan. Mike is a<br />
prime example of the dedicated worldwide<br />
members who contribute so much to the<br />
international culture of ASIS. “I was delighted<br />
to contribute to the opening ceremony welcome<br />
video,” stated Hurst, “and it was great to see<br />
my sentiments echoed by colleagues and<br />
friends from ASIS Chapters across the world.”<br />
Mike is planning to attend the leadership<br />
meeting to be held in Washington DC in<br />
January. “As a volunteer leader, I’ve been on<br />
four overseas trips for ASIS this year,” said<br />
Hurst, adding that: “It’s time out of the office<br />
and away from the day job, but the contacts<br />
and friends you make and the knowledge and<br />
experiences gained are invaluable.”<br />
Importantly, Mike went on to add: “One thing<br />
that strikes you about the Annual Seminar and<br />
Exhibition is the sheer scale of the event and<br />
scope of the subjects covered. Enterprise<br />
Security Risk Management, the cyber-physical<br />
debate, Duty of Care and travel security were<br />
just some of the topics discussed during the<br />
educational sessions I attended. I particularly<br />
enjoyed one of the CSO Centre sessions on how<br />
developing your emotional intelligence can<br />
benefit leadership skills.”<br />
Mike Hurst FIRP MSyI:<br />
Vice-Chairman of ASIS UK and<br />
Director of HJA<br />
“Attendees left empowered with the information, access to<br />
professional networks and exposure to products and<br />
services they need in order to protect the people, property<br />
and assets entrusted to their care”<br />
59<br />
www.risk-uk.com
The readers of Risk UK<br />
may not be fully aware<br />
that there have been a<br />
number of changes<br />
made to British<br />
Standard BS 5839 Fire<br />
Detection and Fire<br />
Alarm Systems for<br />
Buildings – Part 1:<br />
Code of Practice for<br />
the Design,<br />
Installation,<br />
Commissioning and<br />
Maintenance of<br />
Systems in Non-<br />
Domestic Premises<br />
following the release<br />
of the 2017 update.<br />
Will Lloyd outlines the<br />
fine detail<br />
Will Lloyd: Technical Manager at<br />
the Fire Industry Association<br />
Changes to BS 5839-1: Fire<br />
Detection and Alarm Systems<br />
Not only is it important to understand BS<br />
5839, but also to keep up-to-date with<br />
any changes so that they can be<br />
addressed and implemented at a given site.<br />
Unlike other sectors where standards are used,<br />
technically speaking there’s no ‘overlap’ or<br />
‘phased entry periods’ for standards within the<br />
fire industry. On that basis, if you haven’t<br />
updated matters pertaining to your site(s) then,<br />
unfortunately, you’re already behind the curve.<br />
The Fire Industry Association (FIA) was<br />
heavily involved in the update procedure for BS<br />
5839-1. The last change to this British Standard<br />
was back in 2013 and, since then, there has<br />
been new research conducted which led to<br />
some of the changes that have been made.<br />
In combination with a number of other<br />
stakeholder groups, the FIA determined to<br />
investigate the causes of false alarms. At the<br />
point of study, no-one knew precisely the exact<br />
reasoning behind false and unwanted fire alarm<br />
events as, in the main, any recording of such an<br />
event is usually simply labelled as exactly that.<br />
No-one knew with any great degree of certainty<br />
why false fire alarms were occurring. This was<br />
the starting point for a research project carried<br />
out with the BRE under the heading ‘Live<br />
Investigations of False Fire Alarms’.<br />
An investigator linked up with the Scottish<br />
Fire and Rescue Service in Glasgow to<br />
investigate the true cause of false or unwanted<br />
alarm signals. The data realised was then<br />
collated and outlined by a researcher.<br />
A surprising result was unearthed. One of the<br />
main causes was actually through accidental<br />
activation (ie people pushing the manual Call<br />
Point button when there wasn’t really a fire in<br />
progress). Sometimes, this was because<br />
members of staff were working with large<br />
trolleys (particularly in hospitals, factories or<br />
warehouses where bulky or heavy items need<br />
to be transported) and accidentally crashed<br />
into the manual Call Point or otherwise knocked<br />
it from the side, in turn activating the alarm.<br />
In other instances, the unwanted signal was<br />
activated when, quite innocently, individuals<br />
pushed the manual Call Point button instead of<br />
the ‘open door’ button when the Call Point was<br />
sighted next to the door, or when staff thought<br />
they could smell smoke. Occasionally, false fire<br />
alarms were due to malicious activations.<br />
As a response to this new research, the FIA’s<br />
Fire Detection and Alarm Councils, along with<br />
other FIA Council groups, reviewed the new<br />
information generated and worked on adding<br />
some changes to the British Standard in a bold<br />
bid to reduce the number of false alarms.<br />
The main change is that all new manual Call<br />
Points must have some variety of protective<br />
cover. This should help in preventing accidental<br />
activation from impact and also force end users<br />
of the fire alarm system to lift the cover before<br />
activation, thereby adding an extra action to the<br />
process of pressing the alarm. This ought to<br />
assist in cutting back on the number of times<br />
the button is pressed accidentally and make<br />
anyone who intends to push the manual Call<br />
Point (whether maliciously or not) think about<br />
whether the alarm should actually be triggered.<br />
Of course, covers for manual Call Points are<br />
not new pieces of equipment. Many<br />
manufacturers have been producing them for<br />
some time now. However, the thing to<br />
remember here is that any new installation<br />
work must use a manual Call Point cover.<br />
Does this mean retrofitting Call Point covers<br />
on all currently existing Call Points? The simple<br />
answer is: ‘No, not necessarily’.<br />
The British Standard only really covers this<br />
point for any new work undertaken since the<br />
publication of the document. However, should a<br />
client request an upgrade then of course this<br />
can be provided. Alternatively, the upgrade can<br />
be carried out at the next convenient juncture,<br />
for example at the next service. The decision<br />
about whether to retroactively fit covers on all<br />
manual Call Points in a given building is down<br />
to the ‘Responsible Person’ or duty holder.<br />
‘Place of ultimate safety’<br />
Another change in the update to BS 5839-1 is<br />
point 20.1 referencing the ‘place of ultimate<br />
safety’, wherein the clause has been expanded<br />
to place emphasis on this.<br />
The reason for the change here is because<br />
not all exits from a building are specifically<br />
designed as fire exits and, during the course of<br />
a fire, people will use any exit (regardless of<br />
whether it’s a designated fire exit). For<br />
example, some openings in the building<br />
envelope (such as a roller shutter door) are not<br />
normally considered as a pedestrian exit, but in<br />
an emergency are likely to be used as such.<br />
Therefore, manual Call Points should be<br />
located on escape routes and, in particular, at<br />
all storey exits and all exits to open air that<br />
60<br />
www.risk-uk.com
FIA Technical Briefing: Amendments to British Standard BS 5839-1<br />
lead to the aforementioned ‘place of ultimate<br />
safety’ (whether or not the exits are specifically<br />
designated as fire exits).<br />
Multi-sensor detectors<br />
In addition, the British Standard has been<br />
updated in regards to multi-sensor detectors.<br />
Those that have fire sensitivity of BS EN 54-7<br />
are now acknowledged as suitable for fire<br />
escape routes, but their configuration must<br />
include smoke detector mode.<br />
The updated BS 5839-1 also makes clear<br />
about the method of inspection and servicing<br />
for multi-sensor detectors. Clause 45.4 states<br />
recommendations for the inspection and testing<br />
of a given system over a 12-month period. In<br />
the first instance: ‘Multi-sensor detectors<br />
should be operated by a method that confirms<br />
the products of combustion in the vicinity of the<br />
detector can reach the sensors and that a fire<br />
signal can be produced as appropriate.’<br />
In addition: ‘The guidance of the<br />
manufacturer on the manner in which the<br />
detector can be functionally tested effectively<br />
should be followed’, while: ‘Multi-sensor fire<br />
detectors should be physically tested by a<br />
method that confirms any products of<br />
combustion in the vicinity of the detector can<br />
reach the sensors and that the appropriate<br />
response is confirmed at the CIE’.<br />
Where the detector or system design permits,<br />
each sensor on which a fire detection decision<br />
depends (eg smoke, heat, CO) should be<br />
physically tested individually. Alternatively,<br />
individual sensors may be physically tested<br />
together if the detection system design allows<br />
simultaneous stimuli and individual sensor<br />
responses to be verified either individually or<br />
collectively. On completion of tests, the system<br />
should be returned to its normal configuration.<br />
It’s also worth noting the update to the<br />
British Standard states that fire detectors<br />
should be sited at the top of a stairway and on<br />
each main landing. This is to ensure that there’s<br />
adequate coverage at every level of the building<br />
as plumes of smoke are unpredictable. There’s<br />
no exact way of knowing where the smoke will<br />
go, meaning that if detectors are not sited<br />
correctly, there could be a delay in the amount<br />
of time between the fire starting and the<br />
system activating an alarm. In reality, a matter<br />
of minutes – or even a few seconds – may be<br />
the difference between the fire being small and<br />
containable and a huge emergency arising.<br />
Put simply, the sooner a fire is detected, the<br />
sooner it can be extinguished.<br />
There have also been a number of other<br />
changes written into the updated British<br />
Standard, including an update of the term<br />
‘false alarms’ to include ‘unwanted alarms’,<br />
more detail on the siting of optical beam<br />
detectors and further information on many<br />
other areas (including cables, wiring and other<br />
interconnections).<br />
Within the scope of this article it’s not really<br />
possible to go into great detail on every single<br />
change, but thankfully the FIA boasts a number<br />
of good resources to help you do just that if<br />
you’re not fully up-to-speed as yet.<br />
Upon the release of the updated British<br />
Standard, the FIA ran a series of seminars<br />
across the UK, from London all the way up to<br />
Glasgow. These heavily-subscribed sessions<br />
proved extremely useful to those who attended<br />
as all of the changes in BS 5839-1 were<br />
presented in an excellent degree of detail.<br />
A video of one of these sessions is now<br />
available both on the FIA’s YouTube channel<br />
and also on the FIA’s website at<br />
www.fia.uk.com (access ‘Video’ under the<br />
‘Resources’ tab). This is meant to be watched<br />
with the seminar slides alongside such that you<br />
can follow along. The seminar slides may be<br />
downloaded from the FIA’s website (or, handily,<br />
direct from the video).<br />
“The main change is that all new manual Call Points must have<br />
some variety of protective cover. This should help in preventing<br />
accidental activation from impact and also force end users of<br />
the fire alarm system to lift the cover before activation”<br />
61<br />
www.risk-uk.com
TUPE Regulations: Is The Security<br />
Business Sector Missing A Trick?<br />
The Transfer of<br />
Undertakings<br />
(Protection of<br />
Employment)<br />
Regulations<br />
(commonly known as<br />
TUPE) staff transfer<br />
process affords<br />
security businesses a<br />
real opportunity to not<br />
only benchmark<br />
themselves, but also –<br />
and more importantly<br />
– engage people from<br />
the outset. Why, then,<br />
is it the case that, alltoo-often,<br />
this<br />
opportunity is lost?<br />
Louise McCree<br />
confronts the issue<br />
62<br />
www.risk-uk.com<br />
During late September, I hosted a webinar<br />
on the subject of ‘Recruitment,<br />
Engagement and Retention Strategies for<br />
the Security Industry’. The free-to-attend online<br />
event was aimed exclusively at senior leaders,<br />
Human Resources (HR) professionals and inhouse<br />
recruitment specialists working for UKbased<br />
companies (including ‘not for profit’<br />
organisations). One of the areas discussed was<br />
my strong conviction that a TUPE transfer<br />
process is a golden opportunity for effective<br />
personnel engagement.<br />
However, it’s my view that, more often than<br />
not, a TUPE transfer ends up being a wasted<br />
opportunity. This could be in part due to the<br />
sheer volume of transfers which occur within<br />
the industry at any one time. As is the case with<br />
most things, the more frequently something<br />
occurs, the more likely it is that people become<br />
complacent about the whole procedure. It’s<br />
then also less likely that the TUPE process will<br />
be seen as an exciting opportunity to make a<br />
connection with new employees.<br />
In those industries where TUPE transfers are<br />
infrequent, I’ve found that the process is<br />
treated with a great deal of respect. The staff<br />
transfers are carefully planned and with great<br />
attention to detail. Sufficient time is devoted to<br />
the process. This ensures employees feel cared<br />
for and looked after. Additionally, it provides<br />
companies with a great way of gathering<br />
information as well as ensuring employee ‘buyin’<br />
from the outset. Finally, it gives the incoming<br />
contractor an opportunity to complete a robust<br />
check of all paperwork and ID documents (an<br />
aspect of process control which is now more<br />
important than ever in the security industry).<br />
Ultimately, TUPE consultations provide<br />
businesses with a moment to pause and listen<br />
to their people. I’ve seen TUPE transfers<br />
completed well, but I’ve also seen some which<br />
were handled badly. The bottom line is that the<br />
more time and effort invested at the beginning<br />
of a TUPE process, the more respect will be<br />
gained from those transferring. In turn, this will<br />
promote better employee engagement.<br />
Due diligence procedures<br />
The due diligence process is often led by an<br />
organisation’s operational or commercial team,<br />
whereupon the focus is primarily on the<br />
financial detail of the transfer (and perhaps<br />
rightly so). Questions such as: ‘Which<br />
contractual benefits are we obliged to honour?’<br />
often arise. Sometimes, the response is: ‘Let’s<br />
only offer what we have to’. It’s no wonder,<br />
then, that some employees are inherently<br />
suspicious of the TUPE process.<br />
In addition, because non-contractual benefits<br />
don’t have to be honoured, they’re often<br />
removed as the business may not be able to<br />
support them financially. It’s fair to say that not<br />
all transfers proceed like this, but there’s no<br />
doubt that the focus needs to shift back<br />
towards the employees. We must recognise that<br />
people are central to all of this. What may be a<br />
relatively inexpensive and easy-to-maintain,<br />
non-contractual benefit might be the very thing<br />
that’s keeping a number of employees<br />
motivated and engaged.<br />
A one-to-one TUPE consultation is a chance<br />
to ask the transferring employees what they felt<br />
about the outgoing contractor and to highlight<br />
any problems they had experienced. It also<br />
affords businesses an opportunity to discover<br />
what motivates the staff and whether there are<br />
any favoured practices that they might be able<br />
to continue. It’s an efficient method of<br />
gathering ideas and suggestions of ways in<br />
which matters could be improved. After all,<br />
people on the front line are probably those best<br />
placed to identify possible solutions.<br />
What areas, then, should be considered<br />
before, during and after a TUPE transfer?<br />
Before the transfer process takes place,<br />
decide which managers and senior leaders will
Security Services: Best Practice Casebook<br />
need to be involved and then arrange to contact<br />
them. Agree on how and when employees are<br />
going to be informed and what messages are to<br />
be delivered. Messages need to be<br />
communicated sensitively as TUPE can be an<br />
unnerving process for some employees.<br />
When it comes to preparing for the transfer,<br />
review employee liability information (this must<br />
be received from the outgoing employer no<br />
later than 28 days prior to the transfer). Book<br />
consultations and allow plenty of time for oneto-one<br />
meetings. Identify exactly who will<br />
transfer. Consider your incoming team’s<br />
uniform, equipment and supplies needs.<br />
Don’t forget to include all those employees<br />
who are not currently at work. For example,<br />
those on maternity/paternity leave, long-term<br />
sick leave or on holiday will all need to be<br />
contacted and informed. Start the knowledge<br />
sharing process. Review all ID documentation,<br />
right to work certification and vetting<br />
information in great detail.<br />
For the transfer itself, appoint a<br />
representative – ideally someone who will be<br />
on site and available all day – to deal with any<br />
queries or concerns. Make sure that the team<br />
have all the relevant contact details (including<br />
those for the Payroll Department, HR and their<br />
respective line managers).<br />
After the transfer process has actively<br />
concluded, undertake an induction programme,<br />
always ensuring that incoming employees both<br />
understand and support the organisation’s<br />
strategic direction. Ensure regular contact with<br />
the site, and encourage new employees to<br />
interact with existing teams in order to build<br />
rapport and create a culture of inclusion from<br />
the outset. In addition, consider establishing an<br />
online survey to evaluate the success of the<br />
transfer and gather information about the ways<br />
in which the process could be improved.<br />
Obligation to consult<br />
The checklist mentions those who are absent<br />
from work at the time when a transfer is taking<br />
place. This is particularly relevant as a business<br />
must ensure that it fulfils an obligation to<br />
consult. Plans must be made to undertake<br />
consultations with those who are away from<br />
work, whether that’s over the telephone, by<br />
writing to them or arranging to visit them –<br />
either at home or at a neutral venue.<br />
Of course, this assumes that they agree to<br />
participate in the consultation process.<br />
Employees, regardless of whether they’re<br />
physically at work, are entitled to know and<br />
understand what’s going on and the business<br />
has an obligation to communicate with them.<br />
In general, any employee who’s part of the<br />
group which is about to transfer is protected by<br />
the TUPE Regulations, including those<br />
employees who are absent on<br />
maternity/paternity or sick leave.<br />
However, there are always exceptions to the<br />
rule. In the recent case of BT Managed Services<br />
Ltd versus Edwards we learned that an<br />
employee who had been on sick leave since<br />
2008 – and for whom there was no likelihood of<br />
a return to work – was not part of the transfer.<br />
The decision came down to the fact that Mr<br />
Edwards hadn’t participated in (and wasn’t<br />
expected to participate in) the economic<br />
activity of an ‘organised grouping’ of<br />
individuals. A person who’s not involved in the<br />
performance of the work cannot be a member<br />
of that group and, as such, isn’t assigned to it<br />
and would not be subject to the transfer.<br />
For its part, BT argued that Mr Edwards<br />
should transfer and appealed the original<br />
decision that he was not part of the ‘organised<br />
grouping’. BT was unsuccessful with its appeal<br />
in front of His Honour Judge Serota QC.<br />
This case highlights the importance of being<br />
very careful when identifying which individuals<br />
are covered by the TUPE Regulations. Merely<br />
looking at where an employee’s assigned will<br />
not be sufficient in this process.<br />
Terms and Conditions<br />
One of the most common questions regarding a<br />
TUPE transfer is: ‘Can I harmonise Terms and<br />
Conditions?’ and, if so: ‘How soon?’. In the<br />
majority of cases, any attempt to vary the<br />
employment contracts of transferring<br />
employees will be void as it’s normally<br />
connected to the transfer.<br />
Employers should also bear in mind that<br />
having an employee’s agreement to a variation<br />
isn’t enough. If the change is a direct result of<br />
the transfer then it’s automatically void. There<br />
are exceptions to this rule, namely that if a<br />
variation is due to an economic, technical or<br />
organisational reason then it may be justifiable.<br />
An example of this might be the introduction of<br />
obligatory new technology as it could result in<br />
fewer employees being required on site.<br />
However, an employer must be able to<br />
demonstrate a genuine business reason for any<br />
variation. The employer should always ensure<br />
it’s fully aware of the potential risks before<br />
proceeding with any kind of harmonisation.<br />
Louise McCree MCIPD:<br />
Founder of effectivehr<br />
“After the transfer process has actively concluded,<br />
undertake an induction programme, always ensuring that<br />
incoming employees both understand and support the<br />
organisation’s strategic direction”<br />
63<br />
www.risk-uk.com
Stopping Persistence From Paying Off<br />
According to global<br />
technology<br />
association ISACA,<br />
74% of organisations<br />
believe they’ll be<br />
targeted by an<br />
Advanced Persistent<br />
Threat at some point,<br />
but only 67% state<br />
that they’re ready to<br />
respond to such an<br />
occurrence when it<br />
does happen. Daniel<br />
Driver offers salient<br />
security advice for<br />
professionals looking<br />
to prevent cyber<br />
criminals’ continued<br />
efforts from paying off<br />
An Advanced Persistent Threat (APT) is a<br />
general name for malware that remains<br />
resident within a network, harvesting data<br />
over a prolonged period of time without<br />
detection by security software. Typically, an APT<br />
may initiate by using techniques such as social<br />
engineering, causing a user to inadvertently<br />
install an exploit on their device. However, an<br />
APT could also manipulate a device from<br />
outside the organisation’s network. If this is<br />
initiated by the user, it’s more likely to subvert<br />
the malware protection mechanisms typically in<br />
place on a given network.<br />
Once network access is gained, the threat<br />
will elevate its level of access to systems and<br />
data, while covering its tracks to minimise the<br />
likelihood of detection. It’s at this point that the<br />
malicious actor has access to all necessary<br />
systems and can begin the intended task(s).<br />
These follow-on stages of the attack could<br />
consist of outbound communications with a<br />
Command and Control server to receive<br />
instructions, perform reconnaissance and<br />
exfiltrate data that’s valuable to the attacker.<br />
APTs blend into background network activity,<br />
making them difficult to identify as malicious<br />
behaviour individually. However, when these<br />
behaviours are correlated together, they begin<br />
to build a picture of suspicious activity over<br />
longer periods of time. For example, periodic<br />
Domain Name Service look-ups to Domain<br />
Generation Algorithm-style addresses, followed<br />
by the transfer of data outside of the network,<br />
would be a potential indication that some form<br />
of persistent threat is operating, whereas none<br />
of these behaviours individually are necessarily<br />
identified as a threat.<br />
To detect this type of activity, an organisation<br />
needs good visibility of its network and control<br />
of the configuration. An APT will likely be ‘less<br />
noisy’ than most malware as they’re often<br />
designed specifically for a particular network<br />
and organisation, rather than a less<br />
sophisticated attack deployed to infiltrate a<br />
mass target list. There may be evidence of<br />
authentication failures, or user accounts being<br />
accessed across multiple devices, as well as<br />
unusual internal communications where<br />
privilege escalation is being attempted,<br />
perhaps alongside unusual outbound sessions<br />
and the egress of key data.<br />
Correlation of multiple behaviours and data<br />
sources can be used to identify activities of<br />
interest. However, depending on the<br />
sophistication of the attack, detection may be<br />
very difficult as an attacker might be using their<br />
‘best tools’ to exploit devices and access data.<br />
Plugging the cyber gap<br />
Education is always key to making employees<br />
aware of the risks associated with clicking on<br />
links or downloading attachments. Security<br />
teams must also understand their risks in the<br />
domain and the APT groups that are likely to<br />
attack. Understanding the tactics, techniques<br />
and procedures used to attack a network will<br />
allow for best preparation in terms of defence.<br />
Enterprises must ensure that the basic<br />
security measures are in place, such as making<br />
certain of adequate patch management, user<br />
access controls, user training and tight<br />
management of devices connected to the<br />
network. Enterprises must then assess their<br />
security risk and what level of security maturity<br />
they need, both from a risk/cost perspective<br />
and a policy perspective.<br />
There are many tools available to ensure that<br />
an enterprise can achieve all the visibility<br />
necessary to monitor the network and the data<br />
that resides within it. However, it’s important<br />
not to let this result in too much information<br />
generating a substantial data monitoring<br />
problem, whereby it’s then impossible to find<br />
the proverbial needle in the haystack.<br />
It’s important to move to an active defence<br />
methodology by monitoring all behaviour on a<br />
64<br />
www.risk-uk.com
Cyber Security: Advanced Persistent Threats<br />
network and having the right tools to pinpoint<br />
the signal from within the network noise. It’s<br />
therefore unlikely that you’ll be able to identify<br />
the APT by performing simple host-based<br />
analysis, since that’s the sort of security APT<br />
attacks are specifically designed to bypass.<br />
Neither may a standard firewall at the<br />
perimeter and anti-virus software on the<br />
endpoint be sufficient to detect APT activity,<br />
especially so if these are threats that haven’t<br />
been seen before. The addition of network<br />
behavioural monitoring to complement these<br />
more traditional security tools provides a<br />
means for detecting ongoing behaviours, even<br />
if they’ve bypassed these other defences.<br />
Blended security architecture<br />
Having a blended security architecture such as<br />
this ensures that, even in the event some<br />
security layers are subverted, a backstop is in<br />
place to prevent ongoing damage. No network<br />
will be 100% secure. It’s vital that, in the event<br />
an APT is present on your network, you’re able<br />
to clearly see when and where it’s active such<br />
that you can take the necessary remedial steps<br />
with the minimum amount of disruption.<br />
Given that APTs are designed to be<br />
persistent, if you’re performing long-term<br />
analysis and correlation it’s possible to identify<br />
the behaviours associated with the APT in order<br />
to prevent it from causing real damage.<br />
Defences should be regularly tested to<br />
ensure that an attacker cannot gain access and<br />
also to make certain that the security tools<br />
employed are identifying the attack in progress.<br />
Business continuity procedures should also be<br />
regularly reviewed and exercised. Consider all<br />
options of an attack and have measures in<br />
place to identify, limit and remove the threat,<br />
recover quickly from the episode and limit<br />
service interruption for the business overall.<br />
APTs are evolving to become more stealthy,<br />
for example by cleaning up any event logs that<br />
have been made by operations performed.<br />
They’re also often aware of virtual machines, so<br />
sandboxing techniques are now proving to be<br />
less effective. APTs tend to use any resources<br />
that they have available on the exploited host<br />
in order to reduce the ability of detection.<br />
This applies to any attack, whether it be from<br />
an APT or mainstream malware, as they’re<br />
always developing to ensure they remain<br />
undetected on a network or device for as long<br />
as possible. File-less malware has become<br />
more prevalent of late, meaning that existing<br />
security solutions watching for evidence of<br />
exploit from activities such as malware<br />
installation on to the hard drive and/or registry<br />
changes are no longer detecting occurrences.<br />
“Defences should be regularly tested to ensure that an<br />
attacker cannot gain access and also to make certain that<br />
the security tools are identifying the attack in progress”<br />
Many APTs are aimed at highly sophisticated<br />
organisations with advanced security, meaning<br />
that gaining ‘legitimate’ access through<br />
techniques such as social engineering or<br />
credential theft are a ‘must’ for them. For<br />
example, it’s often the case that users re-use<br />
passwords which may be exposed in unrelated<br />
data breaches. Attackers can then employ them<br />
to gain access to the network.<br />
There’s no magic trick to shortcut the<br />
detection of APTs, and don’t assume that APTs<br />
are going to be detected in a short timeframe,<br />
either. It can often take a significant amount of<br />
time, resources and tooling to identify the<br />
threat and then perform the forensics needed<br />
to understand what actually happened.<br />
Technology developments such as the Cloud<br />
and BYOD add convenience to an organisation,<br />
but at the potential risk of security. Steps can<br />
be taken to secure sensitive data such as<br />
issuing secured devices and making sure some<br />
areas of the network are ‘air-gapped’.<br />
Some enterprises react to the threat by<br />
installing the most advanced and expensive<br />
tools, without fully understanding what they<br />
offer and how to use them effectively. Equally,<br />
enterprises may install tools simply to meet<br />
policies and ‘tick the box’. It’s always the case<br />
that an organisation should implement a<br />
strategic and measured approach to security.<br />
Persistence can pay off when trying to gain<br />
access to a network, and it’s likely that<br />
someone who’s determined to break in will<br />
almost certainly be successful in doing so.<br />
Organisations must architect a network to<br />
minimise the impact should a breach occur.<br />
Have a backstop in place. Should the APT<br />
make it through your primary and secondary<br />
security defences, its time on the network and<br />
resulting damage can be limited. Network<br />
behavioural monitoring can play a vital role<br />
here. The staged and covert nature of APTs<br />
means correlation of behaviours over time is<br />
critical in their identification and isolation.<br />
Using more traditional network security tools to<br />
deliver anomaly detection or using the latest<br />
reputation feeds are helpful, but they will<br />
certainly not be enough to allow you to identify<br />
the threat and reduce your exposure.<br />
An educated approach to security is crucial,<br />
ensuring Best Practice is in place such that all<br />
networks, endpoints and services are secure<br />
and all end users suitably trained.<br />
Daniel Driver:<br />
Head of Perception Cyber<br />
Security at Chemring<br />
Technology Solutions<br />
65<br />
www.risk-uk.com
Board Members: Adopt Cyber Security<br />
Training to Reduce Enterprise Risk<br />
victim to divulge sensitive personal information<br />
such as corporate log-ins.<br />
Often, the user may never suspect they’ve<br />
been caught out, but with their stolen log-ins,<br />
or thanks to the malware they’ve accidentally<br />
installed in the background, hackers may gain<br />
access to the corporate network. From there,<br />
it’s a short hop to customer data stores, highly<br />
sensitive IP information and trade secrets.<br />
It’s worth noting here that phishing attacks<br />
are on the rise as user training continues to fail.<br />
Verizon claimed earlier this year that the tactic<br />
was present in a fifth (21%) of data breach<br />
attacks in 2016, which is up from just 8% of<br />
attacks the previous year.<br />
A recent UK<br />
Government study<br />
found that over twothirds<br />
(68%) of FTSE<br />
350 Board members<br />
haven’t received any<br />
training to be able to<br />
deal with cyber<br />
incidents. They should<br />
be in no doubt that<br />
effective training is<br />
absolutely vital to<br />
ensure risk<br />
management regimes<br />
are fit-for-purpose,<br />
turning the<br />
organisation’s<br />
weakest link – its staff<br />
– into a strong line of<br />
defence. Alan Levine<br />
examines the subject<br />
The discovery that so few FTSE 350 Board<br />
members are well-versed in the discipline<br />
of cyber security is concerning news.<br />
Senior management are very often picked as<br />
targets for cyber attack and fraud themselves.<br />
Without having engaged in any form of cyber<br />
security training, it’s unlikely these senior<br />
decision-makers will recognise the inherent<br />
value in training and awareness instruction for<br />
all their members of staff.<br />
Board members need to understand exactly<br />
what’s at stake here, then ensure any resulting<br />
training programme produces the desired<br />
behavioural changes. Technology and policy<br />
will only go so far. In the real world, effective<br />
risk mitigation demands employees that know<br />
how to deal with cyber incidents.<br />
Why is cyber security training so important?<br />
Just take a look at the threat landscape. Today’s<br />
organisations face an unprecedented variety<br />
and volume of cyber attacks, privacy challenges<br />
and fraud attempts. Most take advantage, in<br />
some way or another, of gaps in user<br />
awareness and understanding.<br />
Take phishing, for example. This is a triedand-tested<br />
tactic in which victims are usually<br />
sent e-mails spoofed to appear that they<br />
emanate from a trusted source. They either<br />
contain a malicious attachment or link, which<br />
the user is socially engineered into clicking on<br />
or opening, or else e-mails can persuade the<br />
Open to compromise<br />
Then there’s Business e-Mail Compromise<br />
(BEC). This is a relatively new threat requiring<br />
zero malware. It’s basically a giant con trick in<br />
which a cyber criminal e-mails a member of the<br />
finance or accounts payable team and typically<br />
pretends to be the CEO or the CFO. They usually<br />
spoof the sender’s e-mail address to make the<br />
message more convincing, requesting that the<br />
recipient transfer a large sum of corporate<br />
funds to a third party bank account.<br />
Due to the fact that such attacks don’t<br />
involve malware, there’s little that traditional<br />
cyber security tools can do to block them.<br />
Instead, business leaders are reliant upon their<br />
staff to remember their training – if they’ve<br />
been given any – and raise the alarm.<br />
It sounds easy to spot, but the FBI reckons<br />
that firms lost over £4 billion to BEC attacks<br />
between October 2013 and December 2016.<br />
We’ve also seen a surge in ransomware over<br />
recent years, with Trend Micro alone blocking<br />
82 million such threats in the first half of 2017.<br />
This threat also typically arrives in the form of<br />
unsolicited e-mails. All it takes is a misplaced<br />
click from an untrained employee to infect the<br />
entire network, potentially causing service<br />
outages and impacting staff productivity.<br />
The global WannaCry and NotPetya attacks in<br />
May and June of this year even hit big name<br />
firms with large cyber security budgets, in turn<br />
showing that no organisation is 100% safe from<br />
harm. Interestingly, British consumer goods<br />
giant Reckitt Benckiser recently admitted that<br />
NotPetya may yet cause £100 million in losses<br />
as it interfered with the firm’s manufacturing<br />
and distribution systems.<br />
66<br />
www.risk-uk.com
Training and Career Development<br />
First comes the mistake<br />
Major breaches and security incidents like this<br />
often stem from user mistakes brought about<br />
by a lack of training and expertise. They expose<br />
the victim organisation to the risk of<br />
diminished share price and revenue, brand<br />
value and reputation, competitiveness and, of<br />
course, security.<br />
Verizon claimed that “errors” led to 14% of<br />
breaches last year, but that 81% of hackingrelated<br />
incidents were the result of stolen or<br />
weak passwords. Good password management<br />
is another cornerstone of any effective cyber<br />
security training programme.<br />
The Information Commissioner’s Office (ICO)<br />
has good visibility into the impact of human<br />
error. Its most recent statistics show a 20%<br />
increase in data e-mailed to the incorrect<br />
recipient and a 32% increase in failure to redact<br />
data. Separate research has revealed that<br />
nearly half of all breaches reported to the ICO<br />
during 2013-2016 arose as a direct result of<br />
human error by members of staff.<br />
It resulted, for example, in a major privacy<br />
breach at Dyfed-Powys Police in Wales last year<br />
when a member of a local community scheme<br />
was accidentally e-mailed the personal details<br />
of eight local sex offenders by an officer. That<br />
one misplaced click led to a £150,000 fine for<br />
the force. Another cost that it will now have to<br />
absorb alongside ongoing public sector cuts.<br />
Biggest-ever breaches<br />
Phishing attacks designed to trick employees<br />
into handing over their log-ins or downloading<br />
malware have been responsible for some of the<br />
world’s biggest-ever data breaches.<br />
These include the 2014 attack on Sony<br />
Pictures Entertainment, where hackers sent<br />
fake Apple ID verification e-mails to some of the<br />
firm’s top executives. With these credentials,<br />
and information available on LinkedIn, the<br />
criminals managed to ‘guess’ their way into the<br />
Sony network because several victims had used<br />
the same password for their Apple and<br />
corporate log-ins: a classic mistake made by<br />
poorly-trained employees.<br />
The result was a disaster for the firm, both in<br />
terms of the estimated $35 million spent on<br />
repairing its IT systems from the destructive<br />
malware attack and the PR fall-out from leaked<br />
internal e-mails criticising several Hollywood<br />
stars, which eventually led to the resignation of<br />
co-chairman Amy Pascal.<br />
In short, Sony Pictures Entertainment<br />
exposed itself to unnecessarily huge<br />
reputational and financial risks thanks to<br />
mistakes by senior executives which effective<br />
training may well have remedied.<br />
“The global WannaCry and NotPetya attacks in May and<br />
June of this year even hit big name firms with large cyber<br />
security budgets. No organisation is 100% safe from harm”<br />
Preparedness begins with awareness.<br />
Computer users need to know what’s right<br />
before they can do what’s right. From the shop<br />
floor to the Boardroom, from the trainee to the<br />
CEO, everyone must understand the risk,<br />
acknowledge their part in cyber defence and be<br />
trained to respond when it matters most. These<br />
efforts must flow from the top down.<br />
Effective cyber training<br />
What, then, does an effective cyber security<br />
training programme look like?<br />
Every organisation is different so there’s no<br />
one-size-fits-all template that works here.<br />
However, a good place to start is to baseline<br />
current levels of awareness such that you know<br />
the scale of the task in front of you.<br />
Essentially, you need a training platform<br />
which teaches users via real world scenarios,<br />
and one that offers a high degree of<br />
customisation such that you might then<br />
immerse staff in a variety of situations.<br />
Keep lessons short and highly focused: 15-<br />
minute sessions staggered at multiple times<br />
throughout the year will educate without<br />
overwhelming and provide immediate and<br />
practical feedback. Given that the threat<br />
landscape is constantly evolving, this<br />
continuous learning approach is the perfect fit.<br />
It also works well in industry sectors like<br />
healthcare and finance, where busy staff might<br />
well have unpredictable schedules.<br />
In May 2018, two pieces of legislation from<br />
Brussels will result in most – if not all – UK<br />
organisations being required by law to<br />
implement some form of cyber security training.<br />
Given that the maximum fines for noncompliance<br />
within the EU’s General Data<br />
Protection Regulation and the NIS Directive are<br />
likely to be £17 million or 4% of global annual<br />
turnover, this should focus the minds of Boardlevel<br />
executives up and down the country.<br />
Don’t wait for the new regulations to take<br />
hold. Effective training always has and always<br />
will be Best Practice when it comes to<br />
mitigating cyber-related risk. After all, it’s not a<br />
case of ‘If’ your organisation is going to be hit<br />
by a cyber attack, but rather ‘When’.<br />
Leadership can be sensitised to crucial cyber<br />
issues in the same way that end users may be<br />
sensitised to behave and react safely. The key<br />
here is education. Raise cyber awareness and<br />
then you can begin to raise the cyber bar.<br />
Alan Levine: Security Advisor<br />
to Wombat Security<br />
67<br />
www.risk-uk.com
Risk in Action<br />
The Axis Academy<br />
partners with GOSH to<br />
provide specialist<br />
First Aid training<br />
The Axis Academy is now<br />
working with Great Ormond<br />
Street Hospital (GOSH) to<br />
deliver First Aid training<br />
courses for the latter’s Young<br />
People’s Forum (YPF).<br />
The YPF was set up for<br />
patients, ex-patients and<br />
siblings of patients who’ve<br />
been looked after at GOSH and a number of other hospitals around the UK,<br />
including Birmingham Children’s Hospital. It’s designed for 11-to-25 year-olds<br />
who want to have fun, meet new people and learn new skills, with one of the<br />
skills on offer this year being a First Aid/CPR course delivered by The Axis<br />
Academy. The first training day took place on Saturday 14 October.<br />
The First Aid session was developed by the dedicated training team at The<br />
Axis Academy. The company also delivers a number of accredited First Aid<br />
courses through one of the UK’s Awarding Organisations, namely Qualsafe<br />
Awards, ensuring both quality and formal recognition of learning.<br />
Duaine Taylor, head of learning and development at The Axis Academy, told<br />
Risk UK: “The YPF aims to further the enjoyment and skills of young people<br />
connected to GOSH and many other children’s hospitals throughout the UK, and<br />
we’re very pleased to have been chosen to help with this worthwhile cause.”<br />
The Axis Academy is already helping to develop the careers of Axis Security,<br />
Acuity and Axis Cleaning and Support Services employees by delivering an<br />
extensive range of courses. In partnering with GOSH, it’s furthering its goal of<br />
offering services to clients, third party providers and private individuals alike.<br />
In addition to First Aid, other courses provided by The Axis Academy are<br />
categorised under the fundamentals of Customer Service, Fire Safety, Health<br />
and Safety, Security and Supervisor/Management.<br />
More sector-specific courses are tailored within each of these categories, for<br />
example Control and Restraint and Food Hygiene.<br />
Delta Security installs Salto access<br />
control system at Gesher School<br />
Delta Security is ensuring the safety of pupils<br />
and employees at the recently-opened Gesher<br />
School with the installation of a sophisticated<br />
Salto access control and ID pass system.<br />
Based in North London, Gesher School is an<br />
independent primary school that caters for<br />
Jewish children with special educational needs.<br />
It’s entirely funded by way of charitable<br />
donations, and currently has ten children who<br />
receive specialist care from two teachers, five<br />
teaching assistants and four therapists.<br />
The Salto access control solution provides<br />
secure and convenient day-to-day access for<br />
authorised users, and enables school staff to<br />
print temporary ID passes for additional staff<br />
and visitors as required. The system’s easy-touse<br />
software is capable of granting and<br />
restricting access to personnel according to<br />
their authorised areas and duration of visits.<br />
The school shares its site with another local<br />
authority children’s programme so it’s<br />
particularly important that it’s able to restrict<br />
access and have a reliable system at all times<br />
to ensure members of staff know exactly who’s<br />
on site at any given moment.<br />
Gianna Colizza, head teacher of Gesher<br />
Primary School, stated: “The most important<br />
thing for us is to ensure we’re doing everything<br />
we can to safeguard our children.”<br />
LSO selects Advanced protection<br />
for ‘Discovery’ programme<br />
LSO St Luke’s, home of the London Symphony<br />
Orchestra’s (LSO) community and education<br />
programme ‘Discovery’, is now protected by<br />
fire panels from Advanced.<br />
LSO St Luke’s is an 18th Century Grade I-<br />
listed Hawksmoor Church located in the<br />
London Borough of Islington. The church,<br />
which features an unusual obelisk spire,<br />
opened in 1773 and was deconsecrated in<br />
1959 due to subsidence. It lay derelict for<br />
almost 40 years before being brought back to<br />
life in 2003 as the new rehearsal space and<br />
education centre for the LSO.<br />
Upgrading of the fire system was<br />
undertaken by the team at Sussex-based<br />
Crays Fire, who selected the latest Advanced<br />
MxPro 5 panel due to its versatility, reliability<br />
and upgradeability.<br />
Paul Woodhams of Crays Fire commented:<br />
“We were responsible for the original<br />
installation at LSO St Luke’s during its<br />
renovation and, when it came to replacing the<br />
panels, we were confident that the MxPro 5<br />
panel would deliver the specific cause and<br />
effect programming required for this system,<br />
with the flexibility to add further key switches<br />
and inputs to the control panel in the future.”<br />
MxPro offers end users a choice of two<br />
panel ranges, four detector protocols and an<br />
open installer network that enjoys free<br />
training and support. MxPro panels may be<br />
used in single loop, single panel format or<br />
multi-loop, high-speed, 200-panel networks.<br />
68<br />
www.risk-uk.com
Risk in Action<br />
ievo provides biometric access<br />
control to protect state-of-the-art<br />
Security Monitoring Centre<br />
West Midlands-based security expert Cougar<br />
Monitoring has ensured the security of its<br />
own state-of-the-art Monitoring Centre<br />
thanks to the installation of biometric<br />
fingerprint readers from ievo.<br />
Cougar Monitoring’s alarm and CCTV<br />
Operations Centre in Cradley Heath is fullystaffed<br />
on a 24/7 basis by highly-trained and<br />
experienced individuals who provide live<br />
security surveillance and rapid deployment<br />
of mobile response units and notification to<br />
the Emergency Services to ensure the safety<br />
of people and property nationwide.<br />
Specified by Securenett, the security<br />
system also required different levels of<br />
access due to the confidential nature of<br />
several clients’ businesses such that only<br />
authorised personnel with appropriate<br />
permissions could access the different areas<br />
and equipment.<br />
Cougar Monitoring stipulated an<br />
alternative system to traditional card and fob<br />
entry control due to concerns that secondary<br />
credentials can be lost, stolen or shared and<br />
needed a solution that would prove to end<br />
user clients their systems and facilities<br />
operate to the highest security standards.<br />
The solution combines ievo fingerprint<br />
readers with Paxton’s Net2 access control<br />
system for full biometric access control.<br />
CPNI-approved ievo ultimate readers are<br />
employed at external access points, while<br />
micro units provide internal access control<br />
points throughout the building.<br />
Designated operational areas of the<br />
facility are given different access zones.<br />
Employees working in different areas have<br />
all been assigned the required access<br />
permissions applicable to the different zones<br />
controlled by ievo fingerprint reader<br />
identification points.<br />
Furthermore, ievo desktop registration<br />
units are kept on site to allow for new<br />
registrations to be made when required.<br />
Chubb’s Advisor Management solution takes care of fire and<br />
security software upgrade at Coleg Menai<br />
Chubb Fire & Security is helping Welsh further education college Coleg Menai<br />
to further protect students, staff and property by upgrading the client’s fire and<br />
security management software.<br />
Chubb’s Advisor Management software manages and controls 18 panels at<br />
the college’s Bangor Campus and two main sites in Holyhead and Llangefni. It<br />
provides one single interface for fire detection, intruder alarm, access control<br />
and CCTV system management.<br />
“Initially, we approached Chubb regarding panel upgrades,” said Andy<br />
Tomlinson, estates services officer for Coleg Menai, “but on further discussion<br />
with our Chubb account manager and a consultation period with our tech<br />
teams, it was decided that the Advisor Management software would provide<br />
significant efficiencies to the way we manage our fire and security systems.”<br />
The software can be accessed remotely and by more than one operator at a<br />
time, in turn providing facilities management teams with a reliable, efficient,<br />
responsive and powerful system.<br />
Alarm management is combined with live video to give immediate visibility to<br />
any alarm activation. Intruder alarms include live and recorded video to track<br />
the whereabouts of an intruder. As a fully-integrated system, if an alarm is<br />
triggered, lights can be turned on, sounders activated and access granted or<br />
restricted from any connected device.<br />
“Any authorised member of our<br />
team now has access to all systems<br />
and site plans at the touch of a<br />
button, rather than having to switch<br />
between programmes,” explained<br />
Tomlinson in conversation with Risk<br />
UK. “The live video stream in the<br />
corner of the screen is also extremely<br />
useful for verification purposes.”<br />
UK’s largest Public Space Surveillance scheme celebrates<br />
fourth anniversary of successful operations<br />
The Glasgow Operations Centre (GOC) represents the biggest integration of<br />
systems within the Technology Strategy Board’s Future Cities project, involving<br />
as it does the integration of Public Space Surveillance CCTV, urban traffic<br />
management and the city’s civil contingencies.<br />
The GOC was operationally live in 2014 in time to support the management of<br />
the Commonwealth Games and provide comprehensive security surveillance for<br />
the city. Nearly four years on, the Glasgow City Council-operated system is<br />
paying back its Return on Investment, assisting the authorities and the police<br />
service to effectively manage everyday situations across the city.<br />
“The initial contact with Glasgow City Council came from a demonstration of<br />
360 Vision Technology cameras at IFSEC International 2013,” said Adrian Kirk,<br />
director of strategic accounts at 360 Vision Technology. “We were then invited<br />
to discuss the camera project’s requirements and objectives.”<br />
Following on from the Glasgow scheme being awarded central Government<br />
funding, 360 Vision Technology supplied over 500 HD Predator all-in-one PTZ<br />
cameras. The cameras were installed in<br />
and around the city centre, with over 65<br />
being deployed for traffic monitoring<br />
and fitted to community safety vehicles.<br />
Some cameras were supplied with a<br />
built-in LED white light option to enable<br />
Control Room operators to be proactive<br />
when dealing with certain incidents.<br />
69<br />
www.risk-uk.com
Technology in Focus<br />
BS 5839-1:2017 revision recommends protective covers for all<br />
Manual Call Points<br />
In its recent revision of BS 5839-<br />
1:2017 Fire Detection and Fire Alarm<br />
Systems for Buildings – Code of<br />
Practice for the Design, Installation,<br />
Commissioning and Maintenance of<br />
Systems in Non-Domestic Premises, the British Standards Institution<br />
recommends (in Section 20.2b of the update) that: “All manual Call Points<br />
should be fitted with a protective cover, which is moved to gain access to the<br />
frangible elements.”<br />
The changes come after the Fire Industry Association’s Fire Detection and<br />
Alarm Council presented its own recommendations for changes to BS 5839-<br />
1:2017 to the BSI following findings showing that a shocking 44% of Fire and<br />
Rescue Service call-outs turn out to be for false alarms.<br />
All manual Call Points placed in vulnerable areas and prone to false<br />
activations should now be protected, without the need for end users to consult<br />
with their designated fire safety officer.<br />
Safety Technology International (STI) supplies a range of protective covers,<br />
from integral covers through to sounder models.<br />
www.sti-emea.com<br />
GJD launches Clarius PLUS IP LED<br />
illuminator range<br />
GJD has announced the launch of the<br />
company’s all-new Clarius PLUS IP Infrared<br />
and white light LED lighting range for<br />
networked-based security applications.<br />
The range provides dedicated lighting for<br />
IP cameras via Power over Ethernet,<br />
providing a smart and integrated lighting<br />
solution. All models feature the latest dual<br />
core surface mount LEDs with enhanced<br />
optical output and an interchangeable lens<br />
diffuser system to deliver “extremely clear”<br />
night-time images with no hot spots.<br />
Keith Fenwick, CCTV lighting director at<br />
GJD, commented: “The Clarius PLUS IP range<br />
provides all the advantages of the standard<br />
Clarius, but with added secure IP technology<br />
for smart integration.”<br />
www.gjd.co.uk<br />
Hanwha Techwin and TDSi<br />
technology partnership enhances<br />
value of access control and video<br />
surveillance solutions<br />
Video surveillance specialist Hanwha<br />
Techwin and access control expert TDSi<br />
have successfully integrated Wisenet SSM video management<br />
software (VMS) with the EXgarde PRO Access Management PC<br />
software application.<br />
The integration has been achieved via a transaction server module which is<br />
part of the Wisenet SSM VMS solution and links access control activity with<br />
related video captured by Wisenet cameras. Any unauthorised individual<br />
attempting entry into a sensitive area of a building will, for example,<br />
immediately generate an alert and display images of the incident on a Control<br />
Room video wall or spot monitor.<br />
Other possible actions include the triggering of nearby PTZ dome cameras to<br />
commence a pre-configured tour of the surrounding areas to enable operators<br />
to have a complete understanding of what may be happening and the display<br />
of the respective access control point on a map of the building.<br />
EXgarde PRO is a fully-featured Access Management PC software application<br />
which can be used to control one door at one site with just a small number of<br />
users through to thousands of doors at multiple sites with thousands of users.<br />
It’s designed to seamlessly integrate the many aspects of a security and<br />
building management system using a single database and a single user<br />
interface. These include fire, intrusion, building automation and management,<br />
Active Directory and biometric technologies as well as video surveillance.<br />
Wisenet SSM has been developed by Hanwha Techwin to ensure end users<br />
achieve maximum benefit from the comprehensive range of Wisenet IP network<br />
cameras, recording devices and servers, while also facilitating integration with<br />
third party systems such as access control and intruder alarms. It also supports<br />
the specialist analytics Apps which can be run on Wisenet cameras.<br />
www.hanwha-security.eu<br />
Genesys Enterprise ISMS<br />
technology introduced by<br />
Intergrated Security Manufacturing<br />
Intergrated Security Manufacturing (ISM) has<br />
introduced an Enterprise version of its proven<br />
Genesys integrated security management<br />
system (ISMS). Already deployed within the CNI<br />
sector, the new ISMS offers users “unparalleled<br />
scale, redundancy and ease of use”.<br />
As an enhancement of the existing Genesys2,<br />
the Enterprise version has been developed with<br />
the largest organisations in mind. Genesys is<br />
fully-scalable to manage and control multiple<br />
sites from a single Control Room.<br />
www.ism-uk.com<br />
70<br />
www.risk-uk.com
Technology in Focus<br />
Compact four-channel DR-1204P<br />
NVR developed by IDIS<br />
IDIS has launched is latest NVR. Designated the<br />
DR-1204P, the company states that the new<br />
model is packed with an array of essential and<br />
easy-to-use features.<br />
The DR-1204P supports up to 5 MP HD<br />
recording and one month’s footage retention<br />
and uses the IDIS Intelligent Codec to deliver<br />
“significant savings” on bandwidth and storage,<br />
particularly when used with Motion Adaptive<br />
Transmission, in those areas where there’s little<br />
to no motion and out of hours.<br />
In addition, IDIS DirectIP solutions reduce the<br />
burden of implementation and training time,<br />
while ensuring lower maintenance and energy<br />
costs and an extended product lifecycle.<br />
The new four-channel NVR also comes with<br />
totally cost-free video management software,<br />
IDIS Center and mobile Apps. This means<br />
absolutely zero licensing costs without any<br />
ongoing service or maintenance fees.<br />
Dr Peter Kim, senior director at IDIS,<br />
informed Risk UK: “The DirectIP DR-1204P Full-<br />
HD NVR is the very embodiment of our<br />
longstanding commitment to meet ‘any<br />
surveillance need of any size’.”<br />
www.idisglobal.com<br />
Todd Research brings to<br />
market TR15 + Smart Scan X-<br />
ray scanner with “big<br />
detection capabilities”<br />
The latest generation TR15 + Smart<br />
Scan cabinet scanner from Todd<br />
Research signifies “a new benchmark”<br />
for threat detection and image<br />
management in compact cabinet<br />
scanners. At the heart of the TR15-CT4<br />
is a completely new software platform<br />
for functionality management and an<br />
intuitive user interface delivered via a<br />
22” touch screen monitor.<br />
A high quality digital camera and<br />
enhanced X-ray generator deliver<br />
superior image quality for greater<br />
detection. The user-friendly touch<br />
screen interface provides easy access to<br />
all enhancement tools, thereby enabling<br />
rapid image processing.<br />
Thanks to a three-point density alert,<br />
system operators can define the elements of<br />
a suspect device, such as metal components<br />
including detonators and batteries.<br />
The Enhanced Powder Detection software<br />
also allows greater recognition of powderbased<br />
and bio threats.<br />
Images are stored locally on an automatic<br />
basis or on an external hard drive for easy<br />
reference and verification. For the end user,<br />
‘one-touch’ e-mail functionality enables the<br />
streamlined escalation of potential suspect<br />
images to security professionals.<br />
www.toddresearch.co.uk<br />
Extended Power over Ethernet<br />
cameras cover new distances<br />
thanks to Dahua Technology<br />
Dahua Technology has launched a range of<br />
extended Power over Ethernet (ePoE) cameras,<br />
network switches and network recorders that<br />
enable integrators to go beyond the usual<br />
transmission distances.<br />
Dahua ePoE IP products support up to 800<br />
metres between camera and network switch or<br />
NVR. This solution overcomes the limitations<br />
of traditional Ethernet and PoE, which restrict<br />
cable runs between network ports to 100<br />
metres. This eliminates the need for Ethernet<br />
extension units and intermediate repeater<br />
network switching.<br />
These new products are ideal for seamless<br />
analogue-to-IP migration involving IP video,<br />
audio, control and power transmission over<br />
coax cable using an ePoE-BNC adaptor. The<br />
extended PoE transmission<br />
achieves distances of 800 metres<br />
at 10 Mbps/13 W or 300 metres<br />
at 100 Mbps/25.4 W.<br />
Dahua has developed a wide<br />
selection of cameras using the<br />
new approach, covering<br />
resolutions from 1080P to 4K and<br />
in many formats, including box,<br />
bullet, dome and eyeball models.<br />
Integrators and their end user<br />
customers also benefit from the<br />
company’s varifocal and fixed<br />
lens types, which meet most<br />
project requirements.<br />
The ePoE Series has been<br />
developed from Dahua’s 3.0 portfolio and<br />
inherits class-leading functionality, including<br />
Smart Video Detection (tripwire, intrusion and<br />
abandoned/missing detection).<br />
www.dahuasecurity.com/uk<br />
71<br />
www.risk-uk.com
thepaper<br />
Business News for Security Professionals<br />
Pro-Activ Publications is embarking on a revolutionary<br />
launch: a FORTNIGHTLY NEWSPAPER dedicated to the<br />
latest financial and business information for<br />
professionals operating in the security sector<br />
The Paper will bring subscribers (including CEOs,<br />
managing directors and finance directors within the<br />
UK’s major security businesses) all the latest company<br />
and sector financials, details of business re-brands,<br />
market research and trends and M&A activity<br />
FOR FURTHER INFORMATION<br />
ON THE PAPER CONTACT:<br />
Brian Sims BA (Hons) Hon FSyI<br />
(Editor, The Paper and Risk UK)<br />
Telephone: 020 8295 8304<br />
e-mail: brian.sims@risk-uk.com<br />
www.thepaper.uk.com
Appointments<br />
Paul Barnard<br />
Ward Security has<br />
appointed Paul Barnard in<br />
the role of security, risk and<br />
mitigation director. In this<br />
newly-created role, Barnard<br />
will be actively involved in<br />
security risk assessment<br />
and management as well as<br />
the design of effective client<br />
contingency planning.<br />
Barnard has spent the last 27 years working<br />
for the City of London Police and was latterly<br />
Detective Chief Superintendent for the Crime<br />
Directorate where he served as head of serious<br />
and organised crime investigations.<br />
During his time with the City of London<br />
Police, Barnard operated at the highest level,<br />
establishing key relationships with senior policy<br />
advisors, briefing ministers and working with<br />
officials at the Home Office. He has also been at<br />
the forefront of delivering new and proactive<br />
solutions to crime and, for the last four years,<br />
has been involved in the creation of national<br />
security strategies designed to mitigate,<br />
prepare for and protect against terrorism.<br />
Barnard will now work alongside the<br />
operations team, taking up his duties in January<br />
2018. In his new position at Ward Security,<br />
Barnard aims to ensure the implementation of<br />
cost-effective and efficient measures configured<br />
to protect the personnel, assets and reputation<br />
of clients’ businesses, focus on planning,<br />
designing and implementing overall security<br />
risk management processes and also immerse<br />
himself in the detail of client contingency<br />
planning procedures.<br />
David Ward, CEO at Ward Security, informed<br />
Risk UK: “Paul’s knowledge of counter-terrorism<br />
and security will ensure that we continue to<br />
deliver the best solutions for our clients.”<br />
David Smyth<br />
ASSA ABLOY Access Control has strengthened<br />
its team by appointing a new regional sales<br />
manager and business development executive.<br />
As regional sales manager, David Smyth will<br />
be responsible for identifying and qualifying<br />
new sales channels, developing and<br />
integrating new OEM partners, providing<br />
support to systems integrators and<br />
strengthening all working relationships with<br />
the company’s existing customers.<br />
Smyth was appointed as a technical<br />
engineer in October 2016 and responsible for<br />
managing technical enquiries and resolving<br />
issues for customers. He also led training<br />
courses highlighting Best Practice and<br />
Appointments<br />
Risk UK keeps you up-to-date with all the latest people<br />
moves in the security, fire, IT and Government sectors<br />
John Houghton<br />
Elmdene International – a supplier of electronic<br />
products to the CCTV, access control and fire<br />
sectors for over 50 years – is pleased to<br />
announce an addition to the business that<br />
completes the company’s UK sales team. John<br />
Houghton has joined as regional sales manager<br />
tasked with looking after Northern UK.<br />
Houghton will be leading Elmdene’s growth<br />
within the region by continuing the delivery of a<br />
first class service for both new and existing<br />
customers. Houghton comes to Elmdene with<br />
over 20 years’ experience in the UK’s security<br />
industry having worked in sales and business<br />
development management positions focused<br />
around the distribution and integration of<br />
intruder and access control products.<br />
Sharon Ramsay, general manager at Elmdene<br />
International, said: “Customer service and<br />
growing our business is the core focus of<br />
everything that we do. John brings a wealth of<br />
experience from the industry to support that<br />
focus, further adding to the skills and<br />
knowledge of our existing sales team. His<br />
appointment means that we now have a<br />
dedicated focus in the North of the UK. I know<br />
John will be a great asset to Elmdene.”<br />
Speaking about his new role, Houghton told<br />
Risk UK: “I’m delighted to be joining Elmdene.<br />
Having worked with Elmdene’s products for a<br />
number of years, this is a great opportunity to<br />
join the team at an exciting time. I’m looking<br />
forward to working with the customer base.”<br />
addressing common industry challenges for<br />
the division’s extensive OEM network and<br />
system integrator database.<br />
“I’m thrilled to have been recognised for my<br />
work,” said Smyth, “and I’m looking forward to<br />
taking on new responsibilities as part of the<br />
sales team as well as applying my expertise at<br />
a higher level.”<br />
In parallel, Claire Jones’ appointment as<br />
business development executive for the<br />
company will see her supporting and further<br />
developing strategic working relationships<br />
with the division’s current partners.<br />
Prior to her promotion, Jones worked as a<br />
marketing assistant for ASSA ABLOY, helping<br />
to deliver the group’s marketing activities and<br />
implement marketing strategy.<br />
73<br />
www.risk-uk.com
Appointments<br />
Paul Atkinson<br />
Evolution, the integrated security and fire solutions<br />
business, has appointed Paul Atkinson as technical sales<br />
engineer to support the company’s commercial team in<br />
further growing the business within key sectors.<br />
Atkinson harbours extensive experience of intruder, fire<br />
and CCTV systems, most recently gained within the<br />
pharmaceuticals industry. He originally trained as a<br />
carpenter and joiner before studying for a City & Guilds<br />
Electrical Engineering qualification that resulted in a 23-<br />
year career in the electronic security industry.<br />
“Systems integration can be a challenge,” explained Atkinson, “and<br />
especially so when integrating separate technologies into the final proposal.<br />
Once we’ve engineered a solution, we have to know that the theory works in<br />
practice before presenting it to the end user customer.”<br />
Reporting to business development manager Russell Loneragan, Atkinson<br />
joins Evolution following the recent launch of its new Evolution Design Division<br />
that supports third parties and consultants with their design projects.<br />
“Every question is a challenge, but I’m confident we can answer each of them<br />
as a team,” stated Atkinson. “Between us, we have specialist knowledge of i-<br />
LIDS, CNI and ATEX for dealing with the most hazardous environments.”<br />
Mark Douglas<br />
Texecom is pleased to<br />
announce the<br />
appointment of Mark<br />
Douglas as sales director<br />
for the Haslingden-based<br />
electronic security<br />
solutions specialist.<br />
Douglas joins Texecom<br />
direct from Pareto Law,<br />
where he was responsible for the orchestration<br />
and delivery of a range of sales training and<br />
development programmes.<br />
Prior to his role at Pareto, Douglas held<br />
senior sales director remits with HRS UK,<br />
American Express and the UK Post Office.<br />
Douglas holds a degree in Economics from<br />
the University of Liverpool.<br />
Commenting on Douglas’ appointment, Jim<br />
Ludwig (Texecom’s managing director)<br />
explained to Risk UK: “Mark’s experience of<br />
developing sales team talent, proven success in<br />
developing new sales markets and channels<br />
and his fresh perspective will help Texecom<br />
meet the business’ overriding goal of adding<br />
value for our customers above that which is<br />
expected of traditional intrusion systems.”<br />
Texecom protects people and property<br />
throughout the world. An award-winning, UKbased<br />
manufacturer, Texecom’s product<br />
portfolio includes a complete range of security<br />
motion detectors, control equipment, perimeter<br />
protection devices, fire detectors, signalling<br />
devices and wireless peripherals.<br />
Texecom incorporates Klaxon Signals, the<br />
business that produces audio-visual warning<br />
devices for the fire protection sector.<br />
Alex Rumsey<br />
Integrated security<br />
manufacturer TDSi has<br />
appointed Alex Rumsey<br />
as director of UK sales.<br />
Rumsey’s promotion sees<br />
him take on the new role<br />
having previously served<br />
as channel partner<br />
manager at the Poolebased<br />
company.<br />
Reflecting on the promotion, TDSi’s managing<br />
director John Davies commented: “We’re very<br />
excited to announce Alex’s appointment to this<br />
critical role. It’s a promotion that’s very well<br />
deserved. Alex has proven time and again that<br />
he has the expertise, ability and dedication to<br />
successfully promote TDSi’s products and<br />
services to the UK market. He’s the perfect<br />
person to steer our continued growth plans.”<br />
Commenting on his promotion, Rumsey told<br />
Risk UK: “I’m delighted to be taking on the<br />
senior sales role for the UK. The domestic<br />
market is a key region for us. There are huge<br />
opportunities for TDSi to grow and expand here<br />
in the UK and I’ll be looking to focus our team<br />
fully on these, as well as supporting our<br />
existing customers and partners.”<br />
Etienne Ricoux<br />
Fire protection systems<br />
specialist Advanced has<br />
appointed Etienne<br />
Ricoux as the<br />
company’s new head of<br />
sales. Previously<br />
Advanced’s regional<br />
sales manager for<br />
Europe, Ricoux will now<br />
oversee sales across all of Advanced’s<br />
territories outside of North America.<br />
Commenting on the appointment,<br />
Advanced’s managing director Ray Hope<br />
explained: “I’m delighted to announce<br />
Etienne’s appointment. We interviewed some<br />
very strong candidates from both within the<br />
business and externally, but Etienne’s<br />
experience and success in export across<br />
different fire sectors, as well as other high<br />
value industries, was one of the deciding<br />
factors involved.”<br />
Ricoux himself stated: “I’m absolutely<br />
delighted and very proud to become head of<br />
sales for the business. Advanced is a great<br />
company with a superb team that’s driving<br />
growth across international markets. Our<br />
strategy is well defined and I now very much<br />
look forward to developing both existing and<br />
new regional partnerships.”<br />
74<br />
www.risk-uk.com
“<br />
You have to be here if you want<br />
to be regarded as a key player<br />
in the security market.<br />
“<br />
27,658<br />
visitors from<br />
116 countries<br />
79%<br />
of visitors come to<br />
source new products<br />
£20.7bn<br />
total budget of<br />
visitors to IFSEC 2017<br />
Enquire about exhibiting at IFSEC 2018: ifsec.events/international<br />
Proud to be supported by:
Best Value Security Products from Insight Security<br />
www.insight-security.com Tel: +44 (0)1273 475500<br />
...and<br />
lots<br />
more<br />
Computer<br />
Security<br />
Anti-Climb Paints<br />
& Barriers<br />
Metal Detectors<br />
(inc. Walkthru)<br />
Security, Search<br />
& Safety Mirrors<br />
Security Screws &<br />
Fastenings<br />
Padlocks, Hasps<br />
& Security Chains<br />
Key Safes & Key<br />
Control Products<br />
Traffic Flow &<br />
Management<br />
see our<br />
website<br />
ACCESS CONTROL<br />
KERI SYSTEMS UK LTD<br />
Tel: + 44 (0) 1763 273 243<br />
Fax: + 44 (0) 1763 274 106<br />
Email: sales@kerisystems.co.uk<br />
www.kerisystems.co.uk<br />
ACCESS CONTROL<br />
ACCESS CONTROL<br />
ACT<br />
ACT – Ireland, Unit C1, South City Business Park,<br />
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100<br />
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,<br />
Warrington, WA3 7GB. Tel: +44 161 236 9488<br />
sales@act.eu www.act.eu<br />
ACCESS CONTROL – BARRIERS, GATES, CCTV<br />
ABSOLUTE ACCESS<br />
Aberford Road, Leeds, LS15 4EF<br />
Tel: 01132 813511<br />
E: richard.samwell@absoluteaccess.co.uk<br />
www.absoluteaccess.co.uk<br />
Access Control, Automatic Gates, Barriers, Blockers, CCTV<br />
ACCESS CONTROL<br />
COVA SECURITY GATES LTD<br />
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards<br />
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68<br />
Tel: 01293 553888 Fax: 01293 611007<br />
Email: sales@covasecuritygates.com<br />
Web: www.covasecuritygates.com<br />
ACCESS CONTROL & DOOR HARDWARE<br />
ALPRO ARCHITECTURAL HARDWARE<br />
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,<br />
Waterproof Keypads, Door Closers, Deadlocks plus many more<br />
T: 01202 676262 Fax: 01202 680101<br />
E: info@alpro.co.uk<br />
Web: www.alpro.co.uk<br />
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES<br />
HTC PARKING AND SECURITY LIMITED<br />
St. James’ Bus. Centre, Wilderspool Causeway,<br />
Warrington Cheshire WA4 6PS<br />
Tel 01925 552740 M: 07969 650 394<br />
info@htcparkingandsecurity.co.uk<br />
www.htcparkingandsecurity.co.uk<br />
ACCESS CONTROL<br />
INTEGRATED DESIGN LIMITED<br />
Integrated Design Limited, Feltham Point,<br />
Air Park Way, Feltham, Middlesex. TW13 7EQ<br />
Tel: +44 (0) 208 890 5550<br />
sales@idl.co.uk<br />
www.fastlane-turnstiles.com<br />
ACCESS CONTROL<br />
SECURE ACCESS TECHNOLOGY LIMITED<br />
Authorised Dealer<br />
Tel: 0845 1 300 855 Fax: 0845 1 300 866<br />
Email: info@secure-access.co.uk<br />
Website: www.secure-access.co.uk<br />
ACCESS CONTROL MANUFACTURER<br />
NORTECH CONTROL SYSTEMS LTD.<br />
Nortech House, William Brown Close<br />
Llantarnam Park, Cwmbran NP44 3AB<br />
Tel: 01633 485533<br />
Email: sales@nortechcontrol.com<br />
www.nortechcontrol.com<br />
Custom Designed Equipment<br />
• Indicator Panels<br />
• Complex Door Interlocking<br />
• Sequence Control<br />
• Door Status Systems<br />
• Panic Alarms<br />
<br />
• Bespoke Products<br />
www.hoyles.com<br />
sales@hoyles.com<br />
Tel: +44 (0)1744 886600<br />
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES<br />
UKB INTERNATIONAL LTD<br />
Planet Place, Newcastle upon Tyne<br />
Tyne and Wear NE12 6RD<br />
Tel: 0845 643 2122<br />
Email: sales@ukbinternational.com<br />
Web: www.ukbinternational.com<br />
Hoyles are the UK’s leading supplier of<br />
custom designed equipment for the<br />
security and access control industry.<br />
From simple indicator panels to<br />
complex door interlock systems.<br />
BUSINESS CONTINUITY<br />
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT<br />
VANDERBILT INTERNATIONAL (UK) LTD<br />
Suite 7, Castlegate Business Park<br />
Caldicot, South Wales NP26 5AD UK<br />
Main: +44 (0) 2036 300 670<br />
email: info.uk@vanderbiltindustries.com<br />
web: www.vanderbiltindustries.com<br />
BUSINESS CONTINUITY MANAGEMENT<br />
CONTINUITY FORUM<br />
Creating Continuity ....... Building Resilience<br />
A not-for-profit organisation providing help and support<br />
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845<br />
Email: membership@continuityforum.org<br />
Web: www.continuityforum.org<br />
www.insight-security.com Tel: +44 (0)1273 475500
CCTV<br />
CCTV<br />
Rapid Deployment Digital IP High Resolution CCTV<br />
40 hour battery, Solar, Wind Turbine and Thermal Imaging<br />
Wired or wireless communication fixed IP<br />
CE Certified<br />
Modicam Europe, 5 Station Road, Shepreth,<br />
Cambridgeshire SG8 6PZ<br />
www.modicam.com sales@modicameurope.com<br />
CCTV SPECIALISTS<br />
PLETTAC SECURITY LTD<br />
Unit 39 Sir Frank Whittle Business Centre,<br />
Great Central Way, Rugby, Warwickshire CV21 3XH<br />
Tel: 01788 567811 Fax: 01788 544 549<br />
Email: jackie@plettac.co.uk<br />
www.plettac.co.uk<br />
CONTROL ROOM & MONITORING SERVICES<br />
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS<br />
ALTRON COMMUNICATIONS EQUIPMENT LTD<br />
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ<br />
Tel: +44 (0) 1269 831431<br />
Email: cctvsales@altron.co.uk<br />
Web: www.altron.co.uk<br />
ADVANCED MONITORING SERVICES<br />
EUROTECH MONITORING SERVICES LTD.<br />
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring<br />
• Vehicle Tracking • Message Handling<br />
• Help Desk Facilities • Keyholding/Alarm Response<br />
Tel: 0208 889 0475 Fax: 0208 889 6679<br />
E-MAIL eurotech@eurotechmonitoring.net<br />
Web: www.eurotechmonitoring.net<br />
CCTV<br />
G-TEC<br />
Gtec House, 35-37 Whitton Dene<br />
Hounslow, Middlesex TW3 2JN<br />
Tel: 0208 898 9500<br />
www.gtecsecurity.co.uk<br />
sales@gtecsecurity.co.uk<br />
DISTRIBUTORS<br />
SPECIALISTS IN HD CCTV<br />
MaxxOne<br />
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.maxxone.com<br />
sales@onlinesecurityproducts.co.uk<br />
www.onlinesecurityproducts.co.uk<br />
CCTV & IP SECURITY SOLUTIONS<br />
PANASONIC SYSTEM COMMUNICATIONS COMPANY<br />
EUROPE<br />
Panasonic House, Willoughby Road<br />
Bracknell, Berkshire RG12 8FP UK<br />
Tel: 0207 0226530<br />
Email: info@business.panasonic.co.uk<br />
AWARD-WINNING, LEADING GLOBAL WHOLESALE<br />
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.<br />
ADI GLOBAL DISTRIBUTION<br />
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company<br />
also offers an internal technical support team, dedicated field support engineers along with a suite of<br />
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified<br />
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online<br />
account, installers can order up to 7pm for next day delivery.<br />
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk<br />
COMMUNICATIONS & TRANSMISSION EQUIPMENT<br />
KBC NETWORKS LTD.<br />
Barham Court, Teston, Maidstone, Kent ME18 5BZ<br />
www.kbcnetworks.com<br />
Phone: 01622 618787<br />
Fax: 020 7100 8147<br />
Email: emeasales@kbcnetworks.com<br />
TO ADVERTISE HERE CONTACT:<br />
Paul Amura<br />
Tel: 020 8295 8307<br />
Email: paul.amura@proactivpubs.co.uk<br />
DIGITAL IP CCTV<br />
SESYS LTD<br />
High resolution ATEX certified cameras, rapid deployment<br />
cameras and fixed IP CCTV surveillance solutions available with<br />
wired or wireless communications.<br />
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG<br />
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333<br />
Email: info@sesys.co.uk www.sesys.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS<br />
CONTROL AND INTRUDER DETECTION SOLUTIONS<br />
NORBAIN SD LTD<br />
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP<br />
Tel: 0118 912 5000 Fax: 0118 912 5001<br />
www.norbain.com<br />
Email: info@norbain.com<br />
INTEGRATED SECURITY SOLUTIONS<br />
INNER RANGE EUROPE LTD<br />
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,<br />
Reading, Berkshire RG74GB, United Kingdom<br />
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001<br />
Email: ireurope@innerrange.co.uk<br />
www.innerrange.com<br />
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION<br />
SATSECURE<br />
Hikivision & MaxxOne (logos) Authorised Dealer<br />
Unit A10 Pear Mill, Lower Bredbury,<br />
Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.satsecure.uk<br />
PERIMETER PROTECTION<br />
IDENTIFICATION<br />
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS<br />
GJD MANUFACTURING LTD<br />
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX<br />
Tel: + 44 (0) 1706 363998<br />
Fax: + 44 (0) 1706 363991<br />
Email: info@gjd.co.uk<br />
www.gjd.co.uk<br />
COMPLETE SOLUTIONS FOR IDENTIFICATION<br />
DATABAC GROUP LIMITED<br />
1 The Ashway Centre, Elm Crescent,<br />
Kingston upon Thames, Surrey KT2 6HH<br />
Tel: +44 (0)20 8546 9826<br />
Fax:+44 (0)20 8547 1026<br />
enquiries@databac.com<br />
INDUSTRY ORGANISATIONS<br />
PERIMETER PROTECTION<br />
GPS PERIMETER SYSTEMS LTD<br />
14 Low Farm Place, Moulton Park<br />
Northampton, NN3 6HY UK<br />
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097<br />
E-mail: info@gpsperimeter.co.uk<br />
Web site: www.gpsperimeter.co.uk<br />
POWER<br />
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY<br />
BRITISH SECURITY INDUSTRY ASSOCIATION<br />
Tel: 0845 389 3889<br />
Email: info@bsia.co.uk<br />
Website: www.bsia.co.uk<br />
Twitter: @thebsia<br />
POWER SUPPLIES – DC SWITCH MODE AND AC<br />
DYCON LTD<br />
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER<br />
Tel: 01443 471900 Fax: 01443 479 374<br />
Email: sales@dyconpower.com<br />
www.dyconpower.com<br />
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY<br />
SSAIB<br />
7-11 Earsdon Road, West Monkseaton<br />
Whitley Bay, Tyne & Wear<br />
NE25 9SX<br />
Tel: 0191 2963242<br />
Web: www.ssaib.org<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
ADEPT POWER SOLUTIONS LTD<br />
Adept House, 65 South Way, Walworth Business Park<br />
Andover, Hants SP10 5AF<br />
Tel: 01264 351415 Fax: 01264 351217<br />
Web: www.adeptpower.co.uk<br />
E-mail: sales@adeptpower.co.uk<br />
INTEGRATED SECURITY SOLUTIONS<br />
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS<br />
HONEYWELL SECURITY AND FIRE<br />
Tel: +44 (0) 844 8000 235<br />
E-mail: securitysales@honeywell.com<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
UNINTERRUPTIBLE POWER SUPPLIES LTD<br />
Woodgate, Bartley Wood Business Park<br />
Hook, Hampshire RG27 9XA<br />
Tel: 01256 386700 5152 e-mail:<br />
sales@upspower.co.uk<br />
www.upspower.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
SECURITY<br />
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS<br />
INSIGHT SECURITY<br />
Units 1 & 2 Cliffe Industrial Estate<br />
Lewes, East Sussex BN8 6JL<br />
Tel: 01273 475500<br />
Email:info@insight-security.com<br />
www.insight-security.com<br />
CASH & VALUABLES IN TRANSIT<br />
CONTRACT SECURITY SERVICES LTD<br />
Challenger House, 125 Gunnersbury Lane, London W3 8LH<br />
Tel: 020 8752 0160 Fax: 020 8992 9536<br />
E: info@contractsecurity.co.uk<br />
E: sales@contractsecurity.co.uk<br />
Web: www.contractsecurity.co.uk<br />
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950<br />
TODD RESEARCH<br />
1 Stirling Way, Papworth Business Park<br />
Papworth Everard, Cambridgeshire CB23 3GY<br />
United Kingdom<br />
Tel: 01480 832202<br />
Email: xray@toddresearch.co.uk<br />
FENCING SPECIALISTS<br />
J B CORRIE & CO LTD<br />
Frenchmans Road<br />
Petersfield, Hampshire GU32 3AP<br />
Tel: 01730 237100<br />
Fax: 01730 264915<br />
email: fencing@jbcorrie.co.uk<br />
INTRUSION DETECTION AND PERIMETER PROTECTION<br />
OPTEX (EUROPE) LTD<br />
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre<br />
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B<br />
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ<br />
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311<br />
Email: sales@optex-europe.com<br />
www.optex-europe.com<br />
ONLINE SECURITY SUPERMARKET<br />
EBUYELECTRICAL.COM<br />
Lincoln House,<br />
Malcolm Street<br />
Derby DE23 8LT<br />
Tel: 0871 208 1187<br />
www.ebuyelectrical.com<br />
LIFE SAFETY EQUIPMENT<br />
C-TEC<br />
Challenge Way, Martland Park,<br />
Wigan WN5 OLD United Kingdom<br />
Tel: +44 (0) 1942 322744<br />
Fax: +44 (0) 1942 829867<br />
Website: www.c-tec.com<br />
PERIMETER SECURITY<br />
TAKEX EUROPE LTD<br />
Aviary Court, Wade Road, Basingstoke<br />
Hampshire RG24 8PE<br />
Tel: +44 (0) 1256 475555<br />
Fax: +44 (0) 1256 466268<br />
Email: sales@takex.com<br />
Web: www.takex.com<br />
SECURITY EQUIPMENT<br />
PYRONIX LIMITED<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY.<br />
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042<br />
www.facebook.com/Pyronix<br />
www.linkedin.com/company/pyronix www.twitter.com/pyronix<br />
SECURITY SYSTEMS<br />
BOSCH SECURITY SYSTEMS LTD<br />
PO Box 750, Uxbridge, Middlesex UB9 5ZJ<br />
Tel: 0330 1239979<br />
E-mail: uk.securitysystems@bosch.com<br />
Web: uk.boschsecurity.com<br />
INTRUDER AND FIRE PRODUCTS<br />
CQR SECURITY<br />
125 Pasture road, Moreton, Wirral UK CH46 4 TH<br />
Tel: 0151 606 1000<br />
Fax: 0151 606 1122<br />
Email: andyw@cqr.co.uk<br />
www.cqr.co.uk<br />
SECURITY EQUIPMENT<br />
CASTLE<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY<br />
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042<br />
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity<br />
www.twitter.com/castlesecurity<br />
QUALITY SECURITY AND SUPPORT SERVICES<br />
CONSTANT SECURITY SERVICES<br />
Cliff Street, Rotherham, South Yorkshire S64 9HU<br />
Tel: 0845 330 4400<br />
Email: contact@constant-services.com<br />
www.constant-services.com<br />
SECURITY PRODUCTS<br />
EATON<br />
Eaton is one of the world’s leading manufacturers of security equipment<br />
its Scantronic and Menvier product lines are suitable for all types of<br />
commercial and residential installations.<br />
Tel: 01594 545 400 Email: securitysales@eaton.com<br />
Web: www.uk.eaton.com Twitter: @securityTP<br />
SECURE CONNECTIVITY PROVIDERS<br />
CSL<br />
T: +44 (0)1895 474 474<br />
sales@csldual.com<br />
@CSLDualCom<br />
www.csldual.com<br />
SECURITY SYSTEMS<br />
VICON INDUSTRIES LTD.<br />
Brunel Way, Fareham<br />
Hampshire, PO15 5TX<br />
United Kingdom<br />
www.vicon.com<br />
www.insight-security.com Tel: +44 (0)1273 475500
Manufacturing X-ray Machines<br />
in the UK since 1950<br />
Call or Email to claim your<br />
FREE THREAT ASSESSMENT<br />
and advice on your direct and associated risks by the UK’s<br />
leading manufacturer of high end security x-ray machines<br />
01480 832202<br />
www.toddresearch.co.uk<br />
xray@toddresearch.co.uk